CN104052732A - Managing identity provider (IdP) identifiers for web real-time communications (webrtc) interactive flows, and related methods, systems - Google Patents
Managing identity provider (IdP) identifiers for web real-time communications (webrtc) interactive flows, and related methods, systems Download PDFInfo
- Publication number
- CN104052732A CN104052732A CN201410096155.XA CN201410096155A CN104052732A CN 104052732 A CN104052732 A CN 104052732A CN 201410096155 A CN201410096155 A CN 201410096155A CN 104052732 A CN104052732 A CN 104052732A
- Authority
- CN
- China
- Prior art keywords
- webrtc
- idp
- identifiers
- identity
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to managing identity provider (IdP) identifiers for web real-time communications (webrtc) interactive flows, and related methods, systems. Embodiments include managing Identity Provider (IdP) identifiers for Web Real-Time Communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media. In one embodiment, a method for managing IdPs comprises selecting, by a WebRTC client executing on a computing device, one or more preferred IdP identifiers indicated by one or more preferences from a plurality of IdP identifiers corresponding to a plurality of IdPs for providing identity assertions during an establishment of a WebRTC interactive flow. The method further comprises obtaining one or more identity assertions from respective ones of the plurality of IdPs corresponding to the one or more preferred IdP identifiers. The method also comprises providing, during the establishment of the WebRTC interactive flow, the one or more identity assertions. In this manner, an entity may specify the IdP used for identity authentication, and the number of identity assertions provided during initiation of the WebRTC interactive flow.
Description
Priority application
The application requires the U.S. Provisional Patent Application sequence number 61/781 that the title submitted on March 14th, 2013 is " DISTRIBUTED APPLICATION OF ENTERPRISE POLICIES TO WEB REAL-TIME COMMUNICATIONS (WEBRTC) INTERACTIVE SESSIONS; AND RELATED METHODS; SYSTEM; AND COMPUTER-READABLE MEDIA ", 122 priority, is all incorporated in this by this U. S. application hereby by reference.
Technical field
Technology of the present disclosure generally relates to Web real time communication (Web Real-Time Communications, WebRTC) interactive session.
Background technology
Web real time communication (WebRTC) is ongoing exploitation for real-time communication function being integrated into web client such as web browser to enable and the effort of the industry standard of the direct interaction of other web clients.This real-time communication function can be by web developer via the version 5(version5of the Hyper Text Markup Language such as HTML, the standard markup tags of those that HTML5) provide and so on and the client-side script such as JavaScript API are processed API (Application Programming Interface, API) and are visited.Can in " WebRTC:APIs and RTCWEB Protocols of the HTML5Real-Time Web " the 2nd edition (2013Digital Codex LLC) that Alan B.Johnston and Daniel C.Burnett show, find about the more information of WebRTC, by reference the document is all incorporated to here.
WebRTC provides built-in ability for setting up real-time video, audio frequency and/or data flow at point-to-point interactive session and multi-party interactive session.WebRTC standard is current just to be developed jointly by World Wide Web Consortium (World Wide Web Consortium, W3C) and Internet Engineering task groups (Internet Engineering Task Force, IETF).Information about the current state of WebRTC standard can find at for example http://www.w3c.org and http://www.ietf.org.
In typical WebRTC exchange, two WebRTC clients are fetched the web application that has enabled WebRTC, for example HTML5/JavaScript web application from web application server.Apply by these web, two WebRTC clients participate in the initiation dialogue connecting for initiating equity subsequently, and WebRTC interactive stream (for example real-time video, audio frequency and/or exchanges data) will connect by this equity.This initiates dialogue can comprise the parameter of the characteristic for transmitting definition WebRTC interactive session the media negotiation of reaching an agreement with regard to these parameters.
In certain embodiments, media negotiation can connect via WebRTC offer/reply (offer/answer) exchange and realize via the secure network connecting such as SHTTP Secure Hyper Text Transfer Protocol (Hyper Text Transfer Protocol Secure, HTTPS) or Secure Web Sockets connects and so on.At WebRTC offer/reply in exchange, a WebRTC client sends WebRTC conversation description object " offer " to the 2nd WebRTC client, and it can specify preferred media type and the ability of a WebRTC client.The 2nd WebRTC client " is replied " and is responded with WebRTC conversation description object subsequently, should " replying " indicates the 2nd WebRTC client for this WebRTC interactive session support and can accept which in medium type and the ability of institute's offer.
Once initiate to have talked with, WebRTC client subsequently just can with set up each other direct equity and be connected, and can start to transmit the media of real time communication or the exchange of packet.Equity between WebRTC client connects employing Security Real Time Protocol (Secure Real-time Transport Protocol, SRTP) conventionally and carrys out transmitting real-time media stream, and can be by various other agreements for real time data exchange.Be appreciated that initiating dialogue can adopt other the machine-processed WebRTC interactive streams of setting up between WebRTC end points except WebRTC offer/reply exchange.
WebRTC has also specified that one is called as identity supplier (Identity Provider by use, IdP) the entity based on web carrys out the mechanism that the identity to initiating the WebRTC client that relates in dialogue (thereby and, the equity of setting up as the result of initiating dialogue connects and WebRTC interactive stream) authenticates.This mechanism can described in Section 8 " Identity " of for example online document " WebRTC1.0:Real-time Communication Between Browsers " obtaining of http://dev.w3.org/2011/webrtc/editor/webrtc.html.For authenticating identity, seek the participant's (authenticating party Authenticating Party, AP in other words) of certification WebRTC client and first download authentication application from IdP.As example, authentication application can be realize for request and identity verification assert (identity assertion) common Web RTC agreement JavaScript web apply.Authentication application also can the specific requirement based on IdP provide special logic.Utilize authentication application, AP obtains " identity assertion " from IdP.Obtaining the process of identity assertion can relate to for example AP and sign in in IdP or to IdP certificate is provided.The WebRTC client of AP provides this identity assertion subsequently as a part of initiating dialogue.For example, at WebRTC offer/reply in the situation of exchange, the WebRTC client of AP can append to offer/reply the identity assertion obtaining from IdP.Be called as offer/recipient who replys of relying party (Relying Party, RP) subsequently from same IdP download checking application, and carry out identity verification with it and assert, and as expansion, verify the identity of AP.
WebRTC client can adopt customization IdP for identity assertion, and wherein customizing IdP is for example, to specify by using instruction (, setIdentityProvider instruction) to carry out sequencing by IdP identifier in the WebRTC web application of downloading.Or the IdP identifier of acquiescence can be stored in the setting for WebRTC client, for using in the case of the customization IdP identifier that does not have web application to specify.Thereby, in typical scene, there are at most two IdP identifiers to use for given WebRTC interactive stream, wherein WebRTC web application determines it is to use customization IdP identifier or acquiescence IdP identifier.But in some cases, this may not can provide sufficient control or flexibility to the IdP identifier that will be used for given WebRTC interactive stream.In the situation of the WebRTC client in enterprise network, enterprise may wish that regulation business strategy provides more than two IdP identifiers for a WebRTC client, and/or multiple IdP identifiers are carried out to prioritization to be used in different communication scenes.For example, enterprise may wish to specify specific IdP identifier to be used by all WebRTC clients in enterprise network, no matter is the customization IdP identifier of web application appointment or the IdP identifier of acquiescence.
