Many of the SIP security mechanisms share the same fate: They are far
ahead of the actual SIP deployment. This is true for SIP Identity, SIP
CERT, SIP SAML, End-to-End Security, etc. When we started the SAML work
we looked at what was going on at that time in the HTTP space. Without
doubt the entire application layer identity management space found a lot
of excitement. There is a lot of standardization being done and also a
lot of deployment taking place. With the SIP space that was obviously a
bit different and deployments today focus largely on voice (and there
not even on end-to-end SIP-based communication).
For example: Look at what is being used in XMPP. There is no
equalivalent of SIP Identity -- folks are currently looking into
providing certificates for server-to-server communication.
Even though they are, from a deployment point of view, ahead they are
not even close to where we are with our documents.
Ciao
Hannes
PS: I also believe that the SIP Identity case isn't an easy one either.
The guys that would make use of SIP Identity for a deployment where the
two SIP proxies talk to each other there would not be a need for SIP
Identity since you are essentially replicating what TLS provides you at
a lower layer already. In cases where there many SIP proxies along the
path SIP Identity would be useful since it provides protection against
any one of them being malicious. However, the guys who favour such a
deployment model are the onces that believe very much in the chain of
trust (hop-by-hop security). They have no interest in using SIP Identity.
Dan Wing wrote:
draft-ietf-sip-saml
-- I'm not sure this one is ever getting done.
So I'm not sure there's enough there to justify a WG.
How about an "Identity in SIP" working group that takes on
fixing RFC 4474 for gateways/b2buas and possibly considers
identity/role assertion using SAML?
I agree we need that. I have tried, and so far failed, to
initiate activity towards such an effort.
-d
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
