On Thu, 2006-05-25 at 11:54 +0100, Stephen Paterson wrote: > Is there any means by which a registrar can inform the UAC that this > behaviour is required? I guess it would be either as a parameter in the > WWW-Authenticate header or possibly another header. If there is, is it > mandatory?
The SIP model works thusly: It is assumed that the UA has already been configured with one or more sets of credentials. Each set of credentials has a realm, user, and password. There is at most one set of credentials with any particular realm. When an authentication challenge is presented, the challenge contains a realm, and the UA will respond using the credentials for that realm. (Of course, the see of credentials could be different for each "line", each AOR which is to be registered.) Note that whether the user in the credentials matches the user in the SIP URI is (implicitly) already known by the UA (once the realm is specified). What you seem to be asking about is a situation where the UA may change its behavior (apparently including the user that will be used in the authorization response) based on whether the server requires the credential user to be the same as the AOR user. But the UA doesn't have any flexibility in that regard. To allow that would require retooling the model of authorization behavior, and that might require changing other things. Dale --- interop.pingtel.com -- the public SIP phone interoperability test server _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