Summary of the invention
In detailed description, disclosed embodiment provides the identifier for Web real time communication (WebRTC) interactive stream management identity supplier (IdP).Relevant method, system and computer-readable medium are also disclosed.In certain embodiments, WebRTC client can comprise IdP identifier management agency, and this agency can fetch multiple IdP identifiers, prioritization and/or storage.Relating to the initiation session of WebRTC interactive stream of WebRTC client, IdP identifier management agency can select the one or more preferred IdP identifier of being indicated by one or more preference to come for authentication from multiple IdP identifiers.These multiple IdP identifiers can be received from business strategy server by IdP identifier management agency, can be (one or more) acquiescence IdP identifier by WebRTC client stores, and/or can be provided by the WebRTC web application of downloading.The preference of being specified by business strategy, the preference being provided by preference and/or the user of WebRTC client stores can be provided one or more preference.IdP identifier management agency can obtain one or more identity assertions from the each IdP corresponding with one or more preferred IdP identifiers subsequently, and for example the one or more identity assertion can be included in, in initiation dialogue for WebRTC interactive stream (, WebRTC offer/reply exchange).Like this, the entity such as enterprise can apply fine granularity control to number and the type of the identity assertion that will be used for (one or more) IdP of authentication and can obtain and provide during the initiation of WebRTC interactive stream.
At this, in one embodiment, provide a kind of method of the WebRTC of being used to interactive stream managing I dP identifier.The method comprise by the WebRTC client of carrying out on computing equipment from foundation at WebRTC interactive stream during provide and select the one or more preferred IdP identifier of being indicated by one or more preference among the corresponding multiple IdP identifiers of multiple IdP of identity assertion.The method also comprises that each IdP corresponding with one or more preferred IdP identifiers from multiple IdP obtains one or more identity assertions.The method provides this one or more identity assertions during being also included in the foundation of WebRTC interactive stream.
A kind of system of the WebRTC of being used to interactive stream managing I dP identifier is provided in another embodiment.This system comprises at least one communication interface, and is associated with this at least one communication interface and comprises the computing equipment that IdP identifier management is acted on behalf of.This IdP identifier management agency be configured to from foundation at WebRTC interactive stream during provide the corresponding multiple IdP identifiers of multiple IdP of identity assertion to select the one or more preferred IdP identifier of being indicated by one or more preference.IdP identifier management agency be also configured to obtain one or more identity assertions via at least one communication interface each IdP corresponding with one or more preferred IdP identifiers from multiple IdP.IdP identifier management agency be also configured to provide one or more identity assertions during the foundation of WebRTC interactive stream.
In another embodiment, provide a kind of non-transient state computer-readable medium.On this non-transient state computer-readable medium, store computer executable instructions to make processor realize a kind of method, the method comprises: by WebRTC client from foundation at WebRTC interactive stream during provide and select the one or more preferred IdP identifier of being indicated by one or more preference among the corresponding multiple IdP identifiers of multiple IdP of identity assertion.The method being realized by computer executable instructions also comprises that each IdP corresponding with one or more preferred IdP identifiers from multiple IdP obtains one or more identity assertions.The method being realized by computer executable instructions provides this one or more identity assertions during being also included in the foundation of WebRTC interactive stream.
Brief description of the drawings
In conjunction with in this manual and the accompanying drawing that forms the part of this specification illustrate several aspect of the present disclosure, and help together with the description explanation principle of the present disclosure.
Fig. 1 is the concept map that the exemplary topology of Web real time communication (WebRTC) interactive stream that comprises WebRTC client is shown, wherein this WebRTC client comprises identity supplier (IdP) identifier management agency;
Fig. 2 illustrates the figure that---comprises the IdP identifier being provided by business strategy server---by exemplary IdP identifier WebRTC client default storage and that specified by WebRTC web application;
Fig. 3 is the figure that is illustrated in the communication stream between identity assertion and checking commutation period, comprising the WebRTC client that contains IdP identifier management agency;
Fig. 4 is the flow chart that the example operation that is used to WebRTC interactive stream managing I dP identifier is shown;
Fig. 5 is the flow chart that the more detailed example operation that is used to WebRTC interactive stream managing I dP identifier is shown;
Fig. 6 illustrates the flow chart that obtains the more detailed example operation of one or more identity assertions for the IdP identifier management agency by Fig. 1;
Fig. 7 illustrates the flow chart that the more detailed example operation of one or more identity assertions is provided for the IdP identifier management agency by Fig. 1; And
Fig. 8 is the block diagram that can comprise the IdP identifier management agency's of Fig. 1 the exemplary system based on processor.
Embodiment
With reference now to accompanying drawing,, several example embodiment of the present disclosure are described." exemplary " word is used to refer to " serving as example, example or illustration " in this article.Any embodiment that is described as " exemplary " herein not necessarily will be interpreted as compared with other embodiment more preferably or be favourable.
In detailed description, disclosed embodiment provides the identifier for Web real time communication (WebRTC) interactive stream management identity supplier (IdP).Relevant method, system and computer-readable medium are also disclosed.In certain embodiments, WebRTC client can comprise IdP identifier management agency, and this agency can fetch multiple IdP identifiers, prioritization and/or storage.Relating to the initiation session of WebRTC interactive stream of WebRTC client, IdP identifier management agency can select the one or more preferred IdP identifier of being indicated by one or more preference to come for authentication from multiple IdP identifiers.These multiple IdP identifiers can be received from business strategy server by IdP identifier management agency, can be (one or more) acquiescence IdP identifier by WebRTC client stores, and/or can be provided by the WebRTC web application of downloading.The preference of being specified by business strategy, the preference being provided by preference and/or the user of WebRTC client stores can be provided one or more preference.IdP identifier management agency can obtain one or more identity assertions from the each IdP corresponding with one or more preferred IdP identifiers subsequently, and for example the one or more identity assertion can be included in, in initiation dialogue for WebRTC interactive stream (, WebRTC offer/reply exchange).Like this, the entity such as enterprise can apply fine granularity control to number and the type of the identity assertion that will be used for (one or more) IdP of authentication and can obtain and provide during the initiation of WebRTC interactive stream.
At this, in one embodiment, provide a kind of method of the WebRTC of being used to interactive stream managing I dP identifier.The method comprise by the WebRTC client of carrying out on computing equipment from foundation at WebRTC interactive stream during provide and select the one or more preferred IdP identifier of being indicated by one or more preference among the corresponding multiple IdP identifiers of multiple IdP of identity assertion.The method also comprises that each IdP corresponding with one or more preferred IdP identifiers from multiple IdP obtains one or more identity assertions.The method provides this one or more identity assertions during being also included in the foundation of WebRTC interactive stream.
