Transcript W3C Membership - British Computer Society

The Phone
Meets the Web.
IETF and W3C Standards for Real
Time Communications in Browsers.
RTCWEB / WEBRTC
Andrew Hutton – Head of Standardization at Siemens
Enterprise Communications.
www.siemens-enterprise.com/uk
February
Date
2013
Andrew Hutton
Presenter’s
Name
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Contents
 Standardization - IETF & W3C
 RTCWEB / WEBRTC.
 Why, Who, What.
 Disruptive?
 Use Cases and Requirements.
 Solution Overview.
 Architecture
 Security
 Identity, Consent, Firewalls.
 Implementation Status.
2
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Standardization – Internet Engineering Task Force (IETF)

The mission of the IETF is to make the Internet work better by producing high
quality, relevant technical documents that influence the way people design,
use, and manage the Internet.

An Open Standards organisations based on consensus and openness.

One of the "founding beliefs" is embodied in a quote from David Clark: "We
reject kings, presidents and voting. We believe in rough consensus
and running code".

Another quote that has become a commonly-held belief in the IETF comes
from Jon Postel: "Be conservative in what you send and liberal in what
you accept". – Its all about interoperability.

115 Active Working Groups – Probably something you are interested in?

RFC / Protocol Factory

HTTP – RFC 2616

TCP – RFC 675

SIP – RFC 3261
IETF Video - http://youtu.be/tqc8vd_jPpg.
3
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Standardization – World Wide Web Consortium (W3C)

The World Wide Web Consortium (W3C) is an international community that
develops open standards to ensure the long-term growth of the Web. An Open
Standards organisations based on consensus and openness.

Principles.

Web for All (Accessibility, Internationalization etc.)

Web on Everything (Mobile Web Etc.)

Web of Rich Interaction (Communications, Social Networking Etc.)

Web of Data and Services (Semantic Web Etc.)

Web of Trust (Security and Privacy).

HTML5, CSS, XML, Web Services,

Browser API’s, Device API’s.
4
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
IETF / W3C Participation.

Anyone can participate in Open Standards Development.

All IETF work is done in public using public mailing lists and meetings.

Most W3C work uses public mailing lists but not all.

However be careful.
5

Both IETF and W3C have strict IPR Policies and your employer might
not be happy if you give away your company IPR.

You need to understand IPR issues before you make any contribution
(Even an E-Mail to the working group mailing list).
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
RTCWEB / WEBRTC Who, What and Why.
Interactive Voice, Video and Data in a Browser.

Initiated by Google in late 2010 who organised meeting of IETF & W3C
members.

Proposed to initiate standardization project with the aim of enabling realtime media transport (Voice, Video and Data) between browsers.

Real-Time Communication was previously only possibly in Web
Applications using Plug-ins which have many issues.

Agreed to split the work between IETF & W3C (There is a large overlap in
people and companies anyway).

Now probably largest working group in IETF and many participants /
contributors.
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
6
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
WEBRTC – Disruptive ?

Makes every browser in to a potential VoIP Soft client.

No Plugin’s, no downloads.

GUI is web based.

Security controls are built-in to the browser.

Audio/Video codec’s built-in to the browser and royalty-free (Hopefully).

Standard API for the millions of web application and games developers to
work with.

Does not require any real-time VoIP knowledge it just works.
7
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
RTCWEB / WEBRTC Standards

IETF RTCWEB (Real-Time Communications For WEB Browsers)

Defines requirements, architecture, security model, and protocols, for
peer to peer communication (Audio, Video, Data) between browsers.

Has to be standardized to enable interoperability between browser
vendors.

Too many internet drafts to mention 78 at last count but only a few will
become RFC’s. http://tools.ietf.org/id/rtcweb.

W3C WEBRTC (Web Real-Time Communications).

Specifies browser API’s.

Has to be standardized so that application developers have a common
API to work with.

