Short Term Requirements for Network Asserted Identity
RFC 3324

Document Type RFC - Informational (December 2002; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3324 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Allison Mankin
Send notices to <rohan@cisco.com>, <dean.willis@softarmor.com>
Network Working Group                                          M. Watson
Request for Comments: 3324                               Nortel Networks
Category: Informational                                    November 2002

         Short Term Requirements for Network Asserted Identity

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   A Network Asserted Identity is an identity initially derived by a
   Session Initiation Protocol (SIP) network intermediary as a result of
   an authentication process.  This document describes short term
   requirements for the exchange of Network Asserted Identities within
   networks of securely interconnected trusted nodes and to User Agents
   securely connected to such networks.

   There is no requirement for identities asserted by a UA in a SIP
   message to be anything other than the user's desired alias.

Watson                       Informational                      [Page 1]
RFC 3324       Requirements for Network Asserted Identity  November 2002

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.1 Identity . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.2 Network Asserted Identity  . . . . . . . . . . . . . . . . . .  3
   2.3 Trust Domains  . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.4 Spec(T)  . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
   3.  Generation of Networks Asserted Identity . . . . . . . . . . .  7
   4.  Transport of Network Asserted Identity . . . . . . . . . . . .  7
   4.1 Sending of Networks Asserted Identity within a Trust Domain  .  7
   4.2 Receiving of Network Asserted Identity within a Trust Domain .  7
   4.3 Sending of Network Asserted Identity to entities outside a
       Trust Domain . . . . . . . . . . . . . . . . . . . . . . . . .  7
   4.4 Receiving of Network Asserted Identity by a node outside the
       Trust Domain . . . . . . . . . . . . . . . . . . . . . . . . .  8
   5.  Parties with Network Asserted Identities . . . . . . . . . . .  8
   6.  Types of Network Asserted Identity . . . . . . . . . . . . . .  8
   7.  Privacy of Network Asserted Identity . . . . . . . . . . . . .  9
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 10
       Normative References . . . . . . . . . . . . . . . . . . . . . 10
       Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10
       Full Copyright Statement . . . . . . . . . . . . . . . . . . . 11

1. Introduction

   SIP [1] allows users to assert their identity in a number of ways
   e.g., using the From: header.  However, there is no requirement for
   these identities to be anything other than the users desired alias.

   An authenticated identity of a user can be obtained using SIP Digest
   Authentication (or by other means).  However, UAs do not always have
   the necessary key information to authenticate another UA.

   A Network Asserted Identity is an identity initially derived by a SIP
   network intermediary as a result of an authentication process.  This
   may or may not be based on SIP Digest authentication.  This document
   describes short term requirements for the exchange of Network
   Asserted Identities within networks of securely interconnected
   trusted nodes and also to User Agents with secure connections to such
   networks.

Watson                       Informational                      [Page 2]
RFC 3324       Requirements for Network Asserted Identity  November 2002

   Such a network is described in this document as a Trust Domain and we
   present a strict definition of trust and Trust Domain for the
   purposes of this document.  These short-term requirements provide
   only for the exchange of Network Asserted Identity within a Trust
   Domain and to an entity directly connected to the trust domain.

   General requirements for transport of Network Asserted Identities on
   the Internet are out of scope of this document.

2. Definitions

2.1 Identity

   An Identity, for the purposes of this document, is a sip:, sips: or
   tel:  URI, and optionally a Display Name.

   The URI MUST be meaningful to the domain identified in the URI (in
   the case of sip: or sips: URIs) or the owner of the E.164 number (in
   the case of tel: URIs), in the sense that when used as a SIP
   Request-URI in a request sent to that domain/number range owner, it
   would cause the request to be routed to the user/line that is
   associated with the identity, or to be processed by service logic
Show full document text