On Sat, Jan 23, 2010 at 10:33 PM, zainab khallouf <[email protected]> wrote: > On 1/23/10, Eric Rescorla <[email protected]> wrote: >> It's not clear to me what this would do... P2PSIP already has a pretty clear >> authentication and authorization structure, so what would SAML bring >> to the party? > > > As far as I know, these solutions rely mostly on centralized > authentication authority, or adhoc approaches. > Using SAML with P2P SIP allows to include a broad category of > authentication solutions: centralized or decentralized approaches like > the web of trust approaches, this what I tried to introduce in my > paper (Trust Management in Peer-to-Peer SIP Using the Security > Assertion Markup Language). > The draft (draft-ietf-sip-saml-06.txt) defines a profile SAML to be > used with SIP, but the daft does not define a profile to be used with > P2P SIP.
I can't access this article because it's on IEEE Xplor, but I don't really see how this is going to work. P2P networks start to fall apart rapidly with significant fractions of malicious nodes. In a WoT system, you're not going to have any plausible information about the vast majority of the nodes in the network, so I don't see how this is going to be secure. If you submit a draft, I will of course take a look. -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
