W3C home > Mailing lists > Public > public-webrtc@w3.org > May 2016

[webrtc-pc] Support assertions that identify the recipient

From: Cullen Jennings via GitHub <sysbot+gh@w3.org>
Date: Fri, 27 May 2016 13:54:49 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-157212043-1464357283-sysbot+gh@w3.org>
fluffy has just created a new issue for 
https://github.com/w3c/webrtc-pc:

== Support assertions that identify the recipient ==
When imitating communications between two parties, some systems use 
assertions that only identify the initiator. However, these assertions
 have a security weakness in that they can be cut and pasted and sent 
to many different receiving parties because the intended recipient of 
the session is not identified in the assertion. Many identity systems,
 such as the STIR work at IETF, protect against that by including the 
intended recipient in the assertion. 

The current WebRTC spec can be used with the first type of identity 
systems but does not well suited for the the second type. To improve 
the security, the GenerateAssertionCallback  ( 
https://w3c.github.io/webrtc-pc/#idl-def-generateassertioncallback ) 
should be extended to allow and option recipientNameHint similar to 
the existing usernameHint ). 

This will make WebRTC fit into STIR as well as other identity 
assertion systems without loosing any existing functionally.

Please view or discuss this issue at 
https://github.com/w3c/webrtc-pc/issues/678 using your GitHub account
Received on Friday, 27 May 2016 13:54:51 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:48 UTC