Re: [Wish] WHIP and authentication
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Sat, 11 September 2021 12:53 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 9FCFD3A1383
for <wish@ietfa.amsl.com>; Sat, 11 Sep 2021 05:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id libobB1K6uJc for <wish@ietfa.amsl.com>;
Sat, 11 Sep 2021 05:53:04 -0700 (PDT)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
[IPv6:2607:f8b0:4864:20::102f])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 266FD3A1381
for <wish@ietf.org>; Sat, 11 Sep 2021 05:53:04 -0700 (PDT)
Received: by mail-pj1-x102f.google.com with SMTP id
lb1-20020a17090b4a4100b001993f863df2so2486402pjb.5
for <wish@ietf.org>; Sat, 11 Sep 2021 05:53:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=v109Pm/OQ1O9IhR3R9ixxvFArATa2ZNJWIJQDTJmvpU=;
b=ZW/TDAjFFrkjLwpLG/J0+BNJljxKryJfyw0uDpkRFYqtQLAm73Pc7tnF9R+cTTfzJ5
OQuS2qZBPLQwAea14Oxj8UF3W4vFO/oJsdi4ywQuTqO5+/HO7q1ZLZUqznm9X3ijaA5b
X6/k1N8C4PrRHkBdXPkwGcUCq2iuxHYsCu8W2ozZphcTHZkQVcPMfZgLqRxmNDtITEU1
Uwo4NcRHNruJG7Oxc7N2jUzAjuejw/1V0IEHXWdOTnEioJCgb1f0zmOxJM76+nSyclSs
bIfuTGnId+Z1kgnmyFSQS+Ao4nIT4L0kvJj5J/CeAtr394gF4IZlT9aTyNVsnwNHFOq3
Cw8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=v109Pm/OQ1O9IhR3R9ixxvFArATa2ZNJWIJQDTJmvpU=;
b=eJmBwSvKLsGAzm70BpbPNcKnwdTyHvULDsXVR6Zkj4hw40GiLn6V7ZLkeOVWvWX0/J
Qmms6KPouSlg7vCa65JWL6xQmw9Vc/ITf1hP2kEeZir9kpR2G9bn1MsU/VS92rwoqj0N
tJQtH96+4qQn8+xaXD4DfU2y2w/qb5oHlrGH37wrHsLJzysMT9s1CK3yL6baGLMyBjB9
n8Vg5rkytnqaBWHgOfgTj3V4t5ObQC3/2wjHy/39ITrj09D9cTc5ge9cpkeEKmiAc00Z
9MxDeii/Oq3jVFWc/RFJIJFndI7uE2FiFtMVp+zQtO+PS1hb0Jn/EVDj7HxPBOYKgDfz
V87Q==
X-Gm-Message-State: AOAM5332ibU2vX1/iXwC90jZqFcBQf6XVtyrmoXvfg/MKW+IWJaIdWxY
cq3ZHpvj5dp0UUWCOGgRbN6wLscO+nfNCkcis1M=
X-Google-Smtp-Source: ABdhPJxvPWJWJUBEt83+IYo1gjrbhgttFo8uu8QoIXDHqzyYLV+zLp7CW57CNJ6Rb59jZCNqpMnZDWaVV4kX5tCsf8k=
X-Received: by 2002:a17:903:1c2:b0:138:b303:7b95 with SMTP id
e2-20020a17090301c200b00138b3037b95mr2313419plh.78.1631364782890; Sat, 11 Sep
2021 05:53:02 -0700 (PDT)
MIME-Version: 1.0
References: <87y283uzjq.wl-jch@irif.fr>
In-Reply-To: <87y283uzjq.wl-jch@irif.fr>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Sat, 11 Sep 2021 14:52:50 +0200
Message-ID: <CA+ag07bkUOYynha3XzMHjDBZDaZudrnjkiKPwJD9JxYQ=FTv2Q@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: WISH List <wish@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000062220605cbb7b642"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/12dQsavgjYRo_DxhwhBdVb_kan8>
Subject: Re: [Wish] WHIP and authentication
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>,
<mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>,
<mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Sep 2021 12:53:09 -0000
El sáb., 11 sept. 2021 13:23, Juliusz Chroboczek <jch@irif.fr> escribió: > Section draft-ietf-wish-whip-00 Section 4.5 speaks about authentication: > > Authentication and authorization is supported by the Authorization > HTTP header with a bearer token as per [RFC6750]. > > To my unexperienced eyes, this implies that use of WHIP requires deploying > an OAuth2 infrastructure, with all of the complexity and brittleness that > this implies. Galene doesn't do OAuth2, and, in the Galene implementation, > WHIP is authentified using HTTP Basic over HTTPS. > > How do people feel about use of HTTP Basic with WHIP? > No, at least the idea was not to require oauth/2 for retrieving the bearer token, rfc 6750 is just referenced about how to create the request header carrying the token. How to generate/gather the bearer token is outside the scope of the doc. This how most rest APIs work nowadays. In this regards, basic auth provides no flexibility over the bearer token, asyou can always use "username:password" or whatever you choose as token. Or better, use an encrypted/ authenticated jwt for carrying that info. Best regards Sergio. >
- [Wish] WHIP and authentication Juliusz Chroboczek
- Re: [Wish] WHIP and authentication Sergio Garcia Murillo
- Re: [Wish] WHIP and authentication Juliusz Chroboczek