Keith, I understand that some service providers expect PAI to identify the charged user, so accepting any PAI value outside the legitimate range of the authenticated entity from which the request is received (e.g., authenticated at the IPSEC or TLS level) causes them grief. Hence, considering an enterprise network to be part of their trust domain is problematic for these service providers. In my opinion, the From URI is more likely to pass through unchanged than the PAI. But perhaps the best chance of success is to place the e2e-authenticated identity in some other header field.
John > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of DRAGE, Keith (Keith) > Sent: 10 July 2008 10:56 > To: Jonathan Rosenberg; Adam Roach > Cc: [email protected]; Michael Thomas; Dan Wing > Subject: Re: [Sip] Signing P-Asserted-Identity > > If you are talking enterprise to some sort of public service provider > you will get both cases happening, and possibly on the same interface > between the two providers. > > It may well be distinguished based on whether the traffic is public > network traffic or private network traffic, see the definitions in > > http://www.ietf.org/internet-drafts/draft-vanelburg-sipping-pr > ivate-netw > ork-indication-01.txt > (revision expected shortly) > > For public network traffic, the situation you are talking > about has wide > acceptance for the PSTN in the US, but virtually no appearance in the > PSTNs of some European countries. When these operators go to > IP, you can > expect the same approach to P-Asserted-Identity. > > For private network traffic, I would expect the trust domain to > encompass the enterprise and the public service provider for > the support > of such a capability to make any sense, but there are still > some awkward > public service providers out there. > > Regards > > Keith > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Jonathan Rosenberg > > Sent: Wednesday, July 09, 2008 11:28 PM > > To: Adam Roach > > Cc: [email protected]; 'Michael Thomas'; Dan Wing > > Subject: Re: [Sip] Signing P-Asserted-Identity > > > > I had assumed enterprises would be part of the trust domain > > of the provider. > > > > -Jonathan R. > > > > Adam Roach wrote: > > > On 7/9/08 5:04 PM, Jonathan Rosenberg wrote: > > >> Bringing this back to the original topic: > > >> > > >> I did not think Hadriels draft was proposing that PAI get > > stripped at > > >> that boundary. > > > > > > From the abstract: "The use of these extensions is only > applicable > > > inside a set of administrative domains with previously > agreed-upon > > > policies for generation, transport and usage of such information." > > > > > > This means that there's either an agreement with the ITSPs > > (which I'm > > > arguing have demonstrably no interest in making this > > happen), or the > > > information is stripped before handing to the ITSPs. Or am > > I missing > > > something? > > > > > > /a > > > > > > > -- > > Jonathan D. Rosenberg, Ph.D. 499 Thornall St. > > Cisco Fellow Edison, NJ 08837 > > Cisco, Voice Technology Group > > [EMAIL PROTECTED] > > http://www.jdrosen.net PHONE: (408) 902-3084 > > http://www.cisco.com > > _______________________________________________ > > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol Use > > [EMAIL PROTECTED] for questions on current sip > > Use [EMAIL PROTECTED] for new developments on the application of sip > > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
