Web Real-Time Communication (WebRTC) is an application program interface (API) that provides a variety of resources, such as address book, voice calling, video chat, and peer-to-peer file sharing via a web browser. Without plug-ins, a web browser may support real-time communication using Javascript APIs and Hyper Text Markup Language (HTML). WebRTC applications and services may need bilateral sessions that allow resources on two different websites to access each other within one session. Bilateral sessions are also useful in non-real-time applications, such as electronic mail (email). For instance, a user may have two email accounts located on two different websites, such as a YAHOO email account and GMAIL email account. The user may login to the YAHOO email account to create a YAHOO login session to access emails stored in the YAHOO email account. In a bilateral session, the user may be able to obtain emails from the user's GMAIL email account and the user's GMAIL email account may also obtain emails from the YAHOO email account within the YAHOO login session. As a result, the bilateral session may allow both email accounts to share emails, files, pictures, and/or other forms of data between each other within one session. Bilateral sessions may also be useful in other WebRTC applications and services, such as presence federation and call routing that use resources located on different web servers.
Unfortunately, today's web infrastructure is configured to perform unilateral sessions where a resource in one website accesses a resource on another website within a session, but not vice versa. Using the email account example from above, a user may login to YAHOO email account to obtain emails from the YAHOO email account and the GMAIL email account. However, in a unilateral session, the GMAIL email account is unable to obtain emails from the YAHOO email account within the same YAHOO login session. Instead, the user would create a new session, such as opening a new web page, logging into the GMAIL email account, and authorizing the GMAIL email account to obtain emails from the YAHOO email account. Therefore, in a unilateral session, two different sessions may need to be created for two different websites to access each other resources.
One reason today's web infrastructure is limited to unilateral sessions is because of the current development of web authorization protocols, such as Open Authorization (OAuth) 2.0, Hypertext Transfer Protocol Secure (HTTPS), and Kerberos. Today's web authorization protocols have not been adapted to authenticate websites to share resources between each other. OAuth 2.0, as defined in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 6749, published October 2012, which is incorporated herein as if reproduced by its entirety, supports unilateral sessions and not bilateral sessions. Furthermore, OAuth 2.0 provides authorization to a fixed list of resources and may not dynamically add and/or remove resources. HTTPS, as defined in the IETF RFC 2818, published May 2000, may be used between websites to perform certificate based mutual authentication such as Transport Layer Security (TLS) as defined in the IETF RFC 5246, published August 2008. Although HTTPS may provide mutual authorization between websites, HTTPS does not grant access to the resources on the websites. Kerberos, as defined in the IETF RFC 4120, published July 2005, is an authentication protocol that authenticates distributed computer processes. Kerberos may authorize a session between a client and a server, but does not permit bilateral sessions where the two servers in a session may access resources from each other. Therefore, to improve the WebRTC experience, a web authorization protocol is needed to support the establishment of bilateral sessions within a session.