CN104052732B - The method and system of flow management identity provider identifier is interacted for Web real-time Communication for Power - Google Patents
The method and system of flow management identity provider identifier is interacted for Web real-time Communication for Power Download PDFInfo
- Publication number
- CN104052732B CN104052732B CN201410096155.XA CN201410096155A CN104052732B CN 104052732 B CN104052732 B CN 104052732B CN 201410096155 A CN201410096155 A CN 201410096155A CN 104052732 B CN104052732 B CN 104052732B
- Authority
- CN
- China
- Prior art keywords
- idp
- webrtc
- identifiers
- identity
- clients
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000004891 communication Methods 0.000 title claims abstract description 36
- 230000002452 interceptive effect Effects 0.000 claims abstract description 70
- 230000003993 interaction Effects 0.000 claims abstract description 7
- 238000007726 management method Methods 0.000 claims description 90
- 230000004044 response Effects 0.000 claims description 24
- 238000004080 punching Methods 0.000 claims description 5
- 238000013519 translation Methods 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 abstract description 25
- 230000006870 function Effects 0.000 description 23
- 238000012545 processing Methods 0.000 description 18
- 230000004048 modification Effects 0.000 description 10
- 238000012986 modification Methods 0.000 description 10
- 239000008186 active pharmaceutical agent Substances 0.000 description 9
- 230000008859 change Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 238000012913 prioritisation Methods 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000011017 operating method Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000002245 particle Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The present invention relates to the method and system that flow management identity provider identifier is interacted for Web real-time Communication for Power.Embodiment includes being Web real-time Communication for Power(WebRTC)Interaction flow management Identity Provider(IdP)Identifier, with and related methods, system and computer-readable medium.In one embodiment, it is a kind of to be used to manage one or more preferred IdP identifiers that IdP method selects to be indicated by one or more preferences including the WebRTC clients by performing on the computing device among multiple IdP identifiers corresponding with multiple IdP for providing identity assertion during the foundation of WebRTC interactive streams.This method also obtains one or more identity assertions including each IdP corresponding with one or more preferred IdP identifiers from multiple IdP.This method provides one or more identity assertions during being additionally included in the foundation of WebRTC interactive streams.So, entity may specify the IdP for authentication, and the identity assertion provided during the initiation of WebRTC interactive streams number.
Description
Priority application
This application claims entitled " the DISTRIBUTED APPLICATION OF submitted on March 14th, 2013
ENTERPRISE POLICIES TO WEB REAL-TIME COMMUNICATIONS(WEBRTC)INTERACTIVE
SESSIONS, AND RELATED METHODS, SYSTEM, AND COMPUTER-READABLE MEDIA " U.S. are temporarily special
The U. S. application, is fully incorporated herein by the priority of sharp patent application serial numbers 61/781,122 by quoting hereby.
Technical field
The technology of the disclosure be generally related to Web real-time Communication for Power (Web Real-Time Communications,
WebRTC) interactive session.
Background technology
Web real-time Communication for Power (WebRTC) is ongoing to develop clear for real-time communication function to be integrated into such as web
Look in the web client of device etc to enable the effort with the professional standard of the direct interaction of other web clients.This is real-time
Communication function can be by version 5 (version 5of the Hyper Text of the web developer via such as HTML
Markup Language, HTML5) provide those etc standard mark label and such as JavaScript API etc
Client-side script handles API (Application Programming Interface, API) to access.Close
Can be in the written " WebRTC of Alan B.Johnston and Daniel C.Burnett in WebRTC more information:APIs and
Looked in RTCWEB Protocols of the HTML5Real-Time Web " second editions (2013Digital Codex LLC)
Arrive, be fully incorporated incorporated herein by by the document.
WebRTC, which provides built-in ability, to be used to set up real in point-to-point interactive session and multi-party interactive session
When video, audio and/or data flow.WebRTC standards are current just by World Wide Web Consortium (World Wide Web
Consortium, W3C) and Internet Engineering Task group (Internet Engineering Task Force, IETF) combine out
Hair.Information on the current state of WebRTC standards can be in such as http://www.w3c.org and http://
Www.ietf.org is found.
In typical WebRTC exchanges, two WebRTC clients are fetched from web application servers enables WebRTC
Web application, such as HTML5/JavaScript web application.Applied by these web, two WebRTC clients are then joined
Talk with the initiation for initiating peer to peer connection, WebRTC interactive streams (such as real-time video, audio and/or data exchange) will be logical
Cross the peer to peer connection.This initiation dialogue may include the parameter for transmitting the characteristic for defining WebRTC interactive sessions and with regard to this
The media negotiation that a little parameters are reached an agreement.
In certain embodiments, media negotiation can be via such as SHTTP Secure Hyper Text Transfer Protocol (Hyper Text
Transfer Protocol Secure, HTTPS) connection or Secure Web Sockets connections etc secure network connect via
WebRTC offers/response (offer/answer) exchanges to realize.In WebRTC offers/response is exchanged, the first WebRTC visitors
Family end sends WebRTC conversation descriptions object " offer " to the 2nd WebRTC clients, and it may specify the first WebRTC clients
Preferred media type and ability.2nd WebRTC clients are then responded with WebRTC conversation descriptions object " response ", " should be answered
Answer " indicate the 2nd WebRTC clients for the WebRTC interactive session supports and acceptable institute's offer medium type and
Which of ability.
Once initiating dialogue to complete, WebRTC clients then can be with setting up direct peer to peer connection each other, and can open
The media of beginning transmission real-time Communication for Power or the exchange of packet.Peer to peer connection between WebRTC clients is generally real using safety
When host-host protocol (Secure Real-time Transport Protocol, SRTP) carry out transmitting real-time media stream, and can be by
Various other agreements are used for Real Data Exchangs.It is appreciated that initiating dialogue can use in addition to WebRTC offers/response is exchanged
Other mechanism set up WebRTC interactive streams between WebRTC end points.
WebRTC also specify one kind by using the base for being referred to as Identity Provider (Identity Provider, IdP)
In web entity come to initiate dialogue (and so as to, as initiate dialogue result set up peer to peer connection and WebRTC interact
Stream) in the mechanism that is authenticated of the identity of WebRTC clients that is related to.This mechanism is can be in such as http://
Document " the WebRTC 1.0 that dev.w3.org/2011/webrtc/editor/webrtc.html is obtained online:Real-time
Described in Communication Between Browsers " Section 8 " Identity ".For authenticating identity, seek certification
The WebRTC clients of participant (authenticating party Authenticating Party, in other words AP) download certification from IdP first
Using.As an example, authentication application can realize to be used to asking and verifying identity assertion (identity assertion)
The JavaScript web applications of common Web RTC agreements.Authentication application can also the specific requirement based on IdP special patrol is provided
Volume.Using authentication application, AP is obtained " identity assertion " from IdP.The process of acquisition identity assertion can relate to such as AP and sign in IdP
In or to IdP provide certificate.AP WebRTC clients are then provided the identity assertion as the part for initiating dialogue.Example
Such as, in the situation that WebRTC offers/response is exchanged, AP WebRTC clients can be attached the identity assertion obtained from IdP
It is added to offer/response.It is referred to as the recipient of offer/response of relying party (Relying Party, RP) then from same IdP
Checking application is downloaded, and verifies using it identity assertion, and as extension, verifies AP identity.