Fig. 1 shows the exemplary WebRTC interactive system 10 that is used to as disclosed herein WebRTC interactive stream managing I dP identifier.Particularly, exemplary WebRTC interactive system 10 comprises IdP identifier management agency 12, this IdP identifier management agency 12 be provided for acquisition, prioritization and/or store one or more IdP identifiers and for (one or more) based on the one or more IdP identifier preferably IdP identifier obtain the function of one or more identity assertions." WebRTC interactive session " used herein refers to for carrying out WebRTC and initiates dialogue, set up equity connection and between two or more end points, start the operation of WebRTC interactive stream." WebRTC interactive stream " disclosed herein refers to the interactive media stream and/or the interactive data stream that between two or more end points, transmit according to WebRTC standard and agreement.As non-limiting example, the interactive media stream that forms WebRTC interactive stream can comprise real-time audio stream and/or live video stream, or other real-time media or data flow.The data and/or the media that form WebRTC interactive stream can be referred to as " content in this article.
Before discussing IdP identifier management agency 12 details, first the foundation of the WebRTC interactive stream in the WebRTC interactive system 10 of Fig. 1 described.In Fig. 1, the first computing equipment 14 is carried out a WebRTC client 16, and the second computing equipment 18 is carried out the 2nd WebRTC client 20.In the example of Fig. 1, the first computing equipment 14 is parts of enterprise network 22.But, be appreciated that in certain embodiments, computing equipment 14 and 18 can all be positioned at same public or private network, or can be positioned at dividually but in communication the public or private network of coupling.Each in can regulation computing equipment 14 and 18 of some embodiment of the exemplary WebRTC interactive system 10 of Fig. 1 can be any computing equipment with network communications capability, for example smart phone, flat computer, special web equipment, media server, desktop type or server computer or special communication equipment, above these are non-limiting examples.Computing equipment 14 and 18 comprises respectively communication interface 24 and 26, for computing equipment 14 and 18 is physically connected to one or more public and/or private networks.In certain embodiments, the element of computing equipment 14 and 18 can be distributed on more than one computing equipment 14,18.
WebRTC client 16 and 20 in this example can be respectively web browser application naturally, special communications applications, or without the application of interface, for example background program or service application, above-mentioned these are non-limiting examples.The one WebRTC client 16 comprises script processing engine 28 and WebRTC function supplier 30.Similarly, the 2nd WebRTC client 20 comprises script processing engine 32 and WebRTC function supplier 34.Script processing engine 28 and 32 makes the client side application of writing with the script such as JavaScript can be respectively in WebRTC client 16 and 20 interior execution.Script processing engine 28 and 32 also provide API (API) with promote with other functions supplier in WebRTC client 16 and/or 20, with computing equipment 14 and/or 18 and/or with the communicating by letter of other web clients, subscriber equipment or web server.The WebRTC function supplier 30 of the one WebRTC client 16 and the WebRTC function supplier 34 of the 2nd WebRTC client 20 realize and enable real-time, interactive via WebRTC and flow necessary agreement, codec and API.Script processing engine 28 and WebRTC function supplier 30 are coupled communicatedly via the API of one group of definition, as indicated in four-headed arrow 36.Similarly, script processing engine 32 and WebRTC function supplier 34 coupling communicatedly as shown in four-headed arrow 38.
Provide WebRTC application server 40 to enable the web application (not shown) of WebRTC and initiated dialogue 42 for relaying during the foundation at WebRTC interactive stream 44 for providing to the WebRTC client 16,20 of making request.In certain embodiments, WebRTC application server 40 can be individual server, and in some applications, WebRTC application server 40 can comprise and the multiple servers that communicate with one another and be coupled.Be appreciated that WebRTC application server 40 can reside in same public or private network with computing equipment 14 and/or 18, or can be positioned at public or private network independent, communicative couplings.
Fig. 1 also shows owing to setting up the feature WebRTC topology that WebRTC interactive stream 44 produces between a WebRTC client 16 and the 2nd WebRTC client 20.Both download WebRTC web application (not shown) from WebRTC application server 40 in order to set up WebRTC interactive stream 44, the one WebRTC clients 16 and the 2nd WebRTC client 20.In certain embodiments, WebRTC web application comprises the HTML/JavaScript web application that utilizes HTML5 enriching user interface to be provided and to process user's input and communicate by letter with WebRTC application server 40 with JavaScript.
The one WebRTC client 16 and the 2nd WebRTC client 20 participate in initiating dialogue 42 via WebRTC application server 40 subsequently.Conventionally, initiate dialogue 42 and connect upper generation at the security web such as SHTTP Secure Hyper Text Transfer Protocol (HTTPS) connects.Initiate dialogue 42 and can comprise WebRTC conversation description object, HTTP (HTTP) header data, certificate, encryption key and/or network route data, above-mentioned these are non-limiting examples.In certain embodiments, initiate dialogue 42 and can comprise WebRTC offer/reply exchange.The WebRTC interactive stream 44 that the data of exchange can be used for for expecting during initiating dialogue 42 is determined medium type and ability.Complete once initiate dialogue 42, just can connect 46 via the safety equity between a WebRTC client 16 and the 2nd WebRTC client 20 and set up WebRTC interactive stream 44.
Being appreciated that some embodiment can utilize is different from other the topological topologys shown in Fig. 1.For example, some embodiment can adopt two web application servers via these are non-limiting examples such as Session initiation Protocol (Session Initiation Protocol, SIP) or Jingle() and so on agreement and the topology of direct communication each other.It is also understood that, replace the 2nd WebRTC client 20, the second computing equipment 18 can comprise SIP client device, Jingle client device or be coupled to communicatedly the public switch telephone network of phone (Public Switched Telephone Network, PSTN) gateway device.
In certain embodiments, initiate the reciprocity connection 46 of dialogue 42 and/or safety and can pass through network element 48.Network element 48 can be the computing equipment with network communications capability, and can comprise network router, the network switch, bridge, use relaying passing through NAT (Traversal Using Relays around NAT, TURN) utility program (Session Traversal Utilities for Network Address Translation, STUN) server is passed through in server and/or network address translation session.Some embodiment can specify that network element 48 requires from the first computing equipment 14 and/or from the certification (not shown) of a WebRTC client 16.In the example of Fig. 1, network element 48 is positioned at enterprise network 22.Be appreciated that in certain embodiments, network element 48 can reside in same public or private network with computing equipment 14 and/or 18, or can be positioned at the public or private network of independent communicative couplings.
During the foundation of WebRTC interactive stream 44, WebRTC web application can require the certification of the identity to a WebRTC client 16 with the connection 46 of authentication security equity and WebRTC interactive stream 44.This can be by using the IdP such as IdP50 (1-N) to complete.As seen from Figure 1, IdP50 (1-N) is positioned at enterprise network 22 outsides.But, be appreciated that in certain embodiments one or more the residing in enterprise network 22 in IdP50 (1-N), reside in same public or private network with computing equipment 14 and/or 18, or reside in the public or private network of independent communicative couplings.
