Hi Guys,
i have a doubt about User-to-User Authentication.
if an UAS wants to challenge any request from peer, i belive it can send a
401 Unauthorized response with a WWW-Authenticate header.
once UAC had add its credentials in the next request, how do a UAS
verifies it.
tipically, UAC generates credentials with its username and password which
is known only for UAC and Registrar/Proxy.
but how do a UAS, being an UA verify whether the credentials supplied are
correct.
INVITE
UAC --------------------> UAS
401 Unauthorized (with WWW-Authenticate header)
UAC <--------------------UAS
INVITE (with credentials in Authorization header)
UAC -----------------------> UAS
Now, how do UAS verifies the credentials and authenticate
request.
i belive, the username and password cannot be shared with the other UAs.
can anybody throw some light on this?? Is anything wrong in my
understanding?
Is there any standards (rfc) which talk about User-to-User Authentication
?
i would appreciate any information you can provide on this issue.
Thanks
Anish
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
