On Mon, 2008-12-15 at 15:03 -0500, Dale Worley wrote: > On Mon, 2008-12-15 at 11:26 -0500, Lawrence, Scott (BL60:9D30) wrote: > > > If the proxy is already authorizing the request, could we not just > > > check the p-asserted identity signature in the message instead of > > > challenging it again? > > > > As long as the PAI header signature is associated with the callid I see > > no reason not to... is the PAI signature time-limited? > > If we're going to treat PAI as equivalent to Authorization, why > shouldn't we treat PAI, Authorization, and Proxy-Authorization as > equivalent?
I'd like to preserve the ability to write things independently of our equivalences. The sipXtackLib support for authentication should implement good practice for a SIP implementation, which includes knowing which authorization headers you asked for and therefor which you attend to. PAI is by defintion domain-specific, and so it's reasonable (and efficient) for our services to take advantage of it when it's present. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
