On-Demand Access Authorization for SIP Event Subscriptions D. Trossen, H. Schulzrinne.

Slides:

Advertisements

Similar presentations

August 2, 2005SIPPING WG IETF 63 ETSI TISPAN ISDN simulation services Roland Jesske Denis Alexeitsev Miguel Garcia-Martin.

Advertisements

SIMPLE Open Issues Jonathan Rosenberg dynamicsoft IETF 52.

Doc.: IEEE /0165r1 SubmissionPäivi Ruuska, NokiaSlide 1 Implementation aspects of a coexistence system Notice: This document has been.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.

July 13, 2006SIPPING WG IETF 66Slide # 1 ETSI TISPAN call completion services (draft-poetzl-sipping-call-completion-00) Roland

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

3GPP Presence Requirements Requirements for Presence Service based on 3GPP specifications and wireless environment characteristics draft-kiss-simple-presence-wireless-

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

Requirements Preview Chutes&Ladders. Requirements The User Registration System manage all user access to the Application. System will allow the creation,

Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.

1 Presence Architecture and Flow Diagrams Date-1 st Nov 2005.

Sept 2011 Mobile Messaging Solutions ICE. Mobile Sdn Bhd (By Yaw Mei)

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol Security Date Submitted: December, 2007 Presented.

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

Requirements, Terminology and Framework for Exigent Communications H. Schulzrinne, S. Norreys, B. Rosen, H. Tschofenig.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

Authorization for IoT Group Name: oneM2M SEC WG Source: Francois Ennesser, Gemalto NV Meeting Date: Agenda Item:

Doc.: IEEE /0850r4 Submission September, 2005 Yao Zhonghui, Huawei Slide u Proposal Notice: This document has been prepared to assist.

Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-00.

1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.

SIMPLE Drafts Jonathan Rosenberg dynamicsoft. Presence List Changes Terminology change Presence List Information Data Format –Provides version, full/partial.

IETF 69 SIPPING WG Meeting Mohammad Vakil Microsoft An Extension to Session Initiation Protocol (SIP) Events for Pausing and Resuming.

Enterprise Service Desk (ESD) Enterprise Service Desk for Notification / Knowledge Article Authors.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Subscription ID Scope Date Submitted: June, 14 th, 2007 Presented.

1 sip-aaa-req.PPT/ 16 Jul 2002 / John Loughney SIP-AAA Requirements John Loughney Gonzalo Camarillo IETF 54.

IETF 67 – SIMPLE WG SIMPLE Problem Statement Draft-rang-simple-problem-statement-01 Tim Rang - Microsoft Avshalom Houri – IBM Edwin Aoki – AOL.

March 25, 2009SIPPING WG IETF-741 A Batch Notification Extension for the Session Initiation Protocol (SIP) draft-johnston-sipping-batch-notify-00 Alan.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IE prioritization for query response size limit support Date Submitted:

SIP PUBLISH Method Jonathan Rosenberg dynamicsoft.

File Transfer Services in the Context of SIP Based Communication Markus Isomäki draft-isomaki-sipping-file-transfer-00.

SIP file directory draft-garcia-sipping-file-sharing-framework-00.txt draft-garcia-sipping-file-event-package-00.txt draft-garcia-sipping-file-desc-pidf-00.txt.

NETCONF WG 66 th IETF Montreal, QC, Canada July 14, 2006.

1 CPCP Hisham Khartabil XCON WG IETF 59, Seoul

SIP Events: Changes and Open Issues IETF 50 / SIP Working Group Adam Roach

M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:

SIMPLE Working Group IETF 59 Chairs Hisham Khartabil Robert Sparks.

Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.

The Pennsylvania State University © 2007 Web-Based Access Control for ITS Web Services, Present and Future Jeffrey C. D’Angelo, Programmer/Analyst, Enabling.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential XCAP Usage for Publishing Presence Information draft-isomaki-simple-xcap-publish-usage-00.

