%% You should probably cite rfc8898 instead of this I-D. @techreport{ietf-sipcore-sip-token-authnz-11, number = {draft-ietf-sipcore-sip-token-authnz-11}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/11/}, author = {Rifaat Shekh-Yusef and Christer Holmberg and Victor Pascual}, title = {{Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP)}}, pagetotal = 14, year = 2020, month = mar, day = 24, abstract = {This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP), and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields.}, }