Skip to main content

Trait-Based Authorization Requirements for the Session Initiation Protocol (SIP)
RFC 4484

Revision differences

Document history

Date Rev. By Action
2015-10-14
02 (System) Notify list changed from gonzalo.camarillo@ericsson.com, dean.willis@softarmor.com, rohan@ekabal.com, jon.peterson@neustar.biz, hannes.tschofenig@siemens.com, jmpolk@cisco.com, fluffy@cisco.com to fluffy@cisco.com, rohan@ekabal.com, dean.willis@softarmor.com
2012-08-22
02 (System) post-migration administrative database adjustment to the No Objection position for Russ Housley
2006-09-08
02 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2006-09-08
02 Amy Vezza [Note]: 'RFC 4484' added by Amy Vezza
2006-08-31
02 (System) RFC published
2006-02-23
02 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2006-02-23
02 Amy Vezza IESG state changed to Approved-announcement sent
2006-02-23
02 Amy Vezza IESG has approved the document
2006-02-23
02 Amy Vezza Closed "Approve" ballot
2006-02-23
02 Allison Mankin
2006-02-23
02 Allison Mankin State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Allison Mankin
2006-02-23
02 Russ Housley [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley
2006-02-22
02 Allison Mankin
I've had a side conversation with James Polk about this and we're wondering
if we can amend the Note not to mention the TLS document.  …
I've had a side conversation with James Polk about this and we're wondering
if we can amend the Note not to mention the TLS document.  Reasons:
the TLS draft is so very early in its life (about 2 weeks); this is
not a solutions document, so there's no need for much detail on
possible solutions; there's no way for this particular draft, versus
a follow-on, to look at the security implications of TLS use in
a prospective SIP-SAML or SIP-3281 design.

So the proposed alternative, saving review of a TLS usage for later work:

******
Section 5, Trait-Based Authorization Requirements

OLD:
7. The mechanism MUST have a single baseline mandatory-to-
  implement authorization assertion scheme.  The mechanism MUST
  also allow support of other assertion schemes, which would be
  optional to implement.  One example of an assertion scheme is
  SAML [6].

NEW:
7. The mechanism MUST have a single baseline mandatory-to-
  implement authorization assertion scheme.  The mechanism MUST
  also allow support of other assertion schemes, which would be
  optional to implement.  One example of an assertion scheme is
  SAML [6] and another is RFC 3281 X.509 Attribute Certificates [7]:

Please add a new Informative reference [7] to RFC 3281.

******
2006-02-21
02 Allison Mankin
No word from G. - set up a Note to the RFC Editor and sent a clear
request to Russ

To:      housley@vigilsec.com
cc:  …
No word from G. - set up a Note to the RFC Editor and sent a clear
request to Russ

To:      housley@vigilsec.com
cc:      jon.peterson@neustar.biz, gonzalo.camarillo@ericsson.com,
        fluffy@cisco.com, hannes.tschofenig@siemens.com,
        douglas.sicker@colorado.edu, jmpolk@cisco.com
From:    Allison Mankin <mankin@psg.com>
Subject: Resolving Russ's Discuss on draft-ietf-sipping-trait-authz

Reply-To: mankin@psg.com

Hi, Russ,

As I suggested to you on the telechat last week, and Jon and you
concurred, I've put a Note to the RFC Editor in the tracker for your
Discuss on draft-ietf-sipping-trait-authz.

What do you think of this, can you clear?

Section 5, Trait-Based Authorization Requirements

OLD:
7. The mechanism MUST have a single baseline mandatory-to-
  implement authorization assertion scheme.  The mechanism MUST
  also allow support of other assertion schemes, which would be
  optional to implement.  One example of an assertion scheme is
  SAML [6].

NEW:
7. The mechanism MUST have a single baseline mandatory-to-
  implement authorization assertion scheme.  The mechanism MUST
  also allow support of other assertion schemes, which would be
  optional to implement.  One example of an assertion scheme is
  SAML [6] and another is RFC 3281 X.509 Attribute Certificates
  [7]. A work in progress, Transport Layer Security (TLS)
  Authorization Extensions [8], would allow either SAML or RFC
  3281
to be supported with the TLS handshake.

