]> Millicast

sergio.garcia.murillo@cosmosoftware.io

ByteDance

webrtc@bytedance.com

Everycast Labs Ltd

dan@everycastlabs.uk

ART wish WebRTC This document describes a simple HTTP-based protocol that will allow WebRTC-based viewers to watch content from streaming services and/or Content Delivery Networks (CDNs) or WebRTC Transmission Network (WTNs).

Introduction The IETF RTCWEB Working Group standardized the JavaScript Session Establishment Protocol (JSEP) , a mechanism used to control the setup, management, and teardown of a multimedia session. It also describes how to negotiate media flows using the offer/answer model with the Session Description Protocol (SDP) including the formats for data sent over the wire (e.g., media types, codec parameters, and encryption). WebRTC intentionally does not specify a signaling transport protocol at the application level. While WebRTC can be integrated with standard signaling protocols like SIP or XMPP , they are not designed to be used in broadcasting and streaming services, and there also is no sign of adoption in that industry. RTSP , which is based on RTP, does not support the SDP offer/answer model for negotiating the characteristics of the media session. There are many situations in which the lack of a standard protocol for consuming media from streaming service using WebRTC has become a problem:

• Interoperability between WebRTC services and products.
• Reusing player software which can be integrated easily.
• Integration with Dynamic Adaptive Streaming over HTTP (DASH) for offering live streams via WebRTC while offering a time-shifted version via DASH.
• Playing WebRTC streams on devices that don't support custom javascript to be run (like TVs).

This document mimics what has been done in the WebRTC HTTP Ingest Protocol (WHIP) for ingestion and specifies a simple HTTP-based protocol that can be used for consuming media from a streaming service using WebRTC.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Overview The WebRTC-HTTP Egress Protocol (WHEP) is designed to facilitate an exchange of Session Description Protocol (SDP) offers and answers using HTTP POST requests. This exchange is a fundamental step in establishing an Interactive Connectivity Establishment (ICE) and Datagram Transport Layer Security (DTLS) session between WHEP player and the streaming service endpoint (Media Server). Upon successful establishment of the ICE/DTLS session, unidirectional media data transmission commences from the media server to the WHEP player. It is important to note that SDP renegotiations are not supported in WHEP, meaning that no modifications to the "m=" sections can be made after the initial SDP offer/answer exchange via HTTP POST is completed and only ICE related information can be updated via HTTP PATCH requests as defined in . The WHEP player always initiates the streaming session by sending an SDP offer to the WHEP endpoint. The WHEP endpoint can then choose to either accept the client's offer by responding with an SDP answer, or reject the client's offer and counter with its own SDP offer. If the WHEP endpoint sends a counter-offer, the client must then respond with an SDP answer. A WHEP player must support processing both SDP answers (when the WHEP endpoint accepts the client's offer) and SDP offers (when the WHEP endpoint sends a counter-offer) in response to the initial request.

Protocol Operation Flow The following diagram illustrates the core operation of WHEP for initiating and terminating a viewing session:

WHEP Session Setup and Teardown + | | |201 Created (SDP answer) | | | | OR | | | |406 Not Acceptable | | | | (SDP offer) | | | +<------------------------+ | | | | | | | [IF 406 Not Acceptable]| | | |HTTP PATCH [session] | | | | (SDP answer) | | | +---------------------------------------------------------->+ |204 No Content | | | +<----------------------------------------------------------+ | ICE/STUN REQUEST | | +--------------------------------------->+ | | ICE/STUN RESPONSE | | |<---------------------------------------+ | | DTLS SETUP | | |<======================================>| | | RTP/RTCP FLOW | | +<-------------------------------------->+ | | HTTP DELETE | +---------------------------------------------------------->+ | 200 OK | <-----------------------------------------------------------x ]]>

The elements in are described as follows:

• WHEP player: This represents the WebRTC media player, which functions as a client of WHEP by receiving and decoding the media from a remote media server.
• WHEP endpoint: This denotes the egress server that receives the initial WHEP request.
• WHEP endpoint URL: This refers to the URL of the WHEP endpoint responsible for creating the WHEP session.
• Media server: This is the WebRTC Media Server that establishes the media session with the WHEP player and delivers the media to it.
• WHEP session: Indicates the allocated HTTP resource by the WHEP endpoint for an ongoing egress session.
• WHEP session URL: This refers to the URL of the WHEP resource allocated by the WHEP endpoint for a specific media session. The WHEP player can send requests to the WHEP session using this URL to modify the session, such as ICE operations or termination.

illustrates the communication flow between a WHEP player, WHEP endpoint, media server, and WHEP session. This flow outlines the process of setting up and tearing down a playback session using WHEP, involving negotiation, ICE for Network Address Translation (NAT) traversal, DTLS and Secure Real-time Transport Protocol (SRTP) for security, and RTP/RTCP for media transport:

Protocol Operation Steps

• The WHEP player initiates the communication by sending an HTTP POST with an SDP offer to the WHEP endpoint.
• The WHEP endpoint responds with either a "201 Created" message containing an SDP answer (accepting the client's offer) or a "406 Not Acceptable" message containing an SDP counter-offer (rejecting the client's offer).
• If the WHEP endpoint responded with "406 Not Acceptable", the WHEP player sends an HTTP PATCH containing an SDP answer to the WHEP session URL.
• If applicable, the WHEP session responds with a "204 No Content" message to the PATCH request.
• The WHEP player and media server establish ICE and DTLS sessions for NAT traversal and secure communication.
• RTP and RTCP flows are established for media transmission from the media server to the WHEP player, secured by the SRTP profile.
• The WHEP player sends an HTTP DELETE to terminate the WHEP session.
• The WHEP session responds with a "200 OK" to confirm the session termination.

Protocol Operation

HTTP Usage Following the guidelines in , WHEP players MUST NOT match error codes returned by the WHEP endpoints and resources to a specific error cause indicated in this specification. WHEP players MUST be able to handle all applicable status codes gracefully falling back to the generic n00 semantics of a given status code on unknown error codes. WHEP endpoints and resources could convey finer-grained error information by a problem dtails json object in the response message body of the failed request as per . The WHEP endpoints and sessions are origin servers as defined in ; they handle the requests and provide responses for the underlying HTTP resources. Those HTTP resources do not have any representation defined in this specification, so the WHEP endpoints and sessions MUST return a 2xx successful response with no content when a GET request is received.