WebRTC clients can be using customization IdP, wherein customization IdP is the WebRTC web in download for identity assertion
Specified in by using instruction (for example, setIdentityProvider is instructed) by IdP identifiers come sequencing.
Or, the IdP identifiers of acquiescence can be stored in the setting for WebRTC clients, for being specified in no web applications
Customization IdP identifiers in the case of use.So as in typical scene, be up to for given WebRTC interactive streams
Two IdP identifiers can use, and wherein WebRTC web applications determination is to use customization IdP identifiers or acquiescence IdP marks
Symbol.However, in some cases, this may not provide abundant to the IdP identifiers that be used for given WebRTC interactive streams
Control or flexibility.In the situation of WebRTC clients in enterprise network, enterprise may want to regulation business strategy
There is provided more than two IdP identifiers for a WebRTC clients, and/or multiple IdP identifiers are carried out prioritization with
In different communication scenes.For example, enterprise may want to specify specific IdP identifiers by all in enterprise network
WebRTC clients are used, the IdP identifiers that the customization IdP identifiers that either web applications are specified still are given tacit consent to.
The content of the invention
Embodiment disclosed in detailed description is provided as Web real-time Communication for Power (WebRTC) interaction flow management Identity Provider
(IdP) identifier.Also disclose method, system and the computer-readable medium of correlation.In certain embodiments, WebRTC client
End can be comprising IdP identifier managements agency, and the agency can be fetched to multiple IdP identifiers, prioritization and/or be deposited
Storage.In the initiation session for the WebRTC interactive streams for being related to WebRTC clients, IdP identifier managements agency can be from multiple
The one or more preferred IdP identifiers indicated by one or more preferences are selected to be used for authentication in IdP identifiers.
This multiple IdP identifier can be received by IdP identifier managements agency from enterprise policy server, can be stored by WebRTC clients
For (one or more) acquiescence IdP identifiers, and/or it can be provided by the WebRTCweb applications downloaded.One or more preferences
It may include the preference that the preference specified by business strategy, the preference stored by WebRTC clients and/or user provide.
IdP identifier managements agency then can obtain one or many from each IdP corresponding with one or more preferred IdP identifiers
Individual identity assertion, and can by the one or more identity assertion include for WebRTC interactive streams initiation dialogue (for example,
WebRTC offers/response is exchanged) in.So, the entity of such as enterprise etc can be to (one or many of authentication to be used for
It is individual) number and type of IdP and the identity assertion that can be obtained and provide during the initiation of WebRTC interactive streams apply particulate
Degree control.
Here, there is provided a kind of method for being used to interact flow management IdP identifiers for WebRTC in one embodiment.
This method include by the WebRTC clients that perform on the computing device from for being carried during the foundation of WebRTC interactive streams
For select to be indicated by one or more preferences among multiple IdP identifiers corresponding multiple IdP of identity assertion one
Or multiple preferred IdP identifiers.This method also includes corresponding with one or more preferred IdP identifiers from multiple IdP
Each IdP obtains one or more identity assertions.This method provides this during being additionally included in the foundation of WebRTC interactive streams
Or multiple identity assertions.
There is provided a kind of system for being used to interact flow management IdP identifiers for WebRTC in another embodiment.The system
Including at least one communication interface, and it is associated with least one communication interface and including IdP identifier managements agency
Computing device.The IdP identifier managements agency be configured as from for providing body during the foundation of WebRTC interactive streams
Selected in multiple IdP identifiers corresponding multiple IdP for asserting of part by one or more preferences indicate it is one or more
It is preferred that IdP identifiers.IdP identifier managements agency be additionally configured to via at least one communication interface from multiple IdP with one
Each corresponding IdP of individual or multiple preferred IdP identifiers obtains one or more identity assertions.IdP identifier managements are acted on behalf of
It is additionally configured to provide one or more identity assertions during the foundation of WebRTC interactive streams.
There is provided a kind of non-transitory computer-readable medium in another embodiment.The non-transitory computer-readable medium
On be stored with computer executable instructions so that so that processor realizes a kind of method, this method includes:By WebRTC clients from
Among multiple IdP identifiers corresponding with multiple IdP for providing identity assertion during the foundation of WebRTC interactive streams
Select the one or more preferred IdP identifiers indicated by one or more preferences.Realized by computer executable instructions
This method also obtains one or more including each IdP corresponding with one or more preferred IdP identifiers from multiple IdP
Identity assertion.This method realized by computer executable instructions provided during being additionally included in the foundation of WebRTC interactive streams this one
Individual or multiple identity assertions.
Brief description of the drawings
The accompanying drawing for being incorporated in the present specification and being formed the part of this specification illustrates several aspects of the disclosure, and
And help to illustrate the principle of the disclosure together with the description.
Fig. 1 is show to include Web real-time Communication for Power (WebRTC) interactive stream of WebRTC clients exemplary topological general
Figure is read, the wherein WebRTC clients are acted on behalf of including Identity Provider (IdP) identifier management;
Fig. 2 is to show that the exemplary IdP specified by WebRTC clients default storage and by WebRTC web applications is marked
Know the figure of symbol --- including the IdP identifiers provided by enterprise policy server ---;
Fig. 3 is the figure for showing the communication stream during identity assertion and checking are exchanged, including containing IdP identifier pipes
Manage the WebRTC clients of agency;
Fig. 4 is the flow chart for showing the example operation for interacting flow management IdP identifiers for WebRTC;
Fig. 5 is the flow chart for showing the more detailed example operation for interacting flow management IdP identifiers for WebRTC;
Fig. 6 is to show to obtain in more detail showing for one or more identity assertions for the IdP identifier managements agency by Fig. 1
The flow chart of plasticity operation;
Fig. 7 is to show to provide in more detail showing for one or more identity assertions for the IdP identifier managements agency by Fig. 1
The flow chart of plasticity operation;And
Fig. 8 is the block diagram of the exemplary system based on processor for the IdP identifier managements agency that may include Fig. 1.
Embodiment
With reference now to accompanying drawing, several one exemplary embodiments of the disclosure are described." exemplary " one word is used for herein
Refer to " serving as example, example or illustration ".Any embodiment for being described herein as " exemplary " is not necessarily intended to be interpreted and other
Embodiment is compared to more preferably or favorably.
Embodiment disclosed in detailed description provides to be provided for Web real-time Communication for Power (WebRTC) interaction flow management identity
Person (IdP) identifier.Also disclose method, system and the computer-readable medium of correlation.In certain embodiments, WebRTC visitors
Family end can be comprising IdP identifier managements agency, and the agency can be fetched to multiple IdP identifiers, prioritization and/or be deposited
Storage.In the initiation session for the WebRTC interactive streams for being related to WebRTC clients, IdP identifier managements agency can be from multiple
The one or more preferred IdP identifiers indicated by one or more preferences are selected to be used for authentication in IdP identifiers.
This multiple IdP identifier can be received by IdP identifier managements agency from enterprise policy server, can be stored by WebRTC clients
For (one or more) acquiescence IdP identifiers, and/or it can be provided by the WebRTC web applications downloaded.It is one or more preferred
It is preferred that item may include that the preference specified by business strategy, the preference stored by WebRTC clients and/or user provide
.IdP identifier managements agency then can obtain one from each IdP corresponding with one or more preferred IdP identifiers
Individual or multiple identity assertions, and the one or more identity assertion can be included in the initiation dialogue for WebRTC interactive streams
In (for example, WebRTC offers/response is exchanged).So, the entity of such as enterprise etc can be to (one of authentication to be used for
Or multiple) number and type of IdP and the identity assertion that can be obtained and provide during the initiation of WebRTC interactive streams apply
Fine granularity is controlled.
