| BFCPBIS Working Group | Ram. Ravindranath |
| Internet-Draft | G. Salgueiro |
| Intended status: Standards Track | Cisco |
| Expires: September 10, 2015 | March 9, 2015 |
Session Description Protocol (SDP) WebSocket Connection URI Attribute
draft-ram-bfcpbis-sdp-ws-uri-00
The WebSocket protocol enables bidirectional real-time communication between clients and servers in web-based applications. This document specifies extensions to Session Description Protocol (SDP) for application protocols using WebSocket as a transport.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2015.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The WebSocket protocol [RFC6455] enables bidirectional message exchange between clients and servers on top of a persistent TCP connection (optionally secured with Transport Layer Security (TLS) [RFC5246]). The initial protocol handshake makes use of Hypertext Transfer Protocol (HTTP) [RFC2616] semantics, allowing the WebSocket protocol to reuse existing HTTP infrastructure.
Modern web browsers include a WebSocket client stack compliant with the WebSocket API [WS-API] as specified by the W3C. It is expected that other client applications (e.g., those running on personal computers, mobile devices, etc.) will also make a WebSocket client stack available. Several specifications have been written that define how different applications can use a WebSocket subprotocol as a reliable transport mechanism.
For example, [RFC7118] defines WebSocket subprotocol as a reliable transport mechanism between Session Initiation Protocol (SIP)[RFC3261] entities to enable use of SIP in web-oriented deployments. Additionally, [I-D.pd-dispatch-msrp-websocket] defines a new WebSocket sub-protocol as a reliable transport mechanism between Message Session Relay Protocol (MSRP) clients and relays. [RFC7395] defines a WebSocket subprotocol for the Extensible Messaging and Presence Protocol (XMPP). Similarly, [I-D.ietf-bfcpbis-bfcp-websocket] defines a WebSocket sub-protocol as a reliable transport mechanism between Binary Floor Control Protocol (BFCP) [I-D.ietf-bfcpbis-rfc4582bis] entities to enable usage of BFCP in new scenarios.
As defined in Section 3 of [RFC2818], when using Secure WebSockets the Canonical Name (CNAME) of the Secure Sockets Layer (SSL) [RFC6101] certificate MUST match the WebSocket connection URI host. While it is possible to generate self-signed certificates with Internet Providers (IPs) as CNAME, in most cases it is not viable for certificates signed by well known authorities. Thus, there is a need to indicate the connection URI for the WebSocket Client. For applications that use Session Description Protocol (SDP) [RFC4566] to negotiate, the connection URI can be indicated by means of an SDP attribute. This specification defines new SDP attributes to indicate the connection URI for the WebSocket client. Applications that use SDP for negotiation and WebSocket as a transport protocol can use this specification to advertise the WebSocket client connection URI.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
Applications that use SDP for negotiation and also use WebSocket as a transport protocol MAY indicate the connection URI for the WebSocket Client via a new SDP a= attribute defined in this section. The Augmented Backus-Naur Form (ABNF) syntax (as described in [RFC5234]) of this new attribute is defined as follows:
ws-uri = "a=ws-uri:" ws-URI
Where ws-URI is defined in Section 3 of [RFC6455].
This new attribute MUST be a media level attribute and SHALL appear in any of the media lines. When the 'ws-uri' attribute is present in the media section of the SDP, the IP and port information provided in the 'c' lines SHALL be ignored and the full URI SHALL be used instead to open the WebSocket connection. The port provided in the 'm' line SHALL be ignored too, as the a=ws-uri SHALL provide port number when needed.
Applications that use SDP for negotiation and also use secure WebSocket as a transport protocol TLS MAY indicate the connection URI for the WebSocket Client via a new SDP a= attribute defined in this section. The Augmented Backus-Naur Form (ABNF) syntax (as described in [RFC5234]) of this new attribute is defined as follows:
wss-uri = "a=wss-uri:" wss-URI
Where wss-URI is defined in Section 3 of [RFC6455].
This new attribute MUST be a media level attribute and SHALL appear in any of the media lines. When the 'wss-uri' attribute is present in the media section of the SDP, the IP and port information provided in the 'c' lines SHALL be ignored and the full URI SHALL be used instead to open the WebSocket connection. The port provided in the 'm' line SHALL be ignored too, as the a=wss-uri SHALL provide port number when needed.
Offer (browser): m=application 9 TCP/WSS/BFCP * a=setup:active a=connection:new a=floorctrl:c-only m=audio 55000 RTP/AVP 0 m=video 55002 RTP/AVP 31 Answer (server): m=application 50000 TCP/WSS/BFCP * a=setup:passive a=connection:new a=ws-uri:wss://bfcp-ws.example.com?token=3170449312 a=floorctrl:s-only a=confid:4321 a=userid:1234 a=floorid:1 m-stream:10 a=floorid:2 m-stream:11 m=audio 50002 RTP/AVP 0 a=label:10 m=video 50004 RTP/AVP 31 a=label:11
The following are examples of 'm' lines for BFCP over WebSocket connection:
An attacker may attempt to add, modify, or remove 'a=ws-uri' or 'a=wss-uri' attribute from a session description. This could result in an application behaving undesirably. Consequently, it is strongly RECOMMENDED that integrity protection be applied to the SDP session descriptions. For session descriptions carried in SIP [RFC3261], S/MIME is the natural choice to provide such end-to-end integrity protection.
It is also RECOMMENDED that the application signaling traffic being transported over a WebSocket communication session be protected by using a secure WebSocket connection (using TLS [RFC5246] over TCP).
This section instructs the IANA to register the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
This section instructs the IANA to register the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
Thanks to Christer Holmberg for raising the need for a BFCP-independent SDP attribute for WebSocket Connection URI.
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
| [RFC5234] | Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. |
| [RFC6455] | Fette, I. and A. Melnikov, "The WebSocket Protocol", RFC 6455, December 2011. |