IETF Logo Mail Archive

RE: AW: [Sipping-tispan] TISPAN requirements, first requiements

"Michael Hammer \(mhammer\)" <mhammer@cisco.com> Fri, 26 August 2005 17:20 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8hsu-0006r3-QL; Fri, 26 Aug 2005 13:20:56 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8hsr-0006qu-J1 for sipping-tispan@megatron.ietf.org; Fri, 26 Aug 2005 13:20:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02467 for <sipping-tispan@ietf.org>; Fri, 26 Aug 2005 13:20:50 -0400 (EDT)
Received: from rtp-iport-1.cisco.com ([64.102.122.148]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E8hta-0005rn-I9 for sipping-tispan@ietf.org; Fri, 26 Aug 2005 13:21:41 -0400
Received: from rtp-core-2.cisco.com (64.102.124.13) by rtp-iport-1.cisco.com with ESMTP; 26 Aug 2005 10:20:42 -0700
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
X-IronPort-AV: i="3.96,144,1122879600"; d="scan'208"; a="7462098:sNHT23997810"
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id j7QHK2RL027149; Fri, 26 Aug 2005 13:20:39 -0400 (EDT)
Received: from xmb-rtp-20b.amer.cisco.com ([64.102.31.53]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 26 Aug 2005 13:20:16 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: AW: [Sipping-tispan] TISPAN requirements, first requiements
Date: Fri, 26 Aug 2005 13:20:15 -0400
Message-ID: <072C5B76F7CEAB488172C6F64B30B5E37C5625@xmb-rtp-20b.amer.cisco.com>
Thread-Topic: AW: [Sipping-tispan] TISPAN requirements, first requiements
Thread-Index: AcWp+5PUGxp+jWixS6OOAi6phtNOPwAY48ng
From: "Michael Hammer \(mhammer\)" <mhammer@cisco.com>
To: "Paul Kyzivat \(pkyzivat\)" <pkyzivat@cisco.com>, "Miguel Garcia" <Miguel.An.Garcia@nokia.com>
X-OriginalArrivalTime: 26 Aug 2005 17:20:16.0675 (UTC) FILETIME=[6D460730:01C5AA62]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 88b11fc64c1bfdb4425294ef5374ca07
Content-Transfer-Encoding: quoted-printable
Cc: sipping-tispan@ietf.org, "Alexeitsev, D" <D.Alexeitsev@t-com.net>
X-BeenThere: sipping-tispan@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion of requirements for SIP introduced by ETSI TISPAN <sipping-tispan.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping-tispan>, <mailto:sipping-tispan-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/sipping-tispan>
List-Post: <mailto:sipping-tispan@ietf.org>
List-Help: <mailto:sipping-tispan-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping-tispan>, <mailto:sipping-tispan-request@ietf.org?subject=subscribe>
Sender: sipping-tispan-bounces@ietf.org
Errors-To: sipping-tispan-bounces@ietf.org

Paul, Roland,

It seems like there are three parts to this model:
What does the caller (police) send to indicate invocation of ACR-override,
What does the network do to the message to ensure it does not appear as anonymous,
What does the message need to look like when handled by the called party.

I would suggest that the first part is for the police sender to submit a message to the network that provides a valid yet bogus From: header, but with a convention-following P-Preferred-ID header that indicates it is from police and that override is to be invoked.

Second, on ingress, the network may authenticate and authorize the police sender to do ACR override.  The ingress would then form the P-A-ID header to match the From header.  Another indicator could be included to indicate that this was intentionally forged.  That additional indicator would need to be removed on egress.  The usefulness of that is perhaps more for back-end systems to record and not confuse with something fraudulent occurring.

On egress, the network is sending a message where the From: and P-A-ID header matches.  In this case, the message arrives at the UAS with From: and P-A-ID header the same.  Would that permit the UAS to *not* treat it as anonymous?

This does not solve the question of whether the indication should be enshrined explicitly by generalizing the role indicatory versus leaving this as an implicit indication derived from convention of URI construction.

Mike

 

