On Thu, 2005-12-08 at 08:33 -0600, Kasturi Narayanan wrote: > And also as the name suggests it is a Proxy-Authorization and it needs to be > consumed by a proxy before forwarding it to a UAS. So one of the proxies has > to consume it. Ideally that will be proxy which challenged the user for that > Realm.
There is no reason that a proxy *needs* to consume a Proxy-Authorization header. Like all authorization headers, it is additive -- adding authorization headers to a request can only increase the number of SIP agents that are willing to process it. The whole concept of "consuming" authorization headers (or any other header) is a Bad Idea and should never be done. > But if the Proxy is transaction stateful, it will be able to detect that it > is a spiraled request and if it had already authorized it based on the > previous info it can always skip it. That depends on the sort of transaction-stateful the proxy implements. Some proxies (e.g., sipX) are stateful in regard to a request and its corresponding response, but they do not associate a request and a spiraled later leg of the request. There is also the failure mode where two different proxies in a chain authenticate against the same realm. If the first proxy "consumes" all Proxy-Authorization headers for that realm, the second proxy will *never* pass the request because the UA can never get a Proxy- Authorization for that realm to it. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