Here, there is provided a kind of method for being used to interact flow management IdP identifiers for WebRTC in one embodiment.
This method include by the WebRTC clients that perform on the computing device from for being carried during the foundation of WebRTC interactive streams
For select to be indicated by one or more preferences among multiple IdP identifiers corresponding multiple IdP of identity assertion one
Or multiple preferred IdP identifiers.This method also includes corresponding with one or more preferred IdP identifiers from multiple IdP
Each IdP obtains one or more identity assertions.This method provides this during being additionally included in the foundation of WebRTC interactive streams
Or multiple identity assertions.
Fig. 1, which is shown, to be used to hand over for the exemplary WebRTC that WebRTC interacts flow management IdP identifiers as disclosed herein
Mutual formula system 10.Specifically, exemplary WebRTC interactive systems 10 include IdP identifier managements agency 12, the IdP identifiers
Administration agent 12 is provided for obtaining, prioritization and/or store one or more IdP identifiers and for being based on this
Or (one or more) in multiple IdP identifiers preferably IdP identifiers obtain the function of one or more identity assertions.This
" the WebRTC interactive sessions " that text is used refers to being used to perform WebRTC initiations dialogue, sets up peer to peer connection and at two
Or more start the operations of WebRTC interactive streams between end points." WebRTC interactive streams " disclosed herein refers to basis
Interactive media stream and/or interactive data stream that WebRTC standards and agreement are transmitted between two or more end points.Make
For non-limiting example, constituting the interactive media stream of WebRTC interactive streams may include real-time audio stream and/or live video stream,
Or other real-time media or data flow.The data and/or media of composition WebRTC interactive streams can be collectively referred to as " interior herein
Hold.
Before the details of IdP identifier managements agency 12 is discussed, in the WebRTC interactive systems 10 that Fig. 1 is described first
WebRTC interactive streams foundation.In Fig. 1, the first computing device 14 performs the first WebRTC clients 16, and the second meter
Calculate equipment 18 and perform the 2nd WebRTC clients 20.In the example of fig. 1, the first computing device 14 is one of enterprise network 22
Point.However, it is to be understood that in certain embodiments, computing device 14 and 18 can be all located in same public or private network, or
Person can be located in the public or private network dividually but in communication coupled.Fig. 1 exemplary WebRTC interactive systems 10
Some embodiments could dictate that in computing device 14 and 18 each can be that any calculating with network communications capability is set
It is standby, such as smart phone, tablet PC, special web appliance, media server, desktop type or server computer or spy
The communication equipment of system, the above is non-limiting example.Computing device 14 and 18 includes communication interface 24 and 26 respectively, is used for
Computing device 14 and 18 is physically connected to one or more public and/or private network.In certain embodiments, calculating is set
Standby 14 and 18 element can be distributed on more than one computing device 14,18.
WebRTC clients 16 and 20 can be individually web browser application in this example, special communications applications, or
Application of the person without interface, for example, background program or be served by, above-mentioned these are non-limiting examples.First WebRTC clients
16 include script handling engine 28 and WebRTC functions supplier 30.Similarly, the 2nd WebRTC clients 20 are included at script
Manage engine 32 and WebRTC functions supplier 34.Script handling engine 28 and 32 causes with such as JavaScript etc script
The client side application that language is write can be performed in WebRTC clients 16 and 20 respectively.Script handling engine 28 and 32 is also
API (API) is provided to promote to set with other functions supplier in WebRTC clients 16 and/or 20, with calculating
Standby 14 and/or 18 and/or the communication with other web clients, user equipment or web server.First WebRTC clients 16
WebRTC functions supplier 30 and the WebRTC functions suppliers 34 of the 2nd WebRTC clients 20 realize and make via WebRTC
Can agreement, codec and API necessary to real-time, interactive stream.Script handling engine 28 and WebRTC functions supplier 30 via
One group of API defined is communicatively coupled, as indicated by four-headed arrow 36.Similarly, script handling engine 32 and WebRTC functions
Supplier 34 is communicatively coupled as shown in four-headed arrow 38.
Enabled there is provided WebRTC application servers 40 for being provided to the WebRTC clients 16,20 for making request
WebRTC web applications (not shown) and for during the foundation of WebRTC interactive streams 44 relaying initiate dialogue 42.One
In a little embodiments, WebRTC application servers 40 can be individual server, and in some applications, WebRTC application servers
40 may include and multiple servers communicatively coupled with one another.It is appreciated that WebRTC application servers 40 can be with computing device 14
And/or 18 reside in same public or private network, or can be located at individually, the public or private network that is communicatively coupled
It is interior.
Fig. 1 also show due to setting up WebRTC between the first WebRTC clients 16 and the 2nd WebRTC clients 20
Interactive stream 44 and produce feature WebRTC topology.In order to set up WebRTC interactive streams 44, the first WebRTC clients 16 and
Both two WebRTC clients 20 download WebRTCweb application (not shown) from WebRTC application servers 40.In some realities
Apply in example, WebRTC web, which are applied, to be provided enriching user interface using HTML5 and handle use using JavaScript
The HTML/JavaScript web applications that family inputs and communicated with WebRTC application servers 40.
First WebRTC clients 16 and the 2nd WebRTC clients 20 are then participated in via WebRTC application servers 40
Initiate dialogue 42.Generally, the security web for initiating dialogue 42 in such as SHTTP Secure Hyper Text Transfer Protocol (HTTPS) connection etc connects
Connect generation.Initiating dialogue 42 may include WebRTC conversation descriptions object, HTTP (HTTP) header data, card
Book, encryption key and/or network routing data, above-mentioned these are non-limiting examples.In certain embodiments, dialogue 42 is initiated
It may include that WebRTC offers/response is exchanged.The data exchanged during dialogue 42 is initiated can be used for for desired WebRTC interactions
Stream 44 determines medium type and ability.Once initiate dialogue 42 to complete, so that it may via the first WebRTC clients 16 and second
Safe peer to peer connection 46 between WebRTC clients 20 sets up WebRTC interactive streams 44.
It is appreciated that some embodiments are using different from other topological topologys shown in Fig. 1.For example, some embodiments
Can be using two web application servers via such as Session initiation Protocol (Session Initiation Protocol, SIP)
Or Jingle (these are non-limiting examples) etc agreement and the topology that directly communicates with each other.It is also to be understood that substitution second
WebRTC clients 20, the second computing device 18 may include SIP client equipment, Jingle client devices or communicatedly coupling
Close public switch telephone network (Public Switched Telephone Network, PSTN) gateway device of phone.
In certain embodiments, network element 48 can be passed through by initiating dialogue 42 and/or safe peer to peer connection 46.Network element
48 can be the computing device with network communications capability, and may include network router, the network switch, bridge, use
Relay passing through NAT (Traversal Using Relays around NAT, TURN) server and/or network address translation meeting
Words pass through utility program (Session Traversal Utilities for Network Address Translation,
STUN) server.Some embodiments could dictate that the requirement of network element 48 from the first computing device 14 and/or from first
The certification (not shown) of WebRTC clients 16.In the example of fig. 1, network element 48 is located in enterprise network 22.It is appreciated that
In certain embodiments, network element 48 can be resided in same public or private network with computing device 14 and/or 18, or
It can be located in the public or private network being individually communicatively coupled.
