I was asked at the last meeting to provide some proposals regarding WebSocket authentication.
I have attached my response - sorry that it is so late.
At the last meeting I was suggesting that no changes to the API would be required but on further reflection I agree with Binod that there are cases which are not easily mapped into our existing mechanisms.
I did not realise that Binod was also presenting a proposal.
On 13 November 2013 10:24, binod pg < <mailto: >> wrote:
As you know, the sip/websocket draft has changed since we released
EDR in terms of
authentication. The draft has more scenarios and requirements for
Please read section 7, A.1, A.2 and A.3 of the draft
The current situations is as follows.
- The Sip/Websocket server assigns an specific "sip identity"
after a user has logged into the
web application with any of the web authentication procedure.
- When the SIP messages reach the server on such a websocket
connection, the server is required
to validate that the identity in the SIP message matches with
the assigned "sip idenity". There is
no explanation about which sip header of the SIP message carries
the "sip identity".
For an application to support sip/websocket, we need the following
1) In the login-config element of the deployment descriptor, we
will support an additional identity-assertion-scheme
called "client-asserted-identity". By default
client-asserted-identity will be using "From" header for matching the
validation. Application can override the name of header used
by the element "identity-assertion-header".
1b) We can also allow application to invoke a method in
sipservletrequest to do the identity assertion.
This would let application to extract the identity
header it knows from the SIP message and assert the identity.
2) An http servlet in a converged application would want to access
the SIP identity (eg: to implement section A.2) assigned by the
container based on
container specific configuration.
The proposal is to let application access the SIP identity
p.s: We can potentially deprecate P-Asserted-Identity in favor of
Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. CafeX Communications.
Re: sip/websocket authentication.