Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - consider splitting
"A. Jean Mahoney" <mahoney@nostrum.com> Mon, 20 August 2018 22:08 UTC
Return-Path: <mahoney@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25795130E14 for <sipcore@ietfa.amsl.com>; Mon, 20 Aug 2018 15:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lhB1Cmiex7hm for <sipcore@ietfa.amsl.com>; Mon, 20 Aug 2018 15:08:38 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E986129619 for <sipcore@ietf.org>; Mon, 20 Aug 2018 15:08:38 -0700 (PDT)
Received: from mutabilis-2.local ([47.186.18.66]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w7KM8aBF051337 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <sipcore@ietf.org>; Mon, 20 Aug 2018 17:08:37 -0500 (CDT) (envelope-from mahoney@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host [47.186.18.66] claimed to be mutabilis-2.local
To: sipcore@ietf.org
References: <CAF_j7yZxzdyX3NsfnmwJqrgVKeC3xGeLbiZ_z1rF9HyNAqwW_A@mail.gmail.com> <CAGL6epJjbGPiCXvmycgF8dfcLvC=4q2Q1HR0NMvTr0imKhyP1A@mail.gmail.com> <b439434c-fc98-4259-69b5-8df024c2d1fa@nostrum.com>
From: "A. Jean Mahoney" <mahoney@nostrum.com>
Message-ID: <1dbadb1f-fb00-f437-65e8-fbd75895f9f8@nostrum.com>
Date: Mon, 20 Aug 2018 17:08:36 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <b439434c-fc98-4259-69b5-8df024c2d1fa@nostrum.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/kBXrGHhiCb2p5hAdZxrqpTzas8Q>
Subject: Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - consider splitting
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 22:08:40 -0000
Does anyone have any thoughts on this proposal? Thanks! Jean On 8/2/18 10:12 PM, A. Jean Mahoney wrote: > > > On 8/2/18 1:40 PM, Rifaat Shekh-Yusef wrote: >> Thanks Yehoshua, >> >> I tend to agree with you, and I would be ok with splitting the >> document into two. >> It is up to the chairs and WG to make a decision on this. >> >> * >> * >> *Chairs,* >> >> Any thoughts about this? > > I'm not opposed to splitting the draft in two, but I would like to hear > from the WG on it. > > Thanks, > > Jean > > > >> Regards, >> Rifaat >> >> >> >> On Wed, Aug 1, 2018 at 9:18 AM Yehoshua Gev <yoshigev@gmail.com >> <mailto:yoshigev@gmail.com>> wrote: >> >> Hi, >> >> After some thoughts about how the various sections of draft are >> intended to be used, I think you should consider splitting it to two >> drafts. >> >> The draft currently describes two separate mechanisms: >> 1. Section 2 is intended for a UA as a way to perform login by >> entering some sort of credentials. >> After entering the credential, the SIP Proxy maintains a state >> for "remaining authenticated" with the Authorization Server. >> Possibly, the UA uses a novel (not defined by the OAuth RFCs) >> shared-key mechanism for "remaining authenticated" with the SIP >> Proxy. >> Part of the mechanism described in this section is similar to >> steps A & B of section 4 of RFC 6749 (OAuth). >> >> 2. Section 3 is intended for a UA which has means of obtaining OAuth >> access token (e.g., web application). >> This section describes a how to convey this access token over >> SIP messages. >> It is almost completely equivalent to RFC 6750 (OAuth Bearer >> token) which does the same for HTTP. >> >> I think that each of those mechanisms deserves a separate draft, >> because: >> a. A UA will most probably implement only one of those mechanisms >> and not both. >> (To say a UA/Proxy conforms to the draft - must both mechanisms >> be implemented?) >> b. The security considerations are different between them. >> c. They correspond to different OAuth RFCs. >> d. IMHO, the second mechanism is closer to be prepared to >> publication. >> >> >> Regards, >> Yehoshua >> >> >> >> _______________________________________________ >> sipcore mailing list >> sipcore@ietf.org >> https://www.ietf.org/mailman/listinfo/sipcore >> > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] draft-ietf-sipcore-sip-authn-02 - consi… Yehoshua Gev
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… Rifaat Shekh-Yusef
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… A. Jean Mahoney
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… A. Jean Mahoney
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… Dale R. Worley
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… Rifaat Shekh-Yusef