In typical authenticated exchange, a WebRTC client 16 participates in and for example, such as the identity assertion dialogue (, identity assertion dialogue 52 (1)) between the such IdP of IdP50 (1).As a part for identity assertion dialogue 52 (1), a WebRTC client 16 can be downloaded authentication application (not shown) from IdP50 (1), and can be to IdP50 (1) request identity assertion (not shown).Obtaining after identity assertion, a WebRTC client 16 offers the 2nd WebRTC client 20 using this identity assertion as a part (for example,, as WebRTC offer/a reply part for exchange) of initiating dialogue 42.The 2nd WebRTC client 20 can for example, be verified this identity assertion by the authentication dialogue (, authentication dialogue 54 (1)) participating between IdP50 (1) subsequently.If identity assertion is successfully verified, the 2nd WebRTC client 20 can continue initiation dialogue 42 and set up the connection 46 of safety equity and WebRTC interactive stream 44.The checking if the identity assertion that a WebRTC client 16 provides is not succeeded, the 2nd WebRTC client 20 can select refusal to initiate dialogue 42.
In typical WebRTC authentication scene, have maximum two IdP identifiers to can be used to authenticate given WebRTC client: can be by enabling of downloading the web of WebRTC the customization IdP identifier providing is provided, and/or by the acquiescence IdP identifier of WebRTC client stores.But in some cases, this may not can provide sufficient control or flexibility to (one or more) IdP that will be used for given WebRTC interactive stream.For example, enterprise may wish that, for a WebRTC client 16 provides multiple IdP identifiers, these multiple IdP identifiers are carried out prioritization to be used in different communication scenes.Enterprise also may want to specify specific IdP identifier to come for a WebRTC client 16 in enterprise network 22, no matter and what the customization IdP identifier of being specified by web application and/or the acquiescence IdP identifier of a WebRTC client 16 be.
At this, provide the IdP identifier management agency 12 of Fig. 1.According to embodiment described herein, IdP identifier management agency 12 makes the entity such as enterprise can specify the one or more preferred IdP identifier of being indicated by one or more preference, come for the authentication during the foundation of WebRTC interactive stream 44, and can promote these multiple IdP identifiers for authentication.In certain embodiments, IdP identifier management agency 12 can be embodied as expansion or the plug-in unit of a WebRTC client 16, and can be coupled to communicatedly the script processing engine 28 of a WebRTC client 16, as indicated in four-headed arrow 56.Be appreciated that some embodiment can regulation IdP identifier management agency 12 can be integrated in WebRTC function supplier 30 and/or script processing engine 28, or be embodied as the overall part of a WebRTC client 16.
Some embodiment can regulation IdP identifier management agency 12 be coupled to business strategy server 58 communicatedly, as indicated in four-headed arrow 60.Therefore, IdP identifier management agency 12 can select one or more preferred IdP identifiers one or more IdP identifiers specified from the business strategy being specified by business strategy server 58.Like this, enterprise can authenticate through the WebRTC interactive session of enterprise network 22 and apply control what IdP of WebRTC client 16 use.In certain embodiments, can from the one or more IdP identifiers that are stored as acquiescence IdP identifier by a WebRTC client 16 and/or specified by the WebRTC web application of downloading, select one or more preferred IdP identifiers.
Can be carried out based on one or more preference (not shown) by IdP identifier management agency 12 selection of one or more preferred IdP identifiers.The business strategy that one or more preference can be specified by business strategy server 58 provides, and/or can be provided by user's input.In certain embodiments, one or more preference can comprise the preferred mark of indicating preferred IdP identifier, or the preferred rank that can comprise the relative preferable compared with one or more other IdP identifiers of instruction one IdP identifier, above-mentioned these are non-limiting examples.
After selecting one or more preferred IdP identifiers, IdP identifier management agency 12 can obtain the one or more identity assertions corresponding with the one or more preferred IdP identifier from IdP50 (1-N) during initiating dialogue 42.For example, in certain embodiments, IdP identifier management agency 12 can tackle therein WebRTC API Calls in the time that the WebRTC web application of downloading is carried out by the script processing engine 28 of a WebRTC client 16.Like this, IdP identifier management agency 12 dynamically revises WebRTC web and applies the request to identity assertion and obtain one or more identity assertions to guarantee from one or more preferred IdP identifiers.As non-limiting example, IdP identifier management agency 12 can tackle by WebRTC web the instruction such as setIdentityProvider instruction providing is provided, and can before these instructions are carried out by script processing engine 28, revise these instructions to specify one or more preferred IdP identifiers.In certain embodiments, modify instruction can comprise removes the IdP identifier of specifying in presumptive instruction, and utilizes one or more preferred IdP identifiers to replace the IdP identifier of removal.
Some embodiment can specify, IdP identifier management agency 12 can inject new instruction (for example setIdentityProvider instruction) in WebRTC web application.Even if this can guarantee also not use one or more preferred IdP identifiers when assigned I dP identifier when WebRTC web application itself.In certain embodiments, IdP identifier management agency 12 can apply the existing instruction providing by WebRTCweb and remove completely, and newly instruction is replaced.As non-limiting example, this IdP that can attempt utilizing application to specify in WebRTC web application forces to allow user to keep anonymous in the scene of identity assertion and/or checking.
Similarly, IdP identifier management agency 12 can tackle and revise WebRTC API Calls so that the one or more identity assertions that obtained are provided as a part of initiating dialogue 42.For example, IdP identifier management agency 12 can tackle WebRTC web the instruction such as createOffer and/or createAnswer instruction providing is provided.These instructions can be by IdP identifier management agency 12 amendments to cover the one or more identity assertions that obtained WebRTC offer/reply in exchange.
In certain embodiments, IdP identifier management agency 12 also can revise and for example initiate dialogue 42(, WebRTC offer/reply) to comprise the one or more certifications for network element 48.This can make a WebRTC client 16 can automatically be provided for the certificate of the function of accesses network element 48.As non-limiting example, IdP identifier management agency 12 can be at initiation dialogue 42 STUN server authentication and/or the TURN server authentications that comprise for a WebRTC client 16.Can comprise the IdP identifier for authenticating for network element 48 for one or more certifications of network element 48.Some embodiment can specify can be for the different IdP identifier of the one or more preferred IdP identifier of identity assertion and/or checking from a WebRTC client 16 for the IdP identifier authenticating by network element 48.
Fig. 2 shows the exemplary IdP identifier 62 that can be used to obtain by the IdP identifier management of Fig. 1 agency 12 one or more identity assertions.In the example of Fig. 2, exemplary IdP identifier 62 can represent by form, and this form can be embodied as database table or other suitable data structures in certain embodiments.Each exemplary IdP identifier 62 can comprise preference designator 64, IdP title 66, agreement 68 and user ID (ID) 70, and above-mentioned these are non-limiting examples.Which in exemplary IdP identifier 62 be preference designator 64 can indicate and be preferred for the authentication in WebRTC interactive session.In certain embodiments, preference designator 64 can comprise preferred rank and/or preferably indicate, and can for example, by business strategy server (the business strategy server 58 of Fig. 1) or input appointment by user.In the example of Fig. 2, preference designator 64 is each ranks that are assigned in IdP identifier 72 (1-X), 74 (1-Y), 75 (1-Z) and 76 (1-W), wherein the IdP identifier of high rank (, preferably IdP identifier 78) is selected to be used in WebRTC interactive session.Be appreciated that in certain embodiments, preferably IdP identifier 78 can comprise multiple in exemplary IdP identifier 62.
