A WebRTC Extension to Allow Identity Negotiation at Runtime
- 1.5k Downloads
In this paper we describe our implementation of the WebRTC identity architecture. We adapt OpenID Connect servers to support WebRTC peer to peer authentication and detail the issues and solutions found in the process. We observe that although WebRTC allows for the exchange of identity assertion between peers, users lack feedback and control over the other party authentication. To allow identity negotiation during a WebRTC communication setup, we propose an extension to the Session Description Protocol. Our implementation demonstrates current limitations with respect to the current WebRTC specification.
This work has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No. 645342, project reTHINK.
- 1.Boursas, L., Danciu, V.A.: Dynamic inter-organizational cooperation setup in circle-of-trust environments. In: NOMS 2008–2008 IEEE Network Operations and Management Symposium, pp. 113–120. IEEE (2008)Google Scholar
- 2.Jøsang, A., Fabre, J., Hay, B., Dalziel, J., Pope, S.: Trust requirements in identity management. In: Proceedings of the 2005 Australasian Workshop on Grid Computing and E-research, vol. 44, pp. 99–108. Australian Computer Society Inc. (2005)Google Scholar
- 3.Jennings, C., Narayanan, A., Aboba, B., Bergkvist, A., Burnett, D.: WebRTC 1.0: Real-time communication between browsers, W3C, Working Draft, March 2017Google Scholar
- 4.Rescorla, E.: WebRTC security architecture. IETF Secretariat, Internet-Draft draft-ietf-rtcweb-security-arch-12, June 2016Google Scholar
- 5.Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C.: OpenID connect core 1.0. The OpenID Foundation, OpenID Specification, 2014. http://openid.net/specs/openid-connect-core-1_0.html
- 6.Handley, M., Jacobson, V., Perkins, C.: SDP: Session Description Protocol. Network Working Group, RFC 4566, July 2006Google Scholar
- 8.ISO/IEC 29115:2013 - Information technology - Security techniques - Entity authentication assurance frameworkGoogle Scholar