SeaBeyond 2011 ProcessOne - Eric Cestari: XMPP over WebSocket

2,402
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,402
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SeaBeyond 2011 ProcessOne - Eric Cestari: XMPP over WebSocket

  1. 1. XMPP over WebSocket Eric Cestari ecestari@process-one.net @cstarjeudi 3 février 2011
  2. 2. WebSocket = Web + Socket = recipe for AWESOME ?jeudi 3 février 2011
  3. 3. WebSocket Message oriented Two way connection between browser and server No more Comet, long-polling, Ajax push, BOSH, hidden iframes Pros: Less load on server better latency less effort for the client (battery life increases) Cons: not ubiquitous security issuesjeudi 3 février 2011
  4. 4. A simple Javascript API new Websocket(url) ws.send() ws.close() and callbacks ws.onopen ws.onclose ws.onmessagejeudi 3 février 2011
  5. 5. Normalized by IETF ... ... since forever (first mail on the hybi mailing list: 30 March 2009) Three drafts implemented : draft-hixie -68 by Chrome (Dec 2009) draft-hixie -75 by Chrome and Safari (Feb 2010) draft-hixie -76 (May 10) by Safari 5.0.4, Chrome 6, Opera 10.70 and early Firefox 4 betasjeudi 3 février 2011
  6. 6. Current issues Fear of cross-protocol attacks. Possible transparent proxy cache poisoning discovered by A. Barth and E. Rescorla with currently implemented draft. WebSocket support disabled in Opera and latest Firefox betas by defaultjeudi 3 février 2011
  7. 7. WS support everywhere ! Flash to the rescue web-socket-js opensource project https://github.com/gimite/web-socket-js But: slower than native implementation with TLS support, file weighs 180Kb (20Kb without) It’s Flash, dammit!jeudi 3 février 2011
  8. 8. Handshakes and messages Handshake: Make sure server understands websocket Messages: bi-directional frames Current state (-04) Handshake is GET + Upgrade headers with Nonce Messages are masked from client to serverjeudi 3 février 2011
  9. 9. XMPP sub-protocol IETF draft by Jack Moffit and Eric Cestari One message = one stanza = one XML document With exceptions for stream start and stream end. No TLS socket upgrade for encryption TLS negociation is done on socket opening (wss://host:port/)jeudi 3 février 2011
  10. 10. Client and server support Support in ejabberd 2.2.x Support StropheJS websocket support and prototype code for JSJaC Not released ... yet!jeudi 3 février 2011
  11. 11. New product: GitLive! Visualize GitHub pushes in realtime from Github repositories http://gitlive.com/ http://gitlive.com/demo.html Already used on the ejabberd and Tsung homepage Use it on your own project!jeudi 3 février 2011
  12. 12. References Hybi WG mailing list https://www.ietf.org/mailman/listinfo/hybi Transparent proxies: Threat or menaces ? http://www.adambarth.com/experimental/websocket.pdf An XMPP sub-protocol for Websockets http://tools.ietf.org/html/draft-moffitt-xmpp-over-websocket-00jeudi 3 février 2011

×