IETF Logo Mail Archive

[Wish] WHIP and authentication

Juliusz Chroboczek <jch@irif.fr> Sat, 11 September 2021 11:22 UTC

Return-Path: <jch@irif.fr>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3293A3A0FDF for <wish@ietfa.amsl.com>; Sat, 11 Sep 2021 04:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuWY_c9uxyCz for <wish@ietfa.amsl.com>; Sat, 11 Sep 2021 04:22:55 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB2F43A0FDC for <wish@ietf.org>; Sat, 11 Sep 2021 04:22:54 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 18BBMpXS028035 for <wish@ietf.org>; Sat, 11 Sep 2021 13:22:51 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 1A26CDE681 for <wish@ietf.org>; Sat, 11 Sep 2021 13:22:56 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id kAXjGCFtMvgk for <wish@ietf.org>; Sat, 11 Sep 2021 13:22:54 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 7557EDE67E for <wish@ietf.org>; Sat, 11 Sep 2021 13:22:54 +0200 (CEST)
Date: Sat, 11 Sep 2021 13:22:49 +0200
Message-ID: <87y283uzjq.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: wish@ietf.org
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.1 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sat, 11 Sep 2021 13:22:51 +0200 (CEST)
X-Miltered: at korolev with ID 613C918B.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 613C918B.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 613C918B.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/oxvC5ZBZRFecY6oAezSFPI2AJuU>
Subject: [Wish] WHIP and authentication
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>, <mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>, <mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Sep 2021 11:22:57 -0000

Section draft-ietf-wish-whip-00 Section 4.5 speaks about authentication:

   Authentication and authorization is supported by the Authorization
   HTTP header with a bearer token as per [RFC6750].

To my unexperienced eyes, this implies that use of WHIP requires deploying
an OAuth2 infrastructure, with all of the complexity and brittleness that
this implies.  Galene doesn't do OAuth2, and, in the Galene implementation,
WHIP is authentified using HTTP Basic over HTTPS.

How do people feel about use of HTTP Basic with WHIP?

-- Juliusz

v2.8.7 | Report a Bug | By Email