Describe which components and interactions that happen when a new session is established. This should also help to identify any security vulnerabilities. 

High Level Components

OpenMeetings WebRTC Use-Case

It is a 3 way communication. The Session between Browser and Kurento will be established after OpenMeetings has created the Session in Kurento.

Comments to consider

1) First diagram: "webRTC wss://$server:433" I would say right now it most probably "ws://KMS:8888"
In fact server and client are send iceCandidates back and forth trying to find network interface and port on both ends
If no direct connection is available STUN/TURN server tries to help
in case of demo-next direct connection to KMS is impossible so coturn do the job

Selected flows

Below is a selection of flows that are relevant for handling Socket or RTC connections.

There are several flows
   1) Audio/Video test setup record
   2) Audio/Video test setup playback
   3) Audio/Video broadcast in room (recording endpoint can be added/removed if necessary)
          In this case new WebRTC endpoint is created
   4) Audio/Video playback in room
         In this case new WebRTC endpoint is connected to the sender (so all can be dropped on broadcast stop)

In every flow websocket messages are sent to KurentoHandler
StreamProcessor and TestStreamProcessor were created and separated to make KurentoHandler more readable :)

TestStreamProcessor is more or less covered with tests

Create Video Stream

  • User-case: User initiates video in a presentation conference room.
  • The diagram simplifies some of the communication for simplification as they are not relevant for the creation if the MediaStream or Security

work in progress 

OpenMeetings - Kurento Session Initialisation

Recently I found this flow is not bullet-proof and web-rtc connection might not be established even if no errors were reported
This is why we get lots of emails like "I only can see my own video" should improve situation

According to security: we are using secured channel for WS messages
KMS can be secured by setting up HTTPS proxy (in this case port 8888 will be accessible at 443)
Not sure what else can be done here

Supporting material

Create recording 

Recordings are using the browsers ability to create a video stream of the entire desktop and share it as a video stream. Audio is added separated.

OpenMeetings webRTC Recording

  • No labels