testing_dl.html   testing_dl.prepped.html 
skipping to change at line 17 skipping to change at line 17
<title>RFC 9999: WebRTC Security Architecture</title> <title>RFC 9999: WebRTC Security Architecture</title>
<meta content="Eric Rescorla" name="author"> <meta content="Eric Rescorla" name="author">
<meta content=' <meta content='
This document defines the security architecture for WebRTC, a protocol This document defines the security architecture for WebRTC, a protocol
suite intended for use with real-time applications that can be deployed suite intended for use with real-time applications that can be deployed
in browsers - "real time communication on the Web". in browsers - "real time communication on the Web".
' name="description"> ' name="description">
<meta content="xml2rfc 2.24.0" name="generator"> <meta content="xml2rfc 2.24.0" name="generator">
<link href="testing_dl.xml" type="application/rfc+xml" rel="alternate"> <link href="testing_dl.prepped.xml" type="application/rfc+xml" rel="alternate">
<link href="#copyright" rel="license"> <link href="#copyright" rel="license">
<style type="text/css">/* fonts */ <style type="text/css">/* fonts */
@import url('https://fonts.googleapis.com/css?family=Noto+Sans'); /* Sans-serif */ @import url('https://fonts.googleapis.com/css?family=Noto+Sans'); /* Sans-serif */
@import url('https://fonts.googleapis.com/css?family=Noto+Serif'); /* Serif (print) */ @import url('https://fonts.googleapis.com/css?family=Noto+Serif'); /* Serif (print) */
@import url('https://fonts.googleapis.com/css?family=Roboto+Mono'); /* Monospace */ @import url('https://fonts.googleapis.com/css?family=Roboto+Mono'); /* Monospace */
@-ms-viewport { @-ms-viewport {
width: extend-to-zoom; width: extend-to-zoom;
zoom: 1.0; zoom: 1.0;
} }
skipping to change at line 1028 skipping to change at line 1028
into languages other than English.<a href="#section-boilerplate.2-3" class="pilcrow">¶</a></p> into languages other than English.<a href="#section-boilerplate.2-3" class="pilcrow">¶</a></p>
</section> </section>
</div> </div>
<div id="toc"> <div id="toc">
<section id="section-boilerplate.3"> <section id="section-boilerplate.3">
<a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents"> <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a> <a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
</h2> </h2>
<nav class="toc"><ul class="toc ulEmpty"> <nav class="toc"><ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.1">
<p id="section-boilerplate.3-1.1.1"><a href="#section-1" class="xref">1</a>.  <a href="#name-introduction" class="xref">Introduction</a><a href="#section-boilerplate.3-1.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.1.1"><a href="#section-1" class="xref">1</a>.  <span><a href="#name-introduction" class="xref">Introduction</a> (<a href="#name-introduction" class="xref">name-introduction</a>)</span><a href="#section-boilerplate.3-1.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.2">
<p id="section-boilerplate.3-1.2.1"><a href="#section-2" class="xref">2</a>.  <a href="#name-terminology" class="xref">Terminology</a><a href="#section-boilerplate.3-1.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.2.1"><a href="#section-2" class="xref">2</a>.  <span><a href="#name-terminology" class="xref">Terminology</a> (<a href="#name-terminology" class="xref">name-terminology</a>)</span><a href="#section-boilerplate.3-1.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.3">
<p id="section-boilerplate.3-1.3.1"><a href="#section-3" class="xref">3</a>.  <a href="#name-trust-model" class="xref">Trust Model</a><a href="#section-boilerplate.3-1.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.3.1"><a href="#section-3" class="xref">3</a>.  <span><a href="#name-trust-model" class="xref">Trust Model</a> (<a href="#name-trust-model" class="xref">name-trust-model</a>)</span><a href="#section-boilerplate.3-1.3.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.1">
