I don't see any specific application where an UA can verify other UA's credential. Generally Registrar or B2BUA or Proxy can have stored credential for their UA to verify those UA's credential.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anish George Sent: Thursday, August 10, 2006 6:51 AM To: [email protected] Subject: [Sip-implementors] User-to-User Authentication Hi Guys, i have a doubt about User-to-User Authentication. if an UAS wants to challenge any request from peer, i belive it can send a 401 Unauthorized response with a WWW-Authenticate header. once UAC had add its credentials in the next request, how do a UAS verifies it. tipically, UAC generates credentials with its username and password which is known only for UAC and Registrar/Proxy. but how do a UAS, being an UA verify whether the credentials supplied are correct. INVITE UAC --------------------> UAS 401 Unauthorized (with WWW-Authenticate header) UAC <--------------------UAS INVITE (with credentials in Authorization header) UAC -----------------------> UAS Now, how do UAS verifies the credentials and authenticate request. i belive, the username and password cannot be shared with the other UAs. can anybody throw some light on this?? Is anything wrong in my understanding? Is there any standards (rfc) which talk about User-to-User Authentication ? i would appreciate any information you can provide on this issue. Thanks Anish _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