During the foundation of WebRTC interactive streams 44, WebRTC web applications can be required to the first WebRTC clients 16
The certification of identity is with the safe peer to peer connection 46 of certification and WebRTC interactive streams 44.This can by using such as IdP 50 (1-N) it
The IdP of class is completed.It can be seen from figure 1 that IdP 50 (1-N) is located at outside enterprise network 22.However, it is to be understood that in some implementations
In example, one or more of IdP 50 (1-N) can reside in enterprise network 22, be resided in computing device 14 and/or 18
In same public or private network, or reside in the public or private network being individually communicatively coupled.
In typical authenticated exchange, the first WebRTC clients 16 participate in and such as IdP50 (1) as between IdP
Identity assertion dialogue (for example, identity assertion talk with 52 (1)).Talk with the part of 52 (1), first as identity assertion
WebRTC clients 16 can download authentication application (not shown) from IdP50 (1), and can ask identity assertion to IdP 50 (1)
(not shown).After identity assertion is obtained, the first WebRTC clients 16 regard the identity assertion as the one of initiation dialogue 42
Partly (for example, the part exchanged as WebRTC offers/response) is supplied to the 2nd WebRTC clients 20.2nd WebRTC
Client 20 then can by participate in and IdP 50 (1) between authentication dialogue (for example, authentication dialogue 54 (1)) come
Verify the identity assertion.If identity assertion is successfully verified, the 2nd WebRTC clients 20 can continue to initiate dialogue 42 simultaneously
And set up safe peer to peer connection 46 and WebRTC interactive streams 44.If the identity assertion that the first WebRTC clients 16 are provided is not obtained
To good authentication, the then optional refusal initiation dialogue 42 of the 2nd WebRTC clients 20.
In typical WebRTC authentications scene, there are most two IdP identifiers to can be used to what certification gave
WebRTC clients:The customization IdP identifiers that can be provided by the web for the enabling WebRTC applications downloaded, and/or by WebRTC
The acquiescence IdP identifiers of client storage.However, in some cases, this may not be handed over to be used for given WebRTC
(one or more) IdP mutually flowed provides sufficiently control or flexibility.For example, enterprise may want to as the first WebRTC client
End 16 provides multiple IdP identifiers, and this multiple IdP identifier is subject to prioritization with different communication scenes.
Enterprise may also desire to specify specific IdP identifiers to use in enterprise network 22 for the first WebRTC clients 16, and
No matter what the customization IdP identifiers and/or the acquiescence IdP identifiers of the first WebRTC clients 16 specified by web applications be.
Here, the IdP identifier managements there is provided Fig. 1 act on behalf of 12.According to embodiment described herein IdP identifier pipes
Reason agency 12 enable the entity of such as enterprise etc specify by one or more preferences indicate it is one or more preferred
IdP identifiers, for WebRTC interactive streams 44 foundation during authentication, and may additionally facilitate and mark this multiple IdP
Knowing symbol is used for authentication.In certain embodiments, IdP identifier managements agency 12 can be realized as the first WebRTC clients 16
Extension or plug-in unit, and be communicably coupled to the script handling engine 28 of the first WebRTC clients 16, such as four-headed arrow
Indicated by 56.It is appreciated that some embodiments could dictate that IdP identifier managements agency 12 can be integrated into WebRTC functions supplier 30
And/or in script handling engine 28, or it is embodied as the integral part of the first WebRTC clients 16.
Some embodiments could dictate that IdP identifier managements agency 12 is communicably coupled to enterprise policy server 58, such as double
Indicated by arrow 60.Therefore, IdP identifier managements agency 12 can be from the business strategy institute as defined in enterprise policy server 58
One or more preferred IdP identifiers are selected in the one or more IdP identifiers specified.So, enterprise can be to first
WebRTC clients 16 carry out certification using what IdP to be controlled by the WebRTC interactive sessions application of enterprise network 22.One
In a little embodiments, it can be stored as giving tacit consent to IdP identifiers and/or WebRTC web by downloading from by the first WebRTC clients 16
Using selecting one or more preferred IdP identifiers in the one or more IdP identifiers specified.
Selection to one or more preferred IdP identifiers can be by IdP identifier managements agency 12 based on one or more
Preference (not shown) is carried out.One or more preferences business strategy can be provided as defined in enterprise policy server 58,
And/or offer can be inputted by user.In certain embodiments, one or more preferences may include to indicate preferred IdP identifiers
Preferred mark, or may include to indicate relative preferable of the IdP identifiers compared with other one or more IdP identifiers
Preferred ranking, above-mentioned these are non-limiting examples.
After one or more preferred IdP identifiers are selected, IdP identifier managements agency 12 can initiate to talk with for 42 phases
Between obtain one or more identity assertions corresponding with the one or more preferred IdP identifiers from IdP 50 (1-N).Example
Such as, in certain embodiments, IdP identifier managements agency 12 can be applied by the first WebRTC client in the WebRTC web of download
The script handling engine 28 at end 16 intercepts WebRTC API Calls wherein when performing.So, IdP identifier managements agency 12 can
Dynamically modification WebRTC web apply the request to identity assertion to ensure to obtain from one or more preferred IdP identifiers
One or more identity assertions.As non-limiting example, IdP identifier managements agency 12 can intercept to be applied by WebRTC web
The instruction of such as setIdentityProvider instructions provided etc, and can be in these instructions by script handling engine 28
These instructions are changed before execution to specify one or more preferred IdP identifiers.In certain embodiments, modification instruction can be wrapped
The IdP identifiers for removing and being specified in presumptive instruction are included, and removal is replaced using one or more preferred IdP identifiers
IdP identifiers.
Some embodiments could dictate that IdP identifier managements agency 12 injects new command (example in being applied to WebRTC web
Such as setIdentityProvider instructions).Even if this can ensure that when WebRTC web do not specify IdP identifiers using itself
Also one or more preferred IdP identifiers are used.In certain embodiments, IdP identifier managements agency 12 can be by WebRTCweb
Remove, and replaced without new command completely using the existing instruction of offer.As non-limiting example, this can be in WebRTC
Web applications are attempted to keep anonymous using permission user in the scene using the IdP specified to force identity assertion and/or checking.
Similarly, IdP identifier managements agency 12 can intercept and change WebRTC API Calls with by obtained one
Or multiple identity assertions are provided as the part for initiating dialogue 42.For example, IdP identifier managements agency 12 can intercept WebRTC
The instruction of such as createOffer and/or the createAnswer instruction of web application offers etc.These instructions can be marked by IdP
Know symbol administration agent 12 to change to cover the one or more identity assertions obtained in WebRTC offers/response exchange.
In certain embodiments, IdP identifier managements agency 12 can also change initiation dialogue 42 (for example, WebRTC offers/
Response) with including one or more certifications for network element 48.This may be such that the first WebRTC clients 16 can be automatic
The certificate of function for accessing network element 48 is provided.As non-limiting example, IdP identifier managements agency 12 can be in hair
Playing dialogue 42 includes the STUN server authentications and/or TURN server authentications for the first WebRTC clients 16.For
One or more certifications of network element 48 may include to be used for the IdP identifiers of certification for network element 48.Some embodiments can
Regulation will can be to be used for identity assertion with the first WebRTC clients 16 by the IdP identifiers that network element 48 is used for certification
And/or the different IdP identifiers of one or more preferred IdP identifiers of checking.