<p id="section-boilerplate.3-1.3.2.1.1"><a href="#section-3.1" class="xref">3.1</a>.  <a href="#name-authenticated-entities" class="xref">Authenticated Entities</a><a href="#section-boilerplate.3-1.3.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.3.2.1.1"><a href="#section-3.1" class="xref">3.1</a>.  <span><a href="#name-authenticated-entities" class="xref">Authenticated Entities</a> (<a href="#name-authenticated-entities" class="xref">name-authenticated-entities</a>)</span><a href="#section-boilerplate.3-1.3.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.2">
<p id="section-boilerplate.3-1.3.2.2.1"><a href="#section-3.2" class="xref">3.2</a>.  <a href="#name-unauthenticated-entities" class="xref">Unauthenticated Entities</a><a href="#section-boilerplate.3-1.3.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.3.2.2.1"><a href="#section-3.2" class="xref">3.2</a>.  <span><a href="#name-unauthenticated-entities" class="xref">Unauthenticated Entities</a> (<a href="#name-unauthenticated-entities" class="xref">name-unauthenticated-entities</a>)</span><a href="#section-boilerplate.3-1.3.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.4">
<p id="section-boilerplate.3-1.4.1"><a href="#section-4" class="xref">4</a>.  <a href="#name-overview" class="xref">Overview</a><a href="#section-boilerplate.3-1.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.4.1"><a href="#section-4" class="xref">4</a>.  <span><a href="#name-overview" class="xref">Overview</a> (<a href="#name-overview" class="xref">name-overview</a>)</span><a href="#section-boilerplate.3-1.4.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.1">
<p id="section-boilerplate.3-1.4.2.1.1"><a href="#section-4.1" class="xref">4.1</a>.  <a href="#name-initial-signaling" class="xref">Initial Signaling</a><a href="#section-boilerplate.3-1.4.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.4.2.1.1"><a href="#section-4.1" class="xref">4.1</a>.  <span><a href="#name-initial-signaling" class="xref">Initial Signaling</a> (<a href="#name-initial-signaling" class="xref">name-initial-signaling</a>)</span><a href="#section-boilerplate.3-1.4.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.2">
<p id="section-boilerplate.3-1.4.2.2.1"><a href="#section-4.2" class="xref">4.2</a>.  <a href="#name-media-consent-verification" class="xref">Media Consent Verification</a><a href="#section-boilerplate.3-1.4.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.4.2.2.1"><a href="#section-4.2" class="xref">4.2</a>.  <span><a href="#name-media-consent-verification" class="xref">Media Consent Verification</a> (<a href="#name-media-consent-verification" class="xref">name-media-consent-verification</a>)</span><a href="#section-boilerplate.3-1.4.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.3">
<p id="section-boilerplate.3-1.4.2.3.1"><a href="#section-4.3" class="xref">4.3</a>.  <a href="#name-dtls-handshake" class="xref">DTLS Handshake</a><a href="#section-boilerplate.3-1.4.2.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.4.2.3.1"><a href="#section-4.3" class="xref">4.3</a>.  <span><a href="#name-dtls-handshake" class="xref">DTLS Handshake</a> (<a href="#name-dtls-handshake" class="xref">name-dtls-handshake</a>)</span><a href="#section-boilerplate.3-1.4.2.3.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.4">
<p id="section-boilerplate.3-1.4.2.4.1"><a href="#section-4.4" class="xref">4.4</a>.  <a href="#name-communications-and-consent-" class="xref">Communications and Consent Freshness</a><a href="#section-boilerplate.3-1.4.2.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.4.2.4.1"><a href="#section-4.4" class="xref">4.4</a>.  <span><a href="#name-communications-and-consent-" class="xref">Communications and Consent Freshness</a> (<a href="#name-communications-and-consent-" class="xref">name-communications-and-consent-</a>)</span><a href="#section-boilerplate.3-1.4.2.4.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.5"> <li class="toc ulEmpty" id="section-boilerplate.3-1.5">
<p id="section-boilerplate.3-1.5.1"><a href="#section-5" class="xref">5</a>.  <a href="#name-sdp-identity-attribute" class="xref">SDP Identity Attribute</a><a href="#section-boilerplate.3-1.5.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.5.1"><a href="#section-5" class="xref">5</a>.  <span><a href="#name-sdp-identity-attribute" class="xref">SDP Identity Attribute</a> (<a href="#name-sdp-identity-attribute" class="xref">name-sdp-identity-attribute</a>)</span><a href="#section-boilerplate.3-1.5.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1">
