1. Field of the Disclosure
The technology of the disclosure relates generally to Web Real-Time Communications (WebRTC) interactive sessions.
2. Technical Background
Web Real-Time Communications (WebRTC) is an ongoing effort to develop industry standards for integrating real-time communications functionality into web clients, such as web browsers, to enable direct interaction with other web clients. This real-time communications functionality is accessible by web developers via standard markup tags, such as those provided by version 5 of the Hypertext Markup Language (HTML5), and client-side scripting Application Programming Interfaces (APIs) such as JavaScript APIs. More information regarding WebRTC may be found in “WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web,” by Alan B. Johnston and Daniel C. Burnett (2012 Digital Codex LLC), which is incorporated in its entirety herein by reference.
WebRTC provides built-in capabilities for establishing real-time video, audio, and/or data streams in both point-to-point interactive sessions, as well as multi-party interactive sessions. The WebRTC standards are currently under joint development by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF). Information on the current state of WebRTC standards can be found at, e.g., http://www.w3c.org and http://www/ietf.org.
To establish a WebRTC interactive session (e.g., a real-time video, audio, and/or data exchange), two web clients may retrieve WebRTC-enabled web applications, such as HTML5/JavaScript web applications, from a web application server. Through the web applications, the two web clients then engage in a media negotiation to communicate and reach an agreement on parameters that define characteristics of the interactive session. This media negotiation is known as a WebRTC “offer/answer” exchange. A WebRTC “offer/answer” exchange typically occurs via a secure network connection such as a Hypertext Transfer Protocol Secure (HTTPS) connection or a Secure WebSockets connection. In an offer/answer exchange, a first web client on a sender device sends an “offer” to a second web client on a recipient device. The offer includes a WebRTC session description object that specifies media types and capabilities that the first web client supports and prefers for use in the WebRTC interactive session. The second web client then responds with a WebRTC session description object “answer” that indicates which of the offered media types and capabilities are supported and acceptable for the WebRTC interactive session. Once the WebRTC offer/answer exchange is complete, the web clients may then establish a direct “peer connection” with one another, and may begin an exchange of media or data packets transporting the real-time communications. The peer connection between the web clients typically employs the Secure Real-time Transport Protocol (SRTP) to transport real-time media flows, and may utilize various other protocols for real-time data interchange.
The secure nature of a WebRTC offer/answer exchange and peer connection poses challenges for real-time communications across enterprise network boundaries. To determine whether to allow traffic to cross network edges, enterprises often rely on network security elements (e.g., firewalls and session border controllers (SBCs)). These network security elements may examine protocols at various levels in a network stack, including the actual content of the network traffic. Such in-depth analysis of network traffic may enable an enterprise to apply enterprise policies to achieve fine-grained control over the network traffic. However, because the WebRTC offer/answer exchange and peer connection may take place over secure network connections or otherwise be encrypted, the WebRTC session description objects and the WebRTC interactive flow exchanged between the web clients may be opaque to the enterprise. Thus, the enterprise may lack the ability to apply enterprise policies to a WebRTC interactive session using conventional network security elements. The secure nature of WebRTC may also present risks to the enterprise in the form of a new path for attack by virus vectors and/or malware.