Identity and Streams Washington DC, Martin Thomson requestIdentity - - PowerPoint PPT Presentation

identity and streams
SMART_READER_LITE
LIVE PREVIEW

Identity and Streams Washington DC, Martin Thomson requestIdentity - - PowerPoint PPT Presentation

Sep 08, 2023 165 likes •282 views

W3C stuff 2014-05 Interim, Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder: RTCConfiguration parameter with three values: yes, ifconfigured, no. Originally included in support of

slide-1
SLIDE 1

W3C stuff

Identity and Streams

2014-05 Interim, Washington DC, Martin Thomson

slide-2
SLIDE 2

requestIdentity

❖ Reminder: RTCConfiguration parameter with three

values: “yes”, “ifconfigured”, “no”.

❖ Originally included in support of browsers having IdP

configuration

❖ We don’t need this, does anyone else?

slide-3
SLIDE 3

Stream Isolation

❖ A receiver should soon be able to distinguish between

streams that are isolated at the source and regular streams

Sending Browser Receiving Browser

peerIdentity isolated encrypted, peer authenticated isolation too

slide-4
SLIDE 4

Isolation Scope

❖ gUM scopes the peerIdentity property to all tracks in the

resulting stream

❖ Tracks can be separated, but they retain the property

❖ RTCPeerConnection scope is all tracks

❖ Any isolated track causes a peer to negotiate isolation on all DTLS

connections in the PC

❖ All remote tracks created by that RTCPeerConnection - on both sides - will

therefore be isolated

❖ Alternative: scope to the track or the DTLS connection

❖ Both create protocol-layer challenges, not recommended

slide-5
SLIDE 5

Problem

❖ What do we do when tracks aren’t all isolated?

  • ❖ Option 1: fail to create a session
  • ❖ Option 2: force all streams on the remote side to become

isolated too

slide-6
SLIDE 6

Option 1

❖ Fail if there are both isolated and non-isolated tracks ❖ A mismatch causes DTLS to fail to negotiate

Browser A Browser B

peerIdentity isolated Session failure not isolated

slide-7
SLIDE 7

Advantages of Option 1

❖ All or nothing: either all tracks are isolated, or all tracks

are not isolated

❖ Enables authenticated provenance for media based

solely on isolation properties

❖ If media is isolated, we can say that it comes from the

authenticated peer and no one else

❖ Without this, any non-isolated media can’t be identified as such

at the receiving end

slide-8
SLIDE 8

Additional Proposal for Option 1

❖ Request that the IETF WG create a marker in the SDP

that would allow the API to detect a failure

❖ …where one side has isolation and the other does not

❖ If isolation is in the remote SDP and we aren’t isolated,

either:

❖ A) Fail setRemoteDescription (easy) ❖ B) Check if local streams can be isolated, and isolate them,

  • therwise, fail setRemoteDescription (bleargh)
slide-9
SLIDE 9

Option 2

❖ Make all tracks isolated if any track is isolated ❖ A mismatch permits DTLS to negotiate in isolated mode

Browser A Browser B

isolated isolated Session created not isolated isolated

slide-10
SLIDE 10

Advantages of Option 2

❖ No failures

slide-11
SLIDE 11

Isolation Timing

❖ Tracks can be added after establishing a session

❖ An isolated track, added to a non-isolated RTCPeerConnection

MUST send black/silence/null

❖ Tracks can change isolation properties

❖ A track that becomes isolated after RTCPeerConnection is

  • pened MUST send black/silence/null