IdP title 66 can comprise the domain name system (Domain Name System, DNS) title or other identification informations that visit corresponding IdP for a WebRTC client 16 of Fig. 1 in certain embodiments.The procotol that agreement 68 can specify a WebRTC client 16 will use in the time getting in touch with IdP, and user ID 70 can represent the user ID of setting up previously and between IdP.Be appreciated that in certain embodiments, agreement 68 and/or user ID 70 can be optional.
As seen from Figure 2, exemplary IdP identifier 62 can be obtained from separate sources by the IdP identifier management agency 12 of Fig. 1.The IdP identifier providing as a part for the business strategy being specified by the business strategy server 58 of Fig. 1 is provided IdP identifier 72 (1-X).As non-limiting example, IdP identifier 72 (1-X) can comprise that enterprise provides for authentication object or preferred one or more IdP identifier.IdP identifier 74 (1-Y) can be by a WebRTC client 16 one or more IdP identifiers of IdP identifier storage by default.In certain embodiments, IdP identifier 72 (1-X) and/or IdP identifier 74 (1-Y) can be stored in memory by a WebRTC client 16, or are stored in the browser cookie or alternative document in the addressable persistent data thesaurus of a WebRTC client 16.Some embodiment can specify that IdP identifier 72 (1-X) and/or IdP identifier 74 (1-Y) can be by for example renewals to IdP identifier management agency 12 and/or by upgrading alternately between a WebRTC client 16 and external agent.
IdP identifier 75 (1-Z) can be the one or more IdP identifiers that are hard-coded in IdP identifier management agency 12.IdP identifier 76 (1-W) instruction is included in the WebRTC web application IdP identifier interior or that specified by the WebRTC web application of downloading of download, and represents that WebRTC web application is programmed to use it for one or more customization IdP identifiers of authentication.Be appreciated that for given WebRTC interactive stream can with IdP identifier can comprise the IdP identifier obtaining from all above-mentioned sources, or the IdP identifier obtaining from the subset in above-mentioned source.For example, the WebRTC client 16 in the enterprise network 22 of Fig. 1 can be constrained to for the WebRTC interactive stream through enterprise network 22 and only from IdP identifier 72 (1-X), select IdP identifier by business strategy.
For the exemplary communication flow process during being acted on behalf of 12 authentications that promote and verified by the IdP identifier management of Fig. 1 is described, provide Fig. 3.In Fig. 3, the IdP50 of Fig. 1, business strategy server 58, a WebRTC client 16, WebRTC application server 40 and the each free vertical dotted line of the 2nd WebRTC client 20 represent.WebRTC function supplier 30, script processing engine 28 and the IdP identifier management agency 12 of the one WebRTC client 16 are illustrated as independent element so that communication stream to be therebetween described better.Be appreciated that the 2nd WebRTC client 20 can comprise script processing engine 32 and WebRTC function supplier 34, has omitted them in this example for clarity.It is also understood that, WebRTC client 16 and 20 is respectively controlled oneself and has been downloaded the web application that has enabled WebRTC, for example HTML5/JavaScript WebRTC web application from WebRTC application server 40.
As seen from Figure 3, the foundation of WebRTC interactive stream starts from talking with 42 corresponding (for example---as non-limiting example---WebRTC conversation description object) WebRTC offer/reply exchange with the initiation of Fig. 1.Correspondingly, the 2nd WebRTC client 20 sends conversation description object (being to connect via HTTPS in this example) to WebRTC application server 40.WebRTC conversation description in this example to as if be called as Session Description Protocol (Session Description Protocol, the SDP) object of SDP object A, as indicated in arrow 80.SDP object A represents WebRTC offer/reply " offer " in exchange.Medium type and ability that SDP object A specifies the 2nd WebRTC client 20 in WebRTC interactive stream, to support and preferably use.As indicated in arrow 82, the script processing engine 28 of a WebRTC client 16 is connected from WebRTC application server 40 and is received this SDP object A by security web.After script processing engine 28 receives SDP object A from WebRTC application server 40, script processing engine 28 sends WebRTC conversation description object as response to IdP identifier management agency 12, is called SDP object B, as indicated in arrow 84.SDP object B represents WebRTC offer/reply " replying " in exchange in this example.
Now, IdP identifier management agency 12 starts to select one or more preferred IdP identifiers, obtains identity assertion and identity assertion is included in to the process in SDP object B.In this example, IdP identifier management agency 12 can ask and receive preferred IdP identifier from business strategy server 58, and this is represented by four-headed arrow 86.Be appreciated that in certain embodiments, one or more preferred IdP identifiers can be stored as acquiescence by a WebRTC client 16 and/or be specified by the WebRTC web application of downloading.It is also understood that, preferably IdP identifier may be received at time point in the early time, for example in the time that a WebRTC client 16 starts and/or download WebRTC web application from WebRTC application server 40 before or with this download simultaneously.As indicated in arrow 88, IdP identifier management agency 12 sends the request to identity assertion with the corresponding IdP50 of backward and preferred IdP identifier.IdP identifier management agency 12 obtains identity assertion from IdP50, and this is represented by arrow 90.In certain embodiments, script processing engine 28 can obtain identity assertion based on the preferred IdP identifier being provided by IdP identifier management agency 12 or set.IdP identifier management agency 12 revises SDP object B subsequently to comprise identity assertion.
Continue with reference to figure 3, amended SDP object B, referred to herein as SDP object B ', sent to script processing engine 28 by IdP identifier management agency 12 subsequently, as indicated in arrow 91.Script processing engine 28 subsequently via the network of safety connect by SDP object B ' send to WebRTC application server 40, as indicated in arrow 92.WebRTC application server 40 so by SDP object B ' be forwarded to the 2nd WebRTC client 20, as shown in arrow 94.For confirm SDP object B ' the identity assertion that comprises, the 2nd WebRTC client 20 is sent the request to authentication to IdP50, this is represented by four-headed arrow 96.IdP50 provides authentication with backward the 2nd WebRTC client 20, as indicated in arrow 98.In certain embodiments, the 2nd WebRTC client 20 can utilize IdP except IdP50 obtain SDP object B ' the checking of the identity assertion that comprises.
