Bob wrote: > > http://track.sipfoundry.org/browse/XX-6961, we need > sipXbridge to add > > a signed X-Sipx-Authidentity header to TLS calls it presents to the > > proxy, containing the appropriate special trusted peer user id > > configured for that connection. > > I am trying to understand what the relationship is here. > > Does it make sense to add the peer user id into each itsp-account > > section of sipxbridge.xml, as follows? > > > > <itsp-account> > > <itsp-proxy-domain>othertrusteddomain.com</itsp-proxy-domain> > > <itsp-proxy-address>othertrusteddomain.com</itsp-proxy-address> > > <peer-user>~~peer~othertrusteddomain.com</peer-user> > > > > How many of these special peer users do we expect to have? > > just one (in which case we have one ~~peer~trusteddomain > special user) > > or one per "peer system configured" (in which case we have > something > > like > > ~~peer~<peer>). Any other suggestions for xml tag name or > sipx user > > id? > > I'd say that peers should be on a per ITSP account basis. > Also, two distinct TSP accounts should be allowed to use the > same peer.
Looking at XX-6398... The authenticated peer system may be another instance of sipXecs, in which case the 'border element' will be sipXproxy, and not sipXbridge. I think the sipXbridge approach is as follows: - Add a central location to add/delete/modify "Authenticated Peer Identities". - Add a "Use Authenticated Peer Identity" property to SIP Trunk, allowing one of these identities to be selected. (sipXbridge will attach a corresponding X-Sipx-Authidentity to each incoming call that passes mutual TLS authentication.) What is the approach for sipXproxy? i.e. Is it able determine which peer identity to use as it does TLS authentication? Would the same peer identity ever be used for both a remote sipXecs system and an ITSP? -Paul [email protected] _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