WHEP Endpoint URL Discoverability Many video player SDKs and generic video players need a mechanism to automatically detect whether a given URL corresponds to a WHEP endpoint, similar to how URLs ending in .m3u8 are recognized as HLS streams or how .mpd indicates DASH manifests. To enable discoverability of WHEP endpoints, WHEP players and generic video player SDKs MAY use HTTP HEAD requests to determine if a URL is a WHEP endpoint. WHEP endpoints SHOULD support HTTP HEAD requests as defined in . When a WHEP endpoint receives a HEAD request, it SHOULD respond with a "200 OK" status code and include a Content-Type header field with the value application/sdp, indicating that the endpoint accepts POST requests with SDP offers in the request body as defined in . This allows players to identify WHEP endpoints by examining the Content-Type header in the response. The HEAD response MUST include the same headers that would be returned in response to a GET request, including the Content-Type header, but MUST NOT include a message body as per . Example: ~~~~~ HEAD /whep/endpoint HTTP/1.1 Host: whep.example.com HTTP/1.1 200 OK Content-Type: application/sdp Content-Length: 0 ~~~~~ When a player recognizes a URL as a WHEP endpoint by receiving Content-Type: application/sdp in response to a HEAD request, it SHOULD automatically configure itself to use WHEP protocol handling without requiring additional user configuration.

Playback Session Set Up In order to set up a streaming session, the WHEP player MUST generate an SDP offer according to the JSEP rules for an initial offer as in and perform an HTTP POST request as per to the configured WHEP endpoint URL. The HTTP POST request MUST have a content type of "application/sdp" and contain the SDP offer as the body. Upon receiving the HTTP POST request, the WHEP endpoint can choose to either accept the client's offer or reject it in favor of sending its own offer.

Server Accepts Client Offer If the WHEP endpoint chooses to accept the client's SDP offer, it MUST generate an SDP answer according to the JSEP rules for an initial answer as in and return a "201 Created" response with a content type of "application/sdp", the SDP answer as the body, and a Location header field pointing to the newly created WHEP session. The WHEP endpoint MAY partially accept the client's offer by accepting some m-lines while rejecting others, as specified in . This allows the WHEP endpoint to accept audio and video m-lines while rejecting data channel m-lines, for example.

Server Sends Counter-offer If the WHEP endpoint chooses to reject the client's SDP offer, it MUST generate its own SDP offer according to the JSEP rules for an initial offer as in and return a "406 Not Acceptable" response with a content type of "application/sdp", the SDP counter-offer as the body, and a Location header field pointing to the WHEP session resource that will be created upon completion of the offer/answer exchange. The WHEP endpoint MAY include a "valid-until" parameter in the Content-Type header to indicate how long the counter-offer remains valid. If no "valid-until" parameter is provided, the counter-offer remains valid for 30 seconds from the time the response was sent. The "valid-until" parameter value MUST be an HTTP-date as defined in . When the WHEP player receives a counter-offer from the WHEP endpoint, it MUST generate an SDP answer according to the JSEP rules for an initial answer as in . The WHEP player MAY partially accept the server's counter-offer by accepting some m-lines while rejecting others, as specified in . To send the SDP answer, the WHEP player MUST perform an HTTP PATCH request as per to the WHEP session URL with content type of "application/sdp" and the SDP answer as the body. The WHEP endpoint MUST return a "204 No Content" response. If the SDP is malformed or does not conform to the JSEP rules for an initial answer, the WHEP endpoint MUST reject the HTTP PATCH request with an appropriate 4XX error response.

Determining Server Response Type WHEP players can determine the WHEP endpoint's response type by examining the HTTP status code:

• "201 Created": The WHEP endpoint has accepted the client's offer and responded with an SDP answer. The WHEP session has been created and is ready for media transmission.
• "406 Not Acceptable": The WHEP endpoint has rejected the client's offer and responded with an SDP counter-offer. The client MUST send an HTTP PATCH request to the WHEP session URL with an SDP answer to complete the session establishment.

WHEP players MUST interpret a "406 Not Acceptable" response as a server-sent counter-offer only if the response includes a "Content-Type" of "application/sdp" and a syntactically valid SDP offer. Any "406 Not Acceptable" response that does not meet these conditions MUST be handled according to generic HTTP semantics and MUST NOT be interpreted as a counter-offer.

Partial Media Acceptance WHEP allows for partial acceptance of media streams, where some m-lines in an SDP offer may be accepted while others are rejected. This enables scenarios where, for example, audio and video m-lines are accepted but data channel m-lines are rejected. Partial acceptance also enables accepting only audio or only video, allowing WHEP players to optimize for their specific requirements. For instance, an audio-only WHEP player can reject video m-lines to avoid receiving unnecessary video data, or a video-only player can reject audio m-lines when audio is not needed. This optimization reduces bandwidth consumption and resource utilization when full media reception is not required. When generating an SDP answer, either the WHEP endpoint (when accepting a client offer) or the WHEP player (when answering a server counter-offer) MAY reject individual m-lines by setting the port number to 0 in the corresponding m-line of the SDP answer, as specified in . Rejected m-lines MUST have their port set to 0 and SHALL NOT include any codec or format information. Partial acceptance applies to both directions of the offer/answer exchange:

• Server accepting client offer: When the WHEP endpoint returns a "201 Created" response with an SDP answer, it MAY reject individual m-lines from the client's offer by setting their port to 0.
• Client answering server counter-offer: When the WHEP player sends an SDP answer via HTTP PATCH in response to a server counter-offer, it MAY reject individual m-lines from the server's counter-offer by setting their port to 0.

The MediaStream constraint in requires that at least one MediaStreamTrack of any media kind is accepted. Therefore, at least one audio or video m-line MUST be accepted in the final negotiated session. Data channel m-lines (application m-lines) MAY be rejected without affecting the session establishment.