Fig. 2 is shown can be by Fig. 1 IdP identifier managements agency 12 using obtaining showing for one or more identity assertions
Plasticity IdP identifiers 62.In the figure 2 example, exemplary IdP identifiers 62 can be represented by form, and the form is implemented at some
It is can be achieved in example as database table or other appropriate data structures.Each exemplary IdP identifiers 62 may include preferably to refer to
Show symbol 64, IdP titles 66, agreement 68 and user mark (ID) 70, above-mentioned these are non-limiting examples.Preference designator 64 can
Indicate in exemplary IdP identifiers 62 which be preferred for authentication in WebRTC interactive sessions.At some
In embodiment, preference designator 64 may include preferred ranking and/or preferred mark, and can be by enterprise policy server (for example
Fig. 1 enterprise policy server 58) or it is specified by user's input.In the figure 2 example, preference designator 64 is assigned to IdP
The ranking of each in identifier 72 (1-X), 74 (1-Y), 75 (1-Z) and 76 (1-W), wherein top ranked IdP marks
Symbol (that is, preferably IdP identifiers 78) is selected to be used in WebRTC interactive sessions.It is appreciated that in certain embodiments, it is excellent
IdP identifiers 78 are selected to may include multiple in exemplary IdP identifiers 62.
IdP titles 66 may include to be used for accessing corresponding for Fig. 1 the first WebRTC clients 16 in certain embodiments
IdP domain name system (Domain Name System, DNS) title or other identification informations.Agreement 68 may specify first
The procotol to be used when being got in touch with IdP of WebRTC clients 16, and ID 70 can be represented previously between IdP
User's mark of foundation.It is appreciated that in certain embodiments, agreement 68 and/or ID 70 can be optional.
As it is clear from fig. 2 that exemplary IdP identifiers 62 can be obtained by Fig. 1 IdP identifier managements agency 12 from separate sources
.IdP identifiers 72 (1-X) are denoted as the part offer of the business strategy as defined in Fig. 1 enterprise policy server 58
IdP identifiers.As non-limiting example, IdP identifiers 72 (1-X) may include enterprise for authentication purpose provide or
It is preferred that one or more IdP identifiers.IdP identifiers 74 (1-Y) can be by the first WebRTC clients 16 by default
One or more IdP identifiers of IdP identifiers storage.In certain embodiments, IdP identifiers 72 (1-X) and/or IdP marks
Knowing 74 (1-Y) of symbol can be stored in memory by the first WebRTC clients 16, or be stored in the first WebRTC clients 16
In browser cookie or alternative document in addressable persistent data thesaurus.Some embodiments could dictate that IdP is identified
12 renewal can be acted on behalf of and/or by first by for example to IdP identifier managements by according with 72 (1-X) and/or IdP identifiers 74 (1-Y)
Interact to update between WebRTC clients 16 and external agent.
IdP identifiers 75 (1-Z) can be hard-coded into IdP identifier managements to act on behalf of one or more of 12 IdP
Identifier.IdP identifiers 76 (1-W) are indicated to be included in the WebRTC web of download applications or the WebRTC web by downloading
Using the IdP identifiers specified, and represent that WebRTC web applications are programmed to use it for one or many of authentication
Individual customization IdP identifiers.It is appreciated that may include for the given available IdP identifiers of WebRTC interactive streams from all above-mentioned
Originate the IdP identifiers obtained, or the IdP identifiers that subset from above-mentioned source is obtained.For example, Fig. 1 enterprise network 22
The first interior WebRTC clients 16 can be constrained to by business strategy for by enterprise network 22 WebRTC interactive streams only from
Selection IdP identifiers in IdP identifiers 72 (1-X).
It is exemplary logical during the authentication and checking that promote for the IdP identifier managements agency 12 illustrated by Fig. 1
There is provided Fig. 3 for letter flow journey.In figure 3, Fig. 1 IdP 50, enterprise policy server 58, the first WebRTC clients 16,
The WebRTC clients 20 of WebRTC application servers 40 and the 2nd are each represented by the vertical dashed line.First WebRTC clients 16
WebRTC functions supplier 30, script handling engine 28 and IdP identifier managements agency 12 are illustrated as single element with more preferable
Ground illustrates communication stream therebetween.It is appreciated that the 2nd WebRTC clients 20 may include script handling engine 32 and WebRTC functions
Supplier 34, eliminate them for clarity in this example.It is also to be understood that WebRTC clients 16 and 20 respectively control oneself from
WebRTC application servers 40 have downloaded the web applications for enabling WebRTC, such as HTML5/JavaScript WebRTC web
Using.
It can be seen from figure 3 that the foundation of WebRTC interactive streams start from initiation dialogue 42 with Fig. 1 it is corresponding (for example ---
It is used as non-limiting example-- WebRTC conversation description objects) WebRTC offers/response exchange.Correspondingly, second
It (is connected via HTTPS in this example that WebRTC clients 20 send conversation description object to WebRTC application servers 40
Connect).WebRTC conversation description objects in this example are known as SDP objects A Session Description Protocol (Session
Description Protocol, SDP) object, as indicated by arrow 80.SDP objects A represents that WebRTC offers/response is exchanged
In " offer ".SDP objects A specifies the media that the 2nd WebRTC clients 20 are supported and preferably used in WebRTC interactive streams
Type and ability.As indicated by arrow 82, the script handling engines 28 of the first WebRTC clients 16 by security web connect from
WebRTC application servers 40 receive SDP objects A.Received in script handling engine 28 from WebRTC application servers 40
After SDP objects A, script handling engine 28 sends WebRTC conversation descriptions pair as response to IdP identifier managements agency 12
As referred to as SDP objects B, as indicated by arrow 84.During SDP objects B represents that WebRTC offers/response is exchanged in this example
" response ".
Now, IdP identifier managements agency 12 starts the one or more preferred IdP identifiers of selection, obtains identity assertion
And identity assertion is included into the process in SDP objects B.In this example, IdP identifier managements agency 12 can be from enterprise's plan
Preferred IdP identifiers are asked and received to slightly server 58, and this is represented by four-headed arrow 86.It is appreciated that in certain embodiments, one
Individual or multiple preferred IdP identifiers can be stored as acquiescence and/or the WebRTC web by downloading by the first WebRTC clients 16
Using specified.It is also to be understood that it is preferred that IdP identifiers may be received at time point in the early time, such as in the first WebRTC visitors
It is when family end 16 starts and/or before WebRTC web applications are downloaded from WebRTC application servers 40 or same with the download
When.As indicated by arrow 88, IdP identifier managements agency 12 sends out then to the IdP 50 corresponding with preferred IdP identifiers
Go out the request to identity assertion.IdP identifier managements agency 12 obtains identity assertion from IdP 50, and this is represented by arrow 90.
In some embodiments, script handling engine 28 can be identified based on the 12 preferred IdP for providing or setting are acted on behalf of by IdP identifier managements
Accord with obtaining identity assertion.IdP identifier managements agency 12 then changes SDP objects B with including identity assertion.