Confirming that, after the identity of a WebRTC client 16, WebRTC client 16 and 20 embarks WebRTC interactive stream.WebRTC client 16 and 20(be WebRTC function supplier 30 particularly) start " punching " (hole punching) to determine the best mode of setting up direct communication between WebRTC client 16 and 20.Punching process is indicated by the four-headed arrow 100 in Fig. 3.Punching is a kind of often use such as interactive connectivity foundation (Interactive Connectivity Establishment, the technology of agreement ICE) and so on, wherein two web clients and unrestricted third-party server (not shown) connect, and this discovering server outside and home address information are used in direct communication.In certain embodiments, also can carry out further identity assertion (for example,, between the commutation period of the ICE candidate between a WebRTC client 16 and the 2nd WebRTC client 20) in conjunction with punching.If punched successfully, the WebRTC function supplier 30 of the 2nd WebRTC client 20 and a WebRTC client 16 can set up the WebRTC interactive stream that safety equity is connected and starts exchanging safety, as shown in four-headed arrow 104.
In order to be illustrated as the example operation of WebRTC interactive stream managing I dP identifier, provide Fig. 4.For clarity, in the time describing Fig. 4, quote the element of Fig. 1-3.The IdP identifier management agency 12 that operation starts from a WebRTC client 16 of carrying out on the first computing equipment 14 selects the one or more preferred IdP identifier 78(piece 106 of being indicated by one or more preference from multiple IdP identifiers 62).Multiple IdP identifiers 62 provide multiple IdP50 of identity assertion during corresponding to the foundation at WebRTC interactive stream 44.The business strategy that multiple IdP identifiers 62 can be specified by business strategy server 58 provides, can be stored and/or can be provided by the WebRTC web application of downloading by a WebRTC client 16.The business strategy that one or more preference can be specified by business strategy server 58 provides, and/or preference that can be based on inputted instruction by user.
IdP identifier management agency 12 next from multiple IdP50 each IdP corresponding with one or more preferred IdP identifiers 78 obtain one or more identity assertions (piece 108).In certain embodiments, obtain one or more identity assertions and can comprise one or more WebRTC API Calls of revising in the WebRTC web application of downloading.As non-limiting example, IdP identifier management agency 12 can revise the instruction such as setIdentityProvider instruction in WebRTC web application to comprise one or more preferred IdP identifiers 78, or can insert extra setIdentityProvider instruction.
IdP identifier management agency 12 provides one or more identity assertions (piece 110) subsequently during the foundation of WebRTC interactive stream 44.Some embodiment can specify that one or more identity assertions are included as and initiate a dialogue part of 42 (for example,, as WebRTC offer/a reply part for exchange).In certain embodiments, the one or more WebRTC API Calls in the WebRTC web that provides one or more identity assertions can comprise that amendment is downloaded applies.For example, as non-limiting example, IdP identifier management agency 12 instructions that can revise such as createOffer and/or createAnswer instruction.By modify instruction, IdP identifier management agency 12 can be included as one or more identity assertions a part for WebRTC offer/reply.
Fig. 5 shows the more detailed example operation that is used to WebRTC interactive stream managing I dP identifier.In the time describing Fig. 5, quote for clarity the element of Fig. 1-3.Operation starts from IdP identifier management agency 12 and receives one or more IdP identifier 72(pieces 112 from being coupled to communicatedly the business strategy server 58 of a WebRTC client 16 alternatively).In certain embodiments, the business strategy that one or more IdP identifiers 72 can be specified by business strategy server 58 provides.IdP identifier management agency 12 can also obtain one or more IdP identifier 74(pieces 114 of being stored by a WebRTC client 16 alternatively).As non-limiting example, one or more IdP identifiers 74 can comprise the acquiescence IdP identifier of being stored by a WebRTC client 16.IdP identifier management agency 12 also can obtain the one or more IdP identifier 75(pieces 115 that are hard-coded in a WebRTC client 16).IdP identifier management agency 12 can also obtain alternatively the WebRTC web being downloaded by a WebRTC client 16 the one or more IdP identifier 76(pieces 116 that provide are provided).In certain embodiments, one or more IdP identifiers 76 can be specified by the instruction comprising in WebRTC web application.
IdP identifier management agency 12 next from foundation at WebRTC interactive stream 44 during provide the corresponding multiple IdP identifiers 62 of multiple IdP50 of identity assertion to select the one or more preferred IdP identifier 78(piece 118 of being indicated by one or more preference).As mentioned above, the business strategy that multiple IdP identifiers 62 can be specified by business strategy server 58 provides, can be stored and/or can be provided by the WebRTC web application of downloading by a WebRTC client 16.The business strategy that one or more preference can be specified by business strategy server 58 provides, and/or preference that can be based on inputted instruction by user.
IdP identifier management agency 12 subsequently from multiple IdP50 each IdP corresponding with one or more preferred IdP identifiers 78 obtain one or more identity assertions (piece 120).In certain embodiments, obtain one or more identity assertions and can comprise one or more WebRTC API Calls of revising in the WebRTC web application of downloading.As non-limiting example, IdP identifier management agency 12 can revise the instruction such as setIdentityProvider instruction in WebRTC web application to comprise one or more preferred IdP identifiers 78, or can insert extra setIdentityProvider instruction.
IdP identifier management agency 12 provides one or more identity assertions (piece 122) during the foundation of WebRTC interactive stream 44.Some embodiment can specify that one or more identity assertions are included as and initiate a dialogue part of 42 (for example,, as WebRTC offer/a reply part for exchange).In certain embodiments, the one or more WebRTC API Calls in the WebRTC web that provides one or more identity assertions can comprise that amendment is downloaded applies.For example, as non-limiting example, IdP identifier management agency 12 instructions that can revise such as createOffer and/or createAnswer instruction.By modify instruction, IdP identifier management agency 12 can be included as one or more identity assertions a part for WebRTC offer/reply.
In certain embodiments, IdP identifier management agency 12 can provide the one or more certifications (piece 124) corresponding with each network element in one or more intermediate network element 48 during the foundation of WebRTC interactive stream 44.This can make a WebRTC client 16 can automatically be provided for the certificate of the function of accesses network element 48.As non-limiting example, IdP identifier management agency 12 can be a WebRTC client 16 provides STUN server authentication and/or TURN server authentication.
As mentioned above, IdP identifier management agency 12 obtains one or more identity assertions based on one or more preferred IdP identifiers 78.At this, Fig. 6 shows the more detailed example operation of the one or more identity assertions of IdP identifier management agency 12 acquisition.In the example of Fig. 6, the IdP identifier management agency 12 interception WebRTC web that operation starts from a WebRTC client 16 are applied as the WebRTC API Calls (piece 126) that obtains identity assertion and make.In certain embodiments, WebRTC API Calls can be the setIdentityProvider instruction in WebRTC web application.IdP identifier management agency 12 revises this WebRTC API Calls subsequently to comprise (piece 128) in one or more preferred IdP identifiers 78.Like this, IdP identifier management agency 12 can guarantee that one or more preferred IdP identifiers 78 are used to authentication during initiating to talk with 42 automatically.