<p id="section-boilerplate.3-1.5.2.1.1"><a href="#section-5.1" class="xref">5.1</a>.  <a href="#name-offer-answer-considerations" class="xref">Offer/Answer Considerations</a><a href="#section-boilerplate.3-1.5.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.5.2.1.1"><a href="#section-5.1" class="xref">5.1</a>.  <span><a href="#name-offer-answer-considerations" class="xref">Offer/Answer Considerations</a> (<a href="#name-offer-answer-considerations" class="xref">name-offer-answer-considerations</a>)</span><a href="#section-boilerplate.3-1.5.2.1.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.1">
<p id="section-boilerplate.3-1.5.2.1.2.1.1"><a href="#section-5.1.1" class="xref">5.1.1</a>.  <a href="#name-generating-the-initial-sdp-" class="xref">Generating the Initial SDP Offer</a><a href="#section-boilerplate.3-1.5.2.1.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.5.2.1.2.1.1"><a href="#section-5.1.1" class="xref">5.1.1</a>.  <span><a href="#name-generating-the-initial-sdp-" class="xref">Generating the Initial SDP Offer</a> (<a href="#name-generating-the-initial-sdp-" class="xref">name-generating-the-initial-sdp-</a>)</span><a href="#section-boilerplate.3-1.5.2.1.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.2">
<p id="section-boilerplate.3-1.5.2.1.2.2.1"><a href="#section-5.1.2" class="xref">5.1.2</a>.  <a href="#name-generating-of-sdp-answer" class="xref">Generating of SDP Answer</a><a href="#section-boilerplate.3-1.5.2.1.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.5.2.1.2.2.1"><a href="#section-5.1.2" class="xref">5.1.2</a>.  <span><a href="#name-generating-of-sdp-answer" class="xref">Generating of SDP Answer</a> (<a href="#name-generating-of-sdp-answer" class="xref">name-generating-of-sdp-answer</a>)</span><a href="#section-boilerplate.3-1.5.2.1.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.3">
<p id="section-boilerplate.3-1.5.2.1.2.3.1"><a href="#section-5.1.3" class="xref">5.1.3</a>.  <a href="#name-processing-an-sdp-offer-or-" class="xref">Processing an SDP Offer or Answer</a><a href="#section-boilerplate.3-1.5.2.1.2.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.5.2.1.2.3.1"><a href="#section-5.1.3" class="xref">5.1.3</a>.  <span><a href="#name-processing-an-sdp-offer-or-" class="xref">Processing an SDP Offer or Answer</a> (<a href="#name-processing-an-sdp-offer-or-" class="xref">name-processing-an-sdp-offer-or-</a>)</span><a href="#section-boilerplate.3-1.5.2.1.2.3.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.5.2.1.2.4">
<p id="section-boilerplate.3-1.5.2.1.2.4.1"><a href="#section-5.1.4" class="xref">5.1.4</a>.  <a href="#name-modifying-the-session" class="xref">Modifying the Session</a><a href="#section-boilerplate.3-1.5.2.1.2.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.5.2.1.2.4.1"><a href="#section-5.1.4" class="xref">5.1.4</a>.  <span><a href="#name-modifying-the-session" class="xref">Modifying the Session</a> (<a href="#name-modifying-the-session" class="xref">name-modifying-the-session</a>)</span><a href="#section-boilerplate.3-1.5.2.1.2.4.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.6"> <li class="toc ulEmpty" id="section-boilerplate.3-1.6">
<p id="section-boilerplate.3-1.6.1"><a href="#section-6" class="xref">6</a>.  <a href="#name-detailed-technical-descript" class="xref">Detailed Technical Description</a><a href="#section-boilerplate.3-1.6.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.6.1"><a href="#section-6" class="xref">6</a>.  <span><a href="#name-detailed-technical-descript" class="xref">Detailed Technical Description</a> (<a href="#name-detailed-technical-descript" class="xref">name-detailed-technical-descript</a>)</span><a href="#section-boilerplate.3-1.6.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.1">
<p id="section-boilerplate.3-1.6.2.1.1"><a href="#section-6.1" class="xref">6.1</a>.  <a href="#name-origin-and-web-security-iss" class="xref">Origin and Web Security Issues</a><a href="#section-boilerplate.3-1.6.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.6.2.1.1"><a href="#section-6.1" class="xref">6.1</a>.  <span><a href="#name-origin-and-web-security-iss" class="xref">Origin and Web Security Issues</a> (<a href="#name-origin-and-web-security-iss" class="xref">name-origin-and-web-security-iss</a>)</span><a href="#section-boilerplate.3-1.6.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2">