> -----Original Message-----
> From: sipping-tispan-bounces@ietf.org 
> [mailto:sipping-tispan-bounces@ietf.org] On Behalf Of Paul 
> Kyzivat (pkyzivat)
> Sent: Friday, August 26, 2005 1:03 AM
> To: Miguel Garcia
> Cc: sipping-tispan@ietf.org; Alexeitsev, D
> Subject: Re: AW: [Sipping-tispan] TISPAN requirements, first 
> requiements
> 
> Miguel,
> 
> Yes, I think something is missing, having to do with how 
> callers entitled to override of ACR are determined. But I 
> still don't know what that requirement should say.
> 
> 	Paul
> 
> Miguel Garcia wrote:
> > Paul, once Roland has explained the issue, what is your 
> proposal for 
> > clarification of the existing text? Do you think something 
> is missing?
> > 
> > /Miguel
> > 
> > Jesske, R wrote:
> > 
> >> Paul,
> >> With regard to this feature it must be based on trust 
> relationship as 
> >> defined within RFC3325 for the P-Asserted-Identity.
> >> So the indication that this is a authorised user is included by a 
> >> network entity like it is done for the P-Asserted-Identiy.
> >> So the network entity knows it via a database that this registered 
> >> user is a authorised one.
> >>
> >> With regard to the PSTN/ISDN this was solved via a indication that 
> >> the Calling Party Number is restricted by the network. The network 
> >> included this indication in three cases:
> >> 1. The call was originated within a network that cannot provide a 
> >> originating number (e.G.) analogue.
> >> 2. The call has no originated number due to interworking with 
> >> international networks 3. The call was send from a authorised user 
> >> (e.G. police). This indication was then set by the network. This 
> >> feature is especially used in UK.
> >>
> >> So with the requirement proposed by Miguel we hope to find 
> a solution 
> >> to cover the 3 above mentioned cases.
> >>
> >> With regard to trust we want to have such a indication bind to a 
> >> trust relationship as it is described within RFC3325.
> >> So trust for interconnection to an other network is based on 
> >> bilateral agreement.
> >>
> >>
> >> Best Regards
> >>
> >> Roland
> >>
> >>
> >>> -----Ursprüngliche Nachricht-----
> >>> Von: sipping-tispan-bounces@ietf.org 
> >>> [mailto:sipping-tispan-bounces@ietf.org] Im Auftrag von 
> Paul Kyzivat
> >>> Gesendet: Mittwoch, 24. August 2005 05:07
> >>> An: Miguel Garcia
> >>> Cc: sipping-tispan@ietf.org; Alexeitsev, Denis
> >>> Betreff: Re: [Sipping-tispan] TISPAN requirements, first 
> requiements
> >>>
> >>>
> >>>
> >>>
> >>> Miguel Garcia wrote:
> >>>
> >>>> Folks:
> >>>>
> >>>> Since we are tasked to re-draft the TISPAN requirements
> >>>
> >>>
> >>> adding as much
> >>>
> >>>> clarifications as possible, we would like to start checking
> >>>
> >>>
> >>> with you if
> >>>
> >>>> the requirements related to the Annonymous Communication
> >>>
> >>>
> >>> Rejection (ACR)
> >>>
> >>>> service is OK and understandable by everyone.
> >>>>
> >>>> So please take a look at the first version of the (much
> >>>
> >>>
> >>> incomplete and
> >>>
> >>>> short) draft in either text or HTML:
> >>>>
> >>>>
> >>>
> >>> http://people.nokia.net/~miguel/drafts/pre/draft-jesske-sippin
> >>
> >>
> >> g-tispan-requirements-02a.txt
> >>
> >>> 
> http://people.nokia.net/~miguel/drafts/pre/draft-jesske-sipping-tisp
> >>> an-requirements-02a.html
> >>>
> >>>
> >>> The document is fairly short at the moment. Please post your 
> >>> comments here.
> >>
> >>
> >>
> >> Regarding REQ-ACR-2:
> >>
> >>
> >>>   REQ-ACR-2: It must be possible that authorized callers are not
> >>>              subject to the ACR service, thus, allowing 
> the callee to
> >>>              receive anonymous requests from authorized 
> callers.  This
> >>>              effectively requires a mechanism to override the ACR
> >>>              service depending on the identity and 
> authorization of the
> >>>              caller.  This is needed, e.g., when a police 
> officer or
> >>>              any other authority is anonymously calling to a user
> >>>              having the ACR simulation service activated.
> >>
> >>
> >>
> >> How is a caller authorized? Is the mechanism for determining and 
> >> conveying this authorization in scope for this service? There is 
> >> mention specifically of Police Officers, among others, as being 
> >> authorized. Are there a list of attributes like that which must be 
> >> used to characterize a caller and that are used to determine the 
> >> authorization?
> >>
> >> How is this affected by peering and PSTN interconnect? Is an 
> >> authorization on one side to be conveyed to the other side 
> and then 
> >> trusted their?
> >>
> >>     Thanks,
> >>     Paul
> >>
> >> _______________________________________________
> >> Sipping-tispan mailing list
> >> Sipping-tispan@ietf.org
> >> https://www1.ietf.org/mailman/listinfo/sipping-tispan
> >>
> > 
> 
> _______________________________________________
> Sipping-tispan mailing list
> Sipping-tispan@ietf.org
> https://www1.ietf.org/mailman/listinfo/sipping-tispan
> 

_______________________________________________
Sipping-tispan mailing list
Sipping-tispan@ietf.org
https://www1.ietf.org/mailman/listinfo/sipping-tispan

v2.8.7 | Report a Bug | By Email