Hi, Gonzalo But my question is when and how the rules are provided? For conferencing with pre-defined group the rules are typically specified by group owner (user). How about ad hoc conference? I think currently in PoC ad hoc session, the rules are only local policy for PoC Server, but not provided by initiator, right? If there is a mean for initiator to manipulate rules after session is created, it seems there is a risk after conf is created but rules are not ready. Some attendees may do something bad which is out of control during that period. This is not expected by the initiator. BR, Linyi
-----Original Message----- From: Gonzalo Camarillo [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 17, 2007 3:54 PM To: Linyi Tian Cc: [email protected] Subject: Re: [Sip] Comments and questions todraft-ietf-sip-uri-list-conferencing-01.txt Hi Linyi, > (1) On section "5. Conference Server Procedures" > Many conference servers have restriction to maximum number of attendees > for conference. If the users of 'recipient-list' exceeds the limitation, > what status code should be returned? I would return a 403 (Too many recipients). > --------------------------------------- > 7. Security Considerations > This document discusses setup of SIP conferences using a > request-contained URI-list. Both conferencing and URI-lists services > have specific security requirements which will be summarized here. > Conferences generally have authorization rules about who can or cannot > join a conference, what type of media can or cannot be used, etc. This > information is used by the focus to admit or deny participation in a > conference. It is RECOMMENDED that these types of authorization rules > be used to provide security for a SIP conference. > ---------------------------------------- > (2) When and how the authorization rules are specified and applied to > the conference? Before the conference creation seems not possible since > Conf-URI is not assigned. If specified after the conference creation, it > seems there is a risk after conf is created but rules are not ready. > Some attendees may do something bad which is out of control during that > period. They are applied at conference creation. The server receives the request, creates the conference with its rules, and only adds the participants in the list if those rules allow it to do it. This is already implemented in the OMA PoC (Push-to-talk over Cellular) service. Thanks for your comments, Gonzalo _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
