SIP AAI a possibility for TF-EMC2 and TF-ECS cooperation

Slides:

Advertisements

Similar presentations

SIP(Session Initiation Protocol) - SIP Messages

Advertisements

SIP, Presence and Instant Messaging

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

Signaling: SIP SIP is one of Many ITU H.323 Originally for video conferencing The first standard protocol for VoIP Still in wide usage, but negative.

Session Initiation Protocol Winelfred G. Pasamba.

Session Initiation Protocol (SIP) By: Zhixin Chen.

A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University

12/05/2000CS590F, Purdue University1 Sip Implementation Protocol Presented By: Sanjay Agrawal Sambhrama Mundkur.

CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.

SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.

Agenda Introduction to 3GPP Introduction to SIP IP Multimedia Subsystem Service Routing in IMS Implementation Conclusions.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

SOURCE IDENTITY (ORIGIN AUTHENTICATION) Henning Schulzrinne May 31, 2013 draft-peterson-secure-origin-ps-00.

AARNet Copyright 2011 Network Operations SIP Deep Dive Bill Efthimiou APAN33 SIP workshop February 2012.

Membership and Media Management in Centralized Multimedia Conferences based on Internet Engineering Task Force Protocol Building Blocks Author: Ritu Mittal.

Session Initialization Protocol (SIP)

Session Initialization Protocol (SIP) Presented by: Aishwarya Gurazada CISC856: TCP/IP and upper layer protocols May 5 th 2011 Some slides borrowed from.

Via contains the address at which the originator is expecting to receive responses to this request. Mandatory To contains a display name and a SIP URI.

SIP Session Initiation Protocol Short Introduction Artur Hecker, ENST.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

VoIP Billing Solutions Company PortaSIP.

Signaling & Network Control 7th Semester

Session Initiation Protocol Team Members: Manjiri Ayyar Pallavi Murudkar Sriusha Kottalanka Vamsi Ambati Girish Satya LeeAnn Tam.

1 © 2004, Cisco Systems, Inc. All rights reserved. VVT-A01 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public SIP Location Conveyance draft-ietf-sip-location-conveyance-04.txt.

SIP/RTSP convergence draft-whitehead-mmusic-sip-for-streaming-media-05

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 8 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 4 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

Np160 Dennis Baron, January 15, 2008 Page 1 SIP Fundimentals IAP 2008 VoIP Series Dennis Baron January 15, 2008.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Presented By Team Netgeeks SIP Session Initiation Protocol.

Team Members Atcharawan Jansprasert Padmoja Roy Rana Almakabi Ehsan Eslamlouevan Manya Tarawalie.

SIP, SDP and VoIP David A. Bryan CSCI 434/534 December 6, 2003.

DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept

7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.

1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.

SIP:Session Initiation Protocol Che-Yu Kuo Computer & Information Science Department University of Delaware May 11, 2010 CISC 856: TCP/IP and Upper Layer.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Session Initiation Protocol (SIP) Chapter 5 speaker ： Wenping Zhang data ：

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09.

1 RFC4028 Session Timer in the Session Initiation Protocol Speaker ： Ying Shun Lin Adviser ： Quincy Wu.

The Session Initiation Protocol - SIP

1 SIPREC Protocol draft-portman-siprec-protocol Virtual interim meeting Dec 16, 2010 Authors: L. Portman, H. Lum.

S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,

jitsi. org advanced real-time communication.

The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A,

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

سمینار تخصصی What is PSTN ? (public switched telephone network) تیرماه 1395.

Firewalls, Network Address Translators(NATs), and H.323

SIP Fundimentals IAP 2008 VoIP Series Dennis Baron January 15, 2008.

SIP over MANETs Introduction to SIP SIP vs MANETs Open Issues

THIS IS THE WAY ENUM Variants Jim McEachern

Location SIP Servers –RFC 3261

Session Initiation Protocol (SIP)

An introduction to Transactions & Dialogs

Connection Establishment in BFCP draft-ietf-xcon-bfcp-connection-00

Session Initiation Protocol (SIP)

Alfredo Terzoli / Mosioua Tsietsi

Prof. Anirudha Sahoo KReSIT, IIT Bombay

SIP ,SIP-T and SIP-I Protocol

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG

SIP多方会话消息之实例讲解.

SIP多方会话消息之实例讲解.

SIP Basics Workshop Dennis Baron July 20, 2005.

網際網路電話系統期中考重點整理.

Presentation transcript:

SIP AAI a possibility for TF-EMC2 and TF-ECS cooperation Jan Růžička CESNET email,sip:janru@cesnet.cz Florence 28. 3. 2007

SIP Signaling not only for VoIP&VC creates, modifies and terminates session RFC 3261 textual (HTTP style) easy to extend No more simple SIP URI sip:janru@cesnet.cz

Architecture User Agent Server registrar redirect proxy B2BUA stateless statefull B2BUA Gateway (UA) MCU (UA) Outbound proxy SIP enabled firewall with NAT functionality – not transparent SBC (B2BUA)

