> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Lawrence, Scott (BL60:9D30) > Sent: Tuesday, December 01, 2009 11:19 AM > > On Tue, 2009-12-01 at 11:06 -0500, Paul Mossman wrote: > > > > Looking at XX-6398... The authenticated peer system may be another > > instance of sipXecs, in which case the 'border element' will be > > sipXproxy, and not sipXbridge. > > > > I think the sipXbridge approach is as follows: > > - Add a central location to add/delete/modify "Authenticated Peer > > Identities". > > - Add a "Use Authenticated Peer Identity" property to SIP Trunk, > > allowing one of these identities to be selected. (sipXbridge will > > attach a corresponding X-Sipx-Authidentity to each incoming > > call that passes mutual TLS authentication.) > > > > What is the approach for sipXproxy? i.e. Is it able > > determine which peer identity to use as it does TLS authentication? > > > > Would the same peer identity ever be used for both a remote sipXecs > > system and an ITSP? > > No, but since the associations are the same, we might want to > make the configuration common (one file used by both). What > we need to associate is a TLS subject identifier with an > internal ~~id~<something> identity. >
How about this, then: peeridentities.xml (used by both sipXproxy and sipXbridge) <peeridentities xmlns="http://www.sipfoundry.org/sipX/schema/xml/peeridentities-00-00";> <peer trusteddomain="trusteddomain.com"> <internaluser>~~id~trusteddomain.com</internaluser> </peer> <peer anothertrusteddomain="10.10.1.2"> <internaluser>~~id~10.10.1.2</internaluser> </peer> </peeridentities> - one entry per trusteddomain - same user can be specified for multiple trusteddomains (?) For sipXbridge, the natural place to create a special user and specify permissions for it, is on the ITSP Account page. sipXconfig needs to do this (as part of http://track.sipfoundry.org/browse/XX-6398). Not sure where it would fit for sipXproxy. There are some config issues to be discussed: - is the special user visible to the administrator? - does he have to create it, or is it created automatically? Can he pick an existing user, if he wants to? - are permissions set for the special user as per the normal mechanisms, or in some other way? Carolyn _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
