Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

Slides:

Advertisements

Similar presentations

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.

Advertisements

UDDI v3.0 (Universal Description, Discovery and Integration)

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

Identity Management Report By Jean Carreon and Marlon Gonzales.

SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

Wei Dong and Jan Newmarch June 2005 Session Management for Web Services by using SIP.

Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

An XML based Security Assertion Markup Language

Introducing HingX now with Capacity Development Network.

Navigating the Standards Landscape Andrew Owen SEARCH.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-00.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.

1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.

Draft-johnston-sipping-rtcp-summary-01.txt RTCP Summary Report Delivery to SIP Third Parties draft-johnston-sipping-rtcp-summary-01.txt Alan Johnston –

App Interaction Framework Jonathan Rosenberg dynamicsoft.

Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

Public Safety Answering Point (PSAP) Callbacks draft-ietf-ecrit-psap-callback-02.txt H. Schulzrinne, H. Tschofenig, M. Patel.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

Agenda and Status SIP Working Group IETF 61. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.

W3C Workshop on Languages for Privacy Policy Negotiation and Semantics- Driven Enforcement Report Hannes Tschofenig IETF 67, San Diego, November 2006.

Location Conveyance in SIP draft-ietf-sip-location-conveyance-01 James M. Polk Brian Rosen 2 nd Aug 05.

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

Volker Hilt SIP Session Policies Volker Hilt

End-to-middle Security in SIP

Analyn Policarpio Andrew Jazon Gupaal

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

draft-lemonade-imap-submit-01.txt “Forward without Download”

App Interaction Framework

Agenda and Status SIP Working Group

(Includes setup) FAQ ON DOCUMENTS (Includes setup)

Tim Bornholtz Director of Technology Services

draft-rocky-sipping-calling-party-category-01 Report

IEEE MEDIA INDEPENDENT HANDOVER

STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.

3GPP and SIP-AAA requirements

Shibboleth 2.0 IdP Training: Introduction

(Includes setup) FAQ ON DOCUMENTS (Includes setup)

SAML/SIP Profiles and Call Initiation

Diameter ABFAB Application

IEEE MEDIA INDEPENDENT HANDOVER

Presentation transcript:

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander

Overview presents — a problem statement — scenarios and — requirements Using Security Assertion Markup Language (SAML) in collaboration with SIP provides a solution for trait-based authorization.

Draft Content - In a Nutshell Three parties: — User — Asserting Party (creates Assertions/Artifact) = "Authentication Server" — Relying Party (verifies Assertions/Artifact) SAML Push Model — Uses Assertions in a "Call by value" style SAML Pull Model — Uses Artifacts in a "Call by reference" style Two ways of attaching the Assertions/Artifacts — Separate exchange with the Authentication Server — SIP messages traverse Authentication Server

Open Issues (1) Issue: — Reference integrity of SAML Assertions and SIP sessions Proposal: — Reuse existing work by Jon Issue: — Where should the Assertions be attached? Proposal: — SIP UA adds Assertions in body; SIP proxies add them by reference (Artifacts) in the SIP header

Open Issue (2) Issue: — Artifact should include a URL to enable easier dereference Proposal: — Change it with the next version of the draft Issue: — Option-tags need to be introduced (required / supported option-tag) Proposal: — Add them with the next version

Open Issue (3) Further issues: — Relationship with Liberty Alliance — More details for the described scenarios Please send comments!

Questions?