Where are we?• SIP is ten years old• Mostly used for PSTN over IP• Narrowband audio• Insecure implementations• Insecure deployments
BAD! We can do better.Our customers deserve better.
WE SHOULD BE ASHAMED!
The network is changing.• We have more smart phones, tablets and other devices than PCs These devices have multimedia - video, audio• Multimedia is changing - wideband, stereo, 7-1, screen sharing• The number of users is exploding
WebRTC The new kid on the block• Cooperation between the W3C and IETF• Bidirectional media between browsers• Audio, video, text• The platform for new services• SIP in the browser (listen to Iñaki!)
WebRTC The vision• An open service where we can communicate freely with each other from any device and any network• First wave propably just between users of the same web service• Many of us wants open federation - it requires a shared address space and protocol
WebRTC Dependencies• The architecture is still discussed• Will propably depend on ICE, which means dependencies on TURN/STUN as well• OverSIP and jsSIP presented here today is a good example of the future!
WebRTC WebRTC• Platform for new cool • We’ll still have NAT applications and ﬁrewall issues• Built into the web • Will it be standardized browser enough• Security-enabled from • Will we need SBCs to start handle the connections?+ -
ICE ICETaking us out of the NAT darkness.
ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs ﬁnd all their SIP addresses, using STUN SIP Alice • May allocate an address using TURN • Sends all addresses as candidates in SDP • Receipient tries to contact addresses and select best media path Turn • Supports both IPv4 and IPv6 Bob Media relay • IPv6 UAs allocate IPv4 NATted network Turn address Cecilia
ICE ICE • Finds the best media path • Takes time at call between two nodes setup • Supports IPv4 and IPv6 • Hard for b2bua’s to deployments support • Binds SIP+SDP to actual • Complex for media developers • Used by Microsoft, Apple (FaceTime), Google + - Hangouts
Globally Routable device addressesGRUU Example.com SIP SIP Alice The AOR for Alice and Bob belongs to their proxy. Bob has one Builds on SIP outbound AOR for multiple UAs. UUID URN’s. SIP astritech.com Bob The GRUU points to a device. It is allocatedNATted network at registration and belongs to the domain, thus Bob can be used globally!
GRUU Device URIs• Makes transfers and • Complex RFC other SIP in-dialog functions work across • Adds a bit of domains complexity to the UA• A Contact without IPv4/ IPv6 dependencies• Opens up for multi- device calls (SPLICES)+ -
IDENTITY RFC 4474- SIP identity • A domain implements an authentication service that signs an identity on outbound messages SIP • Users identify themselves to domain server (proxy) by other means (Digest, TLS) Identity • Signs the From: URI (AOR) Local Local SIP SIP HTTP auth or TLS auth AUDIO
IDENTITY Can this be connected to federated identity?• Shibboleth/SAML 2.0/FEIDE • Draft exists, but no progress. Needs work.• OpenID• Oauth
IDENTITY SIP identity• Enables trust of identities • Complex RFC between domains • PKI is always• Adds integrity check of complicated SIP messages • Not many• Together with TLS for implementations, thus connections, part of trust platform for an open very few tests of federation interoperability+ -
What’s missing? Proper solution Implementationsfor TLS and a PKI.of DTLS SRTP Customers with the key exchange guts to do something End to end different. Management security. of security and conﬁgurations.
The next generation realtime network. • We’ve learned a lot in 10 years of SIP. • Why hasn’t the IP phones changed? • New models coming - see Goji for smartphones, Skycall on Norwegian and Panasonic Android SIP phones
Ask yourselves theimportant question. Have you become one of the old PBX-huggers? The ones that just doesn’t let go. Why doesn’t mobile ofﬁce solutions have blinking lamps and all that stuff?
Summary• IETF realized that NAT is a big issue and developed GRUU, ICE and Outbound. Use it.• For security, there’s TLS, S/MIME and SIP/Identity• A properly architectured SIP architecture can handle much more than telephony.• Look at Skype, Microsoft Lync and AG Projects product suite for inspiration.• Only the last company in the list is using open standards!
REALTIMEI T ’ S A L L A B O U T N OW.
OPEN UNIFIEDCOMMUNICATION ACCORDING TO EDVINA The road ahead: 10 bullet points to remember!