70 likes | 187 Views
Public Safety Answering Point (PSAP) Callbacks . draft-ietf-ecrit-psap-callback-02.txt H. Schulzrinne , H. Tschofenig , M. Patel. Status of Draft Update. Strawman proposal for marking Editorial updates & reference updates Updated IANA consideration section. Security Story Unchanged.
E N D
Public Safety Answering Point (PSAP) Callbacks draft-ietf-ecrit-psap-callback-02.txt H. Schulzrinne, H. Tschofenig, M. Patel
Status of Draft Update • Strawman proposal for marking • Editorial updates & reference updates • Updated IANA consideration section
Security Story Unchanged • Separation of authorization and authentication • Support of existing identity mechanisms • P-Asserted-ID: hop-by-hop trust model • SIP Identity: end-to-end trust model • Currently no support for SIP SAML provided in the draft (=trait-based authorization)
Identity-based Authorization +----------+ | List of |+ | valid || | PSAP ids || +----------+| +----------+ * * whitelist * V Incoming +----------+ Normal SIP Msg | SIP |+ Treatment -------------->| Entity ||=============> + Identity | ||(if not in whitelist) +----------+| +----------+ || || || Preferential || Treatment ++=============> (in whitelist)
Callback Marking • Proposal in current draft: • Callback marking is represented as URI parameter. • Problem: • SIP Identity does NOT cover the URI parameter (but we want to tie the callback marking to the message) • Consequence: • Proposed marking currently does not work with SIP Identity
Alternatives? • Variant #1: Ignore solution for SIP Identity • No end-to-end security solution • Variant #2: • Custom MIME type for callback; stick it into SIP body • SIP Identity covers SIP message body • Define new header to point to message body. • Variant #3: • SIP SAML value for callback; stick it into SIP body • SIP Identity again covers SIP message body
Next Steps? • Produce new draft version based on discussed modifications.