With continued reference to Fig. 3, amended SDP objects B, referred to herein as SDP objects B ', then by IdP identifier management generations
Reason 12 is sent to script handling engine 28, as indicated by arrow 91.Script handling engine 28 is then via the network connection of safety
SDP objects B ' is sent to WebRTC application servers 40, as indicated by arrow 92.WebRTC application servers 40 and then general
SDP objects B ' is forwarded to the 2nd WebRTC clients 20, as shown in arrow 94.In order to confirm identity that SDP objects B ' includes
Assert, the 2nd WebRTC clients 20 send the request to authentication to IdP 50, this is represented by four-headed arrow 96.IdP 50
Authentication is provided then to the 2nd WebRTC clients 20, as indicated by arrows 98.In certain embodiments, the 2nd WebRTC
Client 20 can utilize the IdP in addition to IdP 50 to obtain the checking for the identity assertion that SDP objects B ' includes.
After the identity of the first WebRTC clients 16 is confirmed, WebRTC clients 16 and 20 embark WebRTC friendships
Mutually flow.WebRTC clients 16 and 20 (particularly WebRTC functions supplier 30) start " punching " (hole punching) with
It is determined that setting up the best mode of direct communication between WebRTC clients 16 and 20.Drill process is by the four-headed arrow in Fig. 3
100 indicate.Punching is a kind of commonly using such as interactive connectivity foundation (Interactive Connectivity
Establishment, ICE) etc agreement technology, two of which web client and unrestricted third-party server
(not shown) sets up connection, and the server finds that outwardly and inwardly address information is used in direct communication.In some embodiments
In, further identity assertion can be also carried out (for example, in the first WebRTC clients 16 and the 2nd WebRTC client with reference to punching
During the exchange of ICE candidates between end 20).If punched successfully, the 2nd WebRTC clients 20 and the first WebRTC visitors
The WebRTC functions supplier 30 at family end 16 can set up safe peer to peer connection and start the WebRTC interactive streams of exchanging safety, such as
Shown in four-headed arrow 104.
In order to illustrate for WebRTC interact flow management IdP identifiers example operation there is provided Fig. 4.Risen in order to clear
See, Fig. 1-3 element is quoted when describing Fig. 4.Operation starts from the first WebRTC visitors performed on the first computing device 14
The IdP identifier managements agency 12 at family end 16 selects one indicated by one or more preferences from multiple IdP identifiers 62
Individual or multiple preferred IdP identifiers 78 (block 106).Multiple IdP identifiers 62, which correspond to, is used for building in WebRTC interactive streams 44
Multiple IdP 50 of identity assertion are provided during vertical.Multiple IdP identifiers 62 can as defined in enterprise policy server 58 enterprise
Strategy is provided, can be stored by the first WebRTC clients 16 and/or can provided by the WebRTC web applications downloaded.One or many
Individual preference business strategy can be provided as defined in enterprise policy server 58, and/or can be based on by the excellent of user's input instruction
Option.
IdP identifier managements agency 12 next from multiple IdP 50 with one or more preferred phases of IdP identifiers 78
Each corresponding IdP obtains one or more identity assertions (block 108).In certain embodiments, one or more identity are obtained
Assert one or more WebRTC API Calls in the WebRTC web applications that may include modification download.Show as non-limiting
Example, IdP identifier managements agency 12 can change such as setIdentityProvider instructions in WebRTC web applications etc
Instruction with including one or more preferred IdP identifiers 78, or can be inserted into extra setIdentityProvider and refer to
Order.
IdP identifier managements agency 12 then provides one or more identity during the foundation of WebRTC interactive streams 44 and broken
Say (block 110).Some embodiments could dictate that one or more identity assertions be included as initiate dialogue 42 a part (for example,
The part exchanged as WebRTC offers/response).It may include in certain embodiments there is provided one or more identity assertions
One or more WebRTC API Calls in WebRTC web applications that modification is downloaded.For example, as non-limiting example,
IdP identifier managements agency 12 can change the instruction of such as createOffer and/or createAnswer instructions etc.Pass through
One or more identity assertions can be included one for WebRTC offers/response by modification instruction, IdP identifier managements agency 12
Point.
Fig. 5 shows the more detailed example operation for interacting flow management IdP identifiers for WebRTC.In description Fig. 5
When, Fig. 1-3 element is quoted for clarity.Operation starts from IdP identifier managements agency 12 alternatively from communicatedly coupling
The enterprise policy server 58 closed to the first WebRTC clients 16 receives one or more IdP identifiers 72 (block 112).One
In a little embodiments, one or more IdP identifiers 72 business strategy can be provided as defined in enterprise policy server 58.IdP is marked
The one or more IdP identifiers 74 stored by the first WebRTC clients 16 can also alternatively be obtained by knowing symbol administration agent 12
(block 114).As non-limiting example, one or more IdP identifiers 74 may include to be stored by the first WebRTC clients 16
Acquiescence IdP identifiers.IdP identifier managements agency 12 can also obtain one be hard-coded in the first WebRTC clients 16
Or multiple IdP identifiers 75 (block 115).IdP identifier managements agency 12 can also be alternatively obtained by the first WebRTC client
One or more IdP identifiers 76 (block 116) that the WebRTC web applications that end 16 is downloaded are provided.In certain embodiments, one
Individual or multiple IdP identifiers 76 can be specified in the WebRTCweb applications in the instruction that include.
IdP identifier managements agency 12 for providing identity during the foundation of WebRTC interactive streams 44 next from breaking
Selected in the corresponding multiple IdP identifiers 62 of multiple IdP 50 of speech by one or more preferences indicate it is one or more
It is preferred that IdP identifiers 78 (block 118).As described above, multiple IdP identifiers 62 can as defined in enterprise policy server 58 enterprise
Strategy is provided, can be stored by the first WebRTC clients 16 and/or can provided by the WebRTC web applications downloaded.One or many
Individual preference business strategy can be provided as defined in enterprise policy server 58, and/or can be based on by the excellent of user's input instruction
Option.
IdP identifier managements agency 12 is then relative with one or more preferred IdP identifiers 78 from multiple IdP 50
Each IdP answered obtains one or more identity assertions (block 120).In certain embodiments, one or more identity are obtained to break
Speech may include one or more WebRTC API Calls in the WebRTC web applications that modification is downloaded.Show as non-limiting
Example, IdP identifier managements agency 12 can change such as setIdentityProvider instructions in WebRTC web applications etc
Instruction with including one or more preferred IdP identifiers 78, or can be inserted into extra setIdentityProvider and refer to
Order.
IdP identifier managements agency 12 provides one or more identity assertions during the foundation of WebRTC interactive streams 44
(block 122).Some embodiments could dictate that one or more identity assertions are included as initiating a part for dialogue 42 (for example, making
The part exchanged for WebRTC offers/response).It may include to repair there is provided one or more identity assertions in certain embodiments
Change one or more WebRTC API Calls in the WebRTC web applications of download.For example, being used as non-limiting example, IdP
Identifier management agency 12 can change the instruction of such as createOffer and/or createAnswer instructions etc.Pass through modification
One or more identity assertions can be included the part for WebRTC offers/response by instruction, IdP identifier managements agency 12.
In certain embodiments, IdP identifier managements agency 12 can be provided during the foundation of WebRTC interactive streams 44 and
The corresponding one or more certifications (block 124) of each network element in one or more intermediate network elements 48.This can make
The certificate of the function for accessing network element 48 can be automatically provided by obtaining the first WebRTC clients 16.Show as non-limiting
Example, IdP identifier managements agency 12 can provide STUN server authentications and/or TURN servers for the first WebRTC clients 16
Certification.