<p id="section-boilerplate.3-1.6.2.2.1"><a href="#section-6.2" class="xref">6.2</a>.  <a href="#name-device-permissions-model" class="xref">Device Permissions Model</a><a href="#section-boilerplate.3-1.6.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.6.2.2.1"><a href="#section-6.2" class="xref">6.2</a>.  <span><a href="#name-device-permissions-model" class="xref">Device Permissions Model</a> (<a href="#name-device-permissions-model" class="xref">name-device-permissions-model</a>)</span><a href="#section-boilerplate.3-1.6.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.3">
<p id="section-boilerplate.3-1.6.2.3.1"><a href="#section-6.3" class="xref">6.3</a>.  <a href="#name-communications-consent" class="xref">Communications Consent</a><a href="#section-boilerplate.3-1.6.2.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.6.2.3.1"><a href="#section-6.3" class="xref">6.3</a>.  <span><a href="#name-communications-consent" class="xref">Communications Consent</a> (<a href="#name-communications-consent" class="xref">name-communications-consent</a>)</span><a href="#section-boilerplate.3-1.6.2.3.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.4">
<p id="section-boilerplate.3-1.6.2.4.1"><a href="#section-6.4" class="xref">6.4</a>.  <a href="#name-ip-location-privacy" class="xref">IP Location Privacy</a><a href="#section-boilerplate.3-1.6.2.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.6.2.4.1"><a href="#section-6.4" class="xref">6.4</a>.  <span><a href="#name-ip-location-privacy" class="xref">IP Location Privacy</a> (<a href="#name-ip-location-privacy" class="xref">name-ip-location-privacy</a>)</span><a href="#section-boilerplate.3-1.6.2.4.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.5"> <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.5">
<p id="section-boilerplate.3-1.6.2.5.1"><a href="#section-6.5" class="xref">6.5</a>.  <a href="#name-communications-security" class="xref">Communications Security</a><a href="#section-boilerplate.3-1.6.2.5.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.6.2.5.1"><a href="#section-6.5" class="xref">6.5</a>.  <span><a href="#name-communications-security" class="xref">Communications Security</a> (<a href="#name-communications-security" class="xref">name-communications-security</a>)</span><a href="#section-boilerplate.3-1.6.2.5.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7">
<p id="section-boilerplate.3-1.7.1"><a href="#section-7" class="xref">7</a>.  <a href="#name-web-based-peer-authenticati" class="xref">Web-Based Peer Authentication</a><a href="#section-boilerplate.3-1.7.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.1"><a href="#section-7" class="xref">7</a>.  <span><a href="#name-web-based-peer-authenticati" class="xref">Web-Based Peer Authentication</a> (<a href="#name-web-based-peer-authenticati" class="xref">name-web-based-peer-authenticati</a>)</span><a href="#section-boilerplate.3-1.7.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.1">
<p id="section-boilerplate.3-1.7.2.1.1"><a href="#section-7.1" class="xref">7.1</a>.  <a href="#name-trust-relationships-idps-ap" class="xref">Trust Relationships: IdPs, APs, and RPs</a><a href="#section-boilerplate.3-1.7.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.1.1"><a href="#section-7.1" class="xref">7.1</a>.  <span><a href="#name-trust-relationships-idps-ap" class="xref">Trust Relationships: IdPs, APs, and RPs</a> (<a href="#name-trust-relationships-idps-ap" class="xref">name-trust-relationships-idps-ap</a>)</span><a href="#section-boilerplate.3-1.7.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.2">
<p id="section-boilerplate.3-1.7.2.2.1"><a href="#section-7.2" class="xref">7.2</a>.  <a href="#name-overview-of-operation" class="xref">Overview of Operation</a><a href="#section-boilerplate.3-1.7.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.2.1"><a href="#section-7.2" class="xref">7.2</a>.  <span><a href="#name-overview-of-operation" class="xref">Overview of Operation</a> (<a href="#name-overview-of-operation" class="xref">name-overview-of-operation</a>)</span><a href="#section-boilerplate.3-1.7.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.3">
