9. Security Considerations

This architecture relies on the security of the underlying protocols (DTLS, SRTP, ICE) and the web security model (SOP, TLS for HTTPS). Key considerations include:

IdP Trust: Users must trust the IdP not to forge assertions.
CS Trust: While the CS cannot decrypt media, it can control metadata and signaling. A malicious CS could try to trick the user or perform DoS.
Privacy: Identity assertions reveal information. UAs should allow users to control when identity is shared.

9. Security Considerations​

9. Security Considerations