Hi,
Though authentication may be required at any level, at the first, last or any
other proxy, in practical cases it may not be required at all the levels.
Whether a particular proxy will ask you for authentication depends on the
"administrative policies" of that particular proxy.
The issue of multiple authentication may happen because of the administrative
policies at different servers and I doubt whether the protocol has got
anything to do with it. Usually when you are making a call through different
proxies you may not be asked for authentication at many places
rgds,
Philip
-----Original Message-----
From: Ford Cheng (Leela) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 31, 2001 12:41 PM
To: Shashidhara S G
Cc: [EMAIL PROTECTED]
Subject: RE: [Sip-implementors] About the authentication and authorization in
inplementation!!!
But I think it is hard for User A to have so many authentication information
in different
Proxies, just as what you listed, I have one doubt:
A-- PA-- PB-- B
Then in implementation, it would be very difficult, then it would cause
a lot of problems, for example, If A call C with different proxies,
such as A--PA--PC--C, then if this request is passed through different
proxied, A would have the corresponding username and password in
different proxies, in implementation, is it possible?
For example , A is in U.S.A, A calls a user B in Japan, suppose there
is a PA in american , A will be validated in PA, a PB in Japan, then
A has to have corresponding information in PB, how can A register his
informaiton
in Proxy B in Japan , use what command?
I think SIP structure can refer H.323, according to my limited knowledge,
I think H.323 only authenticate one GK, there is no need for it to authticate
in
different GK!!
This is my opinion!
Best regards!
Yours: Ford
-----Original Message-----
From: Shashidhara S G [ mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ]
Sent: Wednesday, January 31, 2001 11:18 AM
To: Ford Cheng (Leela); [EMAIL PROTECTED]
Subject: RE: [Sip-implementors] About the authentication and
authorization in inplementation!!!
HI,
Authentication may be required at the end proxy.
take example
A sends INVITE to B
A is behind proxy PA and B is behind PB
even if A is authenticated from PA, PB wants to authenticate A if is allowed
to enter the domain of PB to reach B.
So Authentication may be required at each proxy
--shashi
-----Original Message-----
From: Ford Cheng (Leela) [ mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ]
Sent: Wednesday, January 31, 2001 11:46 AM
To: [EMAIL PROTECTED]
Subject: [Sip-implementors] About the authentication and authorization in
inplementation!!!
Dear All:
I have one question to consult, in implementation, about the AAA
for SIP . I think in implementation, there is no need to Authenticate
SIP message for each Proxy.
I think authentication is needed when SIP message pass through
the first Proxy, how to judge it, I think it can be judged from Via headers,
if there are more Via headers, then there is no need to authenticate?
that is , we should think the following SIP Proxies are trusted with IPSEC.
One example is I were a user with account [EMAIL PROTECTED], I send a SIP
message
from the proxy of Yahoo.com, then yahoo.com requires me for authentication,
the following proxy, no matter what it is, in implementation, I think there
is no for
me need to authenticate
Could any one give me some sugestion?
I am looking forwards to getting your reply as soon as possible!
Best regards!
Yours: Ford
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
