Date: | Friday, April 8, 2016 |
Location: | Buenos Aires, Argentina |
Area Director: | Alissa Cooper |
Chairs: | Adam Roach, Mo Zanaty |
Minutes: | Brian Rosen |
Presenter: | Chairs |
Slides: | https://www.ietf.org/proceedings/95/slides/slides-95-sipcore-0.pdf |
[Note: Order of discussion is reversed from the published agenda due to technical difficulties in remote participation]
Presenter: | Rifaat Shekh-Yusef |
Slides: | https://www.ietf.org/proceedings/95/slides/slides-95-sipcore-2.pdf |
Drafts: | draft-yusef-sipcore-sip-oauth |
Jon: Most of these use cases don't seem to be appropriate for OAuth
Christer: The first few [3GPP use cases] are the ones I care about
Jon: This look likes a rubber stamp of 3GPP actions. They decided on the solution, and asked IETF to rubber stamp it but I think requirements are better solved by other mechanisms.
Robert: I think we don't have good justification for doing it this way
Christer: We have a requirement to use OAuth for SSO across multiple platforms
Jon: This is a cultural difference between 3GPP and IETF: that's not a requirement. It's an implementation detail.
Andrew: 3GPP SA3 trying to glue WebRTC mechanisms to existing IMS mechanisms, and that's how we solved the problem
Jon: Not sure exactly how we marry WebRTC and SIP authentication mechanisms. That might be the start of a good requirements discussions.
Dan: Process question: has 3GPP already standardized this?
Christer: it's not frozen, these things can be changed.
Dan: So it is standardized.
Christer: But it references the IETF draft.
Andrew: Releases stabilize over time. It's not final yet and I don't know how many implementation exist already. Need to move quickly if we are to change. 3GPP has these release cycles that don't necessarily work with the IETF schedule/process.
Robert: This issue of OAuth came up before. SIPCORE asked for information, which never came. We asked again, nnd it never came. We asked again, and now it's too late. We need to understand what security assertions are being made and whether that is appropriate for a SIP environment.
Adam: And we need IETF security experts involved. This arrived as a mechanism draft, we didn't participate in the requirements phase.
Andrew: Yes there is a requirements phase in 3GPP which is very high level.
Jon: Need to Dispatch some requirements.
Robert: That would make a nice container to get communications back and forth.
Jon: alternative is 3GPP does what it wants itself and we don't rubber stamp.
Christer: 3GPP didn't come up with this mechanism. 3GPP found the [individual] OAuth draft, assumed it would move forward and used it.
Cullen: 3GPP knows how we work, knows the difference between individual and adopted drafts. I have heard of use cases of enterprise SSO sign on to phones. Get a bunch of folks who want to solve a problem, and DISPATCH it.
Chairs: We now have someone who can present the Happy Eyeballs draft, so we will cut off discussion around the OAuth document, and the chairs will decide how to proceed.
Presenter: | Olle Johansson (remote) |
Slides: | https://www.ietf.org/proceedings/95/slides/slides-95-sipcore-1.pdf |
Drafts: | draft-ietf-sipcore-dns-dual-stack |
Robert: are we just reaffirming the WGLC results (and agreeing on fixing the comments we got)?
Chairs: yes
Cullen: what does this change that requires an Update
Adam: changes how 3263 works
Robert: 3263 had incomplete guidance on what happens with multiple interfaces. The draft specifies how this work. I think it's good. Hoping today would be a discussion of any issues. Don't appear to me any.
Chairs: Any issues with the draft?
<none>