Authentication, Authorization, and Accounting in WebRTC PaaS Infrastructures: The Case of Kurento

Author

Lopez-Fernandez, Luis ; Gallego, Micael ; Garcia, Belen ; Fernandez-Lopez, David ; Lopez, Francisco Javier

Volume

18

Issue

6

fYear

2014

fDate

Nov.-Dec. 2014

Firstpage

34

Lastpage

40

Abstract

WebRTC server infrastructures are useful for creating rich real-time communication (RTC) applications. Developers commonly use them for accessing capabilities such as group communications, archiving, and transcoding. Details on how to implement and use such infrastructures securely are of increasing interest to the engineering community. Kurento is an open source project that provides a WebRTC media server and a platform as a service cloud built on top of it. The authors present the Kurento API and analyze different security models for it, investigating the suitability of using simple access control lists (ACLs) and capability-based security schemes to provide authorization. Using minimal implementation, they discuss the advantages and drawbacks of each scheme and conclude that, for the proposed schemes, ACLs are less scalable but provide more granularity.

Keywords

application program interfaces; authorisation; cloud computing; public domain software; ACL; Kurento API; Kurento open source project; WebRTC PaaS infrastructure; WebRTC media server; access control lists; accounting; application program interface; authentication; authorization; capability-based security scheme; platform-as-a-service cloud; realtime communication; Access control; Access protocols; Authentication; Authorization; Media; Real-time systems; Servers; Transcoding; WebRTC; AAA; ACLs; WebRTC; authorization; capabilities; infrastructures; platform as a service;

fLanguage

English

Journal_Title

Internet Computing, IEEE

Publisher

ieee

ISSN

1089-7801

Type

jour

DOI

10.1109/MIC.2014.102

Filename

6879049