[sip-ops] draft-lawrence-sip-3rd-party-authorization-00

"Scott Lawrence" <scott.lawrence@nortel.com> Sun, 03 May 2009 19:35 UTC

Return-Path: <scott.lawrence@nortel.com>
X-Original-To: sip-ops@core3.amsl.com
Delivered-To: sip-ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 657473A6A22; Sun, 3 May 2009 12:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.936
X-Spam-Level:
X-Spam-Status: No, score=-5.936 tagged_above=-999 required=5 tests=[AWL=0.663, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7eVs8rUv+ceH; Sun, 3 May 2009 12:35:34 -0700 (PDT)
Received: from zcars04e.nortel.com (zcars04e.nortel.com [47.129.242.56]) by core3.amsl.com (Postfix) with ESMTP id 06EF03A681C; Sun, 3 May 2009 12:35:24 -0700 (PDT)
Received: from zrtphxs1.corp.nortel.com (casmtp.ca.nortel.com [47.140.202.46]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id n43JZpe04304; Sun, 3 May 2009 19:35:52 GMT
Received: from [127.0.0.1] ([47.17.25.99]) by zrtphxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 3 May 2009 15:36:42 -0400
From: "Scott Lawrence" <scott.lawrence@nortel.com>
To: RAI DISPATCH <dispatch@ietf.org>
Content-Type: text/plain
Organization: Nortel Networks
Date: Sun, 03 May 2009 15:36:40 -0400
Message-Id: <1241379400.3528.50.camel@scott>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.5 (2.24.5-1.fc10)
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 03 May 2009 19:36:42.0453 (UTC) FILETIME=[7C642050:01C9CC26]
Cc: SIP Operations <sip-ops@ietf.org>
Subject: [sip-ops] draft-lawrence-sip-3rd-party-authorization-00
X-BeenThere: sip-ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: RAI DISPATCH <dispatch@ietf.org>
List-Id: SIP Operations <sip-ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-ops>, <mailto:sip-ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-ops>
List-Post: <mailto:sip-ops@ietf.org>
List-Help: <mailto:sip-ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-ops>, <mailto:sip-ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 May 2009 19:35:35 -0000

draft-lawrence-sip-3rd-party-authorization-00.txt has been submitted by
Scott Lawrence and posted to the IETF repository.

Filename:	 draft-lawrence-sip-3rd-party-authorization
Revision:	 00
Title:		 Third Party Authorization in the Session Initiation Protocol
Creation_date:	 2009-05-03
WG ID:		 Independent Submission
Number_of_pages: 15

Abstract:
        This draft describes some circumstances that are common in SIP
        deployments which lack a rigorous authorization model, and points out
        some ways in which this has resulted in poor security
        characteristics.
        
        The purpose of this document is to stimulate discussion of the
        identified problem and proposed requirements for any solution.

In this draft, I lay out a case for why SIP would benefit from an
authorization model that allows for one party to send a request to a
second party who must decide whether or not to allow the request, but
have a third party provide an explicit authorization in the request.
The goal is to allow separation of the evaluation of a request with
respect to a security policy from other parts of responding to the
request.

I _do_not_ include any discussion in this draft of _how_ the
requirements it lists could or should be met.  While I'm very interested
in that discussion, I think it's important to first discover whether or
not there is agreement in the SIP community that there really is a
problem and what part or parts of that problem need to be solved; this
draft is focused on that discussion.