Skip to main content

Poll: SIP/websocket authentication

  • From: binod pg < >
  • To:
  • Subject: Poll: SIP/websocket authentication
  • Date: Thu, 20 Mar 2014 11:48:06 +0530
  • Organization: Oracle Corporation

As explained in RFC 7118 (esp. section A.2 and A.3), web authentication can happen at a time before websocket
handshake. This would establish a web principal/identity with the container. RFC 7118 (A.2 and A.3) explains two ways
a SIP authentication happen
- During websocket handshake using the sip principal and a token encoded in websocket URL as explained in section A.2
- During websocket handshake using session cookie established during original HTTP authentication.

There is some mechanism needed to establish and authenticate the SIP principal in these situations. There are three options
given in 14.6.1 for this purpose.

Option 1: Provide a way for application to decide the mapped sip principal/identity corresponding to the web principal and pass it to the container.
Option 2: Container expose a non standard mechanism (eg: custom JAAS callback) to find the mapped sip principal/identity corresponding to the web principal.
To avoid application having to find the SIP identity without using non standard interfaces, provide a way for application to obtain the mapped sip identity.
Option 3: Do nothing. Container expose a non standard mechanism (eg: custom JAAS callback) to find the mapped sip principal/identity corresponding to the web principal.
Application find the mapping in its own way again unless it uses again another non standard mechanism to obtain the mapped principal from the container or
                 the implementation of container exposed interfaces.

I would like to know EG members opinion on this topic to decide which way we should go. Please vote.

thanks,
Binod.


Poll: SIP/websocket authentication

binod pg 03/20/2014
 
 
Close
loading
Please Confirm
Close