For the IdP identifier management agency 12 of key diagram 1 provides the more detailed example operation of one or more identity assertions during the foundation of WebRTC interactive stream 44, provide Fig. 7.In the example of Fig. 7, the IdP identifier management agency 12 interception WebRTC web that operation starts from a WebRTC client 16 are applied as the WebRTC API Calls (piece 130) of setting up WebRTC offer/reply and make.Some embodiment can regulation be createOffer or createAnswer instruction by the WebRTC API Calls of IdP identifier management agency 12 interceptions.IdP identifier management agency 12 revises subsequently WebRTC API Calls and comprises one or more identity assertions (piece 132).
Fig. 8 provides and has been suitable for carrying out instruction to carry out the block representation for the treatment of system 134 of the example form of taking illustrative computer system 136 of function described herein.In certain embodiments, treatment system 134 executable instructions are with the IdP identifier management agency's 12 of execution graph 1 function.At this, treatment system 134 can comprise computer system 136, can carry out any one or more one group of instruction of method for treatment system 134 being carried out herein discuss in this computer system 136.Treatment system 134 can be connected to the other machines in (as non-limiting example, being networked to) Local Area Network, Intranet, extranet or internet.Treatment system 134 can operate in client-server network environment, or as the peer machines operation in equity (or distributed) network environment.Although only show single treatment system 134, term " controller " and " server " also should be understood to include carries out one group of (or many groups) instruction alone or in combination to carry out any one or more any set of machine in the method for discussing herein.Treatment system 134 can be server, personal computer, desktop computer, laptop computer, PDA(Personal Digital Assistant), calculating flat board, mobile device or any other equipment, and can represent server or user's computer as non-limiting example.
Illustrative computer system 136 comprises that treatment facility or processor 138, main storage 140(are as non-limiting example, read-only memory (ROM), flash memory, dynamic RAM (DRAM) such as synchronous dram (SDRAM), etc.) and static memory 142(as non-limiting example, flash memory, static random-access memory (SRAM), etc.), they can and communicate with one another via bus 144.Or treatment facility 138 can directly or via certain other connection means be connected to main storage 140 and/or static memory 142.
Treatment facility 138 represents one or more treatment facilities, for example microprocessor, CPU (CPU), etc.More specifically, treatment facility 138 can be that sophisticated vocabulary calculates (CISC) microprocessor, reduced instruction set computer and calculates (RISC) microprocessor, very long instruction word (VLIW) microprocessor, realizes the processor of other instruction set or realize the processor of the combination of instruction set.Treatment facility 138 is configured to carry out the processing logic in the instruction 148 of instruction 146 and/or buffer memory to carry out operation and the step discussed herein.
Computer system 136 also can comprise the communication interface of Network Interface Unit 150 forms.It can also comprise or not comprise that input 152 is received in carries out instruction and will convey to input and the selection of computer system 136 at 146,148 o'clock.It can also comprise or not comprise output 154, and output 154 includes but not limited to (one or more) display 156.(one or more) display 156 can be that video display unit is (as non-limiting example, liquid crystal display (LCD) or cathode ray tube (CRT)), Alphanumeric Entry Device is (as non-limiting example, keyboard), cursor control device is (as non-limiting example, mouse) and/or touch panel device (as non-limiting example, dull and stereotyped input equipment or screen).
Computer system 136 can comprise or not comprise data storage device 158, data storage device 158 comprises that utilization (one or more) driver 160 is stored in function described herein in computer-readable medium 162, stores any one or more the such as software of one or more groups instruction 164(of realizing in method described herein or function on computer-readable medium 162).As non-limiting example, these functions can comprise treatment system 134, the subscriber equipment participating in and/or method and/or other functions of permit server.One or more groups instruction 164 also can reside in main storage 140 and/or in treatment facility 138 by computer system 136 term of execution completely or at least in part at it.Main storage 140 and treatment facility 138 also form machine-accessible storage medium.Also can send or receive instruction 146,148 and/or 164 by network 166 via Network Interface Unit 150.Network 166 can be Intranet or the Internet.
Although computer-readable medium 162 is illustrated as single medium in an exemplary embodiment, but term " machine-accessible storage medium " is appreciated that and comprises and store the single medium of one or more groups instruction 164 or multiple medium (as non-limiting example, centralized or distributed data base, and/or associated buffer memory and server).Term " machine-accessible storage medium " is also appreciated that and comprises any medium that one group of instruction supplies machine to carry out of can storing, encode or carry, and this group instruction makes machine carry out any one or more of method disclosed herein.Term " machine-accessible storage medium " is correspondingly appreciated that and includes but not limited to solid-state memory, light medium and magnetizing mediums and carrier signal.
Embodiment disclosed herein can be embodied as hardware and be stored in the software in hardware, and can reside in the following medium as non-limiting example: random access storage device (RAM), flash memory, read-only memory (ROM), electrically programmable ROM(EPROM), electrically erasable ROM(EEPROM), the computer-readable medium known in the art of register, hard disk, removable dish, CD-ROM or any other form.Exemplary storage medium is coupled to processor, to make the processor can be from read information and to storage medium writing information.In alternative, storage medium can with processor one.Processor and storage medium can reside in application-specific integrated circuit (ASIC) (ASIC).ASIC can reside in distant station.In alternative, processor and storage medium can be used as discrete assembly and reside in distant station, base station or server.
Be also noted that, the operating procedure of describing in any example embodiment is herein described for example and discussion are provided.The operation described can be carried out by the many different order except illustrated sequence.In addition, in fact the operation of describing in single operation step can be carried out in multiple different steps.In addition one or more operating procedures of discussing in an exemplary embodiment, can be combined.Be appreciated that in the operating procedure shown in flow chart and can experience easily clearly many different amendments of those skilled in the art.Those skilled in the art also will be understood that, information and signal can utilize any expression the in multiple different science and technology and technology.As non-limiting example, data, instruction, order, information, signal, bit, symbol and the chip that can mention everywhere in above description can be represented by voltage, electric current, electromagnetic wave, magnetic field or particle, light field or particle or its any combination.
Providing above is in order to make any those skilled in the art can make or use the disclosure to description of the present disclosure.Those skilled in the art will easily know various amendments of the present disclosure, and General Principle defined herein may be used on other and change, and not depart from spirit or scope of the present disclosure.Thereby the disclosure does not intend to be limited to example described herein and design, but should meet the wide region consistent with principle disclosed herein and novel feature.
Claims (10)
1. a method that is used to Web real time communication (WebRTC) interactive stream management identity supplier (IdP) identifier, comprising:
By the WebRTC client of carrying out on computing equipment from foundation at WebRTC interactive stream during provide and select the one or more preferred IdP identifier of being indicated by one or more preference among the corresponding multiple IdP identifiers of multiple IdP of identity assertion;
Obtain one or more identity assertions from each IdP corresponding with described one or more preferred IdP identifiers among described multiple IdP; And
Described one or more identity assertion is provided during the foundation of described WebRTC interactive stream.
2. the method for claim 1, wherein described multiple IdP identifier comprises:
The one or more IdP identifiers that receive from being coupled to communicatedly the business strategy server of described WebRTC client;
By one or more IdP identifiers of described WebRTC client stores;
Be hard-coded into the one or more IdP identifiers in described WebRTC client; Or
WebRTC web by described WebRTC client downloads is provided by the one or more IdP identifiers that provide; Or
Above-mentioned every combination.