Error Conditions If the HTTP POST to the WHEP endpoint has a "Content-Type" different than "application/sdp", the WHEP endpoint MUST reject the request with "415 Unsupported Media Type" and MUST NOT include an SDP in the response. If the "Content-Type" is "application/sdp" but the body is syntactically invalid or does not conform to the JSEP rules for an initial offer, the WHEP endpoint MUST reject the request with an appropriate 4XX error response. A "406 Not Acceptable" response is reserved for the server-sent counter-offer mechanism and therefore MUST include a "Content-Type" of "application/sdp" and a syntactically valid SDP offer. A "406 Not Acceptable" response that does not meet these conditions MUST be treated as an error and MUST NOT be interpreted as a counter-offer.

Media Direction Attributes As WHEP only supports the playback use case with unidirectional media:

• When a WHEP player sends an SDP offer, it SHOULD use "recvonly" attribute but MAY use the "sendrecv" attribute instead. The "inactive" and "sendonly" attributes MUST NOT be used.
• When a WHEP endpoint sends an SDP answer (accepting client offer), it MUST use "sendonly" attribute in the SDP answer.
• When a WHEP endpoint sends an SDP counter-offer, it SHOULD use "sendonly" attribute but MAY use the "sendrecv" attribute instead. The "inactive" and "recvonly" attributes MUST NOT be used.
• When a WHEP player sends an SDP answer (responding to server counter-offer), it MUST use "recvonly" attribute in the SDP answer.

Codec Recommendations WHEP players SHOULD include as many supported codecs as possible in their SDP offers and answers to maximize compatibility and enable dynamic streaming scenarios. This applies whether the WHEP player is sending the initial offer or responding to a server counter-offer with an answer. Including a comprehensive list of supported codecs enables several important use cases:

• Dynamic source switching: A WHEP endpoint may need to change which camera or media source a stream is connected to, potentially requiring different codecs for optimal quality or performance.
• Adaptive streaming: The WHEP endpoint may switch between different codec configurations based on network conditions, viewer capabilities, or content characteristics.
• Failover scenarios: If the primary codec encounters issues, having alternative codecs available allows seamless fallback without requiring renegotiation.
• Multi-resolution support: Different codecs may be optimal for different resolutions or bitrates that the WHEP endpoint may need to provide.

WHEP players that restrict their codec offerings may prevent these advanced streaming scenarios and limit the WHEP endpoint's ability to provide optimal streaming experiences.

Examples Following is an example where the WHEP endpoint accepts the client's offer.

Example where the WHEP Endpoint accepts client offer

Following is an example where the WHEP endpoint sends a counter-offer.

Example where the WHEP Endpoint sends counter-offer

Session Management The WHEP endpoint COULD require a live publishing to be happening in order to allow a WHEP players to start viewing a stream. In that case, the WHEP endpoint SHALL return a "409 Conflict" response to the POST request issued by the WHEP player with a "Retry-After" header indicating the number of seconds before sending a new request. WHEP players MAY periodically try to connect to the WHEP session with exponential backoff period with an initial value of the "Retry-After" header value in the "409 Conflict" response. Once a session is setup, consent freshness as per SHALL be used to detect non-graceful disconnection by full ICE implementations and DTLS teardown for session termination by either side.

Playback Session Termination To explicitly terminate a WHEP session, the WHEP player MUST perform an HTTP DELETE request to the WHEP session URL returned in the Location header field of the initial HTTP POST. Upon receiving the HTTP DELETE request, the WHEP session will be removed and the resources freed on the media server, terminating the ICE and DTLS sessions. A media server terminating a session MUST follow the procedures in for immediate revocation of consent. The WHEP endpoints MUST support OPTIONS requests for Cross-Origin Resource Sharing (CORS) as defined in . The "200 OK" response to any OPTIONS request SHOULD include an "Accept-Post" header with a media type value of "application/sdp" as per .

ICE Support ICE is a protocol that addresses the complexities of NAT traversal commonly encountered in Internet communication. NATs hinder direct communication between devices on different local networks, posing challenges for real-time applications. ICE facilitates seamless connectivity by employing techniques to discover and negotiate efficient communication paths. Trickle ICE optimizes the connectivity process by incrementally sharing potential communication paths, reducing latency, and facilitating quicker establishment. ICE Restarts are crucial for maintaining connectivity in dynamic network conditions or disruptions, allowing devices to re-establish communication paths without complete renegotiation. This ensures minimal latency and reliable real-time communication. Trickle ICE and ICE restart support are RECOMMENDED for both WHEP sessions and clients.

HTTP PATCH Request Usage The WHEP player MAY perform trickle ICE or ICE restarts by sending an HTTP PATCH request as per to the WHEP session URL, with a body containing an SDP fragment with media type "application/trickle-ice-sdpfrag" as specified in carrying the relevant ICE information. If the HTTP PATCH to the WHEP session has a "Content-Type" different than "application/trickle-ice-sdpfrag" (for ICE operations defined in this section) or "application/sdp" (for the SDP answer to a server counter-offer as defined in ), the WHEP session MUST reject the request with "415 Unsupported Media Type". If the payload is syntactically invalid or does not conform to the respective format, the WHEP session MUST reject the request with an appropriate 4XX error response. Use of "application/sdp" in an HTTP PATCH request is only valid when replying with an SDP answer to a server-sent SDP counter-offer as specified in and only until the offer/answer exchange completes. If a WHEP session has already completed the SDP offer/answer exchange, or is otherwise not expecting an SDP via PATCH, the WHEP session MUST reject an "application/sdp" PATCH with "422 Unprocessable Content". If the WHEP session supports either Trickle ICE or ICE restarts, but not both, it MUST return a "422 Unprocessable Content" error response for the HTTP PATCH requests that are not supported as per . For avoidance of doubt, "422 Unprocessable Content" MAY also be used when the "Content-Type" is acceptable but the semantics are not supported in the current state (e.g., an SDP received via PATCH outside the server-sent counter-offer flow). The WHEP player MAY send overlapping HTTP PATCH requests to one WHEP session. Consequently, as those HTTP PATCH requests may be received out-of-order by the WHEP session, if WHEP session supports ICE restart, it MUST generate a unique strong entity-tag identifying the ICE session as per , being OPTIONAL otherwise. The initial value of the entity-tag identifying the initial ICE session MUST be returned in an ETag header field in the "201 Created" response to the initial POST request to the WHEP endpoint. WHEP players SHOULD NOT use entity-tag validation when matching a specific ICE session is not required, such as for example when initiating a DELETE request to terminate a session. WHEP sessions MUST ignore any entity-tag value sent by the WHEP player when ICE session matching is not required, as in the HTTP DELETE request. Missing or outdated ETags in the PATCH requests from WHEP players will be answered by WHEP sessions as per and , with a "428 Precondition Required" response for a missing entity-tag, and a "412 Precondition Failed" response for a non-matching entity-tag.

