Authentication, Authorization, and Accounting Requirements for the Session Initiation Protocol (SIP)
RFC 3702
|
| Document |
Type |
|
RFC - Informational
(February 2004; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 3702 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Allison Mankin
|
|
Send notices to |
|
<rohan@cisco.com>, <dean.willis@softarmor.com>
|
Network Working Group J. Loughney
Request for Comments: 3702 Nokia
Category: Informational G. Camarillo
Ericsson
February 2004
Authentication, Authorization, and Accounting
Requirements for the Session Initiation Protocol (SIP)
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
As Session Initiation Protocol (SIP) services are deployed on the
Internet, there is a need for authentication, authorization, and
accounting of SIP sessions. This document sets out the basic
requirements for this work.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Terminology and Acronyms . . . . . . . . . . . . . . . . 4
1.3. Requirements Language. . . . . . . . . . . . . . . . . . 4
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Common Requirements. . . . . . . . . . . . . . . . . . . 5
2.1.1. Communication within the Same Domain . . . . . . 5
2.1.2. Communication between Different Domains. . . . . 5
2.1.3. Discovery. . . . . . . . . . . . . . . . . . . . 5
2.1.4. Ability to Integrate Different Networks,
Services and Users . . . . . . . . . . . . . . . 5
2.1.5. Updating SIP Server Entries. . . . . . . . . . . 5
2.1.6. SIP Session Changes. . . . . . . . . . . . . . . 5
2.1.7. Reliable Transfer of Protocol Messages . . . . . 5
2.1.8. Call Setup Times . . . . . . . . . . . . . . . . 6
2.1.9. Security . . . . . . . . . . . . . . . . . . . . 6
2.2. Authentication Requirements. . . . . . . . . . . . . . . 6
2.2.1. Authentication Based on SIP Requests . . . . . . 6
2.2.2. Flexible Authentication of SIP Requests. . . . . 6
Loughney & Camarillo Informational [Page 1]
RFC 3702 AAA Requirements for SIP February 2004
2.3. Authorization Requirements . . . . . . . . . . . . . . . 6
2.3.1. Ability to Authorize SIP Requests. . . . . . . . 7
2.3.2. Information Transfer . . . . . . . . . . . . . . 7
2.3.3. User De-authorization. . . . . . . . . . . . . . 7
2.3.4. User Re-authorization. . . . . . . . . . . . . . 7
2.3.5. Support for Credit Control . . . . . . . . . . . 7
2.4. Accounting Requirements. . . . . . . . . . . . . . . . . 8
2.4.1. Separation of Accounting Information . . . . . . 8
2.4.2. Accounting Information Related to Session
Progression. . . . . . . . . . . . . . . . . . . 8
2.4.3. Accounting Information Not Related to Session
Progression. . . . . . . . . . . . . . . . . . . 9
2.4.4. Support for One-Time and Session-based
Accounting Records . . . . . . . . . . . . . . . 9
2.4.5. Support for Accounting on Different Media
Components . . . . . . . . . . . . . . . . . . . 9
2.4.6. Configuration of Accounting Generation
Parameters. . . . . . . . . . . . . . . . . . . 9
2.4.7. Support for Arbitrary Correlations . . . . . . . 9
3. Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1. WLAN Roaming Using Third Party Service Providers . . . . 11
3.2. Conditional Authorization. . . . . . . . . . . . . . . . 12
4. Security Considerations. . . . . . . . . . . . . . . . . . . . 12
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1. Normative References . . . . . . . . . . . . . . . . . . 13
6.2. Informative References . . . . . . . . . . . . . . . . . 13
7. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15
1. Introduction
The AAA working group is chartered to work on authentication,
authorization, and accounting solutions for the Internet. This work
consists of a base protocol, applications, end-to-end security
application, and a general architecture for providing these services
[3]. The AAA working group has specified applicability of AAA-based
solutions for a number of protocols (e.g., AAA requirements for
Show full document text