Move forward with Key control APIs

Since Martin presented the idea, and design of APIs, of key handling in 
WebRTC [1], and especially after a PR [2] was issued, there has been 
quite some discussion on whether re-using Web Crypto API(s) for WebRTC 
key handling is good idea or not.

The chairs think we should take a step back and first determine the use
cases and requirements followed by designing an API. In a second phase
we can discuss (probably jointly with the Web Cryptography WG) what 
re-use of other APIs that makes sense.

Our understanding is that we have two main use cases to support (from
[3]), namely (Per Origin):

#1. Anonymous calling: the correspondent doesn't care who the other side
is, so no identification is needed.
#2. Identified calling: there's some chain of evidence linking the
crypto keys used for the call to some mutually-known identity (probably
via an identity provider).

Tim followed up on #2 with some more details in [4].

When it comes to requirements two sets have been proposed. One by Ryan
in [5] and one by Richard in [6].

To move forward we'd like to see volunteer(s) to drive the discussion on 
use cases, requirements and API design. Anyone willing and having cycles 
(Martin?)?

Harald and Stefan

[1] https://www.w3.org/2011/04/webrtc/wiki/images/f/f3/Keys.pdf
[2] https://github.com/w3c/webrtc-pc/pull/28
[3] http://lists.w3.org/Archives/Public/public-webrtc/2015Jan/0016.html
[4] http://lists.w3.org/Archives/Public/public-webrtc/2015Jan/0017.html
[5] http://lists.w3.org/Archives/Public/public-webrtc/2014Dec/0094.html
[6] http://lists.w3.org/Archives/Public/public-webrtc/2014Dec/0095.html

Received on Monday, 12 January 2015 14:11:16 UTC