User identity

J. Peterson and C. Jennings in RFC 4474 define mechanisms and practices to assure the identity of the end user that originates a SIP request (does not cover identity for responses).

Their identity mechanism derives from the following principle:

If you can prove you are eligible to register in a domain under a particular address-of-record (AoR), then you are also proving that you are capable of receiving requests for that AoR
∴ when you place that AoR in the From header field of a SIP request other than a registration (e.g., INVITE), you are providing a ’return address’ where you can legitimately be reached.

adapted from [RFC 4474 ]

Introduces:

authentication service (at either a user agent or a proxy server) and
two new SIP headers, Identity & Identity-Info headers

Slide Notes

J. Peterson and C. Jennings, Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP), IETF, Network Working Group, RFC 4474, August 2006 http://tools.ietf.org/html/rfc4474 Links to an external site.

Transcript

[slide359] Here's a description about the method that RFC 4474 introduces to be able to do user identities. So now we can basically add an authentication service, and we added two new SIP headers, Identity and IdentityInfo.