Trickle ICE Depending on the Trickle ICE support on the WHEP player, the initial offer by the WHEP player MAY be sent after the full ICE gathering is complete with the full list of ICE candidates, it MAY only contain local candidates as per or even an empty list of candidates as per . For the purpose of reducing setup times, when using Trickle ICE the WHEP player SHOULD send the SDP offer (containing either locally gathered ICE candidates or an empty list of candidates) as soon as possible. In order to simplify the protocol, the WHEP session cannot signal additional ICE candidates to the WHEP player after the SDP answer has been sent. The WHEP endpoint SHALL gather all the ICE candidates for the media server before responding to the client request and the SDP answer SHALL contain the full list of ICE candidates of the media server. As the WHEP player needs to know the WHEP session URL associated with the ICE session in order to send a PATCH request containing new ICE candidates, it MUST wait and buffer any gathered candidates until the "201 Created" HTTP response to the initial POST request is received. In order to lower the HTTP traffic and processing time required the WHEP player SHOULD send a single aggregated HTTP PATCH request with all the buffered ICE candidates once the response is received. Additionally, if ICE restarts are supported by the WHEP session, the WHEP player needs to know the entity-tag associated with the ICE session in order to send a PATCH request containing new ICE candidates, so it MUST also wait and buffer any gathered candidates until it receives the HTTP response with the new entity-tag value to the last PATCH request performing an ICE restart. WHEP players generating the HTTP PATCH body with the SDP fragment and its subsequent processing by WHEP sessions MUST follow to the guidelines defined in with the following considerations:

• As per , only m-sections not marked as bundle-only can gather ICE candidates, so given that the "max-bundle" policy is being used, the SDP fragment will contain only the offerer-tagged m-line of the bundle group.
• The WHEP player MAY exclude ICE candidates from the HTTP PATCH body if they have already been confirmed by the WHEP session with a successful HTTP response to a previous HTTP PATCH request.

WHEP sessions and players that support Trickle ICE MUST make use of entity-tags and conditional requests as explained in . When a WHEP session receives a PATCH request that adds new ICE candidates without performing an ICE restart, it MUST return a "204 No Content" response without a body and MUST NOT include an ETag header in the response. If the WHEP session does not support a candidate transport or is not able to resolve the connection address, it MUST silently discard the candidate and continue processing the rest of the request normally.

Example of a Trickle ICE request and response

shows an example of the Trickle ICE procedure where the WHEP player sends a PATCH request with updated ICE candidate information and receives a successful response from the WHEP session.

ICE Restarts As defined in , when an ICE restart occurs, a new SDP offer/answer exchange is triggered. However, as WHEP does not support renegotiation of non-ICE related SDP information, a WHEP player will not send a new offer when an ICE restart occurs. Instead, the WHEP player and WHEP session will only exchange the relevant ICE information via an HTTP PATCH request as defined in and MUST assume that the previously negotiated non-ICE related SDP information still apply after the ICE restart. When performing an ICE restart, the WHEP player MUST include the updated "ice-pwd" and "ice-ufrag" in the SDP fragment of the HTTP PATCH request body as well as the new set of gathered ICE candidates as defined in . Similar what is defined in , as per only m-sections not marked as bundle-only can gather ICE candidates, so given that the "max-bundle" policy is being used, the SDP fragment will contain only the offerer-tagged m-line of the bundle group. A WHEP player sending a PATCH request for performing ICE restart MUST contain an "If-Match" header field with a field-value "*" as per . states that an agent MUST discard any received requests containing "ice-pwd" and "ice-ufrag" attributes that do not match those of the current ICE Negotiation Session, however, any WHEP session receiving an updated "ice-pwd" and "ice-ufrag" attributes MUST consider the request as performing an ICE restart instead and, if supported, SHALL return a "200 OK" with an "application/trickle-ice-sdpfrag" body containing the new ICE username fragment and password and a new set of ICE candidates for the WHEP session. Also, the "200 OK" response for a successful ICE restart MUST contain the new entity-tag corresponding to the new ICE session in an ETag response header field and MAY contain a new set of ICE candidates for the media server. As defined in the set of candidates after an ICE restart may include some, none, or all of the previous candidates for that data stream and may include a totally new set of candidates. So after performing a successful ICE restart, both the WHEP player and the WHEP session MUST replace the previous set of remote candidates with the new set exchanged in the HTTP PATCH request and response, discarding any remote ICE candidate not present on the new set. Both the WHEP player and the WHEP session MUST ensure that the HTTP PATCH request and response bodies include the same "ice-options", "ice-pacing", and "ice-lite" attributes as those used in the SDP offer or answer. If the ICE restart request cannot be satisfied by the WHEP session, the resource MUST return an appropriate HTTP error code and MUST NOT terminate the session immediately and keep the existing ICE session. The WHEP player MAY retry performing a new ICE restart or terminate the session by issuing an HTTP DELETE request instead. In any case, the session MUST be terminated if the ICE consent expires as a consequence of the failed ICE restart as per . In case of unstable network conditions, the ICE restart HTTP PATCH requests and responses might be received out of order. In order to mitigate this scenario, when the client performs an ICE restart, it MUST discard any previous ICE username and passwords fragments and ignore any further HTTP PATCH response received from a pending HTTP PATCH request. WHEP players MUST apply only the ICE information received in the response to the last sent request. If there is a mismatch between the ICE information at the WHEP player and at the WHEP session (because of an out-of-order request), the STUN requests will contain invalid ICE information and will be dropped by the receiving side. If this situation is detected by the WHEP player, it MUST send a new ICE restart request to the WHEP session.