Request INVITE sip:mamut@iptel.org SIP/2.0. Max-Forwards: 10. Record-Route: <sip:195.113.222.3;ftag=5DAA94E7;lr=on>. Via: SIP/2.0/UDP 195.113.222.3;branch=z9hG4bK0a5d.90580ee2.0. Via: SIP/2.0/UDP 195.113.134.233:5062;branch=z9hG4bK2E1FD348. CSeq: 262 INVITE. To: <sip:mamut@iptel.org>. Proxy-Authorization: Digest username="bbb", realm="ces.net", nonce="43788e90381194d66364fced4dc7097828391e81", uri="sip:mamut@iptel.org", cnonce="abcdefghi", nc=00001, response="aaaaa" Content-Type: application/sdp. From: "Franta Vomacka" <sip:bbb@ces.net>;tag=5DAA94E7. Call-ID: 379332994@195.113.134.233. Subject: sip:bbb@ces.net. Content-Length: 234. User-Agent: kphone/4.2. Contact: "Franta Vomacka" <sip:bbb@195.113.134.233:5062;transport=udp>. Remote-Party-ID: "Franta Vomacka" <sip:950070101@ces.net>;party=calling;id-type=subscriber;privacy=off; screen=yes. . v=0. o=username 0 0 IN IP4 195.113.134.233. s=The Funky Flow. c=IN IP4 195.113.134.233. t=0 0. m=audio 33728 RTP/AVP 0 97. a=rtpmap:0 PCMU/8000. a=rtpmap:97 iLBC/8000.

Locationg SIP Servers domain part of URI sip:janru@dom.cz,sip:12345@dom.cz ENUM Telephone number to uri transformation 5.4.3.2.1.e164.arpa IN NAPTR 1 1 "u" "E2U+sip" "!^.*$!sip:user@dom.cz!" . “service” NAPTR records IN NAPTR 1 5 "s" "SIPS+D2T" "" _sips._tcp.dom.cz. IN NAPTR 2 5 "s" "SIP+D2T" "" _sip._tcp.dom.cz. IN NAPTR 3 5 "s" "SIP+D2U" "" _sip._udp.dom.cz. SRV records (_sip._udp, _sip._tcp, _sips._tcp) _sip._tcp.cesnet.cz IN SRV 0 1 5060 ser1.dom.cz _sip._tcp.cesnet.cz IN SRV 0 2 5060 ser2.dom.cz A, AAAA records DNSSec ?

Record routing The way to stay in signaling part Outbound proxy is not enough (if not first in way, requests from other side) Add Record-Route in request, Response delivers RR set Subsequent requests of the call are routed according to record route set (Route header)

SIP „trapeziod“ Domain alfa Domain beta sip01.alfa sip01.beta Local policy, ENUM, SRV Outbound proxy and RR User A sip:a@alfa User B sip:b@beta

Authentication HTTP Digest User-to-user (401 Unauthorized, WWW- Authenticate,Authorization) User-to proxy (407 - Proxy authentication required, Proxy-Authenticate, Proxy-Authorization) Local HTTP digest Obtain connectivity and establish VPN to the home network (Firewall issues) TLS – minimum of clients use client cert, TLS + HTTP Digest

Authentication II Interdomain – opening of closed islands and interconnecting of them, anti-spit HTTP digest -weak and uncomfortable TLS Hop-by-hop identity assertions signed headers SIP-identity RFC4474 SAML

Domain identity INVITE sip:bob@biloxi.example.org SIP/2.0 Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bKnashds8 To: Bob <sip:bob@biloxi.example.org> From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE Max-Forwards: 70 Date: Thu, 21 Feb 2002 13:02:03 GMT Contact: <sip:alice@pc33.atlanta.example.com> Content-Type: application/sdp Content-Length: 147 v=0 o=UserA 2890844526 2890844526 IN IP4 pc33.atlanta.example.com s=Session SDP c=IN IP4 pc33.atlanta.example.com t=0 0 m=audio 49172 RTP/AVP 0 a=rtpmap:0 PCMU/8000

Domain identity II Interesting headers Identity signature sip:alice@atlanta.example.com|sip:bob@biloxi.example.org|a84b4c76e66710|314159 INVITE|Thu, 21 Feb 2002 13:02:03 GMT|alice@pc33.atlanta.example.com|v=0 o=UserA 2890844526 2890844526 IN IP4 pc33.atlanta.example.com s=Session SDP c=IN IP4 pc33.atlanta.example.com t=0 0 m=audio 49172 RTP/AVP 0 a=rtpmap:0 PCMU/8000 Identity signature Identity:"kjOP4YVZXmF0X3/4RUfAG6ffwbVQepNGRBz58b3dJq3prEV4h5Gn S4F6udDRCI4/rSK9cl+TFv45nu0Qu2d/0WPPOvvc3JWwuUmHrCwG wC+tW7fOWnC07QKgQn40uwg57WaXixQev5N0JfoLXnO3UDoum 89JRhXPAIp2vffJbD4=" Identity-Info: <https://atlanta.example.com/atlanta.cer>;alg=rsa-sha1

SIP „trapeziod“ II Transport depends on client capab. UDP,TCP,TLS Domain alfa sip01.alfa Domain beta sip01.beta TLS (?) + HTTP Digest TLS ?, domain identity domain identity Local policy, ENUM, SRV Outbound proxy and RR User A sip:a@alfa User B sip:b@beta

Service – Server relationship Additional information in certificate Autoritative server for service within domain Outbound and inbound servers could be different

Discussion Thank you