Diameter SIP Application

The “application” Profile Type (draft-channabasappa-sipping-app-profile-type-01) Sumanth Channabasappa Josh Littlefield Salvatore Loreto 70th IETF, Vancouver,

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

Adding Non-blocking Requests Contribution: oneM2M-ARC-0441R01R01 Source: Josef Blanz, Qualcomm UK, Meeting Date: ARC 7.0,

Session-ID Requirements for Interim-3 draft-ietf-insipid-session-id-reqts-00 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel Kaplan.

Subscription and Notification Issue Group Name: WG2 Source: Qi Yu, Mitch Tseng- Huawei Technologies, Co. LTD. Meeting Date: ~23 Agenda Item:

Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-02.

I2rs Requirements for NETCONF IETF 93. Requirement Documents

Draft-levin-simple-interdomain- reqs-03 (in 3 minutes or less) Edwin Aoki, America Online (representing the authors)

1 Implementation of IMS-based S-CSCF with Presence Service Jenq-Muh Hsu and Yi-Han Lin National Chung Cheng University Department of Computer Science &

Company LOGO OMA Presence SIMPLE. What is OMA? The Open Mobile Alliance (OMA) is a standards body which develops open standards for the mobile phone industry.

Ad-hoc Resource Lists using SUBSCRIBE

Jonathan Rosenberg dynamicsoft

Volker Hilt SIP Session Policies Volker Hilt

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

SIP Configuration Issues: IETF 57, SIPPING

Markus Isomäki Eva Leppänen

IEEE MEDIA INDEPENDENT HANDOVER DCN:

Event notification and filtering

Charles Shen, Henning Schulzrinne, Arata Koike

Jonathan Rosenberg dynamicsoft

call completion services

IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx

Interference-free scheduling

Interference-free scheduling

Presentation transcript:

On-Demand Access Authorization for SIP Event Subscriptions D. Trossen, H. Schulzrinne

Whats The Problem? Or What Does On-Demand Mean? Problem: Querier desires (temporary) access to resource, hosted at resource data provider Access can be limited in time (e.g., for 10 minutes after subscription granted, from 1pm to 2pm today) or limited in notifications (one-time or N-time access) Solve: Enable authorized access for this subscription Important: Enable access for this very subscription only! Other constraints: Identity of querier might not be known to resource owner beforehand Resource data, e.g., presence items, might not be known to resource owner beforehand Conveyance of access desire and actual access might lie within short time window Use Cases: Location scenarios, content adaptation, service discovery,… (see draft!) Querier Resource owner Resource Data provider Access conveyance of access desire Authorization (SIP Event Server) (e.g., presentity) (subscriber)

Requirements Requirements for possible solutions are concerned with Identification of pieces of resource data to be accessed (REQ 1) Identity verification of resource owner (REQ 2) and querier (REQ 5) Binding of (temporary) access to particular subscription (REQ 3) Time-window constraint (REQ 4) Enabling notification restriction (REQ 6) Avoidance of subscription rejection because of racing conditions (REQ 7) The last four items are particularly imposed by the use cases!

Possible Solution Space 1.Set proper authorization via XCAP after conveyance of access desire 2.Use temporary accounts within XCAP system for particular types of access 3.Create ticket for particular access/querier and hand to querier 4.Authenticate message body for subscription at resource owner and had to querier to be used in SIP SUBSCRIBE 5.Use watcherinfo subscription and reply directly to event server upon watcherinfo notification Note: All solutions are incomplete and insufficiently specified today!

Questions to the WG Are the use cases relevant? Do we need more (convincing) ones? Or in other words, is there demand for solutions to the problem? How to proceed? What shall be the focus in the solution space? XCAP (V x.0)? Refine requirements? Particularly for certain solutions like XCAP? Can we assume certain conveyance methods? Is watcherinfo a MUST? Is SOAP possible?