> > Section 9: > > > > Delete first paragraph. > > > > Clarify the UA also REGISTERs to the AOR. Discuss the > security implications, i.e., > > you either use the same shared username/password, or you > use a different username/password > > for HTTP digest, per user. Perhaps the security > considerations can be described in section 15. > > > > > > I added text about authorization for third party registrations and > publication. A little more text on this would be helpful.
Ah-ah... Now we are getting down to business. I am now looking at new section 10.1 on registration, and I see that you are using indeed third-party registration (with To=HelpDesk, From=Alice). So, this would be one way to to it. Another way would be to NOT use third-party registration at all. In other words, Alice would send a first party registration on behalf of HelpDesk (ie.., To=HelpDesk, From=Alice). Wouldn't that work? Then there is the whole issue of authentication with HTTP-Digest. I guess one could use username="HelpDesk". In this case, the idea is that Alice would need to know the credentials for HelpDesk. Another way would be to use username="alice" instead (i.e., her own credentials). The decisions on which authentication you use would depend on need of the administrator. Have you tought about this? Am I off based? _______________________________________________ BLISS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bliss
