Although only targeted at an Experimental RFC, I think it requires more
work.
In particular, relationship to RFC 4474 is unclear:
- "Step 3. AS Authorizes the SIP Request and Forwards it to Callee
First, the AS authorizes the received INVITE message as
specified in [RFC4474] and [RFC3261]."
But it then goes on to say nothing more about AS RFC 4474 behaviour.
Presumably it goes on and signs the request and inserts Identity and
Identity-Info header fields, but this is not explicit.
- "Step 4. Callee Dereferences HTTP-based SAML URI Reference
Bob's UAC or SIP Proxy receives the message and begins
verifying it per the "Verifier Behavior" specified in
[RFC4474]."
What exactly is meant by "begins verifying"?
And then the more detailed description in section 7:
- "This first portion of this step maps to Steps 3 and 4 of Section 5
"Authentication Service Behavior" of [RFC4474], which the AS MUST
perform, although with the following additional substeps:"
But what about steps 1 and 2?
"Steps 2, 3, and 4 of [RFC4474] Section 6 may be mapped across this
latter portion of this step, and/or the following two steps, as
appropriate."
What exactly does "mapped across" mean? I think it needs slightly more
explanation.
The role of the Identity-Info header field and how it relates to
SAML-Info are not mentioned.
An example showing SIP message contents would be useful.
The SAML-Info header field is not signed as part of the Identity
signature. Some discussion in Security Considerations as to why this is
not a problem might be appropriate.
Just a question. Is it usual to register values with IANA in an
Experimental RFC?
Response codes 477, 478 and 479 are included in the IANA section, but
only 479 is mentioned earlier in the document.
Section 7.2 seems to be incomplete, because it fails to say how the
assertion is conveyed in a SIP message.
John
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
