Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - consider splitting
"A. Jean Mahoney" <mahoney@nostrum.com> Fri, 03 August 2018 03:12 UTC
Return-Path: <mahoney@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2522D130EEE for <sipcore@ietfa.amsl.com>; Thu, 2 Aug 2018 20:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2224gf9K8l3l for <sipcore@ietfa.amsl.com>; Thu, 2 Aug 2018 20:12:49 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4303E130DEE for <sipcore@ietf.org>; Thu, 2 Aug 2018 20:12:49 -0700 (PDT)
Received: from mutabilis-2.local ([47.186.17.148]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w733CggC027307 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <sipcore@ietf.org>; Thu, 2 Aug 2018 22:12:46 -0500 (CDT) (envelope-from mahoney@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host [47.186.17.148] claimed to be mutabilis-2.local
To: sipcore@ietf.org
References: <CAF_j7yZxzdyX3NsfnmwJqrgVKeC3xGeLbiZ_z1rF9HyNAqwW_A@mail.gmail.com> <CAGL6epJjbGPiCXvmycgF8dfcLvC=4q2Q1HR0NMvTr0imKhyP1A@mail.gmail.com>
From: "A. Jean Mahoney" <mahoney@nostrum.com>
Message-ID: <b439434c-fc98-4259-69b5-8df024c2d1fa@nostrum.com>
Date: Thu, 02 Aug 2018 22:12:43 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAGL6epJjbGPiCXvmycgF8dfcLvC=4q2Q1HR0NMvTr0imKhyP1A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/oFbjY8UxKCkE6paXyZObtkLWWRQ>
Subject: Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - consider splitting
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2018 03:12:51 -0000
On 8/2/18 1:40 PM, Rifaat Shekh-Yusef wrote: > Thanks Yehoshua, > > I tend to agree with you, and I would be ok with splitting the document > into two. > It is up to the chairs and WG to make a decision on this. > > * > * > *Chairs,* > > Any thoughts about this? I'm not opposed to splitting the draft in two, but I would like to hear from the WG on it. Thanks, Jean > Regards, > Rifaat > > > > On Wed, Aug 1, 2018 at 9:18 AM Yehoshua Gev <yoshigev@gmail.com > <mailto:yoshigev@gmail.com>> wrote: > > Hi, > > After some thoughts about how the various sections of draft are > intended to be used, I think you should consider splitting it to two > drafts. > > The draft currently describes two separate mechanisms: > 1. Section 2 is intended for a UA as a way to perform login by > entering some sort of credentials. > After entering the credential, the SIP Proxy maintains a state > for "remaining authenticated" with the Authorization Server. > Possibly, the UA uses a novel (not defined by the OAuth RFCs) > shared-key mechanism for "remaining authenticated" with the SIP Proxy. > Part of the mechanism described in this section is similar to > steps A & B of section 4 of RFC 6749 (OAuth). > > 2. Section 3 is intended for a UA which has means of obtaining OAuth > access token (e.g., web application). > This section describes a how to convey this access token over > SIP messages. > It is almost completely equivalent to RFC 6750 (OAuth Bearer > token) which does the same for HTTP. > > I think that each of those mechanisms deserves a separate draft, > because: > a. A UA will most probably implement only one of those mechanisms > and not both. > (To say a UA/Proxy conforms to the draft - must both mechanisms > be implemented?) > b. The security considerations are different between them. > c. They correspond to different OAuth RFCs. > d. IMHO, the second mechanism is closer to be prepared to publication. > > > Regards, > Yehoshua > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] draft-ietf-sipcore-sip-authn-02 - consi… Yehoshua Gev
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… Rifaat Shekh-Yusef
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… A. Jean Mahoney
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… A. Jean Mahoney
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… Dale R. Worley
- Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - c… Rifaat Shekh-Yusef