RE: [Sip] Event Lists: Back-End Credentials
hisham.khartabil@nokia.com Thu, 28 October 2004 13:58 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA13786 for <sip-web-archive@ietf.org>; Thu, 28 Oct 2004 09:58:35 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CNB1Z-0001jy-SO for sip-web-archive@ietf.org; Thu, 28 Oct 2004 10:13:10 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CNAhk-0000HX-5j; Thu, 28 Oct 2004 09:52:40 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CNAZJ-0006zb-8U for sip@megatron.ietf.org; Thu, 28 Oct 2004 09:43:57 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA12740 for <sip@ietf.org>; Thu, 28 Oct 2004 09:43:56 -0400 (EDT)
From: hisham.khartabil@nokia.com
Received: from mgw-x1.nokia.com ([131.228.20.21]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CNAnO-0001MB-Ev for sip@ietf.org; Thu, 28 Oct 2004 09:58:31 -0400
Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i9SDhi321680; Thu, 28 Oct 2004 16:43:44 +0300 (EET DST)
X-Scanned: Thu, 28 Oct 2004 16:43:30 +0300 Nokia Message Protector V1.3.31 2004060815 - RELEASE
Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id i9SDhUv7014444; Thu, 28 Oct 2004 16:43:30 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks001.ntc.nokia.com 008y0q6G; Thu, 28 Oct 2004 16:43:29 EEST
Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i9SDhMa21617; Thu, 28 Oct 2004 16:43:22 +0300 (EET DST)
Received: from esebe003.NOE.Nokia.com ([172.21.138.39]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Thu, 28 Oct 2004 16:43:22 +0300
Received: from esebe056.NOE.Nokia.com ([172.21.143.51]) by esebe003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Thu, 28 Oct 2004 16:43:22 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] Event Lists: Back-End Credentials
Date: Thu, 28 Oct 2004 16:43:22 +0300
Message-ID: <5816828233DEFA41807A6CFDFDF2343C3A8BD7@esebe056.ntc.nokia.com>
Thread-Topic: [Sip] Event Lists: Back-End Credentials
Thread-Index: AcS7I29JvLC9ZPmKRH2sPvyYNLVNSQBz8ndg
To: adam@nostrum.com, sip@ietf.org
X-OriginalArrivalTime: 28 Oct 2004 13:43:22.0212 (UTC) FILETIME=[174C1240:01C4BCF4]
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Content-Transfer-Encoding: quoted-printable
Cc: jdrosen@dynamicsoft.com
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 32b73d73e8047ed17386f9799119ce43
Content-Transfer-Encoding: quoted-printable
> -----Original Message----- > From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org]On > Behalf Of ext > Adam Roach > Sent: 26.October.2004 09:06 > To: sip@ietf.org > Cc: Jonathan Rosenberg > Subject: [Sip] Event Lists: Back-End Credentials > > > After a discussion with Dean about some of the issues surrounding the > back-end credential issue that I raised earlier on the list, I struck > upon a solution that might get us past this logjam. > > The lynch pin to this solution is that the RLS does not ever > pretend to > be the user. Instead, it always subscribes as its own > identity. It can > present credentials as necessary to authenticate itself, but only as > itself, not as its subscribers. > > A consequence of this is that, lacking any other mechanism, the > resources in a resource list for which the RLS is not > authoritative will > contain only the information that their notifier is willing > to reveal to > the RLS -- which is generally the same information they would > render to > unauthenticated users. In some cases, this might result in no useful > information being transferred. This limitation by itself kills the idea, IMO. Most presence lists will rely on the event list, and if its gonna mean that no useful information will come to the watcher, then the whole mecahnism is useless. Why isn't it enough to say that the way an watcher passes the key to the RLS is outside the scope of this document? We have certainly made such assumptions in the past. We can suggest HTML. We can suggest an email being sent to the administrator. We can even suggest an XCAP usage document, but I don't understand why the draft needs to define that explicitly. /Hisham > > Of course, the resource would still be present in the RLMI document; > this gives the subscriber the *option* to directly subscribe to any > resources for which the RLS is not authoritative. To facilitate the > client's ability to perform such subscriptions, the RLMI > documents would > be enhanced with a flag which indicates whether the RLS is > authoritative > for the resource. > > Finally, we would mention in the document that future work > may define a > mechanism by which the subscriber can pass the RLS an authorization > token; the RLS could include this token in requests to show > that it has > been authorized by the user to send SUBSCRIBE messages for arbitrary > resources on the user's behalf (mostly likely for a limited > time period). > > Of the solutions we've seen so far, I think this one is the cleanest > from a security perspective. Further, it will almost > certainly allow us > to progress the draft now, and separate the delegation > problem so that > it can be solved in a way that works well with the other identity and > authentication work currently underway (and might even be reusable in > other applications, such as dial-out conference bridges). > > Thoughts? > > /a > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Event Lists: Back-End Credentials Adam Roach
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- Re: [Sip] Event Lists: Back-End Credentials Adam Roach
- [Sip] Event Lists: Back-End Credentials Adam Roach
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- Re: [Sip] Event Lists: Back-End Credentials Paul Kyzivat
- RE: [Sip] Event Lists: Back-End Credentials hisham.khartabil
- Re: [Sip] Event Lists: Back-End Credentials Adam Roach
- Re: [Sip] Event Lists: Back-End Credentials Adam Roach
- RE: [Sip] Event Lists: Back-End Credentials hisham.khartabil
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- RE: [Sip] Event Lists: Back-End Credentials hisham.khartabil
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- Re: [Sip] Event Lists: Back-End Credentials Jonathan Rosenberg
- Re: [Sip] Event Lists: Back-End Credentials Jonathan Rosenberg