[SIPForum-techwg] Feedback on bootstrapping

Henning Schulzrinne hgs at cs.columbia.edu
Sun Sep 28 10:50:32 EDT 2008 

I'm not sure I agree. While it may be possible to extract the common  
consumer case (get user name and password via a web sign up) out of  
the document, this seems far from easy.

I'd like to see a crisp description how the SIP digest fields, for  
example, are populated. This seems to be a source of continuing  
confusion. Section 5.3.1 is exceedingly vague in this regard.

Henning

On Sep 26, 2008, at 7:18 PM, Sumanth Channabasappa wrote:

> Folks,
>
> Martin and I discussed the action item regarding the support for
> bootstrapping within the SIP configuration framework
> (http://tools.ietf.org/html/draft-ietf-sipping-config-framework-15).
>
> Based on previous discussions, the understanding is that bootstrapping
> involves two aspects:
> A. How does the client figure out where it needs to go for initial
> configuration?
> B. How is it provided with identities and credentials for initial
> authentication and authorization, if required?
>
>
> The SIP configuration framework currently includes text to address the
> above, but stops short of mandating or recommending specific  
> solutions.
>
> Section 5.3.1 of the document provides various ways in which a client
> can be bootstrapped with identities and credentials: pre- 
> configuration,
> out-of-band, end-user-interface as well as using the framework. Within
> each of these options it provides some guidance, e.g., one can use X. 
> 509
> certificates for identifying the client requesting initial  
> configuration
> (without pre-configuration when a PKI is used) or an end-user can
> provide the necessary information. These methods can be used for  
> both A
> and B, above.
>
> Additionally, it also provides sample scenarios on a per-profile  
> basis.
> For example, the local-network profile in Section 5.1.4.1 allows for  
> the
> device to obtain a domain name via DHCP. This can be helpful in the  
> case
> of enterprise clients where the DHCP server can be influenced by the
> service provider. Once this is obtained, the resulting configuration  
> can
> provide all the other details.
>
> Martin and I agree that given the scope of the SIP configuration
> framework, this is sufficient guidance. Implementations are going to  
> use
> one or more of the proposed methods, and the framework will support  
> it.
> We validated this by discussing a few planned deployments (that we are
> aware of) and the framework meets the needs of the scenarios we came  
> up
> with.
>
> ---
>
> In addition to what Martin and I discussed, this group can potentially
> take the guidelines within the framework and create a subset of
> procedures for reasons such as interoperability. This would be
> independent of the action item we took.
>
> We can discuss both the summary, and other related work on Monday.
>
> Thanks!
> - S
>
>
>
>
>
>
> _______________________________________________
> techwg mailing list
> Send mail to: techwg at sipforum.org
> Unsubscribe or edit options at:  http://sipforum.org/mailman/listinfo/techwg

More information about the techwg mailing list