SAML/SIP Profiles and Call Initiation

Slides:



Advertisements
Similar presentations
SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.
Advertisements

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
Internet Telecom Expo September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
Service flows for overriding barring services Rocky Wang -- draft-rocky-sipping-override-barring-00.txt.
The Mobile Grid Concept Vicente Olmedo Technical University of Madrid.
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
User Profile Framework draft-ietf-sipping-config-framework-00.txt Dan Petrie
X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
ECS and LDAP Karen Krivaa Product Marketing Manager.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat Supervisor: Dr. Rajan Shankaran.
Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Agenda Introduction to 3GPP Introduction to SIP IP Multimedia Subsystem Service Routing in IMS Implementation Conclusions.
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
T Next Generation Cellular Networks/ /YR Mobile Web Services T Next Generation Cellular Networks Yrjö Raivio 28916V.
SAML Conformance Sub-Group Report Face-to-face meeting August 29, 2001 Bob Griffin.
P2PSIP Charter Proposal Many people helped write this charter…
Identity Management Report By Jean Carreon and Marlon Gonzales.
An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
SAML 2.0: Federation Models, Use-Cases and Standards Roadmap
A Conference Gateway Supporting Interoperability Between SIP and H.323 Jiann-Min Ho (Presenter) Jia-Cheng Hu Information Networking Institute Peter Steenkiste.
An XML based Security Assertion Markup Language
1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.
7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.
Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:
1 Policy-based architecture. 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
1 © NOKIA FILENAMs.PPT/ DATE / NN AAA-SIP Requirements Current draft: draft-loughney-sip-aaa-req-00.txt draft-calhoun-sip-aaa-reqs-04.txt may not be updated.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
1 A mechanism for file directory with SIP draft-garcia-sipping-resource-sharing-framework-01.txt draft-garcia-sipping-resource-event-package-01.txt draft-garcia-sipping-resource-desc-pidf-00.txt.
Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.
The Session Initiation Protocol - SIP
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,
Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.
Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.
SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005
SIP for Grid networks Franco Callegati, Aldo Campi, Walter Cerroni
OGSA-WG Basic Profile Session #1 Security
Federation Systems, ADFS, & Shibboleth 2.0
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
Session Initiation Protocol (SIP)
Ron Shacham Henning Schulzrinne Srisakul Thakolsri Wolfgang Kellerer
Protocol Details from 3GPP TS
SIP Session Policies Volker Hilt
3GPP and SIP-AAA requirements
AAA Usage for IP Telephony with QoS
draft-ietf-stir-oob-02 Out of Band
Presentation transcript:

SAML/SIP Profiles and Call Initiation Douglas C. Sicker University of Colorado (Boulder) douglas.sicker@colorado.edu

Overview Objectives Background Proposed Architecture SAML/SIP Future Work

Objective To create a videoconferencing model that is User friendly Secure Session protocol agnostic Provides flexible PEP/PDP Model should support both SIP and H.323 The sooner the better (?)

Background Session Initiation Protocol (SIP) A signaling protocol used for Locating endpoints Inviting them to a session Described in RFC 3261 (obsoletes RFC 2543) Some relevant drafts Role-based Authorization Requirements for the Session Initiation Protocol (draft-peterson-sipping-role-authz-00) Work in Progress Enhancements for Authenticated Identity Management in the Session Initiation Protocol (draft-ietf-sip-peterson-identity-01) Work in Progress

Proposed Solution Solution should be modular and flexibility Based on 3 modular functions: Resource Registration (RR): allows a user to register within the local domain Resource Discovery (RD): allows a user to locate another user from within the same domain or another domain; exploit directory capabilities Call Initiation (CI): allows a user to setup a session with another user

Call Initiation Basic Objective: Create an assertion by a local authorization service of attributes associated with an identity. Attributes describe the 'role' of the identity Facts about the principal corresponding to that identity Create a method of transmitting that assertion. Transfer a MIME body or a header Create a method of validating assertions. Design a flexible number of PDP and PEP

Call Initiation Who attaches the assertion? UA versus AS/Proxy UA: Attractive to have intelligence at edge AS/Proxy: Some central control for federation decisions Solution: Proxy creates assertion, UA attaches it

SIP Bindings & Profiles for SAML Means of carrying assertions Currently bindings and profiles are defined for SOAP-over-HTTP Work in progress to define bindings and profiles for SIP Two profiles are defined Artifact profile (pull model) Assertion profile (push model)

Future Work Complete SAML/SIP Continue to define functionalities needed to use bindings & profiles Including behavior of the UA and proxy Clearly define nebulous areas of the architecture Creation of assertions Relationships among authentication server, location server, proxy …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.