draft-ietf-sipcore-sip-token-authnz-09.txt   draft-ietf-sipcore-sip-token-authnz-10.txt 
skipping to change at page 1, line 13 skipping to change at page 1, line 13
SIP Core R. Shekh-Yusef SIP Core R. Shekh-Yusef
Internet-Draft Avaya Internet-Draft Avaya
Updates: 3261 (if approved) C. Holmberg Updates: 3261 (if approved) C. Holmberg
Intended status: Standards Track Ericsson Intended status: Standards Track Ericsson
Expires: 8 September 2020 V. Pascual Expires: 8 September 2020 V. Pascual
webrtchacks webrtchacks
7 March 2020 7 March 2020
Third-Party Token-based Authentication and Authorization for Session Third-Party Token-based Authentication and Authorization for Session
Initiation Protocol (SIP) Initiation Protocol (SIP)
draft-ietf-sipcore-sip-token-authnz-09 draft-ietf-sipcore-sip-token-authnz-10
Abstract Abstract
This document defines the "Bearer" authentication scheme for the This document defines the "Bearer" authentication scheme for the
Session Initiation Protocol (SIP), and a mechanism by which user Session Initiation Protocol (SIP), and a mechanism by which user
authentication and SIP registration authorization is delegated to a authentication and SIP registration authorization is delegated to a
third party, using the OAuth 2.0 framework and OpenID Connect Core third party, using the OAuth 2.0 framework and OpenID Connect Core
1.0. This document updates RFC 3261 to provide guidance on how a SIP 1.0. This document updates RFC 3261 to provide guidance on how a SIP
User Agent Client (UAC) responds to a SIP 401/407 response that User Agent Client (UAC) responds to a SIP 401/407 response that
contains multiple WWW-Authenticate/Proxy-Authenticate header fields. contains multiple WWW-Authenticate/Proxy-Authenticate header fields.
skipping to change at page 2, line 16 skipping to change at page 2, line 16
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. SIP User Agent Types . . . . . . . . . . . . . . . . . . 3 1.2. SIP User Agent Types . . . . . . . . . . . . . . . . . . 3
1.3. Token Types . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Token Formats . . . . . . . . . . . . . . . . . . . . . . 3
1.4. Example Flows . . . . . . . . . . . . . . . . . . . . . . 4 1.4. Example Flows . . . . . . . . . . . . . . . . . . . . . . 4
1.4.1. Registration . . . . . . . . . . . . . . . . . . . . 4 1.4.1. Registration . . . . . . . . . . . . . . . . . . . . 4
1.4.2. Registration with Preconfigured AS . . . . . . . . . 5 1.4.2. Registration with Preconfigured AS . . . . . . . . . 5
2. SIP Procedures . . . . . . . . . . . . . . . . . . . . . . . 7 2. SIP Procedures . . . . . . . . . . . . . . . . . . . . . . . 7
2.1. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 7 2.1. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 7
2.1.1. Obtaining Tokens and Responding to Challenges . . . . 7 2.1.1. Obtaining Tokens and Responding to Challenges . . . . 7
2.1.2. Protecting the Access Token . . . . . . . . . . . . . 8 2.1.2. Protecting the Access Token . . . . . . . . . . . . . 8
2.1.3. REGISTER Request . . . . . . . . . . . . . . . . . . 8 2.1.3. REGISTER Request . . . . . . . . . . . . . . . . . . 8
2.1.4. Non-REGISTER Request . . . . . . . . . . . . . . . . 8 2.1.4. Non-REGISTER Request . . . . . . . . . . . . . . . . 8
2.2. UAS and Registrar Behavior . . . . . . . . . . . . . . . 9 2.2. UAS and Registrar Behavior . . . . . . . . . . . . . . . 9
skipping to change at page 3, line 42 skipping to change at page 3, line 42
the confidentiality of the user credentials and any tokens the confidentiality of the user credentials and any tokens
obtained using these user credentials. obtained using these user credentials.
* Public User Agent: a SIP UAC that is incapable of maintaining the * Public User Agent: a SIP UAC that is incapable of maintaining the
confidentiality of the user credentials and any obtained tokens. confidentiality of the user credentials and any obtained tokens.
The mechanism defined in this document MUST only be used with The mechanism defined in this document MUST only be used with
Confidential User Agents, as the UAC is expected to obtain and Confidential User Agents, as the UAC is expected to obtain and
maintain tokens to be able to access the SIP network. maintain tokens to be able to access the SIP network.
1.3. Token Types 1.3. Token Formats
There are two types of tokens that might be used with this Tokens can be represented in two different formats:
specification:
* Structured Token: a token that consists of a structured object * Structured Token: a token that consists of a structured object
that contains the claims associated with the token, e.g. JWT as that contains the claims associated with the token, e.g. JWT as
defined in [RFC7519]. defined in [RFC7519].
* Reference Token: a token that consists of a random string that is * Reference Token: a token that consists of a random string that is
used to obtain the details of the token and its associated claims, used to obtain the details of the token and its associated claims,
as defined in [RFC6749]. as defined in [RFC6749].
Access Tokens could be represnetd in one of the above two formats.
Refresh Tokens usualy are represented in a reference format, as this
token is consumed only the AS that issued the token. ID Token is
defined as a structured token in the form of a JWT.
1.4. Example Flows 1.4. Example Flows
1.4.1. Registration 1.4.1. Registration
Figure 1 below shows an example of a SIP registration, where the Figure 1 below shows an example of a SIP registration, where the
registrar informs the UAC about the authorization server from which registrar informs the UAC about the authorization server from which
the UAC can obtain an access token in a 401 response to the REGISTER the UAC can obtain an access token in a 401 response to the REGISTER
request. request.
UAC Registrar AS UAC Registrar AS
 End of changes. 5 change blocks. 
5 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/