- From: Cullen Jennings via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 May 2016 13:54:49 +0000
- To: public-webrtc@w3.org
fluffy has just created a new issue for https://github.com/w3c/webrtc-pc: == Support assertions that identify the recipient == When imitating communications between two parties, some systems use assertions that only identify the initiator. However, these assertions have a security weakness in that they can be cut and pasted and sent to many different receiving parties because the intended recipient of the session is not identified in the assertion. Many identity systems, such as the STIR work at IETF, protect against that by including the intended recipient in the assertion. The current WebRTC spec can be used with the first type of identity systems but does not well suited for the the second type. To improve the security, the GenerateAssertionCallback ( https://w3c.github.io/webrtc-pc/#idl-def-generateassertioncallback ) should be extended to allow and option recipientNameHint similar to the existing usernameHint ). This will make WebRTC fit into STIR as well as other identity assertion systems without loosing any existing functionally. Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/678 using your GitHub account
Received on Friday, 27 May 2016 13:54:51 UTC