Three specifications (PeerConnection, getUserMedia,
mediaStreamCapture).
8
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
WEBRTC – Use Cases and Requirements.

Basic Voice / Video Communications.

Multiparty Voice/Video.

FedEx calling – PSTN/Legacy Interworking requirements.

Enterprise NAT/FW Scenarios.

Multiparty on-line gaming.
 Data channel requirements.

Security Considerations.
 There are lots – Consent (Receive Media, Device/Camera Access etc.)
http://tools.ietf.org/html/draft-ietf-rtcweb-use-cases-and-requirements-10
9
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
RTCWEB Architecture - Trapezoid & Identity
Servers
example.com
Inter-domain
Communication
Out of Scope*
Servers
example.net
Signaling over
HTTPS/WebSockets
(JSEP/ROAP, SIP*)
Signaling over
HTTPS/WebSockets
(JSEP/ROAP, SIP*)
JavaScript/HTML/CSS
JavaScript/HTML/CSS
Connectivity (STUN/ICE)
Browser
Get Assertion
Identity Provider
Media DTLS-SRTP
Browser
Get Assertion
Identity Provider
* Browser to Web Server and Inter-domain signalling is out of scope but has strong influence on browser API.
February 2013
Slide 10
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Identity – How do you know who you are talking to?
WEBRTC WEBSITE
1. Alice log’s on to her identity
provider.
Alice
Bob
Secure Media over DTLS/SRTP
2. Before calling Bob Alice’s Browser
gets identity token assertion from
the provider.
3. Identity assertion is passed to Bob’s
browser during call establishment.
4. Bob’s browser asks the identity
provider to verify the assertion.
5. The identity assertion and the DTLS
fingerprint are checked and the user
is given the green light to indicate
that the remote party is trusted (by
the identity provider) and there is no
man in the middle.
Identity Provider
February 2013
Slide 11
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Consent – How do we prevent media hammer attacks.
Target
Alice
Audio, Video, Data
Alice
Audio, Video, Data
Bob
February 2013
Slide 12
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Consent – How do we prevent media hammer attacks.
ICE Credentials passed via
the service provider.
Bob
Alice
ICE/STUN – Ok to talk?
ICE/STUN – Yes ok to talk
Audio, Video, Data
ICE/STUN – Still Ok to talk?
ICE/STUN – Yes ok to talk
http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-06
February 2013
Slide 13
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
NAT’s and Firewall – Connectivity Problems.
ICE – RFC 5245 – Is the answer.
TURN Server
1. ICE – Interactive Connectivity
Establishment
2. Provides a means of finding the best
path between Alice and Bob.
3. Provides means to create NAT
binding and obtain server reflexive
address (STUN).
Bob
Alice
STUN Server
4. Provides a means to insert relays if
necessary (TURN) – Symmetric
NAT’s.
5. Alice gathers all possible address
candidates and asks remote party to
connectivity check them until best
candidates are chosen.
6. Also provides means for consent.
TURN Server
February 2013
Slide 14
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Browser Implementation Status – Not Finished Yet.



Google - Chrome

The leaders and following the standards as close as possible.

Available in Chrome stable and Chrome canary.

http://www.webrtc.org/home. - Some confusion regarding Google project name.
Mozilla – Firefox

Available in Firefox nightly build.

Recently demonstrated interoperability with Chrome.
Apple – Safari



Microsoft – Internet Explorer.

Implemented getUserMedia API,

Active contributor to standards bodies (Microsoft/Skype).

However has an alternative API proposal (CU-RTC-WEB)
Others with implementations.

15
Who knows?
Opera, Ericsson Browser (Mobile).
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Thank you for your attention!
Andrew Hutton
Siemens Enterprise Communications Ltd.
E-mail:
[email protected]
Twitter: @huttonandy
16
February 2013
Andrew Hutton
© 2013 Siemens Enterprise Communications GmbH & Co. KG.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.