Dale Worley wrote: > On Mon, 2008-12-15 at 22:09 +0000, Scott Lawrence wrote: >> On Mon, 2008-12-15 at 15:03 -0500, Dale Worley wrote: >>> On Mon, 2008-12-15 at 11:26 -0500, Lawrence, Scott (BL60:9D30) wrote: >>>>> If the proxy is already authorizing the request, could we not just >>>>> check the p-asserted identity signature in the message instead of >>>>> challenging it again? >>>> As long as the PAI header signature is associated with the callid I see >>>> no reason not to... is the PAI signature time-limited? >>> If we're going to treat PAI as equivalent to Authorization, why >>> shouldn't we treat PAI, Authorization, and Proxy-Authorization as >>> equivalent? >> I'd like to preserve the ability to write things independently of our >> equivalences. The sipXtackLib support for authentication should >> implement good practice for a SIP implementation, which includes knowing >> which authorization headers you asked for and therefor which you attend >> to. >> >> PAI is by defintion domain-specific, and so it's reasonable (and >> efficient) for our services to take advantage of it when it's present. > > It sounds like the correct solution is to have two levels of functions: > > One function(s) is the current get-authorization-info function, which > extracts a specified value from the specified type of header. > > The other function(s) should encapsulate "how a proxy (or server) tests > the authentication/authorization of a message", and would take into > account sipX's equivalence of the three headers. (This has the > advantage that we can factor out all that code in all the components, > and ensure that they work consistently.) > > Can we nicely encapsulate all that logic so as to build the second > function? >
I agree with this. If there are no objections, I will go ahead and make the changes to the RLS and Status Server. Arjun _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