<p id="section-boilerplate.3-1.7.2.3.1"><a href="#section-7.3" class="xref">7.3</a>.  <a href="#name-items-for-standardization" class="xref">Items for Standardization</a><a href="#section-boilerplate.3-1.7.2.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.3.1"><a href="#section-7.3" class="xref">7.3</a>.  <span><a href="#name-items-for-standardization" class="xref">Items for Standardization</a> (<a href="#name-items-for-standardization" class="xref">name-items-for-standardization</a>)</span><a href="#section-boilerplate.3-1.7.2.3.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.4">
<p id="section-boilerplate.3-1.7.2.4.1"><a href="#section-7.4" class="xref">7.4</a>.  <a href="#name-binding-identity-assertions" class="xref">Binding Identity Assertions to JSEP Offer/Answer Transactions</a><a href="#section-boilerplate.3-1.7.2.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.4.1"><a href="#section-7.4" class="xref">7.4</a>.  <span><a href="#name-binding-identity-assertions" class="xref">Binding Identity Assertions to JSEP Offer/Answer Transactions</a> (<a href="#name-binding-identity-assertions" class="xref">name-binding-identity-assertions</a>)</span><a href="#section-boilerplate.3-1.7.2.4.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.4.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.4.2.1">
<p id="section-boilerplate.3-1.7.2.4.2.1.1"><a href="#section-7.4.1" class="xref">7.4.1</a>.  <a href="#name-carrying-identity-assertion" class="xref">Carrying Identity Assertions</a><a href="#section-boilerplate.3-1.7.2.4.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.4.2.1.1"><a href="#section-7.4.1" class="xref">7.4.1</a>.  <span><a href="#name-carrying-identity-assertion" class="xref">Carrying Identity Assertions</a> (<a href="#name-carrying-identity-assertion" class="xref">name-carrying-identity-assertion</a>)</span><a href="#section-boilerplate.3-1.7.2.4.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.5"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.5">
<p id="section-boilerplate.3-1.7.2.5.1"><a href="#section-7.5" class="xref">7.5</a>.  <a href="#name-determining-the-idp-uri" class="xref">Determining the IdP URI</a><a href="#section-boilerplate.3-1.7.2.5.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.5.1"><a href="#section-7.5" class="xref">7.5</a>.  <span><a href="#name-determining-the-idp-uri" class="xref">Determining the IdP URI</a> (<a href="#name-determining-the-idp-uri" class="xref">name-determining-the-idp-uri</a>)</span><a href="#section-boilerplate.3-1.7.2.5.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.5.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.5.2.1">
<p id="section-boilerplate.3-1.7.2.5.2.1.1"><a href="#section-7.5.1" class="xref">7.5.1</a>.  <a href="#name-authenticating-party" class="xref">Authenticating Party</a><a href="#section-boilerplate.3-1.7.2.5.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.5.2.1.1"><a href="#section-7.5.1" class="xref">7.5.1</a>.  <span><a href="#name-authenticating-party" class="xref">Authenticating Party</a> (<a href="#name-authenticating-party" class="xref">name-authenticating-party</a>)</span><a href="#section-boilerplate.3-1.7.2.5.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.5.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.5.2.2">
<p id="section-boilerplate.3-1.7.2.5.2.2.1"><a href="#section-7.5.2" class="xref">7.5.2</a>.  <a href="#name-relying-party" class="xref">Relying Party</a><a href="#section-boilerplate.3-1.7.2.5.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.5.2.2.1"><a href="#section-7.5.2" class="xref">7.5.2</a>.  <span><a href="#name-relying-party" class="xref">Relying Party</a> (<a href="#name-relying-party" class="xref">name-relying-party</a>)</span><a href="#section-boilerplate.3-1.7.2.5.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.6"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.6">