As described above, IdP identifier managements agency 12 based on one or more preferred IdP identifiers 78 come obtain one or
Multiple identity assertions.Here, Fig. 6 shows that IdP identifier managements agency 12 obtains the more detailed of one or more identity assertions
Example operation.In the example of fig. 6, the IdP identifier managements agency 12 for starting from the first WebRTC clients 16 is operated to block
WebRTC web are cut to apply to obtain the WebRTC API Calls (block 126) that identity assertion is made.In certain embodiments,
WebRTC API Calls can be the setIdentityProvider instructions in WebRTC web applications.IdP identifier management generations
Reason 12 then changes the WebRTC API Calls with comprising one (block 128) in one or more preferred IdP identifiers 78.This
Sample, IdP identifier managements agency 12 can automatically ensure that one or more preferred IdP identifiers 78 initiate dialogue 42 during by with
In authentication.
In order to illustrate Fig. 1 IdP identifier managements act on behalf of 12 during the foundation of WebRTC interactive streams 44 provide one or
There is provided Fig. 7 for the more detailed example operation of multiple identity assertions.In the example in figure 7, operation starts from the first WebRTC visitors
The interception WebRTC web of IdP identifier managements agency 12 at family end 16, which are applied, to be set up WebRTC offers/response and makes
WebRTC API Calls (block 130).Some embodiments could dictate that acting on behalf of the 12 WebRTC API intercepted by IdP identifier managements adjusts
Be createOffer or createAnswer instruction.Then modification WebRTC API Calls come IdP identifier managements agency 12
Include one or more identity assertions (block 132).
Fig. 8, which is provided, to be adapted for carrying out instruction and takes illustrative computer system 136 with perform functions described herein
The block diagram of the processing system 134 of example form is represented.In certain embodiments, the executable instruction of processing system 134 is to perform
The function of Fig. 1 IdP identifier managements agency 12.Here, processing system 134 may include computer system 136, in the computer
It can perform in system 136 for causing processing system 134 to perform any one or more one group in methodologies discussed herein
Instruction.Processing system 134 may be connected to and (as non-limiting example, be networked to) LAN (LAN), Intranet, extranet or
Other machines in internet.Processing system 134 can be operated in client-sever network environment, or conduct equity (or
It is distributed) peer machines operation in network environment.Although merely illustrating single processing system 134, term " controller " and
" server " also should be read to include to be performed one group (or multigroup) instruction to perform in methodologies discussed herein alone or in combination
The machine of any one or more any set.Processing system 134 can be server, personal computer, desktop type meter
Calculation machine, laptop computer, personal digital assistant (PDA), calculate flat board, mobile device or any other equipment, and make
Server or the computer of user can be represented for non-limiting example.
Illustrative computer system 136 includes processing equipment or processor 138, main storage 140 (show as non-limiting
Example, read-only storage (ROM), flash memory, the dynamic RAM (DRAM) of such as synchronous dram (SDRAM) etc, etc.
Deng) and static memory 142 (being used as non-limiting example, flash memory, static random-access memory (SRAM), etc.), it
Can be via bus 144 with communicating with one another.Or, processing equipment 138 can be directly or via certain other connection means connection
To main storage 140 and/or static memory 142.
Processing equipment 138 represents one or more processing equipments, such as microprocessor, CPU (CPU), etc.
Deng.More specifically, processing equipment 138 can be that sophisticated vocabulary calculates (CISC) microprocessor, Jing Ke Cao Neng
(RISC) microprocessor, very long instruction word (VLIW) microprocessor, realize the processor of other instruction set or realize instruction set
Combination processor.Processing equipment 138 be configured as execute instruction 146 and/or caching instruction 148 in processing logic with
Just operations discussed herein and step are performed.
Computer system 136 may also include the communication interface of the form of Network Interface Unit 150.It can also include or not wrap
The input and selection of computer system 136 will be conveyed to receive at execute instruction 146,148 by including input 152.It can be with
Including or include output 154, output 154 include but is not limited to (one or more) display 156.(one or more) displays
Device 156 can be video display unit (as non-limiting example, liquid crystal display (LCD) or cathode-ray tube (CRT)), word
Female digital input equipment (being used as non-limiting example, keyboard), cursor control device (as non-limiting example, mouse) and/
Or touch panel device (as non-limiting example, flat board input equipment or screen).
Computer system 136 can include or not include data storage device 158, data storage device 158 using
Functions described herein is stored in computer-readable medium 162 by (one or more) driver 160, computer-readable
Be stored with the one or more groups of instructions 164 of any one or more realized in method described herein or function on medium 162
(such as software).As non-limiting example, these functions may include processing system 134, the user equipment participated in and/or license
The method of server and/or other functions.One or more groups of instructions 164 also can be complete during it is performed by computer system 136
It is complete or reside at least partially within main storage 140 and/or in processing equipment 138.Main storage 140 and processing equipment 138
Also machine-accessible storage medium is constituted.Also instruction can be sent or received by network 166 via Network Interface Unit 150
146th, 148 and/or 164.Network 166 can be Intranet or internet.
Although computer-readable medium 162 is illustrated as single medium, term " machine-accessible in an exemplary embodiment
Storage medium " is understood to include the single medium or multiple media that store one or more groups of instructions 164 (as unrestricted
Property example, centralized or distributed database, and/or association caching and server).Term " machine-accessible storage medium "
Should also be understood as including it is any can store, encode or carry one group of instruction supply machine perform medium, the group instruction
So that machine performs any one or more of method disclosed herein.Term " machine-accessible storage medium " correspondingly should
Be understood to include but be not limited to solid-state memory, optical medium and magnetizing mediums and carrier signal.
Embodiment disclosed herein can realize the software for hardware and storage within hardware, and can reside in as non-limit
In the following medium of property example processed:Random access storage device (RAM), flash memory, read-only storage (ROM), electrically programmable ROM
(EPROM), electrically erasable ROM (EEPROM), register, hard disk, removable disk, CD-ROM or any other form
Computer-readable medium known in the art.Exemplary storage medium is coupled to processor, to cause processor can be from storage
Medium reads information and writes information to storage medium.In alternative, storage medium can be with processor one.Processor
It is can reside in storage medium in application specific integrated circuit (ASIC).ASIC can reside in distant station.In alternative, processor
Distant station, base station or server can be resided in as discrete assembly with storage medium.
It is furthermore noted that herein operating procedure described in any one exemplary embodiment be to provide for example and discuss and
Description.Described operation can be performed by many different orders in addition to illustrated sequence.In addition, single
Operation described in operating procedure can be performed actually in multiple different steps.In addition, discuss in an exemplary embodiment
One or more operating procedures can be combined.It is appreciated that the operating procedure shown in flow charts can undergo people in the art
Many different modifications that member is readily apparent.Those skilled in the art will also be understood that information and signal can utilize a variety of different
Science and technology and any one of technology are represented.As non-limiting example, the data that can be mentioned that everywhere in above description, refer to
Make, order, information, signal, bit, symbol and chip can by voltage, electric current, electromagnetic wave, magnetic field or particle, light field or particle or
Person its any combinations are represented.
It is in order that this public affairs can be made or use by obtaining any those skilled in the art to provide above the description of the present disclosure
Open.Those skilled in the art will be readily apparent various modifications of this disclosure, and generic principles defined herein may be used on
Other changes, without departing from the spirit or scope of the disclosure.So as to which the disclosure is not intended to be limited to example described herein and set
Meter, but the widest range consistent with novel feature with principle disclosed herein should be met.
