- From: binod pg <
- Subject: sip/websocket authentication.
- Date: Wed, 13 Nov 2013 15:54:44 +0530
- Organization: Oracle Corporation
As you know, the sip/websocket draft has changed since we released EDR
in terms of
authentication. The draft has more scenarios and requirements for
Please read section 7, A.1, A.2 and A.3 of the draft
The current situations is as follows.
- The Sip/Websocket server assigns an specific "sip identity" after a
user has logged into the
web application with any of the web authentication procedure.
- When the SIP messages reach the server on such a websocket connection,
the server is required
to validate that the identity in the SIP message matches with the
assigned "sip idenity". There is
no explanation about which sip header of the SIP message carries the
For an application to support sip/websocket, we need the following changes.
1) In the login-config element of the deployment descriptor, we will
support an additional identity-assertion-scheme
called "client-asserted-identity". By default
client-asserted-identity will be using "From" header for matching the
validation. Application can override the name of header used by
the element "identity-assertion-header".
1b) We can also allow application to invoke a method in
sipservletrequest to do the identity assertion.
This would let application to extract the identity header it
knows from the SIP message and assert the identity.
2) An http servlet in a converged application would want to access the
SIP identity (eg: to implement section A.2) assigned by the container
container specific configuration.
The proposal is to let application access the SIP identity using
p.s: We can potentially deprecate P-Asserted-Identity in favor of