<p id="section-boilerplate.3-1.7.2.6.1"><a href="#section-7.6" class="xref">7.6</a>.  <a href="#name-requesting-assertions" class="xref">Requesting Assertions</a><a href="#section-boilerplate.3-1.7.2.6.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.6.1"><a href="#section-7.6" class="xref">7.6</a>.  <span><a href="#name-requesting-assertions" class="xref">Requesting Assertions</a> (<a href="#name-requesting-assertions" class="xref">name-requesting-assertions</a>)</span><a href="#section-boilerplate.3-1.7.2.6.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.7"> <li class="toc ulEmpty" id="section-boilerplate.3-1.7.2.7">
<p id="section-boilerplate.3-1.7.2.7.1"><a href="#section-7.7" class="xref">7.7</a>.  <a href="#name-managing-user-login" class="xref">Managing User Login</a><a href="#section-boilerplate.3-1.7.2.7.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.7.2.7.1"><a href="#section-7.7" class="xref">7.7</a>.  <span><a href="#name-managing-user-login" class="xref">Managing User Login</a> (<a href="#name-managing-user-login" class="xref">name-managing-user-login</a>)</span><a href="#section-boilerplate.3-1.7.2.7.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.8"> <li class="toc ulEmpty" id="section-boilerplate.3-1.8">
<p id="section-boilerplate.3-1.8.1"><a href="#section-8" class="xref">8</a>.  <a href="#name-verifying-assertions" class="xref">Verifying Assertions</a><a href="#section-boilerplate.3-1.8.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.8.1"><a href="#section-8" class="xref">8</a>.  <span><a href="#name-verifying-assertions" class="xref">Verifying Assertions</a> (<a href="#name-verifying-assertions" class="xref">name-verifying-assertions</a>)</span><a href="#section-boilerplate.3-1.8.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.8.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.8.2.1">
<p id="section-boilerplate.3-1.8.2.1.1"><a href="#section-8.1" class="xref">8.1</a>.  <a href="#name-identity-formats" class="xref">Identity Formats</a><a href="#section-boilerplate.3-1.8.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.8.2.1.1"><a href="#section-8.1" class="xref">8.1</a>.  <span><a href="#name-identity-formats" class="xref">Identity Formats</a> (<a href="#name-identity-formats" class="xref">name-identity-formats</a>)</span><a href="#section-boilerplate.3-1.8.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9">
<p id="section-boilerplate.3-1.9.1"><a href="#section-9" class="xref">9</a>.  <a href="#name-security-considerations" class="xref">Security Considerations</a><a href="#section-boilerplate.3-1.9.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.1"><a href="#section-9" class="xref">9</a>.  <span><a href="#name-security-considerations" class="xref">Security Considerations</a> (<a href="#name-security-considerations" class="xref">name-security-considerations</a>)</span><a href="#section-boilerplate.3-1.9.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.1">
<p id="section-boilerplate.3-1.9.2.1.1"><a href="#section-9.1" class="xref">9.1</a>.  <a href="#name-communications-security-2" class="xref">Communications Security</a><a href="#section-boilerplate.3-1.9.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.1.1"><a href="#section-9.1" class="xref">9.1</a>.  <span><a href="#name-communications-security-2" class="xref">Communications Security</a> (<a href="#name-communications-security-2" class="xref">name-communications-security-2</a>)</span><a href="#section-boilerplate.3-1.9.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.2">
<p id="section-boilerplate.3-1.9.2.2.1"><a href="#section-9.2" class="xref">9.2</a>.  <a href="#name-privacy" class="xref">Privacy</a><a href="#section-boilerplate.3-1.9.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.2.1"><a href="#section-9.2" class="xref">9.2</a>.  <span><a href="#name-privacy" class="xref">Privacy</a> (<a href="#name-privacy" class="xref">name-privacy</a>)</span><a href="#section-boilerplate.3-1.9.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.3">
<p id="section-boilerplate.3-1.9.2.3.1"><a href="#section-9.3" class="xref">9.3</a>.  <a href="#name-denial-of-service" class="xref">Denial of Service</a><a href="#section-boilerplate.3-1.9.2.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.3.1"><a href="#section-9.3" class="xref">9.3</a>.  <span><a href="#name-denial-of-service" class="xref">Denial of Service</a> (<a href="#name-denial-of-service" class="xref">name-denial-of-service</a>)</span><a href="#section-boilerplate.3-1.9.2.3.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4">
