Third-Party Token-Based Authentication and Authorization for Session Initiation Protocol (SIP)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, Jean Mahoney <firstname.lastname@example.org>, The IESG <email@example.com>, firstname.lastname@example.org Subject: Protocol Action: 'Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP)' to Proposed Standard (draft-ietf-sipcore-sip-token-authnz-17.txt) The IESG has approved the following document: - 'Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP)' (draft-ietf-sipcore-sip-token-authnz-17.txt) as Proposed Standard This document is the product of the Session Initiation Protocol Core Working Group. The IESG contact persons are Murray Kucherawy and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/
Technical Summary This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP), and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields. Working Group Summary This work has been discussed the sipcore working group for a while. It is much scaled down from its original scope, and contains the core of what the working group had consensus on. No contention was noted. Document Quality The authors indicated that there was at least one implementation of this. It's assumed that it will be deployed in 3GPP networks. During WGLC, the chairs asked if there were any other implementation plans, but no reviewers chose to share that info. General review quality based on mailing list activity seems to be satisfactory. Personnel Jean Mahoney is the Document Shepherd. Murray Kucherawy is the responsible Area Director.