Re: [sipcore] SIP/websocket: SIP Identity question
binod pg <binod.pg@oracle.com> Thu, 07 November 2013 04:34 UTC
Return-Path: <binod.pg@oracle.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4087621E8108 for <sipcore@ietfa.amsl.com>; Wed, 6 Nov 2013 20:34:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zi76M0hDSDZ9 for <sipcore@ietfa.amsl.com>; Wed, 6 Nov 2013 20:34:00 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id B54B221E8095 for <sipcore@ietf.org>; Wed, 6 Nov 2013 20:34:00 -0800 (PST)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rA74Xx5r014755 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <sipcore@ietf.org>; Thu, 7 Nov 2013 04:34:00 GMT
Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rA74Xwjq025001 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <sipcore@ietf.org>; Thu, 7 Nov 2013 04:33:59 GMT
Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rA74Xw4X001090 for <sipcore@ietf.org>; Thu, 7 Nov 2013 04:33:58 GMT
Received: from [192.168.0.8] (/59.92.207.70) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Nov 2013 20:33:58 -0800
Message-ID: <527B1830.30000@oracle.com>
Date: Thu, 07 Nov 2013 10:03:52 +0530
From: binod pg <binod.pg@oracle.com>
Organization: Oracle Corporation
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130911 Thunderbird/17.0.9
MIME-Version: 1.0
To: sipcore@ietf.org
References: <5264AB70.7000408@oracle.com>
In-Reply-To: <5264AB70.7000408@oracle.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Subject: Re: [sipcore] SIP/websocket: SIP Identity question
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 04:34:06 -0000
I have few more further questions on this section. 1. The text in section 7 does not talk about which SIP header contains SIP identity that will be used for matching against the SIP Identity associated to the websocket connection. Section A.2 mentions it as From URI value. But A.2 is non-normative. So, will it be always From URI? In a discussion in SIP servlet expert group a question was asked, whether it can be P-Asserted-Identity. Can it be? 2. Doesn't the requirement for matching implies that the user can not use more than one SIP identity(eg: IMPU)? 3. If a user want to keep the SIP identity private/anonymous (RFC 3323), would the rule for matching the SIP identity still apply? thanks, Binod. On 10/21/2013 9:50 AM, Binod wrote: > Hi, > > Section 7 of sip/websocket says the following. > > If SIP Digest authentication is not requested for SIP requests coming > from the SIP WebSocket Client, then the SIP WebSocket Server MUST > authorize SIP requests based on a previous Web or WebSocket login / > authentication procedure, and MUST validate that the SIP identity in > those SIP requests match the SIP identity associated to the WebSocket > connection. > > I assume, the "SIP identity associated to the WebSocket connection" is > not > exactly the same as the "web identity" associated with the websocket > connection. > > The RFC draft does not explain how the SIP WebSocket Server maps the > "web identity" (example: the username with which user logs into a > website) > to the "sip identity". > > So, the "matching" specified in section 7, happens "after" a potential > mapping > between "web identity" and "sip identity". > > Did I get it right? > > Hope draft is not mandating that username with which user logs into > the website > must match with the sip identity present in the SIP request. > > thanks, > Binod. > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] SIP/websocket: SIP Identity question Binod
- Re: [sipcore] SIP/websocket: SIP Identity question binod pg
- Re: [sipcore] SIP/websocket: SIP Identity question Dean Willis
- Re: [sipcore] SIP/websocket: SIP Identity question binod pg
- Re: [sipcore] SIP/websocket: SIP Identity question IƱaki Baz Castillo