OpenTalk is based on an architecture that has been developed from scratch and that reflects the current state of the art in security, authentication, encryption, scalability and flexibility.
A central "controller" supervises the logon and authentication of all users and confirms their authorization to access sessions. After the initial authentication has been successful, another authorization check is performed on the basis of an OpenID Connect token, for each access: Whether it is retrieving video streams from an ongoing conference or transmitting required control information, chat messages, voting participation or using any other feature within the scope of participation. Nothing takes place without token-based authorization.
Only after logging in will the client connection be internally forwarded to the specific video bridge from which the respective conference content is accessible. The bridge will only ever receive authorized RTC connections, which ensures that only trustworthy and authorized audio/video data are being disseminated. The internal systems can thus be protected and hardened against unauthorized access and denial-of-service attacks by way of a multi-level system ("onion skins").
Control commands, such as microphone on/off and camera on/off, are first authorized by the user client and sent to the controller, which then forwards them to the responsible video bridge with the help of a so-called message broker. The message broker has been designed for high-performance scaling and can also simultaneously process the message volumes that occur in those conferences that have a very high number of participants.
For each new conference, a separate video bridge instance is started in a container, which processes all security-sensitive data locally within the container. This protects against unauthorized access from other installations/conferences and, by dismantling the conference container upon termination, also ensures that all data stored at runtime is securely and reliably deleted at the end of the conference.
in terms of streaming quality, modern standards and license-free open source video codecs such as VP8, VP9 or AV1 are efficient when it comes to data consumption and facilitate a good, low-latency conference experience, even with limited or fluctuating available network bandwidths. The connection quality is continuously monitored and the connection parameters are dynamically adjusted to the available bandwidth.