Section 1.3.3 states: The security issue of a browser sending a SIP packet to a device that does not meet the same origin policy is discussed in the section XXX, but the brief preview of the solution is that the SIP messages can use CORS REF much like a HTTP does. Can you elaborate? Unlike the media authorization discussion (where a STUN exchange is used to authorize media exchange), it isn't clear to me how authorization works here. On Thu, Mar 10, 2011 at 12:20 PM, Cullen Jennings <fluffy@cisco.com> wrote:
I wrote up the start of a draft on requirements and a sketch of an API proposal. It is at
http://tools.ietf.org/html/draft-jennings-rtcweb-api-00
I view this as very early but starts to list some of the issues and an evolving sketch of how the API might look.
Cullen
_______________________________________________ RTC-Web mailing list RTC-Web@alvestrand.no http://www.alvestrand.no/mailman/listinfo/rtc-web