Identity - what next?

WebRTC WG, June 19-20 2018

Status of this preso

This preso is based on the message that the chairs sent to the mailing list on May 23, 2018. No further discussion on the mailing list has occurred.

The message contained a proposal for further action.

No decision has been made.

Identity Implementation Status

• Firefox: Implemented (but per march 2018 not up to date)
• Chrome: No plans announced
• Edge: No plans announced
• Safari: No plans announced
• Web developers: No interest expressed
• Exception: Cisco
• Identity providers: No interest expressed

Identity - Process Relationships - IETF

IETF:

• draft-ietf-rtcweb-security-arch 5.6: Identity is required
• In status “Waiting for WG Chair go-ahead” since April 18
• RFC 7478 (requirements): “cryptographically binding media … to the user identity”
• These are normative references from rtcweb-overview

Conclusion: An identity protocol is a normative requirement.

Identity - Specification status

• No production service
• We don’t know if it’s deployable, or if it can be attacked - nobody’s tried
• Discussion after hackathon led to suggestions for protocol and API changes
• 23 “identity related”-tagged open bugs in the issue tracker
• Oldest from Dec 2016, newest from Oct 2017
• No closed bugs with this tag
• No submitted PRs addressing these bugs
• No current editors with Identity expertise
• WPT tests “deep red” on all browsers
• 2 messages posted on these bugs since WebRTC 1.0 first went to CR in November 2017 (by Harald and Varun, related to WebRTC-stats)

Identity - W3C formalisms

• Charter (unchanged since our first charter) says:
• “To advance to Proposed Recommendation, each specification is expected to have two independent implementations of each feature defined in the specification.
• To advance to Proposed Recommendation, interoperability between the independent implementations (that is, bidirectional audio and video communication as well as data transfer between the implementations) should be demonstrated.”
• W3C gives “stable references” for any document in WD, CR or PR state
• W3C routinely publishes PRs with references to non-PR documents
• the rules require justification for the downref, just like the IETF
• The WG has been encouraged to strive for PR status
• whether that’s a valuable thing is also debated. Let’s not have that debate here.

Short summary of status

• Identity needs work.
• Specification cleanup
• Implementations
• Experience
• Possibly redesigns based on experience
• A webrtc-pc specification with identity in it can’t advance to PR
• A webrtc-pc specification with a normative reference to identity can advance

Proposal

Move Identity to its own document. Let those who most believe that identity is important contribute resources to editing that document - and ONLY that document.

Discuss.

Questions for the group

• Split section 9 out into a separate document? Yes or no?
• Who volunteers to be its editors? (goes for both section and document)

​