With this checkin, the authorization behavior of sipXproxy changes in an important way.
Previously, the proxy only challenged an INVITE if the target required some permission - for example, if the call was going to some gateway in the default dial plans. A call from one extension to another was not challenged because in the default dial plans that does not require any permission. Starting with 3.11.5-013330, the proxy will _also_ challenge any unauthenticated INVITE whose From address identity is that of a user (that is, the [EMAIL PROTECTED] part appears as an identity in the credentials database). When the INVITE is authenticated, the proxy adds a P-Asserted-Identity header to it as it is forwarded. This authentication can be used by any other sipXecs component in the cluster (it is signed), and may be used by ITSPs in SIP trunk configurations. > Subject: sipXecs 13330 xmlscott: [XECS-1426] RFC 3325 > (P-Asserted-Identity) support for sipXproxy > Date: Fri, 5 Sep 2008 20:58:51 -0400 > > Project > sipXecs > New Revision > 13330 > Committer > xmlscott (Scott Lawrence) > Date > 2008-09-05 20:58:51 -0400 (Fri, 05 > Sep 2008) > Log > > [XECS-1426] RFC 3325 (P-Asserted-Identity) support for sipXproxy > contributed by Huijun Yang > > > > Modified: > * main/sipXproxy/include/SipRouter.h > * main/sipXproxy/lib/authplugins/test/EnforceAuthRulesTest.cpp > * main/sipXproxy/src/SipRouter.cpp > * main/sipXtackLib/include/net/SipXauthIdentity.h > * main/sipXtackLib/src/net/SipXauthIdentity.cpp > main/sipXtackLib/src/test/net/SipXauthIdentityTest.cpp.in _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