Example of an ICE Restart Request and Response

demonstrates a Trickle ICE restart procedure example. The WHEP player sends a PATCH request containing updated ICE information, including a new ufrag and password, along with newly gathered ICE candidates. In response, the WHEP session provides ICE information for the session after the ICE restart, including the updated ufrag and password, as well as the previous ICE candidate.

WebRTC Constraints To simplify the implementation of WHEP in both players and media servers, WHEP introduces specific restrictions on WebRTC usage. The following subsections will explain these restrictions in detail:

SDP Bundle Both the WHEP player and the WHEP endpoint SHALL support and use the "max-bundle" policy as defined in . The WHEP player and the media server MUST support multiplexed media associated with the BUNDLE group as per . In addition, per the WHEP player and media server SHALL use RTP/RTCP multiplexing for all bundled media. In order to reduce the network resources required at the media server, both the WHEP player and WHEP endpoints MUST include the "rtcp-mux-only" attribute in each bundled "m=" sections as per .

Single MediaStream WHEP only supports a single MediaStream as defined in and therefore all "m=" sections MUST contain an "msid" attribute with the same value. The MediaStream MUST contain at least one MediaStreamTrack of any media kind and it MUST NOT have two or more than MediaStreamTracks for the same media (audio or video).

Trickle ICE and ICE Restarts The media server SHOULD support full ICE, unless it is connected to the Internet with an IP address that is accessible by each WHEP player that is authorized to use it, in which case it MAY support only ICE lite. The WHEP player MUST implement and use full ICE. Trickle ICE and ICE restart support is OPTIONAL for both the WHEP players and media servers as explained in .

Load Balancing and Redirections WHEP endpoints and media servers might not be colocated on the same server, so it is possible to load balance incoming requests to different media servers. WHEP players SHALL support HTTP redirections as per . In order to avoid POST requests to be redirected as GET requests, status codes "301 Moved Permanently" and "302 Found" MUST NOT be used and the preferred method for performing load balancing is via the "307 Temporary Redirect" response status code as described in . Redirections are not required to be supported for the PATCH and DELETE requests. In case of high load, the WHEP endpoints MAY return a "503 Service Unavailable" response indicating that the server is currently unable to handle the request due to a temporary overload or scheduled maintenance as described in , which will likely be alleviated after some delay. The WHEP endpoint might send a Retry-After header field indicating the minimum time that the user agent ought to wait before making a follow-up request as described in .

STUN/TURN Server Configuration The WHEP Endpoint MAY return STUN/TURN server configuration URLs and credentials usable by the client in the "201 Created" response to the HTTP POST request to the WHEP Endpoint URL. Each STUN/TURN server will be returned using the Link header field with a "rel" attribute value of "ice-server" as specified in It might be also possible to configure the STUN/TURN server URLs with long-term credentials provided by either the broadcasting service or an external TURN provider on the WHEP player, overriding the values provided by the WHEP Endpoint.

Authentication and Authorization All WHEP endpoints, sessions and clients MUST support HTTP Authentication as per and in order to ensure interoperability, bearer token authentication as defined in the next section MUST be supported by all WHEP entities. However this does not preclude the support of additional HTTP authentication schemes as defined in .

Bearer Token Authentication WHEP endpoints and sessions MAY require the HTTP request to be authenticated using an HTTP Authorization header field with a Bearer token as specified in . WHEP players MUST implement this authentication and authorization mechanism and send the HTTP Authorization header field in all HTTP requests sent to either the WHEP endpoint or session (except the preflight OPTIONS requests for CORS). The nature, syntax, and semantics of the bearer token, as well as how to distribute it to the client, is outside the scope of this document. Some examples of the kind of tokens that could be used are, but are not limited to, JSON Web Tokens (JWTs) as per and or a shared secret stored on a database. The tokens are typically made available to the end user alongside the WHEP endpoint URL and configured on the WHEP players. WHEP endpoints and sessions could perform the authentication and authorization by encoding an authentication token within the URLs for the WHEP endpoints or sessions instead. In case the WHEP player is not configured to use a bearer token, the HTTP Authorization header field MUST NOT be sent in any request.

Protocol Extensions In order to support future extensions to be defined for WHEP, a common procedure for registering and announcing the new extensions is defined. Protocol extensions supported by the WHEP server MUST be advertised to the WHEP player in the "201 Created" response to the initial HTTP POST request sent to the WHEP Endpoint. The WHEP Endpoint MUST return one "Link" header field for each extension that it supports, with the extension "rel" attribute value containing the extension URN and the URL for the HTTP resource that will be available for receiving requests related to that extension. Protocol extensions are optional for both WHEP players and WHEP Endpoints and sessions. WHEP players MUST ignore any Link attribute with an unknown "rel" attribute value and WHEP Endpoints and sessions MUST NOT require the usage of any of the extensions. Each protocol extension MUST register a unique "rel" attribute value at IANA starting with the prefix: "urn:ietf:params:whep:ext" as specified in . For example, considering a potential extension of server-to-client communication using server-sent events as specified in https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events, the URL for connecting to the server-sent event resource for the ingested stream could be returned in the initial HTTP "201 Created" response with a "Link" header field and a "rel" attribute of "urn:ietf:params:whep:ext:example:server-sent-events" (this document does not specify such an extension, and uses it only as an example). In this theoretical case, the "201 Created" response to the HTTP POST request would look like:

Example of a WHEP protocol extension ; rel="urn:ietf:params:whep:ext:example:server-sent-events" ]]>

shows an example of a WHEP protocol extension supported by the WHEP session, as indicated in the Link header of the 201 Created response.

Security Considerations This document specifies a new protocol on top of HTTP and WebRTC, thus, security protocols and considerations from related specifications apply to the WHEP specification. These include:

• WebRTC security considerations: . HTTPS SHALL be used in order to preserve the WebRTC security model.
• Transport Layer Security (TLS): and .
• HTTP security: and .
• URI security: .

