| RTCWEB | M. Thomson |
| Internet-Draft | B. Aboba |
| Intended status: Standards Track | Microsoft |
| Expires: December 31, 2012 | July 2012 |
Media API Requirements for Real-Time Interoperation of Web User Agents
Direct, real-time communications between web user agents (browsers) requires two points of standardization. The first describes the on-the-wire protocol that is used. The second is the API that controls and configures what gets put on the wire and how. The capabilities of the protocol determines the nature of the API. This document outlines how the constraints imposed upon the API by the protocol.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 31, 2012.
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The exchange of media - audio and video - between peers is a basic foundation of telecommunications. The fact that the web platform has successfully managed to avoid this fundamental feature for so long is a testament to the usefulness of its other features. The WebRTC/rtcweb effort attempts to remedy this shortcoming.
Figure 1 shows the architecture for real-time communications on the web.
_________
(( ))
.-(( The Cloud ))-.
? / ((_________)) \ ?
/ \
+------------/----+ +--\--------------+
| +---------/---+ | | +-\-----------+ |
| | Javascript | | | | Javascript | |
| | | | | | | |
| +--<W3C API>--+ | IETF | +--<W3C API>--+ |
| === protocols === |
| Web User Agent | | Web User Agent |
+-----------------+ +-----------------+
Two points of interoperation are necessary in this architecture: API and peer-to-peer protocols. Critically, the points marked with a '?' are not subject to standardization. These points are effectively internal to the application that exists both in "The Cloud" and in the Javascript virtual machine provided by the web user agent.
The IETF rtcweb working group has settled on Real-Time Transport Protocol (RTP) [RFC3550], Secure RTP (SRTP) [RFC3711] and Interactive Connectivity Establishment (ICE) [RFC5245] for the peer to peer protocol components. Use of RTP is documented in [I-D.ietf-rtcweb-rtp-usage]; use of SRTP and ICE is described in the rtcweb security architecture [I-D.ietf-rtcweb-security-arch].
ICE and RTP are unable to operate without an out-of-band communications channel. For ICE this provides bootstrapping information; for RTP, a common understanding of the key protocol parameters. Though SRTP can operate without an out-of-band channel if certain assumptions are made, many uses depend on some form of out-of-band communication. The out-of-band channel is provided by the web application. The necessary information passes through the API to the browser.
This document describes what information must pass between a web application and a web user agent in order to successfully establish peer-to-peer media communications. No attempt is made to constrain what the API looks like. After all:
In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [RFC2119] and indicate requirement levels for compliant implementations.
ICE [RFC5245] provides a mechanism for establishing peer-to-peer communications using UDP.
The ICE process applies to a single UDP flow from a source address and port to a destination address and port. Where multiple flows are required, the process is applied once for each flow.
In ICE, for each UDP flow, each peer performs the following steps:
The following requirements ensure that an application is able to establish a UDP flow between peers with proper consent:
The following requirements apply to established flows:
SRTP [RFC3711] provides confidentiality, message authentication and replay protection for RTP media.
SRTP requires external key negotiation. Two methods are possible: Datagram Transport Layer Security (DTLS) can be used for key negotiation (DTLS-SRTP) [RFC5764], or the SRTP master keys can be provided directly. The application chooses which of these modes the application uses. [[Ed: requirement for second option not established]]
With DTLS key negotiation, the asymmetry of the DTLS handshake means that out-of-band methods must be used to determine whether peers act in the server or client roles. DTLS offers a means for peer authentication, allowing the application to learn of the identity of the peer through the certificate they offer during the handshake.
Without DTLS key negotiation, the SRTP master keys are determined out-of-band and provided to the browser through the API (e.g., [RFC4568]). SRTP does not offer any method for peer authentication.
The following requirements apply:
RTP [RFC3550] sends real-time data - media - from a source to a sink.
An RTP stream is the manifestation of media as packets. Most media is a single stream, though layered codecs (such as H.264 SVC [RFC6190]) can be split into multiple streams. Browser need to handle RTP streams in two directions: outbound from a local source, and inbound toward a local sink.
The following requirements apply:
Dual-Tone Multifrequency (DTMF) is commonly used by legacy telephony applications. DTMF tones are typically interleaved/mixed with audio streams.
The following requirements apply:
This document has no IANA actions.
[RFC Editor: please remove this section prior to publication.]
The security of your precious bodily fluids can only be achieved through purity of essence.
This document takes ideas from [I-D.kaplan-rtcweb-api-reqs], including the short title you see on each page.
| [I-D.kaplan-rtcweb-api-reqs] | Kaplan, H, Stratford, N and T Panton, "API Requirements for WebRTC-enabled Browsers", Internet-Draft draft-kaplan-rtcweb-api-reqs-01, October 2011. |
| [RFC4566] | Handley, M., Jacobson, V. and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. |
| [RFC4568] | Andreasen, F., Baugher, M. and D. Wing, "Session Description Protocol (SDP) Security Descriptions for Media Streams", RFC 4568, July 2006. |
| [RFC5389] | Rosenberg, J., Mahy, R., Matthews, P. and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, October 2008. |
| [RFC5766] | Mahy, R., Matthews, P. and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, April 2010. |
| [RFC6190] | Wenger, S., Wang, Y.-K., Schierl, T. and A. Eleftheriadis, "RTP Payload Format for Scalable Video Coding", RFC 6190, May 2011. |
| [RFC6455] | Fette, I. and A. Melnikov, "The WebSocket Protocol", RFC 6455, December 2011. |