Hi; The authenticated user is extracted from the credentials provided in the response. If there are no credentials, the REGISTRAR did not challenge the request, the From may be taken as the person responsible for the registration.
Rgs Diego B Mushtaq Ilyas wrote: > "To: The To header field contains the address of record whose > registration is to be created, queried, or modified. The To header > field and the Request-URI field typically differ, as the former > contains a user name. This address-of-record MUST be a SIP URI or > SIPS URI." > > "From: The From header field contains the address-of-record of the > person responsible for the registration. The value is the same as > the To header field unless the request is a third- party > registration." > > " 4. The registrar SHOULD determine if the authenticated user is > authorized to modify registrations for this address-of-record. For > example, a registrar might consult an authorization database that > maps user names to a list of addresses-of-record for which that user > has authorization to modify bindings. If the authenticated user is > not authorized to modify bindings, the registrar MUST return a 403 > (Forbidden) and skip the remaining steps." > > My question is the authenticated user in the last paragraph above is > a) extracted from the Request-Uri? > b) the aor in the From header field? > > Regards > Mushtaq Ilyas > > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
