[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sipping] I-D on service identification now available

To: Markus.Isomaki at nokia.com
Subject: Re: [Sipping] I-D on service identification now available
From: Jonathan Rosenberg <jdrosen at cisco.com>
Date: Wed, 09 May 2007 12:08:35 -0400
Authentication-results: sj-dkim-8; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim8002 verified; );
Cc: sipping at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=5262; t=1178726918; x=1179590918; c=relaxed/simple; s=sjdkim8002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20Re=3A=20[Sipping]=20I-D=20on=20service=20identification=20now =20available |Sender:=20; bh=iQh/zceo9qEt3V9GPiNNqQTrKUGVq4BEN8B71ryLsZc=; b=NRB0y75TsNSknS/JDVQm5ziOxKWUeEp84RdCFkqDK9sNLpIY/eSdib8yBpgIFGOSvceMM/aC 8R0SexYzzJmXYV2BZO76gb3TSX+HAEH4eMl6w1lihjlgRzqLzx7A3sw6;
In-reply-to: <C84E0A4ABA6DD74DA5221E0833A35DF309A7564A@esebe101.NOE.Nokia.com>
List-help: <mailto:sipping-request@ietf.org?subject=help>
List-id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-post: <mailto:sipping@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
References: <463F56D9.4080408@cisco.com> <C84E0A4ABA6DD74DA5221E0833A35DF309A7564A@esebe101.NOE.Nokia.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511

This is a very good question, Markus.

Firstly, as you indicate, for these types of services, only the called domain can ascertain what the service is. Interestingly, it is in exactly these cases that the calling domain is not actually providing the service. This raises interesting questions, like, does it even make sense for an originating domain to *authorize* the access of a service that it is not even providing?

Clearly, though, some of the things we'd want to do based on knowledge of the service, do make sense in the calling domain. One clear one is QoS authorization. I think the right answer there is that the SIP signaling would be sent all the way to the terminating domain, which would then be able to make the service determination, and through something like policy server peering, communicate information back to the originating domain on the required QoS and whether it should be authorized or not. Such an approach has the benefit that it allows a terminating domain to offer whatever services it wants, without coordinating with the originating side, yet still allow service-based QOS authorization in the originating domain.

Thanks,
Jonathan R.

Markus.Isomaki at nokia.com wrote:

Hi Jonathan,
Thanks for putting this together.
One of the points that you make in the draft is that the SIP signaling
itself contains enough information on the "service", without the need
for an additional explicit identifier. In the IPTV vs. multimedia
conferencing case you suggest that it is the target URI that makes the
difference:
   IPTV vs. Multimedia Conferencing:  The two services in Section 4.1
      appear to have identical signaling.  They both involve audio and
      video streams, both of which are unidirectional.  Both might
      utilize the same codecs.  However, there is another important
      difference in the signaling - the target URI.  In the case of
      IPTV, the request is targeted at a media server or to a particular
      piece of content to be viewed.  In the case of multimedia
      conferencing, the target is a conference server.  The
      administrator of the domain can therefore examine the two Request-
      URI, and figure out whether it is targeted for a conference server
      or a content server, and use that to derive the service associated
      with the request.
This is all true. However, what if the caller and the server are in
different domains, and caller's domain wants to enforce some policy
based on what the service is. For instance the one that is explained in
the draft itself:
   Frequently, a network administrator will want to authorize whether a
   user is allowed to invoke a particular service.  Not all users will
   be authorized to use all services that are provided.  For example, a
   user may not be authorized to access IPTV services, whereas they are
   authorized to utilize multimedia processing.  A user might not be
   able to utilize a multiplayer gaming service, whereas they are
   authorized to utilize voice chat services.
Request-URI is totally opaque to the caller and caller's domain. Neither
of them can know without some further information, whether INVITE is
destined to IPTV session or a video conference.
I agree with all the problems that explicit identifiers cause, but how
to deal with this case.
Regards, Markus
-----Original Message----- From: ext Jonathan Rosenberg [mailto:jdrosen at cisco.com] Sent: 07 May, 2007 19:42 To: IETF Sipping List Subject: [Sipping] I-D on service identification now available

During the Prague IETF, we discussed producing a document that is an expository on the architectural principles behind service identification - what it means, why people want it, what the perils are. I've now finished this, and posted it. Until it appears, you can pick it up here:
http://www.jdrosen.net/papers/draft-rosenberg-sipping-service-i
dentification-02.txt
This is a complete rewrite of the previous document, following the outline I proposed in Prague.

Thanks, Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Cisco Fellow Parsippany, NJ 07054-2711 Cisco Systems jdrosen at cisco.com FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com

_______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors at cs.columbia.edu for questions on current sip Use sip at ietf.org for new developments of core SIP


--
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Cisco Fellow                                   Parsippany, NJ 07054-2711
Cisco Systems
jdrosen at cisco.com                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com


_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP

Follow-Ups:
- RE: [Sipping] I-D on service identification now available
  - From: Henry Sinnreich

References:
- [Sipping] I-D on service identification now available
  - From: Jonathan Rosenberg
- RE: [Sipping] I-D on service identification now available
  - From: Markus.Isomaki

Prev by Date: [Sipping] Comment on draft-haluska-sipping-directory-assistance-02.txt
Next by Date: Re: [Sipping] I-D on service identification now available
Previous by thread: Re: [Sipping] I-D on service identification now available
Next by thread: RE: [Sipping] I-D on service identification now available
Index(es):
- Date
- Thread