Re: [sip-ops] [dispatch] draft-lawrence-sip-3rd-party-authorization-00
"Mary Barnes" <mary.barnes@nortel.com> Thu, 11 June 2009 13:45 UTC
Return-Path: <mary.barnes@nortel.com>
X-Original-To: sip-ops@core3.amsl.com
Delivered-To: sip-ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4ABBA3A6AFA; Thu, 11 Jun 2009 06:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.585
X-Spam-Level:
X-Spam-Status: No, score=-6.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jxKHEKobPHui; Thu, 11 Jun 2009 06:45:11 -0700 (PDT)
Received: from zcars04e.nortel.com (zcars04e.nortel.com [47.129.242.56]) by core3.amsl.com (Postfix) with ESMTP id 2A0493A693C; Thu, 11 Jun 2009 06:45:11 -0700 (PDT)
Received: from zrc2hxm0.corp.nortel.com (zrc2hxm0.corp.nortel.com [47.103.123.71]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id n5BDhs307375; Thu, 11 Jun 2009 13:43:55 GMT
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 11 Jun 2009 08:47:43 -0500
Message-ID: <1ECE0EB50388174790F9694F77522CCF1E727FEF@zrc2hxm0.corp.nortel.com>
In-Reply-To: <1241379400.3528.50.camel@scott>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dispatch] draft-lawrence-sip-3rd-party-authorization-00
Thread-Index: AcnMJo0K7J8DEyoPR4Wk1evGXxhUVAedGCrQ
References: <1241379400.3528.50.camel@scott>
From: Mary Barnes <mary.barnes@nortel.com>
To: RAI DISPATCH <dispatch@ietf.org>
Cc: SIP Operations <sip-ops@ietf.org>
Subject: Re: [sip-ops] [dispatch] draft-lawrence-sip-3rd-party-authorization-00
X-BeenThere: sip-ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Operations <sip-ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-ops>, <mailto:sip-ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-ops>
List-Post: <mailto:sip-ops@ietf.org>
List-Help: <mailto:sip-ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-ops>, <mailto:sip-ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2009 13:45:12 -0000
Hi folks, There seems to be sufficient interest in this topic to warrant f2f agenda time in Stockholm. However, additional feedback prior to IETF-75 is necessary to ensure that progress can be made in Stockholm. Thanks, Mary. DISPATCH WG co-chair -----Original Message----- From: dispatch-bounces@ietf.org [mailto:dispatch-bounces@ietf.org] On Behalf Of Lawrence, Scott (BL60:9D30) Sent: Sunday, May 03, 2009 2:37 PM To: RAI DISPATCH Cc: SIP Operations Subject: [dispatch] draft-lawrence-sip-3rd-party-authorization-00 draft-lawrence-sip-3rd-party-authorization-00.txt has been submitted by Scott Lawrence and posted to the IETF repository. Filename: draft-lawrence-sip-3rd-party-authorization Revision: 00 Title: Third Party Authorization in the Session Initiation Protocol Creation_date: 2009-05-03 WG ID: Independent Submission Number_of_pages: 15 Abstract: This draft describes some circumstances that are common in SIP deployments which lack a rigorous authorization model, and points out some ways in which this has resulted in poor security characteristics. The purpose of this document is to stimulate discussion of the identified problem and proposed requirements for any solution. In this draft, I lay out a case for why SIP would benefit from an authorization model that allows for one party to send a request to a second party who must decide whether or not to allow the request, but have a third party provide an explicit authorization in the request. The goal is to allow separation of the evaluation of a request with respect to a security policy from other parts of responding to the request. I _do_not_ include any discussion in this draft of _how_ the requirements it lists could or should be met. While I'm very interested in that discussion, I think it's important to first discover whether or not there is agreement in the SIP community that there really is a problem and what part or parts of that problem need to be solved; this draft is focused on that discussion. _______________________________________________ dispatch mailing list dispatch@ietf.org https://www.ietf.org/mailman/listinfo/dispatch
- [sip-ops] draft-lawrence-sip-3rd-party-authorizat… Scott Lawrence
- Re: [sip-ops] [dispatch] draft-lawrence-sip-3rd-p… Mary Barnes
- Re: [sip-ops] [dispatch] draft-lawrence-sip-3rd-p… Dale Worley
- Re: [sip-ops] [dispatch] draft-lawrence-sip-3rd-p… Mary Barnes