<p id="section-boilerplate.3-1.9.2.4.1"><a href="#section-9.4" class="xref">9.4</a>.  <a href="#name-idp-authentication-mechanis" class="xref">IdP Authentication Mechanism</a><a href="#section-boilerplate.3-1.9.2.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.4.1"><a href="#section-9.4" class="xref">9.4</a>.  <span><a href="#name-idp-authentication-mechanis" class="xref">IdP Authentication Mechanism</a> (<a href="#name-idp-authentication-mechanis" class="xref">name-idp-authentication-mechanis</a>)</span><a href="#section-boilerplate.3-1.9.2.4.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.1">
<p id="section-boilerplate.3-1.9.2.4.2.1.1"><a href="#section-9.4.1" class="xref">9.4.1</a>.  <a href="#name-peerconnection-origin-check" class="xref">PeerConnection Origin Check</a><a href="#section-boilerplate.3-1.9.2.4.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.4.2.1.1"><a href="#section-9.4.1" class="xref">9.4.1</a>.  <span><a href="#name-peerconnection-origin-check" class="xref">PeerConnection Origin Check</a> (<a href="#name-peerconnection-origin-check" class="xref">name-peerconnection-origin-check</a>)</span><a href="#section-boilerplate.3-1.9.2.4.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.2">
<p id="section-boilerplate.3-1.9.2.4.2.2.1"><a href="#section-9.4.2" class="xref">9.4.2</a>.  <a href="#name-idp-well-known-uri" class="xref">IdP Well-known URI</a><a href="#section-boilerplate.3-1.9.2.4.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.4.2.2.1"><a href="#section-9.4.2" class="xref">9.4.2</a>.  <span><a href="#name-idp-well-known-uri" class="xref">IdP Well-known URI</a> (<a href="#name-idp-well-known-uri" class="xref">name-idp-well-known-uri</a>)</span><a href="#section-boilerplate.3-1.9.2.4.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.3"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.3">
<p id="section-boilerplate.3-1.9.2.4.2.3.1"><a href="#section-9.4.3" class="xref">9.4.3</a>.  <a href="#name-privacy-of-idp-generated-id" class="xref">Privacy of IdP-generated identities and the hosting site</a><a href="#section-boilerplate.3-1.9.2.4.2.3.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.4.2.3.1"><a href="#section-9.4.3" class="xref">9.4.3</a>.  <span><a href="#name-privacy-of-idp-generated-id" class="xref">Privacy of IdP-generated identities and the hosting site</a> (<a href="#name-privacy-of-idp-generated-id" class="xref">name-privacy-of-idp-generated-id</a>)</span><a href="#section-boilerplate.3-1.9.2.4.2.3.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.4"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.4">
<p id="section-boilerplate.3-1.9.2.4.2.4.1"><a href="#section-9.4.4" class="xref">9.4.4</a>.  <a href="#name-security-of-third-party-idp" class="xref">Security of Third-Party IdPs</a><a href="#section-boilerplate.3-1.9.2.4.2.4.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.4.2.4.1"><a href="#section-9.4.4" class="xref">9.4.4</a>.  <span><a href="#name-security-of-third-party-idp" class="xref">Security of Third-Party IdPs</a> (<a href="#name-security-of-third-party-idp" class="xref">name-security-of-third-party-idp</a>)</span><a href="#section-boilerplate.3-1.9.2.4.2.4.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.5"> <li class="toc ulEmpty" id="section-boilerplate.3-1.9.2.4.2.5">
<p id="section-boilerplate.3-1.9.2.4.2.5.1"><a href="#section-9.4.5" class="xref">9.4.5</a>.  <a href="#name-web-security-feature-intera" class="xref">Web Security Feature Interactions</a><a href="#section-boilerplate.3-1.9.2.4.2.5.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.9.2.4.2.5.1"><a href="#section-9.4.5" class="xref">9.4.5</a>.  <span><a href="#name-web-security-feature-intera" class="xref">Web Security Feature Interactions</a> (<a href="#name-web-security-feature-intera" class="xref">name-web-security-feature-intera</a>)</span><a href="#section-boilerplate.3-1.9.2.4.2.5.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.10"> <li class="toc ulEmpty" id="section-boilerplate.3-1.10">
