Authentication, Authorization, and Accounting Requirements for the Session Initiation Protocol (SIP)
RFC 3702

Document Type RFC - Informational (February 2004; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3702 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Allison Mankin
Send notices to <rohan@cisco.com>, <dean.willis@softarmor.com>
Network Working Group                                        J. Loughney
Request for Comments: 3702                                         Nokia
Category: Informational                                     G. Camarillo
                                                                Ericsson
                                                           February 2004

             Authentication, Authorization, and Accounting
         Requirements for the Session Initiation Protocol (SIP)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   As Session Initiation Protocol (SIP) services are deployed on the
   Internet, there is a need for authentication, authorization, and
   accounting of SIP sessions.  This document sets out the basic
   requirements for this work.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  RADIUS . . . . . . . . . . . . . . . . . . . . . . . . .  3
       1.2.  Terminology and Acronyms . . . . . . . . . . . . . . . .  4
       1.3.  Requirements Language. . . . . . . . . . . . . . . . . .  4
   2.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . .  4
       2.1.  Common Requirements. . . . . . . . . . . . . . . . . . .  5
             2.1.1.  Communication within the Same Domain . . . . . .  5
             2.1.2.  Communication between Different Domains. . . . .  5
             2.1.3.  Discovery. . . . . . . . . . . . . . . . . . . .  5
             2.1.4.  Ability to Integrate Different Networks,
                     Services and Users . . . . . . . . . . . . . . .  5
             2.1.5.  Updating SIP Server Entries. . . . . . . . . . .  5
             2.1.6.  SIP Session Changes. . . . . . . . . . . . . . .  5
             2.1.7.  Reliable Transfer of Protocol Messages . . . . .  5
             2.1.8.  Call Setup Times . . . . . . . . . . . . . . . .  6
             2.1.9.  Security . . . . . . . . . . . . . . . . . . . .  6
       2.2.  Authentication Requirements. . . . . . . . . . . . . . .  6
             2.2.1.  Authentication Based on SIP Requests . . . . . .  6
             2.2.2.  Flexible Authentication of SIP Requests. . . . .  6

Loughney & Camarillo         Informational                      [Page 1]
RFC 3702                AAA Requirements for SIP           February 2004

       2.3.  Authorization Requirements . . . . . . . . . . . . . . .  6
             2.3.1.  Ability to Authorize SIP Requests. . . . . . . .  7
             2.3.2.  Information Transfer . . . . . . . . . . . . . .  7
             2.3.3.  User De-authorization. . . . . . . . . . . . . .  7
             2.3.4.  User Re-authorization. . . . . . . . . . . . . .  7
             2.3.5.  Support for Credit Control . . . . . . . . . . .  7
       2.4.  Accounting Requirements. . . . . . . . . . . . . . . . .  8
             2.4.1.  Separation of Accounting Information . . . . . .  8
             2.4.2.  Accounting Information Related to Session
                     Progression. . . . . . . . . . . . . . . . . . .  8
             2.4.3.  Accounting Information Not Related to Session
                     Progression. . . . . . . . . . . . . . . . . . .  9
             2.4.4.  Support for One-Time and Session-based
                     Accounting Records . . . . . . . . . . . . . . .  9
             2.4.5.  Support for Accounting on Different Media
                     Components . . . . . . . . . . . . . . . . . . .  9
             2.4.6.  Configuration of Accounting Generation
                      Parameters. . . . . . . . . . . . . . . . . . .  9
             2.4.7.  Support for Arbitrary Correlations . . . . . . .  9
   3.  Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . 10
       3.1.  WLAN Roaming Using Third Party Service Providers . . . . 11
       3.2.  Conditional Authorization. . . . . . . . . . . . . . . . 12
   4.  Security Considerations. . . . . . . . . . . . . . . . . . . . 12
   5.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
       6.1.  Normative References . . . . . . . . . . . . . . . . . . 13
       6.2.  Informative References . . . . . . . . . . . . . . . . . 13
   7.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
   8.  Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15

1.  Introduction

   The AAA working group is chartered to work on authentication,
   authorization, and accounting solutions for the Internet.  This work
   consists of a base protocol, applications, end-to-end security
   application, and a general architecture for providing these services
   [3].  The AAA working group has specified applicability of AAA-based
   solutions for a number of protocols (e.g., AAA requirements for
Show full document text