On top of that, WHEP exposes a thin new attack surface specific of the REST API methods used within it:

• HTTP POST flooding and resource exhaustion: It would be possible for an attacker in possession of authentication credentials valid for watching a WHEP stream to make multiple HTTP POST to the WHEP endpoint. This will force the WHEP endpoint to process the incoming SDP and allocate resources for being able to setup the DTLS/ICE connection. While the malicious client does not need to initiate the DTLS/ICE connection at all, the WHEP session will have to wait for the DTLS/ICE connection timeout in order to release the associated resources. If the connection rate is high enough, this could lead to resource exhaustion on the servers handling the requests and it will not be able to process legitimate incoming ingests. In order to prevent this scenario, WHEP endpoints SHOULD implement a rate limit and avalanche control mechanism for incoming initial HTTP POST requests.
• Insecure direct object references (IDOR) on the WHEP session locations: If the URLs returned by the WHEP endpoint for the WHEP sessions location are easy to guess, it would be possible for an attacker to send multiple HTTP DELETE requests and terminate all the WHEP sessions currently running. In order to prevent this scenario, WHEP endpoints SHOULD generate URLs with enough randomness, using a cryptographically secure pseudorandom number generator following the best practices in Randomness Requirements for Security , and implement a rate limit and avalanche control mechanism for HTTP DELETE requests. The security considerations for Universally Unique IDentifier (UUID) are applicable for generating the WHEP sessions location URL.
• HTTP PATCH flooding: Similar to the HTTP POST flooding, a malicious client could also create a resource exhaustion by sending multiple HTTP PATCH request to the WHEP session, although the WHEP sessions can limit the impact by not allocating new ICE candidates and reusing the existing ICE candidates when doing ICE restarts. In order to prevent this scenario, WHEP endpoints SHOULD implement a rate limit and avalanche control mechanism for incoming HTTP PATCH requests.

IANA Considerations This specification adds a registry for URN sub-namespaces for WHEP protocol extensions.

Registration of WHEP URN Sub-Namespace and WHEP Registries IANA is asked to add an entry to the "IETF URN Sub-namespace for Registered Protocol Parameter Identifiers" registry and create a sub-namespace for the Registered Parameter Identifier as per : "urn:ietf:params:whep". To manage this sub-namespace, IANA is asked to create the "WebRTC-HTTP egress protocol (WHEP) URNs" and "WebRTC-HTTP egress protocol (WHEP) extension URNs".

WebRTC-HTTP Egress Protocol (WHEP) URNs Registry The "WebRTC-HTTP egress protocol (WHEP) URNs" registry is used to manage entries within the "urn:ietf:params:whep" namespace. The registry descriptions is as follows:

• Registry group: WebRTC-HTTP egress protocol (WHEP)
• Registry name: WebRTC-HTTP egress protocol (WHEP) URNs
• Specification: this document (RFC TBD)
• Registration procedure: Specification Required
• Field names: URI, description, change controller, reference and IANA registry reference

The registry contains a single initial value:

• URI: urn:ietf:params:whep:ext
• Description: WebRTC-HTTP egress protocol (WHEP) extension URNs
• Change Controller: IETF
• Reference: this document (RFC TBD) Section
• IANA registry reference: WebRTC-HTTP egress protocol (WHEP) extension URNs registry.

WebRTC-HTTP Egress Protocol (WHEP) Extension URNs Registry The "WebRTC-HTTP egress protocol (WHEP) Extension URNs" is used to manage entries within the "urn:ietf:params:whep:ext" namespace. The registry descriptions is as follows:

• Registry group: WebRTC-HTTP egress protocol (WHEP)
• Registry name: WebRTC-HTTP egress protocol (WHEP) Extension URNs
• Specification: this document (RFC TBD)
• Registration procedure: Specification Required
• Field names: URI, description, change controller, reference and IANA registry reference

URN Sub-Namespace for WHEP WHEP endpoint utilizes URNs to identify the supported WHEP protocol extensions on the "rel" attribute of the Link header as defined in . This section creates and registers an IETF URN Sub-namespace for use in the WHEP specifications and future extensions.

Specification Template Namespace ID:

• The Namespace ID "whep" has been assigned.

Registration Information:

• Version: 1
• Date: TBD

Declared registrant of the namespace:

• Registering organization: The Internet Engineering Task Force.
• Designated contact: A designated expert will monitor the WHEP public mailing list, "wish@ietf.org".

Declaration of Syntactic Structure:

• The Namespace Specific String (NSS) of all URNs that use the "whep" Namespace ID shall have the following structure: urn:ietf:params:whep:{type}:{name}:{other}.
• The keywords have the following meaning:
  • type: The entity type. This specification only defines the "ext" type.
  • name: A required ASCII string that conforms to the URN syntax requirements (see ) and defines a major namespace of a WHEP protocol extension. The value MAY also be an industry name or organization name.
  • other: Any ASCII string that conforms to the URN syntax requirements (see ) and defines the sub-namespace (which MAY be further broken down in namespaces delimited by colons) as needed to uniquely identify an WHEP protocol extension.

Relevant Ancillary Documentation:

• None

Identifier Uniqueness Considerations:

• The designated contact shall be responsible for reviewing and enforcing uniqueness.

Identifier Persistence Considerations:

• Once a name has been allocated, it MUST NOT be reallocated for a different purpose.
• The rules provided for assignments of values within a sub-namespace MUST be constructed so that the meanings of values cannot change.
• This registration mechanism is not appropriate for naming values whose meanings may change over time.

Process of Identifier Assignment:

• Namespace with type "ext" (e.g., "urn:ietf:params:whep:ext") is reserved for IETF-approved WHEP specifications.

Process of Identifier Resolution:

• None specified.

Rules for Lexical Equivalence:

• No special considerations; the rules for lexical equivalence specified in apply.

Conformance with URN Syntax:

• No special considerations.

Validation Mechanism:

• None specified.

Scope:

• Global.

Registering WHEP Protocol Extensions URNs This section defines the process for registering new WHEP protocol extensions URNs with IANA in the "WebRTC-HTTP egress protocol (WHEP) extension URNs" registry (see ). A WHEP Protocol Extension URNs is used as a value in the "rel" attribute of the Link header as defined in for the purpose of signaling WHEP extensions supported by the WHEP endpoints. WHEP Protocol Extensions URNs have an "ext" type as defined in .

