Thanks, Unfortunately in this case the big provider's choice is poor and we (servers in his domain) face difficult interoperability :) Anyway I see that I can't use redirection for load balancing in NW where my servers are not trusted.
Thanks again MD -----Original Message----- From: Scott Lawrence [mailto:[EMAIL PROTECTED] Sent: Monday, April 18, 2005 2:58 PM To: Masha Dorfman Cc: [email protected] Subject: RE: [Sip-implementors] redirection and authentication interwork On Mon, 2005-04-18 at 12:09 +0300, Masha Dorfman wrote: > I saw in http://www.atm.tut.fi/list-archive/sip/msg09116.html that "Setting > up a configuration that requires different credentials for the same realm at > different servers" > is not interesting theme. Still it's exactly the real configuration we are > forced to work with. > And still it's not exactly what my question is about. > I ask whether it's correct to use the same credentials from two different > servers in the same domain - one for registration and another for call (after > redirection). It is poor system design for the servers to use the same realm and expect different credentials. There is no reason not to use the same credentials with different servers if they will accept them (the right way for the servers to express the fact that this is true would be to use the same realm, and/or the 'domain' attribute in the WWW-Authenticate header, but they are not _required_ to do so). > Is NW allowed to verify authentication using not only credentials but IP > address also? > Is it defined anywhere? Servers may use anything they want to for authorization. When they choose poorly, they make interoperability difficult. -- Scott Lawrence, Consulting Engineer Pingtel Corp. http://www.pingtel.com/ +1.781.938.5306 x162 or sip:[EMAIL PROTECTED] _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
