Unified communications as a service and WebRTC: An identity-centric perspective

  1. Beltran, Victoria 1
  2. Bertin, Emmanuel
  1. 1 Universidad Politécnica de Cartagena
    info
    Universidad Politécnica de Cartagena

    Cartagena, España

    ROR https://ror.org/02k5kx966

    Geographic location of the organization Universidad Politécnica de Cartagena
Journal:
Computer Communications

ISSN: 0140-3664

Year of publication: 2015

Volume: 68

Pages: 73-82

Type: Article

DOI: 10.1016/J.COMCOM.2015.07.011 GOOGLE SCHOLAR HANDLE: https://hdl.handle.net/10317/17885

More publications in: Computer Communications

Repositorio Digital de la Universidad Politécnica de Cartagena (UPCT): lock_openOpen access Handle

Abstract

Software-as-a-service (SaaS) is gaining momentum for all business applications, including Unified Communications as a Service (UCaaS). In this context, user identity will play a key role in connecting the future fragmented communication suites in both corporations and cloud SaaS providers. However, SaaS solutions impose strong security challenges to the enterprise's Identity Management (IdM), since cloud services need to be provided with the employees’ identities. UCaaS solutions should therefore enforce security properties such as trust relationship, anonymity, or control on information disclosure. WebRTC is reinforcing the trend towards cloud-based UC by adding real-time voice and video capabilities into browsers. WebRTC does not tackle IdM, and hence it is not evident how WebRTC-based cloud services can meet the corporate requirements on IdM. In this paper, we discuss various IdM models for cloud-based corporate services, and we introduce the major requirements for managing user identities in UCaaS. We assess the impacts of these requirements on WebRTC-based UC services. We finally propose a slight modification of WebRTC to meet the corporate requirements on IdM.

Bibliographic References

  • Picot, (2008)
  • O'Connell, (2014), Gartners’ analysis
  • Bergkvist, (2015), World Wide Web Consortium (W3C) Draft
  • WebRTC Industry Status & Forecasts Report: Telcos, Enterprises, and Consumer sectors, 2014 Edition, The Disruptive Analysis.
  • Rescorla, (2014), IETF Internet draft, work in progress
  • Pashalidis, (2003)
  • Lynch, (2001), IEEE Internet Comput., 15, pp. 78, 10.1109/MIC.2011.119
  • Perez-Mendez, (2014), IEEE Commun. Surv. Tut., 16, pp. 2125, 10.1109/COMST.2014.2323430
  • Rimal, (2009), pp. 44
  • Diogo, (2014), Int. J. Informat. Security, 13, pp. 113, 10.1007/s10207-013-0208-7
  • Habiba, (2014), Complex Adaptive Syst. Model., 2, pp. 1
  • Sengupta, (2011), pp. 524
  • Kunz, (2014)
  • Subashini, (2011), J. Netw. Comput. Appl., 34, pp. 1, 10.1016/j.jnca.2010.07.006
  • Zwattendorfer, (2013), pp. 43
  • (2011), Cloud Security Alliance
  • Messier, (2014)
  • Tesfamicael, (2015), pp. 117
  • Chandrasekaran, (2014), pp. 1
  • Jennings, (2013), IEEE Commun. Mag., 51, pp. 20, 10.1109/MCOM.2013.6495756
  • Johnston, (2013), IEEE Commun. Mag., 51, pp. 48, 10.1109/MCOM.2013.6495760
  • Bertin, (2013)
  • Li, (2013), pp. 523
  • Lopez-Fernandez, (2014), IEEE Internet Comput., 18, pp. 34, 10.1109/MIC.2014.102
  • Beltran, (2014), IEEE Internet Comput., 18, pp. 18, 10.1109/MIC.2014.128
  • Beltran, (2015), pp. 103
  • De Clercq, (2002), pp. 40
  • MarketScope for enterprise single sign-on, Gartner RAS Core Research Note (2009 September) G00170568 (2011).
  • E. Hammer-Lahav, The OAuth 1.0 protocol, IETF RFC 5849, April 2010.
  • D. Hardt, The OAuth2.0 Authorization Framework, IETF RFC 6749, Oct. 2012.
  • IDG Enterprise Consumerization of IT in the Enterprise Study 2014, IDG Enterprise, March 2014.