Registration Procedure The IETF has created a mailing list, "wish@ietf.org", which can be used for public discussion of WHEP protocol extensions proposals prior to registration. Use of the mailing list is strongly encouraged. The IESG has appointed a designated expert as per who will monitor the wish@ietf.org mailing list and review registrations. Registration of new "ext" type URNs (in the namespace "urn:ietf:params:whep:ext") belonging to a WHEP Protocol Extension MUST be documented in a permanent and readily available public specification, in sufficient detail so that interoperability between independent implementations is possible and reviewed by the designated expert as per Section 4.6 of . An Standards Track RFC is REQUIRED for the registration of new value data types that modify existing properties. An Standards Track RFC is also REQUIRED for registration of WHEP Protocol Extensions URNs that modify WHEP Protocol Extensions previously documented in an existing RFC. The registration procedure begins when a completed registration template, defined in the sections below, is sent to iana@iana.org. Decisions made by the designated expert can be appealed to an Applications and Real Time (ART) Area Director, then to the IESG. The normal appeals procedure described in is to be followed. Once the registration procedure concludes successfully, IANA creates or modifies the corresponding record in the WHEP Protocol Extension registry. An RFC specifying one or more new WHEP Protocol Extension URNs MUST include the completed registration templates, which MAY be expanded with additional information. These completed templates are intended to go in the body of the document, not in the IANA Considerations section. The RFC MUST include the syntax and semantics of any extension-specific attributes that may be provided in a Link header field advertising the extension.

Guidance for Designated Experts The Designated Expert (DE) is expected to ascertain the existence of suitable documentation (a specification) as described in and to verify that the document is permanently and publicly available. The DE is also expected to check the clarity of purpose and use of the requested registration. Additionally, the DE must verify that any request for one of these registrations has been made available for review and comment by posting the request to the WebRTC Ingest Signaling over HTTPS (wish) Working Group mailing list. Specifications should be documented in an Internet-Draft. Lastly, the DE must ensure that any other request for a code point does not conflict with work that is active in or already published by the IETF.

WHEP Protocol Extension Registration Template A WHEP Protocol Extension URNs is defined by completing the following template:

• URN: A unique URN for the WHEP Protocol Extension.
• Reference: A formal reference to the publicly available specification
• Description: A brief description of the function of the extension, in a short paragraph or two
• Contact information: Contact information for the organization or person making the registration

