This post is deals with some less known real world implication of developing and integrating WebRTC with telecom service providers network and bring the solution in action . The regulatory and legal constrains are bought to light after the product is in action and are mostly result of short sightedness . The following is a list of factors that must be kept in mind while webRTC solution is in development stages
WebRTC services from telecom provider depend on the access technology, which may differ if the user accessing the network through a third party Wi-Fi hotspot.
User/network type may also dictate if decryption of the media is possible/required.
For Peer-to-Peer paths, media could be extracted through the use of network probes or other methodology
Then there are Other Considerations such as specific services, for example if WebRTC is used to create softphones software permitting users to receive or originate calls to the PSTN, the current view is to treat this as a fully interconnected VoIP service subject to all the rules that apply to the PSTN – regardless of technologies employed.
Communications Assistance for Law Enforcement Act (CALEA) , a United States wiretapping law passed in 1994, during the presidency of Bill Clinton.
CALEA requirement for an LTE user may be very different than the CALEA requirements for a user accessing the network through a third party Wi-Fi hotspot.
For media going through the SBC, CALEA may use a design similar to existing CALEA designs.
Read more on WebRTC Security here which discusses SOP (single origin policy ) , CORs ( cross origin requests) , JSONP , ICE , location sharing , scerensharing , Long term access to camera and microphone , SRTP DTLS as well as best practises for secure communication
VoIP and WebRTC platform security largely depend on the underlying protocols such as SIP . SIP is an robuts and time tested VoIP proctol to facilitate VoIP calls . To learn more about SIP security against atacks like
We have already learned about Sip user agent and sip network server. SIP clients initiates a call and SIP server routes the call . Registrar is responsible for name resolution and user location. Sip proxy receives calls and send it to its destination or next hop.
Presence is user’s reachability and willingness to communicate its current status information . User subscribe to an event and receive notification . The components in presence are :
Presence user agent
Sip was initially introduced as a signaling protocol but there were Lack of method to emulate constant communication and update status between entity
Three more method was introduced namely – Publish , Subscribe and Notify
Subscribe request should be send by watchers to presence server
Presence agent should authenticate and send acknowledgement
State changes should be notified to subscriber
Agents should be able to allow or terminate subscription
Presence is a way to have sustained stateful communication. The SIP User agents can use presence service to know about others user’s online status . Presnece deployment must confirm to security standards .