SeaBeyond 2011 ProcessOne - Eric Cestari: XMPP over WebSocket
1. XMPP over WebSocket
Eric Cestari
ecestari@process-one.net
@cstar
jeudi 3 février 2011
2. WebSocket
=
Web + Socket
=
recipe for AWESOME ?
jeudi 3 février 2011
3. WebSocket
Message oriented
Two way connection between browser and server
No more Comet, long-polling, Ajax push, BOSH, hidden iframes
Pros:
Less load on server
better latency
less effort for the client (battery life increases)
Cons:
not ubiquitous
security issues
jeudi 3 février 2011
4. A simple Javascript API
new Websocket(url)
ws.send()
ws.close()
and callbacks
ws.onopen
ws.onclose
ws.onmessage
jeudi 3 février 2011
5. Normalized by IETF ...
... since forever (first mail on the hybi mailing list: 30 March 2009)
Three drafts implemented :
draft-hixie -68 by Chrome (Dec 2009)
draft-hixie -75 by Chrome and Safari (Feb 2010)
draft-hixie -76 (May 10) by Safari 5.0.4, Chrome 6, Opera 10.70 and early
Firefox 4 betas
jeudi 3 février 2011
6. Current issues
Fear of cross-protocol attacks.
Possible transparent proxy cache poisoning discovered by A. Barth and E.
Rescorla with currently implemented draft.
WebSocket support disabled in Opera and latest Firefox betas by default
jeudi 3 février 2011
7. WS support everywhere !
Flash to the rescue
web-socket-js opensource project
https://github.com/gimite/web-socket-js
But:
slower than native implementation
with TLS support, file weighs 180Kb (20Kb without)
It’s Flash, dammit!
jeudi 3 février 2011
8. Handshakes and messages
Handshake: Make sure server understands websocket
Messages: bi-directional frames
Current state (-04)
Handshake is GET + Upgrade headers with Nonce
Messages are masked from client to server
jeudi 3 février 2011
9. XMPP sub-protocol
IETF draft by Jack Moffit and Eric Cestari
One message = one stanza = one XML document
With exceptions for stream start and stream end.
No TLS socket upgrade for encryption
TLS negociation is done on socket opening (wss://host:port/)
jeudi 3 février 2011
10. Client and server support
Support in ejabberd 2.2.x
Support StropheJS websocket support
and prototype code for JSJaC
Not released ... yet!
jeudi 3 février 2011
11. New product: GitLive!
Visualize GitHub pushes in realtime from Github repositories
http://gitlive.com/
http://gitlive.com/demo.html
Already used on the ejabberd and Tsung homepage
Use it on your own project!
jeudi 3 février 2011
12. References
Hybi WG mailing list
https://www.ietf.org/mailman/listinfo/hybi
Transparent proxies: Threat or menaces ?
http://www.adambarth.com/experimental/websocket.pdf
An XMPP sub-protocol for Websockets
http://tools.ietf.org/html/draft-moffitt-xmpp-over-websocket-00
jeudi 3 février 2011