The Phone Meets the Web.

Andrew Hutton © 2013 Siemens Enterprise Communications GmbH & Co. KG. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.

February 2013 Presenter’s NameDate

The PhoneMeets the Web.IETF and W3C Standards for Real Time Communications in Browsers.

RTCWEB / WEBRTC

Andrew Hutton – Head of Standardization at Siemens Enterprise Communications.

www.siemens-enterprise.com/uk


February 2013

Contents

Standardization - IETF & W3C RTCWEB / WEBRTC.

Why, Who, What. Disruptive?

Use Cases and Requirements. Solution Overview.

Architecture Security

Identity, Consent, Firewalls. Implementation Status.

.

2


February 2013

Standardization – Internet Engineering Task Force (IETF)

The mission of the IETF is to make the Internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet.

An Open Standards organisations based on consensus and openness. One of the "founding beliefs" is embodied in a quote from David Clark: "We

reject kings, presidents and voting. We believe in rough consensus and running code".

Another quote that has become a commonly-held belief in the IETF comes from Jon Postel: "Be conservative in what you send and liberal in what you accept". – Its all about interoperability.

115 Active Working Groups – Probably something you are interested in? RFC / Protocol Factory

HTTP – RFC 2616 TCP – RFC 675 SIP – RFC 3261

IETF Video - http://youtu.be/tqc8vd_jPpg. 3

http://youtu.be/tqc8vd_jPpg


February 2013

Standardization – World Wide Web Consortium (W3C)

The World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the Web. An Open Standards organisations based on consensus and openness.

Principles. Web for All (Accessibility, Internationalization etc.) Web on Everything (Mobile Web Etc.) Web of Rich Interaction (Communications, Social Networking Etc.) Web of Data and Services (Semantic Web Etc.) Web of Trust (Security and Privacy).

HTML5, CSS, XML, Web Services, Browser API’s, Device API’s.

4


February 2013

IETF / W3C Participation.

Anyone can participate in Open Standards Development.

All IETF work is done in public using public mailing lists and meetings.

Most W3C work uses public mailing lists but not all.

However be careful.

Both IETF and W3C have strict IPR Policies and your employer might not be happy if you give away your company IPR.

You need to understand IPR issues before you make any contribution (Even an E-Mail to the working group mailing list).

5


February 2013

RTCWEB / WEBRTC Who, What and Why.

Initiated by Google in late 2010 who organised meeting of IETF & W3C members.

Proposed to initiate standardization project with the aim of enabling real-time media transport (Voice, Video and Data) between browsers.

Real-Time Communication was previously only possibly in Web Applications using Plug-ins which have many issues.

Agreed to split the work between IETF & W3C (There is a large overlap in people and companies anyway).

Now probably largest working group in IETF and many participants / contributors.

6

Interactive Voice, Video and Data in a Browser.


February 2013

WEBRTC – Disruptive ?

Makes every browser in to a potential VoIP Soft client.

No Plugin’s, no downloads.

GUI is web based.

Security controls are built-in to the browser.

Audio/Video codec’s built-in to the browser and royalty-free (Hopefully).

Standard API for the millions of web application and games developers to work with.

Does not require any real-time VoIP knowledge it just works.7


February 2013

RTCWEB / WEBRTC Standards IETF RTCWEB (Real-Time Communications For WEB Browsers) Defines requirements, architecture, security model, and protocols, for

peer to peer communication (Audio, Video, Data) between browsers. Has to be standardized to enable interoperability between browser

vendors. Too many internet drafts to mention 78 at last count but only a few will

become RFC’s. http://tools.ietf.org/id/rtcweb.

W3C WEBRTC (Web Real-Time Communications). Specifies browser API’s. Has to be standardized so that application developers have a common

API to work with. Three specifications (PeerConnection, getUserMedia,

mediaStreamCapture).

8

http://tools.ietf.org/id/rtcweb


February 2013

WEBRTC – Use Cases and Requirements. Basic Voice / Video Communications.

Multiparty Voice/Video.

