Re: [Sip-implementors] Resend : Declining presence info authoriza tion and privacy

Mon, 02 Dec 2002 18:23:39 -0800 

I'll take a stab at these questions, see below...

Kedar Patil wrote:
Resending the unanswered question.


thanks,

= Kedar =


-----Original Message-----
From: Kedar Patil [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 26, 2002 3:24 PM
To: [EMAIL PROTECTED]
Subject: [Sip-implementors] Declining presence info authorization
and privacy

Hi,


I have 2 questions on privacy of declined Presence subscriptions:


==== RFC 3265/SIP-Specific Event Notification ============
Section 3.1.6.3. Authentication/Authorization of SUBSCRIBE requests


If the notifier owner is interactively queried to determine whether a
subscription is allowed, a "202 Accept" response is returned
immediately.

==============================================


Q1. If a watcher receives 202 response to SUBSCRIBE and no more NOTIFY

messages (except the first one), does not it mean that
subscribed-UA

has declined to authorize watcher? Is it not a breach of privacy?


Not necessarily. The watcher can't distinguish between a notifier having no events to report and one that has failed to authorize the watcher for the duration of the subscription. In addition, the watcher doesn't know that failure to receive a NOTIFY when the subscription expires is due to UA/network problems vs. the watcher wasn't authorized in the first place. So the behavior specified reveals the minimum information on the authorization of the subscription.


          I think, had the watcher received a 200 response, there would
    not have been any

          way for watcher to know that the authorization was declined.

I think the same logic can be applied whether a 202 or 200 is sent. However, 200 has different semantics for other SIP methods so it wasn't used for this case.





Q2. A Presence Server receives a SUBSCRIBE request, a 202 resp. is sent,

an imm.NOTIFY is sent.

Now, if the subscription authorization is declined and the
notifier does not

wish to convey that such authorization has been declined for
privacy

reasons, what is the best way to reject and thus close the
subscription

dialog?


The Presence Server silently discards subscription state. The dialog remains for the watcher until expired, but this is OK since the Presence Server wished to conceal the non authorization.

Regards,
Bert




thanks in advance,

= Kedar =



_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to