sip.edu - Re: [sip.edu] thoughts on authentication
Subject: SIP in higher education
List archive
- From: Jeremy George <>
- To:
- Subject: Re: [sip.edu] thoughts on authentication
- Date: Mon, 12 Jul 2004 09:02:58 -0400 (EDT)
Except that what I really need to do is register with my home proxy
so that I can receive incoming calls to my well-known address. Since
all of integrated communications is distance insensitive what I'd need
would be network level access, not application level. In that context
federated trust would have some value. The question remaining is would
that amount to killing a flea with a cannon?
- Jeremy
On Sat, 10 Jul 2004, Renee Shuey wrote:
> Date: Sat, 10 Jul 2004 06:55:07 -0400
> From: Renee Shuey
> <>
> Reply-To:
>
> To:
>
> Subject: Re: [sip.edu] thoughts on authentication
>
> Wouldn't it be cool if when I visited Penn (or better yet Hawaii) I
> could logon to your network authenticating against my Penn State
> security server (not UPenn) and then be "authorized" as a guest to have
> access to certain services such as these. Maybe this falls under the
> use cases for "federating" identity for sip.
>
> just thinking......
> Renee'
>
> Steve Blair wrote:
>
> >
> > Yul:
> >
> > I've tried a number of approaches. I'm not sure if Penn has settled
> > on one method yet. Our proxy currently requires anyone who
> > registers to authenticate, registered users must be in a specific
> > group to use the PSTN and our PSTN gateway has ACLs to limit
> > access on the LAN side. We also log the remote domain name for
> > inbound IP calls. We don't do any other "filtering" on IP calls.
> >
> > -Steve
> >
> > Yul Pyun wrote:
> >
> >> I'm interested in finding out what other campuses are doing or what
> >> your thoughts are in regards to UA registration and authentication.
> >>
> >> It seems to me that there are at least two distinct functions when it
> >> comes to authentication: 1) processing registration, and 2)
> >> processing INVITES.
> >>
> >> My thoughts are that:
> >> 1) You want to authenticate those UAs that belong to your domain when
> >> they register, regardless of where they are registering from, and
> >> deny registration of all other UAs. If you don't authenticate, then
> >> potentially anyone can register with your Registrar, and basically
> >> spoof the calls as if they are part of your organization. I'd rather
> >> not be in the business of providing registration/proxy services to
> >> the entire net.
> >>
> >> 2) You want to be able to receive calls (INVITES) from anyone on the
> >> net, or perhaps narrow it down by use of ACL. Analogy would be my
> >> pbx phone...anyone in the world can call me if they my number.
> >>
> >> Thoughts/comments?
> >>
> >> -Yul
> >> ----------------------------------------------------
> >> Yul Pyun,
> >>
> >>
> >> <mailto:>
> >> University of Hawaii
> >
> >
> >
> >
>
>
--
- thoughts on authentication, Yul Pyun, 07/09/2004
- Re: [sip.edu] thoughts on authentication, Steve Blair, 07/10/2004
- Re: [sip.edu] thoughts on authentication, Renee Shuey, 07/10/2004
- Re: [sip.edu] thoughts on authentication, Steve Blair, 07/10/2004
- Re: [sip.edu] thoughts on authentication, Renee Shuey, 07/12/2004
- Re: [sip.edu] thoughts on authentication, Jeremy George, 07/12/2004
- Re: [sip.edu] thoughts on authentication, Steve Blair, 07/10/2004
- Re: [sip.edu] thoughts on authentication, Renee Shuey, 07/10/2004
- Re: [sip.edu] thoughts on authentication, Steve Blair, 07/10/2004
Archive powered by MHonArc 2.6.16.