FedEx calling – PSTN/Legacy Interworking requirements.

Enterprise NAT/FW Scenarios.

Multiparty on-line gaming. Data channel requirements.

Security Considerations. There are lots – Consent (Receive Media, Device/Camera Access etc.)

http://tools.ietf.org/html/draft-ietf-rtcweb-use-cases-and-requirements-109

http://tools.ietf.org/html/draft-ietf-rtcweb-use-cases-and-requirements-10


February 2013

RTCWEB Architecture - Trapezoid & Identity

Signaling overHTTPS/WebSockets(JSEP/ROAP, SIP*)

Browser

Serversexample.com

JavaScript/HTML/CSS

Serversexample.net

Browser

JavaScript/HTML/CSS

Inter-domainCommunication

Media DTLS-SRTP

Out of Scope*

Signaling overHTTPS/WebSockets (JSEP/ROAP, SIP*)

Connectivity (STUN/ICE)

Identity Provider Identity Provider

Get AssertionGet Assertion

Verify Assertion Verify Assertion

Slide 10

* Browser to Web Server and Inter-domain signalling is out of scope but has strong influence on browser API.


February 2013

Identity – How do you know who you are talking to?

Slide 11

WEBRTC WEBSITE

Identity Provider

Secure Media over DTLS/SRTP

1. Alice log’s on to her identity provider.

2. Before calling Bob Alice’s Browser gets identity token assertion from the provider.

3. Identity assertion is passed to Bob’s browser during call establishment.

4. Bob’s browser asks the identity provider to verify the assertion.

5. The identity assertion and the DTLS fingerprint are checked and the user is given the green light to indicate that the remote party is trusted (by the identity provider) and there is no man in the middle.

Alice Bob


February 2013

Consent – How do we prevent media hammer attacks.

Slide 12

Audio, Video, Data

AliceAudio, Video, Data

Alice HTML5 / J

avaS

cript

Bob

Target


February 2013

Consent – How do we prevent media hammer attacks.

Slide 13

Alice HTML5 / JavaScript

Bob

ICE/STUN – Ok to talk?

ICE/STUN – Yes ok to talk

Audio, Video, Data

ICE/STUN – Still Ok to talk?

ICE/STUN – Yes ok to talk

HTML5 / JavaScript

ICE Credentials passed viathe service provider.

http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-06


February 2013

NAT’s and Firewall – Connectivity Problems.

Slide 14

AliceBob

ICE – RFC 5245 – Is the answer.

1. ICE – Interactive Connectivity Establishment

2. Provides a means of finding the best path between Alice and Bob.

3. Provides means to create NAT binding and obtain server reflexive address (STUN).

4. Provides a means to insert relays if necessary (TURN) – Symmetric NAT’s.

5. Alice gathers all possible address candidates and asks remote party to connectivity check them until best candidates are chosen.

6. Also provides means for consent.

STUN Server

TURN Server

TURN Server


February 2013

Browser Implementation Status – Not Finished Yet. Google - Chrome

The leaders and following the standards as close as possible. Available in Chrome stable and Chrome canary. http://www.webrtc.org/home. - Some confusion regarding Google project name.

Mozilla – Firefox Available in Firefox nightly build. Recently demonstrated interoperability with Chrome.

Apple – Safari Who knows?

Microsoft – Internet Explorer. Implemented getUserMedia API, Active contributor to standards bodies (Microsoft/Skype). However has an alternative API proposal (CU-RTC-WEB)

Others with implementations. Opera, Ericsson Browser (Mobile).

15

http://www.webrtc.org/home

http://html5labs.interoperabilitybridges.com/cu-rtc-web/cu-rtc-web.htm


February 2013

Thank you for your attention!

Andrew HuttonSiemens Enterprise Communications Ltd.

E-mail: [email protected]

Twitter: @huttonandy

16

mailto:[email protected]

Date post:	25-Feb-2016
Category:	Documents
Upload:	caron
View:	42 times
Download:	0 times

The Phone Meets the Web.

Documents