Please add two new Informative references:
[7] RFC 3281
[8] Brown, M. and Housley, R., Transport Layer Security (TLS)
    Authorization Extensions, <draft-housley-tls-authz-extns-00.txt>,
    February 2006

Authors, Gonzalo (as shepherd), any comments?  This extends the example
security technology for the future work, making sure it is remembered for
assessment at the next stage.
2006-02-17
02 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2006-02-17
02 (System) Removed from agenda for telechat - 2006-02-16
2006-02-16
02 Sam Hartman
[Ballot comment]
It would be strongly desired if section 5 made it clear that reference
integrity needs to be able to be cryptographically bound between …
[Ballot comment]
It would be strongly desired if section 5 made it clear that reference
integrity needs to be able to be cryptographically bound between the
assertion and the referenced item.
2006-02-16
02 Sam Hartman [Ballot Position Update] New position, No Objection, has been recorded for Sam Hartman by Sam Hartman
2006-02-15
02 Ted Hardie [Ballot Position Update] New position, No Objection, has been recorded for Ted Hardie by Ted Hardie
2006-02-15
02 Michelle Cotton IANA Comments:
As described in the IANA Considerations section, we understand this document to have NO IANA Actions.
2006-02-14
02 Brian Carpenter [Ballot Position Update] New position, No Objection, has been recorded for Brian Carpenter by Brian Carpenter
2006-02-13
02 Russ Housley
[Ballot discuss]
It seems to me that SAML and X.509 Attribute Certificates (see RFC 3281)
  both support the requirements listed in this document.  …
[Ballot discuss]
It seems to me that SAML and X.509 Attribute Certificates (see RFC 3281)
  both support the requirements listed in this document.  Please update
  requirement 7 to offer RFC 3281 as a possible solution, and include it
  as an informative reference.  I hope the WG will consider both SAML and
  RFC 3281.  I suspect that RFC 3281 will be easier to integrate with the
  S/MIME security mechanisms that are already part of SIP.  Also,
  draft-housley-tls-authz-extns proposes a way to include both SAML and
  RFC 3281 in the TLS Handshake Protocol.
2006-02-13
02 Russ Housley [Ballot Position Update] New position, Discuss, has been recorded for Russ Housley by Russ Housley
2006-02-09
02 Allison Mankin State Changes to IESG Evaluation from Publication Requested by Allison Mankin
2006-02-09
02 Allison Mankin State Change Notice email list have been change to gonzalo.camarillo@ericsson.com, dean.willis@softarmor.com, rohan@ekabal.com, jon.peterson@neustar.biz, hannes.tschofenig@siemens.com from gonzalo.camarillo@ericsson.com, dean.willis@softarmor.com, rohan@ekabal.com
2006-02-09
02 Allison Mankin [Note]: 'PROTO shepherd gonzalo.camarillo@ericsson.com' added by Allison Mankin
2006-02-09
02 Allison Mankin [Ballot Position Update] New position, Yes, has been recorded for Allison Mankin
2006-02-09
02 Allison Mankin Ballot has been issued by Allison Mankin
2006-02-09
02 Allison Mankin Created "Approve" ballot
2006-02-09
02 (System) Ballot writeup text was added
2006-02-09
02 (System) Last call text was added
2006-02-09
02 (System) Ballot approval text was added
2006-02-09
02 Allison Mankin Placed on agenda for telechat - 2006-02-16 by Allison Mankin
2006-02-09
02 Allison Mankin
This is ready for the IESG.  It needs to be understood as a design
document, with the examples as possible directions, not as a constituency …
This is ready for the IESG.  It needs to be understood as a design
document, with the examples as possible directions, not as a constituency
for a currently chartered SIP extension.  Will check again
and issue a writeup making this clear enough.
2006-01-30
02 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2006-01-27
02 (System) New version available: draft-ietf-sipping-trait-authz-02.txt
2005-02-17
01 (System) New version available: draft-ietf-sipping-trait-authz-01.txt
2004-02-12
00 (System) New version available: draft-ietf-sipping-trait-authz-00.txt