3. the method for claim 1, wherein obtaining one or more identity assertions comprises:
Being applied as by described WebRTC client interception WebRTC web the WebRTC API (API) that obtains identity assertion and make calls; And
Revise described WebRTC API Calls to comprise one of described one or more preferred IdP identifiers.
4. the method for claim 1, wherein provide described one or more identity assertion to comprise:
Being applied as by described WebRTC client interception WebRTC web the WebRTC API (API) of setting up WebRTC offer/reply and make calls; And
Revise described WebRTC API Calls to comprise described one or more identity assertion.
5. the method for claim 1, is also included in the one or more certifications that provide corresponding with each intermediate network element in one or more intermediate network element during the foundation of described WebRTC interactive stream,
Wherein, described one or more intermediate network element comprise that network address translation session passes through utility program (STUN) server or use relaying network address translation hole punching (TURN) server, or its combination.
6. the method for claim 1, wherein one or more in described multiple IdP identifier comprise identity supplier title, agreement or user name, or its combination.
7. the method for claim 1, wherein described one or more preference comprises the preferred mark being associated with one of described multiple IdP identifiers.
8. the method for claim 1, wherein described one or more preference comprises the business strategy being specified by business strategy server.
9. the method for claim 1, wherein described one or more preference comprises the preference of being inputted instruction by user.
10. a system that is used to Web real time communication (WebRTC) interactive stream management identity supplier (IdP) identifier, comprising:
At least one communication interface;
Computing equipment, described computing equipment is associated with described at least one communication interface and comprises IdP identifier management agency, and described IdP identifier management agency is configured to:
From with foundation at WebRTC interactive stream during provide and select the one or more preferred IdP identifier of being indicated by one or more preference among the corresponding multiple IdP identifiers of multiple IdP of identity assertion;
Obtain one or more identity assertions via described at least one communication interface from each IdP corresponding with described one or more preferred IdP identifiers among described multiple IdP; And
Described one or more identity assertion is provided during the foundation of described WebRTC interactive stream.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201361781122P | 2013-03-14 | 2013-03-14 | |
| US61/781,122 | 2013-03-14 | ||
| US14/050,891 US9294458B2 (en) | 2013-03-14 | 2013-10-10 | Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media |
| US14/050,891 | 2013-10-10 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104052732A true CN104052732A (en) | 2014-09-17 |
| CN104052732B CN104052732B (en) | 2017-08-01 |
Family
ID=51505100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410096155.XA Active CN104052732B (en) | 2013-03-14 | 2014-03-14 | The method and system of flow management identity provider identifier is interacted for Web real-time Communication for Power |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104052732B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850399A (en) * | 2016-12-30 | 2017-06-13 | 深圳市潮流网络技术有限公司 | A kind of communication means based on WebRTC technology instant messages |
| CN107534672A (en) * | 2015-04-27 | 2018-01-02 | 微软技术许可有限责任公司 | Lasting URL for the client application as network service(URL) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110824A (en) * | 2006-07-20 | 2008-01-23 | 国际商业机器公司 | Method and system for implementing a floating identity provider model across data centers |
| US20120144034A1 (en) * | 2010-12-03 | 2012-06-07 | International Business Machines Corporation | Method and system for identity provider instance discovery |
| US8250635B2 (en) * | 2008-07-13 | 2012-08-21 | International Business Machines Corporation | Enabling authentication of openID user when requested identity provider is unavailable |
-
2014
- 2014-03-14 CN CN201410096155.XA patent/CN104052732B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110824A (en) * | 2006-07-20 | 2008-01-23 | 国际商业机器公司 | Method and system for implementing a floating identity provider model across data centers |
| US8250635B2 (en) * | 2008-07-13 | 2012-08-21 | International Business Machines Corporation | Enabling authentication of openID user when requested identity provider is unavailable |
| US20120144034A1 (en) * | 2010-12-03 | 2012-06-07 | International Business Machines Corporation | Method and system for identity provider instance discovery |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107534672A (en) * | 2015-04-27 | 2018-01-02 | 微软技术许可有限责任公司 | Lasting URL for the client application as network service(URL) |
| CN107534672B (en) * | 2015-04-27 | 2020-11-03 | 微软技术许可有限责任公司 | Method, equipment and system for promoting network client to provide network service |
| CN106850399A (en) * | 2016-12-30 | 2017-06-13 | 深圳市潮流网络技术有限公司 | A kind of communication means based on WebRTC technology instant messages |
| CN106850399B (en) * | 2016-12-30 | 2022-04-26 | 深圳市潮流网络技术有限公司 | Communication method based on WebRTC technology instant message |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104052732B (en) | 2017-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9294458B2 (en) | Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media | |
| CN102196035B (en) | For providing the method and system of unified web service discovery | |
| US11562412B2 (en) | Instant generation and usage of HTTP URL based unique identity for engaging in multi-modal real-time interactions in online marketplaces, social networks and other relevant places | |
| CN104348710A (en) | Methods and systems for acquiring and correlating web real-time communications (webrtc) interactive flow characteristics | |
| US8819800B2 (en) | Protecting user information | |
| CN105282008B (en) | Enhance the method and system of media characteristic during real-time Communication for Power Network interactive sessions | |
| CN103716379A (en) | Distributed application of enterprise policies to web real-time communications (WEBRTC) interactive sessions, and related methods, systems, and computer-readable media | |
| US20210029126A1 (en) | Systems and methods of salutation protocol to communicate using a private overlay peer to peer network | |
| US20130035079A1 (en) | Method and system for establishing data commuication channels | |
| EP3020179B1 (en) | Distributed programmable connection method to establish peer-to-peer multimedia interactions | |
| Ng et al. | A P2P-MCU approach to multi-party video conference with WebRTC | |
| WO2015000356A1 (en) | Webrtc communication method, related device and system | |
| CN111510476A (en) | Communication method, communication apparatus, computer device, and computer-readable storage medium | |
| CN104518908A (en) | Providing network management related methods, systems | |
| CN112637796B (en) | Office information response method, system, server and storage medium based on 5G | |
| CN104601649A (en) | Method and system for providing origin insight for web applications | |
| CN104052732A (en) | Managing identity provider (IdP) identifiers for web real-time communications (webrtc) interactive flows, and related methods, systems | |
| US10805403B2 (en) | Communication server and method for selective use of real time communication features | |
| US9781175B2 (en) | Presenter device as web proxy for collaborative sharing of web content having presenter context | |
| CN103095729B (en) | Based on web content switched system and the changing method thereof of Session Initiation Protocol | |
| Johansson | Session mobility in multimedia services enabled by the cloud and peer-to-peer paradigms | |
| US10880393B2 (en) | Method for caching a piece of content in a content distribution network | |
| KR20190098398A (en) | Method for providing image communicaiton service | |
| US11381546B2 (en) | Method for securing an interceptible call end-to-end | |
| Jacquenet et al. | Standards news |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |