Re: [Sip] Event Lists: Back-End Credentials
David R Oran <oran@cisco.com> Wed, 27 October 2004 12:51 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00736 for <sip-web-archive@ietf.org>; Wed, 27 Oct 2004 08:51:37 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CMnV1-0004Zr-8Z for sip-web-archive@ietf.org; Wed, 27 Oct 2004 09:05:59 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CMnFI-0001Gy-Jr; Wed, 27 Oct 2004 08:49:44 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CMnET-00017y-VP for sip@megatron.ietf.org; Wed, 27 Oct 2004 08:48:54 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00473 for <sip@ietf.org>; Wed, 27 Oct 2004 08:48:52 -0400 (EDT)
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CMnSL-0004VZ-Fk for sip@ietf.org; Wed, 27 Oct 2004 09:03:14 -0400
Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-4.cisco.com with ESMTP; 27 Oct 2004 05:50:03 -0700
X-BrightmailFiltered: true
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id i9RCmJ9b013547; Wed, 27 Oct 2004 05:48:20 -0700 (PDT)
Received: from [10.32.245.154] (stealth-10-32-245-154.cisco.com [10.32.245.154]) by imail.cisco.com (8.12.11/8.12.10) with SMTP id i9RCnoD1030670; Wed, 27 Oct 2004 05:49:53 -0700
In-Reply-To: <417DE95C.8040805@nostrum.com>
References: <417DE95C.8040805@nostrum.com>
Mime-Version: 1.0 (Apple Message framework v619)
Message-Id: <7342A8D3-2816-11D9-BDDE-000A95C73842@cisco.com>
From: David R Oran <oran@cisco.com>
Subject: Re: [Sip] Event Lists: Back-End Credentials
Date: Wed, 27 Oct 2004 08:48:07 -0400
To: Adam Roach <adam@nostrum.com>
X-Pgp-Agent: GPGMail 1.0.2
X-Mailer: Apple Mail (2.619)
IIM-SIG: v:"1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1098881396.177059"; x:"432200"; a:"rsa-sha1"; b:"nofws:4951"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2pXIw" "eAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRU" "tW+c43sl9jC50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"dSo4phGQoQ4nKLclMXE3kVf4wOQYBlVSbb/fif8TatiV2PYLb/AMrn1pTxD59" "hLeyJqgt0sIi5Xy/r9dOfg9oUVhndZv5U2s+8+LgVMDO/KyyXWiemTcseG5PZ" "S65axYgdHpYTuQU2ypL6D243DhsL9BQ+Qce5zmnUFaz9ivbVI="; c:"From: David R Oran <oran@cisco.com>"; c:"Subject: Re: [Sip] Event Lists: Back-End Credentials"; c:"Date: Wed, 27 Oct 2004 08:48:07 -0400"
IIM-VERIFY: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 67c1ea29f88502ef6a32ccec927970f0
Cc: sip@ietf.org, Jonathan Rosenberg <jdrosen@dynamicsoft.com>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0942101743=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 932cba6e0228cc603da43d861a7e09d8
On Oct 26, 2004, at 2:06 AM, Adam Roach wrote: > After a discussion with Dean about some of the issues surrounding the > back-end credential issue that I raised earlier on the list, I struck > upon a solution that might get us past this logjam. > > The lynch pin to this solution is that the RLS does not ever pretend > to be the user. Instead, it always subscribes as its own identity. It > can present credentials as necessary to authenticate itself, but only > as itself, not as its subscribers. > This factors the security issues, but introduces an inconvenience in that any authorization policies have to know about the RLS in addition to the user on behalf of whom the RLS is doing the list management. Whether this constitutes a major or minor inconvenience is worth pondering. > A consequence of this is that, lacking any other mechanism, the > resources in a resource list for which the RLS is not authoritative > will contain only the information that their notifier is willing to > reveal to the RLS -- which is generally the same information they > would render to unauthenticated users. In some cases, this might > result in no useful information being transferred. > This strikes me as closer to "major" than "minor" if an important use case is buddy lists - which I suppose it is. If the RLS is in fact some kind of "shared resource" and doesn't have an identity controllable by the user it is acting on behalf of there would be little motivation for anyone to trust it and hence policy devolves to the anonymous subscription case in most instances. That would seem to do substantial damage to the utility for buddy lists. > Of course, the resource would still be present in the RLMI document; > this gives the subscriber the *option* to directly subscribe to any > resources for which the RLS is not authoritative. To facilitate the > client's ability to perform such subscriptions, the RLMI documents > would be enhanced with a flag which indicates whether the RLS is > authoritative for the resource. > Sure, but that's just saying that the RLS optimizations are of less value, and the subscriber's job of sorting through the policy versus overhead tradeoffs is made harder. > Finally, we would mention in the document that future work may define > a mechanism by which the subscriber can pass the RLS an authorization > token; the RLS could include this token in requests to show that it > has been authorized by the user to send SUBSCRIBE messages for > arbitrary resources on the user's behalf (mostly likely for a limited > time period). > That's a form of delegation which seems like it would work well for this purpose. > Of the solutions we've seen so far, I think this one is the cleanest > from a security perspective. Further, it will almost certainly allow > us to progress the draft now, and separate the delegation problem so > that it can be solved in a way that works well with the other identity > and authentication work currently underway (and might even be reusable > in other applications, such as dial-out conference bridges). > True, but are the tradeoffs with other aspects of utility and complexity right? I'm not sure but on the small amount of thought I've given this it strikes me as questionable. > Thoughts? > One option is to delay RLS until we have delegation (at least in the limited context of RLS) solved, since as you point out above subscribers may have to fall back to separate subscriptions to all the resources anyway. I'll observe that once a spec gets through to RFC, the enthusiasm to enhance it to do its full job wanes, and the complexities of multiple variants in the the wild reduces the practical utility of the "correct" solution. I don't feel strongly about this one way or the other. Dave. > /a > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip > David R. Oran Cisco Fellow Cisco Systems 7 Ladyslipper Lane Acton, MA 01720 USA Tel: +1 978 264 2048 Email: oran@cisco.com
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Event Lists: Back-End Credentials Adam Roach
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- Re: [Sip] Event Lists: Back-End Credentials Adam Roach
- [Sip] Event Lists: Back-End Credentials Adam Roach
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- Re: [Sip] Event Lists: Back-End Credentials Paul Kyzivat
- RE: [Sip] Event Lists: Back-End Credentials hisham.khartabil
- Re: [Sip] Event Lists: Back-End Credentials Adam Roach
- Re: [Sip] Event Lists: Back-End Credentials Adam Roach
- RE: [Sip] Event Lists: Back-End Credentials hisham.khartabil
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- RE: [Sip] Event Lists: Back-End Credentials hisham.khartabil
- Re: [Sip] Event Lists: Back-End Credentials David R Oran
- Re: [Sip] Event Lists: Back-End Credentials Jonathan Rosenberg
- Re: [Sip] Event Lists: Back-End Credentials Jonathan Rosenberg