[sipcore] Third-Party Authentication for Session Initiation Protocol (SIP)
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Tue, 10 January 2017 14:13 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 169C8129CBB for <sipcore@ietfa.amsl.com>; Tue, 10 Jan 2017 06:13:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qYvQ2KfHOTZk for <sipcore@ietfa.amsl.com>; Tue, 10 Jan 2017 06:13:41 -0800 (PST)
Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E093129CB1 for <sipcore@ietf.org>; Tue, 10 Jan 2017 06:13:41 -0800 (PST)
Received: by mail-ua0-x233.google.com with SMTP id i68so383453627uad.0 for <sipcore@ietf.org>; Tue, 10 Jan 2017 06:13:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vW1VjcqzysSf1xvUo/sjXMAL6Q745bxaWxuqvbPSxhQ=; b=eXDE8OOFqfCboR7fdGZ/bRleBS5qCcpF2ihigz939HYvYIcnDdgTdRYaA9qSNrQ0x1 /hlhnYN+tr4cz52Zb6NS0XgWvPbkfLZwlh/h7JDVN6mdGF4v55Ufp3cFppR3X4/JmWXW Ed/KIiPjqPgafWC+sy2cOQPf+2RD3iAtICH0CUdMzx4l7g9tyOrKZBYsP1Z1lRmtyQNF vPwzc8VfxF/o3naueIhsX5ddJ5Ixexw1IlhFVjbinqUleYmMLvY4nhxxWu5WYwoNjVqH nTVwCYGhss9r2pgVdAosSIJVHtf0Z1b0Dh5P9CxBWzJOj/tORjkMEAHt+km3bvCx19Rm ESvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vW1VjcqzysSf1xvUo/sjXMAL6Q745bxaWxuqvbPSxhQ=; b=TDL95NwsduQJKKIpgOLwHq60r+hvUdcQh5ssu1tWA51gs84Y3iYKbcSrMLclV7ruc4 i9aQENpSZDNU1w4srvPojWe6bwN3McpeplIQ2Vj6Ws2ZJLCIdyZ2mB4vFRBQpVgau7Sm ChghLAA+i92oxn7/OuQO5/m0IlO8z9iu8v3oX1WwgkSNqpzTOuG3hBDQhpjl013Abe6K A1fzLp6mczrO4YNJFpnCvKCQy0lO+vDia8cqUMbBzkn4BD99Xq75rgJ+LAcf3vx3ah7U 2uFvZIBPo+faiqwhQh1WDfGYqApbrQYPGICOu9CiW6udoxxqMhIzgzHyICKYxGJfSC1Y x1dQ==
X-Gm-Message-State: AIkVDXKDOnjsPumDdjOFHr3ehvDQwLBCbxfFivcbWMCOiLCZtETMbrk9RsV4oL8nRGvQXbPLsulsEq0dGL21qg==
X-Received: by 10.176.64.72 with SMTP id h66mr1648344uad.176.1484057619997; Tue, 10 Jan 2017 06:13:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.169 with HTTP; Tue, 10 Jan 2017 06:13:39 -0800 (PST)
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Tue, 10 Jan 2017 09:13:39 -0500
Message-ID: <CAGL6epJr7qx-ye=ECa9bwgaJDcQ6K99XbSn_L+bob3Ht3vpu+g@mail.gmail.com>
To: "sipcore@ietf.org" <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0485764428cb0545be1794"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/M3lsy8Ps1bm5TqFqSPIBGj570-g>
Subject: [sipcore] Third-Party Authentication for Session Initiation Protocol (SIP)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 14:13:43 -0000
Hi, Last year we had a long discussion on the mailing list about an AuthNZ mechanism for SIP. The AuthZ part seems to be controversial, while based on some offline discussion with Jon Peterson, the AuthN part seem *not* to be controversial. So, we decided to separate these discussions and first try to address the AuthN part, hence the following draft: https://datatracker.ietf.org/doc/draft-yusef-sipcore-sip-authn/ The draft defines an authentication mechanism for SIP using OpenID Connect/OAuth 2.0 to enable the delegation of the user authentication to a dedicated third-party IdP entity that is separate from the SIP network elements that provide the SIP service. We would appreciate any review and feedback on the document. Regards, Rifaat
- [sipcore] Third-Party Authentication for Session … Rifaat Shekh-Yusef