Re: [Rum] RUM security model

["Olle E. Johansson" <oej@edvina.net>]

> On 28 Sep 2020, at 21:33, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:
> 
> On 9/27/20 12:35 AM, Paul Kyzivat wrote:
>> On 9/26/20 8:58 PM, Brian Rosen wrote:
>>> I think we do want the spec to support multiple providers on one device/user.  I think that’s the point of having the file.  If it wasn’t them the user could just use the password for the single provider directly and not need any other mechanism.
>>> 
>>> ISTM that if the user has a password (and possibly a second factor like a USB security device), then it can securely unlock a local resource that contains the credentials.  They can be stored encrypted, where the decrypt requires the passwords at least initially.
>>> 
>>> The simplest model is perhaps too simple: a local encrypted file containing sign-on credentials that is decrypted with the user entering a password.  That is one password per user regardless of how many providers they use.
>> Yes, I think it is too simple. The RUE needs access to those sign-on credentials in situations where the user isn't present. For instance, suppose it is restarted due to power failure. Then it must reregister ASAP in order to be available to receive incoming calls. There are lots of other cases as well.
> 
> I definitely am not up to speed on the state of the art in this area. I wonder if we can recruit an expert to help. Perhaps request a security review.
> 
I think RUM is a perfect use-case for the new Oauth2/OpenID Connect auth mechanism in SIP.

/O