Ben Campbell wrote:
>
> On Apr 9, 2008, at 11:53 AM, Michael Thomas wrote:
>>> RFC 4474 is a cross-domain authenticator.
>>>
>>> Use case:
>>>
>>> sip:[EMAIL PROTECTED] calls his voice mail provider's message
>>> retrieval box, sip:messages.example.net
>>>
>>> Since example.net trusts example.com's RFC 4474 assertions, the
>>> voicemail box at messages.example.net does not authenticate JoeBobs'
>>> request. Instead, it accepts on trust that example.com authenticated
>>> him, and plays out JoeBob's messages.
>>>
>>> This is AFAIK a valid use case for RFC 4474.
>>>
>>
>> It's a _valid_ use case, but is it a _real_ use case? That is, is there
>> anybody out there using cross realm credentials in that way? Even
>> cellular isn't handled in that way because my sim is still with my
>> home provider even if I've roamed...
>
> They don't now (or at least should not) because they don't have the
> tools for it. But if we give people a tool that appears to work for
> this purpose, we should expect them to use it for this purpose.
In the global scope of things, that's not completely true. You can use
certs and kerberos credentials cross realm theoretically, but the uptake
of that seems to be pretty minimal. What the real world seems to actually
think is useful is server certs and user passwords. Domain based federation
of sort-of-user-based credentials seems like a *very* big stretch.
Mike, not saying whether the real world is sensible
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