<p id="section-boilerplate.3-1.10.1"><a href="#section-10" class="xref">10</a>. <a href="#name-iana-considerations" class="xref">IANA Considerations</a><a href="#section-boilerplate.3-1.10.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.10.1"><a href="#section-10" class="xref">10</a>. <span><a href="#name-iana-considerations" class="xref">IANA Considerations</a> (<a href="#name-iana-considerations" class="xref">name-iana-considerations</a>)</span><a href="#section-boilerplate.3-1.10.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.11"> <li class="toc ulEmpty" id="section-boilerplate.3-1.11">
<p id="section-boilerplate.3-1.11.1"><a href="#section-11" class="xref">11</a>. <a href="#name-references" class="xref">References</a><a href="#section-boilerplate.3-1.11.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.11.1"><a href="#section-11" class="xref">11</a>. <span><a href="#name-references" class="xref">References</a> (<a href="#name-references" class="xref">name-references</a>)</span><a href="#section-boilerplate.3-1.11.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty"> <ul class="toc ulEmpty">
<li class="toc ulEmpty" id="section-boilerplate.3-1.11.2.1"> <li class="toc ulEmpty" id="section-boilerplate.3-1.11.2.1">
<p id="section-boilerplate.3-1.11.2.1.1"><a href="#section-11.1" class="xref">11.1</a>.  <a href="#name-normative-references" class="xref">Normative References</a><a href="#section-boilerplate.3-1.11.2.1.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.11.2.1.1"><a href="#section-11.1" class="xref">11.1</a>.  <span><a href="#name-normative-references" class="xref">Normative References</a> (<a href="#name-normative-references" class="xref">name-normative-references</a>)</span><a href="#section-boilerplate.3-1.11.2.1.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.11.2.2"> <li class="toc ulEmpty" id="section-boilerplate.3-1.11.2.2">
<p id="section-boilerplate.3-1.11.2.2.1"><a href="#section-11.2" class="xref">11.2</a>.  <a href="#name-informative-references" class="xref">Informative References</a><a href="#section-boilerplate.3-1.11.2.2.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.11.2.2.1"><a href="#section-11.2" class="xref">11.2</a>.  <span><a href="#name-informative-references" class="xref">Informative References</a> (<a href="#name-informative-references" class="xref">name-informative-references</a>)</span><a href="#section-boilerplate.3-1.11.2.2.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.12"> <li class="toc ulEmpty" id="section-boilerplate.3-1.12">
<p id="section-boilerplate.3-1.12.1"><a href="#section-appendix.a" class="xref"></a>  <a href="#name-acknowledgements" class="xref">Acknowledgements</a><a href="#section-boilerplate.3-1.12.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.12.1"><a href="#section-appendix.a" class="xref">A</a>  <span><a href="#name-acknowledgements" class="xref">Acknowledgements</a> (<a href="#name-acknowledgements" class="xref">name-acknowledgements</a>)</span><a href="#section-boilerplate.3-1.12.1" class="pilcrow">¶</a></p>
</li> </li>
<li class="toc ulEmpty" id="section-boilerplate.3-1.13"> <li class="toc ulEmpty" id="section-boilerplate.3-1.13">
<p id="section-boilerplate.3-1.13.1"><a href="#section-appendix.b" class="xref"></a>  <a href="#name-authors-address" class="xref">Author's Address</a><a href="#section-boilerplate.3-1.13.1" class="pilcrow">¶</a></p> <p id="section-boilerplate.3-1.13.1"><a href="#section-appendix.b" class="xref">B</a>  <span><a href="#name-authors-address" class="xref">Author's Address</a> (<a href="#name-authors-address" class="xref">name-authors-address</a>)</span><a href="#section-boilerplate.3-1.13.1" class="pilcrow">¶</a></p>
</li> </li>
</ul> </ul>
</nav> </nav>
</section> </section>
</div> </div>
<div id="sec.introduction"> <div id="sec.introduction">
<section id="section-1"> <section id="section-1">
<h2 id="name-introduction"> <h2 id="name-introduction">
<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a> <a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
</h2> </h2>
 End of changes. 52 change blocks. 
52 lines changed or deleted 52 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/

mirror server hosted at Truenetwork, Russian Federation.