Loop/Architecture/Context
The rooms (conversations) in Loop are planned to include additional room context information, such as a URL that will be the topic of the conversation, a thumbnail of that URL, and a long-form description of the conversation purpose. Note that this is list is an initial proposal; it is probable that the context information associated with a room will evolve over time. The initial version of this feature is tracked in bug 1115340.
Information Privacy
The context information is user-supplied, so we need to carefully consider privacy handling. The design below serves this purpose by storing the information on the Loop server in an encrypted form. Each room will have its own symmetric key, which will be available to the room owner and anyone to whom he provides the room URL. These room keys will never be available to any server.
This section explains the means by which this achieved at the level of information flow. Details are provided in the #Loop Server API Changes section below.
When a Loop client logs into the FxA server, it will obtain a user-specific symmetric key, kB, and an OAuth application identifier. The key kB is wrapped with the user's account login password. Upon obtaining the key, the user unwraps kB, combines it with the application identifier, and applies HKDF to obtain a new key, kBr.
When a client creates a new room, it first generates a new symmetric room key, kR. The room context information is serialized as a JSON object, and encrypted using kR. The client also wraps kR with kB. The encrypted context information and the wrapped room key kR are sent to the Loop server as part of the room creation request; these are stored as part of the room's information.
Upon receipt of the resulting room URL from the server, the client appends the room key kR to the URL as a URL fragment before storing it locally.
Because all desktop clients can constitute their kBr upon logging in to FxA, any room context retrieved from the Loop server can be decoded by unwrapping the kR received as part of the room information, and using it to decrypt the context.
Standalone clients receive the unwrapped kR in the fragment portion of the URL that was provided to them as the means of joining the room. Upon retrieving the encrypted room context information from the server, they use this kR to decode the room context information and display it to the user.
Loop Server API Changes
POST /rooms
This generates a new room and returns the associated URL that can be used to join the room.
POST /rooms HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Authorization: <stripped>
Content-Type: application/json; charset=utf-8
Host: localhost:5000
{
"context": "PWjHj89HBS-Hnd4YBoOXFlnqnJ3iqPPIX8XCnjEWT7Zc8Yhv7nch1aGA5kBlDwM0tvByMqHdbTthvEqRMUv60tnORRYOgRK-N3evEHCajcraSAU_BlItizKh68nQHO4P1A5vUTcvkbly4p1mRYKsVoSXti2zG7cFUqX1Iid7vpzq9t7kNXzxb7Ik9Hs1iXKOfVWPQZg6mRoH_-bTh_EMehxPgDCnMDLTDrqpa1-xuE9RDWNLgCMQmeFvE1rtYOGVPRt_WP6ivyJsmYv9fMTZxvcISwHcgadkdhQB8GXwsz8HTigFZk_bRDL-UykzRVPtce_FA2VkCmiF5nPCE4_kRcvs5PLwC3OJ0vjt1pG0_DQmudxpcuV-uYCxLG9pmXkWEFzshJRkir4OxC1485jh8ubINdweDzTb-KBp4y69G2lyT8A7GsC5o4kIhgLfSsEJ6UmeZeyMICUX3Iqd9ZsfDNLoUeAb5KGJgEtDy-7ag52rYY5mGgP2GQ==",
"algo": "AES-GCM",
"key": "KLPCJEy8vewUeHFFLtvMNA",
"expiresIn": 5,
"roomOwner": "Alexis",
"maxSize": 2
}
- context - The room context information, encrypted and Base64 encoded.
- algo - The encryption algorithm used to encrypt the context information.
- key - The room key (kR), wrapped by the user's application-specific key kBr.
- expiresIn - The number of hours for which the room will exist.
- roomOwner - The user-friendly display name indicating the name of the room's owner.
- maxSize - The maximum number of users allowed in the room at one time.
NOTE: the roomName parameter no longer appears in the message; it has been moved into the "context" portion of the message.
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Wed, 16 Jul 2014 13:09:40 GMT
Server-Authorization: <stripped>
{
"roomToken": "_nxD4V4FflQ",
"roomUrl": "http://localhost:3000/rooms/_nxD4V4FflQ",
"expiresAt": 1405534180
}
- roomToken - The token used to identify this room.
- roomUrl - A URL that can be given to other users to allow them to join the room. Note that the user must append the room key kR as a url fragment before using this URL.
- expiresAt - The date after which the room will no longer be valid (in seconds since the Unix epoch).
Server implementation note: The Loop server should contact the TokBox servers and retrieve a sessionId for the room at room creation time. This sessionId should be stored persistently with rest of the information associated with the room.