Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAML/SIP Profiles and Call Initiation

Published byLee Thompson Modified over 4 years ago

Similar presentations

Presentation on theme: "SAML/SIP Profiles and Call Initiation"— Presentation transcript:

1 SAML/SIP Profiles and Call Initiation
Douglas C. Sicker University of Colorado (Boulder)

2 Overview Objectives Background Proposed Architecture SAML/SIP
Future Work

3 Objective To create a videoconferencing model that is
User friendly Secure Session protocol agnostic Provides flexible PEP/PDP Model should support both SIP and H.323 The sooner the better (?)

4 Background Session Initiation Protocol (SIP)
A signaling protocol used for Locating endpoints Inviting them to a session Described in RFC 3261 (obsoletes RFC 2543) Some relevant drafts Role-based Authorization Requirements for the Session Initiation Protocol (draft-peterson-sipping-role-authz-00) Work in Progress Enhancements for Authenticated Identity Management in the Session Initiation Protocol (draft-ietf-sip-peterson-identity-01) Work in Progress

5 Proposed Solution Solution should be modular and flexibility
Based on 3 modular functions: Resource Registration (RR): allows a user to register within the local domain Resource Discovery (RD): allows a user to locate another user from within the same domain or another domain; exploit directory capabilities Call Initiation (CI): allows a user to setup a session with another user

6 Call Initiation Basic Objective:
Create an assertion by a local authorization service of attributes associated with an identity. Attributes describe the 'role' of the identity Facts about the principal corresponding to that identity Create a method of transmitting that assertion. Transfer a MIME body or a header Create a method of validating assertions. Design a flexible number of PDP and PEP

7 Call Initiation Who attaches the assertion?
UA versus AS/Proxy UA: Attractive to have intelligence at edge AS/Proxy: Some central control for federation decisions Solution: Proxy creates assertion, UA attaches it

8 SIP Bindings & Profiles for SAML
Means of carrying assertions Currently bindings and profiles are defined for SOAP-over-HTTP Work in progress to define bindings and profiles for SIP Two profiles are defined Artifact profile (pull model) Assertion profile (push model)

9 Future Work Complete SAML/SIP
Continue to define functionalities needed to use bindings & profiles Including behavior of the UA and proxy Clearly define nebulous areas of the architecture Creation of assertions Relationships among authentication server, location server, proxy …

Download ppt "SAML/SIP Profiles and Call Initiation"

Similar presentations

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com Internet Telecom Expo 2000 - September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.

Internet Telecom Expo September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
Service flows for overriding barring services Rocky Wang -- draft-rocky-sipping-override-barring-00.txt.

Service flows for overriding barring services Rocky Wang -- draft-rocky-sipping-override-barring-00.txt.
The Mobile Grid Concept Vicente Olmedo Technical University of Madrid.

The Mobile Grid Concept Vicente Olmedo Technical University of Madrid.
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt

Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
User Profile Framework draft-ietf-sipping-config-framework-00.txt Dan Petrie

User Profile Framework draft-ietf-sipping-config-framework-00.txt Dan Petrie
X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.

X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
ECS and LDAP Karen Krivaa Product Marketing Manager.

ECS and LDAP Karen Krivaa Product Marketing Manager.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

Similar presentations

Ads by Google