Claims (9)
1. one kind is used for for the method for Web real-time Communication for Power (WebRTC) interaction flow management Identity Provider (IdP) identifier, bag
Include:
By the WebRTC clients that perform on the computing device from for providing identity during the foundation of WebRTC interactive streams
Selected among multiple IdP identifiers corresponding multiple IdP for asserting by one or more preferences indicate it is one or more
It is preferred that IdP identifiers;
Each IdP corresponding with one or more of preferred IdP identifiers obtains one or many among the multiple IdP
Individual identity assertion, wherein, obtaining one or more of identity assertions includes:
WebRTC web are intercepted by the WebRTC clients and apply the WebRTC application programmings made for acquisition identity assertion
Interface (API) is called;And
The WebRTC API Calls are changed with comprising one of one or more of preferred IdP identifiers;And
One or more of identity assertions are provided during the foundation of the WebRTC interactive streams.
2. the method for claim 1, wherein the multiple IdP identifiers include:
The one or more IdP identifiers received from the enterprise policy server for being communicably coupled to the WebRTC clients;
The one or more IdP identifiers stored by the WebRTC clients;
It is hard-coded into one or more of WebRTC clients IdP identifiers;Or
The one or more IdP identifiers provided by the WebRTC web applications of the WebRTC client downloads;Or
Above-mentioned every combination.
3. the method for claim 1, wherein providing one or more of identity assertions includes:
Intercepting WebRTC web by the WebRTC clients applies the WebRTC made to set up WebRTC offers/response should
Called with DLL (API);And
The WebRTC API Calls are changed with comprising one or more of identity assertions.
4. the method as described in claim 1, is provided and one or many during being additionally included in the foundation of the WebRTC interactive streams
The corresponding one or more certifications of each intermediate network element in individual intermediate network element,
Wherein, one or more of intermediate network elements pass through utility program (STUN) service including network address translation session
Device uses relaying network address translation hole punching (TURN) server, or its combination.
5. the method for claim 1, wherein one or more of the multiple IdP identifiers are provided including identity
Person's title, agreement or user name, or its combination.
6. the method for claim 1, wherein one or more of preferences include and the multiple IdP identifiers
One of associated preferred mark.
7. the method for claim 1, wherein one or more of preferences include being provided by enterprise policy server
Business strategy.
8. the method for claim 1, wherein one or more of preferences include inputting the preferred of instruction by user
.
9. one kind is used for for the system of Web real-time Communication for Power (WebRTC) interaction flow management Identity Provider (IdP) identifier, bag
Include:
At least one communication interface;
Computing device, the computing device is associated with least one described communication interface and including IdP identifier management generations
Reason, the IdP identifier managements agency is configured as:
Identified from the multiple IdPs corresponding with multiple IdP for providing identity assertion during the foundation of WebRTC interactive streams
The one or more preferred IdP identifiers indicated by one or more preferences are selected among symbol;
Via at least one described communication interface among the multiple IdP with one or more of preferred IdP identifiers phases
Each corresponding IdP obtains one or more identity assertions, wherein, obtaining one or more of identity assertions includes:
WebRTC web are intercepted by WebRTC clients and apply the WebRTC API made for acquisition identity assertion
(API) call;And
The WebRTC API Calls are changed with comprising one of one or more of preferred IdP identifiers;And
One or more of identity assertions are provided during the foundation of the WebRTC interactive streams.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201361781122P | 2013-03-14 | 2013-03-14 | |
| US61/781,122 | 2013-03-14 | ||
| US14/050,891 | 2013-10-10 | ||
| US14/050,891 US9294458B2 (en) | 2013-03-14 | 2013-10-10 | Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104052732A CN104052732A (en) | 2014-09-17 |
| CN104052732B true CN104052732B (en) | 2017-08-01 |
Family
ID=51505100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410096155.XA Active CN104052732B (en) | 2013-03-14 | 2014-03-14 | The method and system of flow management identity provider identifier is interacted for Web real-time Communication for Power |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104052732B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9756020B2 (en) * | 2015-04-27 | 2017-09-05 | Microsoft Technology Licensing, Llc | Persistent uniform resource locators (URLs) for client applications acting as web services |
| CN106850399B (en) * | 2016-12-30 | 2022-04-26 | 深圳市潮流网络技术有限公司 | Communication method based on WebRTC technology instant message |
| CN112201264A (en) * | 2020-10-21 | 2021-01-08 | Oppo广东移动通信有限公司 | Audio processing method and device, electronic equipment, server and storage medium |
| CN119496771A (en) * | 2023-08-18 | 2025-02-21 | 华为技术有限公司 | Method, device and system for media negotiation |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110824A (en) * | 2006-07-20 | 2008-01-23 | 国际商业机器公司 | Method and system for implementing a floating identity provider model across data centers |
| US8250635B2 (en) * | 2008-07-13 | 2012-08-21 | International Business Machines Corporation | Enabling authentication of openID user when requested identity provider is unavailable |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8832271B2 (en) * | 2010-12-03 | 2014-09-09 | International Business Machines Corporation | Identity provider instance discovery |
-
2014
- 2014-03-14 CN CN201410096155.XA patent/CN104052732B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110824A (en) * | 2006-07-20 | 2008-01-23 | 国际商业机器公司 | Method and system for implementing a floating identity provider model across data centers |
| US8250635B2 (en) * | 2008-07-13 | 2012-08-21 | International Business Machines Corporation | Enabling authentication of openID user when requested identity provider is unavailable |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104052732A (en) | 2014-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9294458B2 (en) | Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media | |
| Johnston et al. | Taking on webRTC in an enterprise | |
| Jennings et al. | Real-time communications for the web | |
| CN105282008B (en) | Enhance the method and system of media characteristic during real-time Communication for Power Network interactive sessions | |
| US9380030B2 (en) | Firewall traversal for web real-time communications | |
| CN104301107B (en) | Via method, the system of corresponding WebRTC data channels checking WebRTC media channel privacies | |
| US8885012B2 (en) | System and method for providing anonymity in a video/multimedia communications session over a network | |
| CN101841519B (en) | Multimedia communication session coordination across heterogeneous transport networks | |
| US20150082021A1 (en) | Mobile proxy for webrtc interoperability | |
| US20160036778A1 (en) | Applying a packet routing policy to an application session | |
| JP2014099160A (en) | Distributed application for enterprise policy to web real time communication (webrtc) dialog session, related method and system and computer readable medium | |
| US20130035079A1 (en) | Method and system for establishing data commuication channels | |
| CN104518908B (en) | For providing the method and system of network management | |
| KR101705440B1 (en) | Hybrid cloud media architecture for media communications | |
| Beltran et al. | User identity for WebRTC services: A matter of trust | |
| CN104052732B (en) | The method and system of flow management identity provider identifier is interacted for Web real-time Communication for Power | |
| JP2008005434A (en) | Communication control device, communication control method, and communication control program | |
| CN104601649B (en) | The method and system seen clearly about the origin applied web is provided | |
| Deshmukh et al. | Video conferencing using WebRTC | |
| US20070245411A1 (en) | Methods, systems and computer program products for single sign on authentication | |
| Shreya et al. | Internetworking gateway between webrtc to sip to integrate real-time audio video communication | |
| CN105516070A (en) | Authentication credential replacing method and authentication credential replacing device | |
| US9979722B2 (en) | Method and apparatus for processing a RTCWEB authentication | |
| EP3815310B1 (en) | Communications bridge | |
| Janak et al. | An Analysis of Amazon Echo's Network Behavior |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |