Consent-based Communications draft-ietf-sipping-consent-framework-01.txt draft-ietf-sipping-consent-reqs-00.txt

Slides:

Advertisements

Similar presentations

MARTINI WG Interim draft-kaplan-martini-with-olive-00 Hadriel Kaplan.

Advertisements

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Security Issues In Mobile IP

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

1 Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013 Asian Privacy Scholars Network Conference Balance between Access to Public Domain.

1 5 th SDO Emergency Services Workshop October 2008 “sos” URI parameter for marking emergency requests Milan Patel 5 th SDO Emergency Services Workshop.

Consent Reqs and Framework draft-ietf-sipping-consent-reqs-00.txt draft-ietf-sipping-consent-framework-00.txt

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Protected Extensible Authentication Protocol

IEEE Wireless Local Area Networks (WLAN’s).

CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.

Given Connections Solution

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

GRUU Jonathan Rosenberg Cisco Systems. sip and sips General problem –What should gruu say about relationship of sips to gruu? Specific questions –If the.

1 RFC 3486 Compressing the Session Initiation Protocol (SIP) 曾朝弘電機系系統組碩士班一年級.

July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.

What is a SIP Trunk Anyway?!? Jonathan Rosenberg Cisco.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

NAT Traversal Speaker: Chin-Chang Chang Date:

1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

Page 1 SIP header reduction for supporting delay sensitive applications draft-akhtar-sipping-header-reduction-00.txt draft-akhtar-sipping-3g-static-dictionary-00.txt.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

IPV6-VOIP ANIL K NARAM A1263 CN426-SVU. Introduction IPV4 IPV6 VOIP IPV4 to IPV6 Migration of VOIP to IPV6.

Draft-polk-ecrit-mapping-events-00 James Polk March 21 st, 2006.

Presented By Team Netgeeks SIP Session Initiation Protocol.

Author(s) Politehnica University of Bucharest Automatic Control and Computers Faculty Computer Science Department Implementation of GRUU in SIP Vladut-Stefan.

PSAP Callback draft-ietf-ecrit-psap-callback Phone BCP Status Usage Scenarios.

7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.

1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.

All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

SIP working group IETF#70 Essential corrections Keith Drage.

Andrew Allen Communication Service Identifier.

The User Registered UA URL draft-xu-sipping-uruu-01.txt Peili Xu

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

ECRIT Basic Reqs draft-stastny-ecrit-requirements Richard Stastny Brian Rosen IETF62 Minneapolis.

ECRIT - Getting Certain URIs, and Alternatives to Getting Emergency Dialstring(s) draft-polk-ecrit-lost-server-uri-00 draft-polk-dhc-ecrit-uri-psap-esrp-00.

SIP PUBLISH Method Jonathan Rosenberg dynamicsoft.

March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.

GRUU Jonathan Rosenberg Cisco Systems. Changes in -06 Editorial as a result of RFC-ED early copy experiment.

Enumservice VOID draft-stastny-enum-void-00 Richard Stastny Lawrence Conroy IETF60 San Diego.

July 28, 2009BLISS WG IETF-751 Shared Appearance of a SIP AOR draft-ietf-bliss-shared-appearances-03 Alan Johnston Mohsen Soroushnejad Venkatesh Venkataramanan.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

Subject Identification Method August, 2004 Tim Polk, NIST.

GRUU Jonathan Rosenberg Cisco Systems. Main Changes Up front discussion of URI properties Opaque URI parameter for constructing GRUU Procedure for EP.

1 Protecting SIP Against DoS An Architectural Approach.

sip-identity-04 Added new response codes for various conditions

Jonathan Rosenberg dynamicsoft

Consent-based Communications in SIP draft-ietf-sipping-consent-reqs-04

Transcoding Framework

Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-00.

SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,

Introduction to the FAPI Read & Write OAuth Profile

Transcoding Framework

SharePoint Online Authentication Patterns

IPNNI SHAKEN Enterprise Models: LEMON TWIST

網際網路電話系統期中考重點整理.

Presentation transcript:

Consent-based Communications draft-ietf-sipping-consent-framework-01.txt draft-ietf-sipping-consent-reqs-00.txt

Requirements Clarify that REQ2 talks about amplification attacks Do we get rid of the second part of REQ9? –REQ 9: The solution shall work in an inter- domain context, without requiring pre- established relationships between domains.

Translation Identification CONSENT requests need to identify the exact translation they apply to at the relay –Request-URI –New header field

Using Request-URI

Using a Header Field

Comparison Request URI +No need to manipulate new headers -CONSENT does not carry the original Request-URI -Relay needs to make sure that the new Request-URI routes to it -Slightly more state info to be kept by relays (negligible) Header Field -Need to manipulate a new header +CONSENT carries explicitly the original Request-URI +Slightly less state info to be kept by relays (negligible)

Permission Upload SIP PUBLISH –SIP Identity can be used to authenticate the PUBLISH –Only permission upload (no read operation) XCAP –Return routability (using a token) –Permission upload and read –Requires XCAP support at clients Hybrid? –Both allowed

Third-Party Registrations The UA at the registered Contact does not support incoming TLS connections Man-in-the-middle attacks are possible –against the return routability test –but also against incoming traffic In scenarios where there is no security to begin with, the consent process can be circumvented