References Normative References WHATWG n.d. ANSI n.d. This document describes the mechanisms for allowing a JavaScript application to control the signaling plane of a multimedia session via the interface specified in the W3C RTCPeerConnection API and discusses how this relates to existing signaling protocols. This specification obsoletes RFC 8829. This document defines a mechanism by which two entities can make use of the Session Description Protocol (SDP) to arrive at a common view of a multimedia session between them. In the model, one participant offers the other a description of the desired session from their perspective, and the other participant answers with the desired session from their perspective. This offer/answer model is most useful in unicast sessions where information from both participants is needed for the complete view of the session. The offer/answer model is used by protocols like the Session Initiation Protocol (SIP). [STANDARDS-TRACK] This document describes a simple HTTP-based protocol that will allow WebRTC-based ingestion of content into streaming services and/or Content Delivery Networks (CDNs). This document updates RFCs 8840 and 8842. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. Several applications extending the Hypertext Transfer Protocol (HTTP) require a feature to do partial resource modification. The existing HTTP PUT method only allows a complete replacement of a document. This proposal adds a new HTTP method, PATCH, to modify an existing HTTP resource. [STANDARDS-TRACK] To prevent WebRTC applications, such as browsers, from launching attacks by sending traffic to unwilling victims, periodic consent to send needs to be obtained from remote endpoints. This document describes a consent mechanism using a new Session Traversal Utilities for NAT (STUN) usage. This document describes a protocol for Network Address Translator (NAT) traversal for UDP-based communication. This protocol is called Interactive Connectivity Establishment (ICE). ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN). This document obsoletes RFC 5245. This document describes "Trickle ICE", an extension to the Interactive Connectivity Establishment (ICE) protocol that enables ICE agents to begin connectivity checks while they are still gathering candidates, by incrementally exchanging candidates over time instead of all at once. This method can considerably accelerate the process of establishing a communication session. The Interactive Connectivity Establishment (ICE) protocol describes a Network Address Translator (NAT) traversal mechanism for UDP-based multimedia sessions established with the Offer/Answer model. The ICE extension for Incremental Provisioning of Candidates (Trickle ICE) defines a mechanism that allows ICE Agents to shorten session establishment delays by making the candidate gathering and connectivity checking phases of ICE non-blocking and by executing them in parallel. This document defines usage semantics for Trickle ICE with the Session Initiation Protocol (SIP). The document also defines a new SIP Info Package to support this usage together with the corresponding media type. Additionally, a new Session Description Protocol (SDP) "end-of-candidates" attribute and a new SIP option tag "trickle-ice" are defined. This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. [STANDARDS-TRACK] During the process of establishing peer-to-peer connectivity, Interactive Connectivity Establishment (ICE) agents can encounter situations where they have no candidate pairs to check, and, as a result, conclude that ICE processing has failed. However, because additional candidate pairs can be discovered during ICE processing, declaring failure at this point may be premature. This document discusses when these situations can occur. This document updates RFCs 8445 and 8838 by requiring that an ICE agent wait a minimum amount of time before declaring ICE failure, even if there are no candidate pairs left to check. This document describes Session Description Protocol (SDP) Offer/Answer procedures for carrying out Interactive Connectivity Establishment (ICE) between the agents. This document obsoletes RFCs 5245 and 6336. This specification defines a new Session Description Protocol (SDP) Grouping Framework extension called 'BUNDLE'. The extension can be used with the SDP offer/answer mechanism to negotiate the usage of a single transport (5-tuple) for sending and receiving media described by multiple SDP media descriptions ("m=" sections). Such transport is referred to as a "BUNDLE transport", and the media is referred to as "bundled media". The "m=" sections that use the BUNDLE transport form a BUNDLE group. This specification defines a new RTP Control Protocol (RTCP) Source Description (SDES) item and a new RTP header extension. This specification updates RFCs 3264, 5888, and 7941. This specification obsoletes RFC 8843. This document defines a new Session Description Protocol (SDP) media-level attribute, 'rtcp-mux-only', that can be used by an endpoint to indicate exclusive support of RTP and RTP Control Protocol (RTCP) multiplexing. The document also updates RFC 5761 by clarifying that an offerer can use a mechanism to indicate that it is not able to send and receive RTCP on separate ports. This document specifies a Session Description Protocol (SDP) grouping mechanism for RTP media streams that can be used to specify relations between media streams. This mechanism is used to signal the association between the SDP concept of "media description" and the Web Real-Time Communication (WebRTC) concept of MediaStream/MediaStreamTrack using SDP signaling. This specification defines a model for the relationships between resources on the Web ("links") and the type of those relationships ("link relation types"). It also defines the serialisation of such links in HTTP headers with the Link header field. This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport. [STANDARDS-TRACK] JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs. WebRTC is a protocol suite for use with real-time applications that can be deployed in browsers -- "real-time communication on the Web". This document defines the WebRTC threat model and analyzes the security threats of WebRTC in that model. This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document obsoletes RFC 6347. The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document specifies the HTTP/1.1 message syntax, message parsing, connection management, and related security concerns. This document obsoletes portions of RFC 7230. A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK] Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space. Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This specification defines UUIDs (Universally Unique IDentifiers) -- also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform Resource Name namespace for UUIDs. A UUID is 128 bits long and is intended to guarantee uniqueness across space and time. UUIDs were originally used in the Apollo Network Computing System (NCS), later in the Open Software Foundation's (OSF's) Distributed Computing Environment (DCE), and then in Microsoft Windows platforms. This specification is derived from the OSF DCE specification with the kind permission of the OSF (now known as "The Open Group"). Information from earlier versions of the OSF DCE specification have been incorporated into this document. This document obsoletes RFC 4122. This document describes a new sub-delegation for the 'ietf' URN namespace for registered protocol items. The 'ietf' URN namespace is defined in RFC 2648 as a root for persistent URIs that refer to IETF- defined resources. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Informative References This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. [STANDARDS-TRACK] The Extensible Messaging and Presence Protocol (XMPP) is an application profile of the Extensible Markup Language (XML) that enables the near-real-time exchange of structured yet extensible data between any two or more network entities. This document defines XMPP's core protocol methods: setup and teardown of XML streams, channel encryption, authentication, error handling, and communication primitives for messaging, network availability ("presence"), and request-response interactions. This document obsoletes RFC 3920. [STANDARDS-TRACK] This memorandum defines the Real-Time Streaming Protocol (RTSP) version 2.0, which obsoletes RTSP version 1.0 defined in RFC 2326. RTSP is an application-layer protocol for the setup and control of the delivery of data with real-time properties. RTSP provides an extensible framework to enable controlled, on-demand delivery of real-time data, such as audio and video. Sources of data can include both live data feeds and stored clips. This protocol is intended to control multiple data delivery sessions; provide a means for choosing delivery channels such as UDP, multicast UDP, and TCP; and provide a means for choosing delivery mechanisms based upon RTP (RFC 3550). Applications often use HTTP as a substrate to create HTTP-based APIs. This document specifies best practices for writing specifications that use HTTP to define new application protocols. It is written primarily to guide IETF efforts to define application protocols using HTTP for deployment on the Internet but might be applicable in other situations. This document obsoletes RFC 3205. This document defines a "problem detail" to carry machine-readable details of errors in HTTP response content to avoid the need to define new error response formats for HTTP APIs. This document obsoletes RFC 7807. A Uniform Resource Name (URN) is a Uniform Resource Identifier (URI) that is assigned under the "urn" URI scheme and a particular URN namespace, with the intent that the URN will be a persistent, location-independent resource identifier. With regard to URN syntax, this document defines the canonical syntax for URNs (in a way that is consistent with URI syntax), specifies methods for determining URN-equivalence, and discusses URI conformance. With regard to URN namespaces, this document specifies a method for defining a URN namespace and associating it with a namespace identifier, and it describes procedures for registering namespace identifiers with the Internet Assigned Numbers Authority (IANA). This document obsoletes both RFCs 2141 and 3406. Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226. This memo documents the process used by the Internet community for the standardization of protocols and procedures. It defines the stages in the standardization process, the requirements for moving a document between stages and the types of documents used during this process. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Advancing a protocol to Draft Standard requires documentation of the interoperation and implementation of the protocol. Historic reports have varied widely in form and level of content and there is little guidance available to new report preparers. This document updates the existing processes and provides more detail on what is appropriate in an interoperability and implementation report. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document updates the Internet Engineering Task Force (IETF) Standards Process defined in RFC 2026. Primarily, it reduces the Standards Process from three Standards Track maturity levels to two. This memo documents an Internet Best Current Practice. This document updates RFC 2026 to no longer use STD 1 as a summary of "Internet Official Protocol Standards". It obsoletes RFC 5000 and requests the IESG to move RFC 5000 (and therefore STD 1) to Historic status. RFC 2026 describes the review performed by the Internet Engineering Steering Group (IESG) on IETF Proposed Standard RFCs and characterizes the maturity level of those documents. This document updates RFC 2026 by providing a current and more accurate characterization of Proposed Standards. This document removes a limit on the number of Area Directors who manage an Area in the definition of "IETF Area". This document updates RFC 2026 (BCP 9) and RFC 2418 (BCP 25). This document requires that the IETF never publish any IETF Stream RFCs without IETF rough consensus. This updates RFC 2026. In RFC 9280, responsibility for the RFC Series moved to the RFC Series Working Group and the RFC Series Approval Board. It is no longer the responsibility of the RFC Editor, and the role of the IAB in the RFC Series is altered. Accordingly, in Section 2.1 of RFC 2026, the sentence "RFC publication is the direct responsibility of the RFC Editor, under the general direction of the IAB" is deleted.

Contributors

Acknowledgements The authors wish to thank Lorenzo Miniero, Juliusz Chroboczek, Adam Roach, Nils Ohlmeier, Christer Holmberg, Cameron Elliott, Gustavo Garcia, Sandro Gauci, and everyone else in the WebRTC community that have provided comments, feedback, text and improvement proposals on the document and contributed early implementations of the spec.