|
|
|
|
|
|
SIP Authentification Service as per RFC 4474
|
RFC 4474 (draft-ietf-sip-identity)
defines a mechanism for securely identifying originators of SIP requests, especially in an interdomain context.
The authentication service authenticates Alice and validates that she is authorized
to assert the identity that is populated in the From header field.
It then computes a
hash over some particular headers, including the From header field
and the bodies in the message. This hash is signed with the
private key for the domain and
inserted in a new header field in the SIP message, the 'Identity'
header.
The proxy, as the holder of the private key of its domain, is
asserting that the originator of this request has been authenticated
and that she is authorized to claim the identity (the SIP address-
of-record) that appears in the From header field. The proxy also
inserts a companion header field, Identity-Info, that tells Bob how
to acquire its certificate, if he doesn't already have it.
When Bob's domain receives the request, it verifies the signature
provided in the Identity header, and thus can validate that the
domain indicated by the host portion of the AoR in the From header
field authenticated the user, and permitted the user to assert that
From header field value.
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Service for Non-REGISTER SIP Requests |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
