70 likes | 77 Vues
Explore how utilizing Security Assertion Markup Language (SAML) with SIP can enhance trait-based authorization in a collaborative setting. Learn about models, parties involved, and open issues to address. Share your feedback and queries!
E N D
<draft-tschofenig-sip-saml-00.txt> H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander Using SAML for SIP
Overview • <draft-ietf-sipping-trait-authz-00.txt> presents • a problem statement • scenarios and • requirements • Using Security Assertion Markup Language (SAML) in collaboration with SIP provides a solution for trait-based authorization.
Draft Content - In a Nutshell • Three parties: • User • Asserting Party (creates Assertions/Artifact) = "Authentication Server" • Relying Party (verifies Assertions/Artifact) • SAML Push Model • Uses Assertions in a "Call by value" style • SAML Pull Model • Uses Artifacts in a "Call by reference" style • Two ways of attaching the Assertions/Artifacts • Separate exchange with the Authentication Server • SIP messages traverse Authentication Server
Open Issues (1) • Issue: • Reference integrity of SAML Assertions and SIP sessions • Proposal: • Reuse existing work by Jon • Issue: • Where should the Assertions be attached? • Proposal: • SIP UA adds Assertions in body; SIP proxies add them by reference (Artifacts) in the SIP header
Open Issue (2) • Issue: • Artifact should include a URL to enable easier dereference • Proposal: • Change it with the next version of the draft • Issue: • Option-tags need to be introduced(required / supported option-tag) • Proposal: • Add them with the next version
Open Issue (3) • Further issues: • Relationship with Liberty Alliance • More details for the described scenarios Please send comments!