SIPCORE IETF 95

Contents

Agenda, Status, and Summary

SIP OAuth

Locating SIP Servers in a Dual-Stack Network: Happy Eyeballs for SIP

Date: Friday, April 8, 2016
Location: Buenos Aires, Argentina
Area Director: Alissa Cooper
Chairs: Adam Roach, Mo Zanaty
Minutes: Brian Rosen

Agenda, Status, and Summary

Presenter: Chairs
Slides: https://www.ietf.org/proceedings/95/slides/slides-95-sipcore-0.pdf

[Note: Order of discussion is reversed from the published agenda due to technical difficulties in remote participation]

SIP OAuth

Presenter: Rifaat Shekh-Yusef
Slides: https://www.ietf.org/proceedings/95/slides/slides-95-sipcore-2.pdf
Drafts: draft-yusef-sipcore-sip-oauth

Jon: Most of these use cases don't seem to be appropriate for OAuth

Christer: The first few [3GPP use cases] are the ones I care about

Jon: This look likes a rubber stamp of 3GPP actions. They decided on the solution, and asked IETF to rubber stamp it but I think requirements are better solved by other mechanisms.

Robert: I think we don't have good justification for doing it this way

Christer: We have a requirement to use OAuth for SSO across multiple platforms

Jon: This is a cultural difference between 3GPP and IETF: that's not a requirement. It's an implementation detail.

Andrew: 3GPP SA3 trying to glue WebRTC mechanisms to existing IMS mechanisms, and that's how we solved the problem

Jon: Not sure exactly how we marry WebRTC and SIP authentication mechanisms. That might be the start of a good requirements discussions.

Dan: Process question: has 3GPP already standardized this?

Christer: it's not frozen, these things can be changed.

Dan: So it is standardized.

Christer: But it references the IETF draft.

Andrew: Releases stabilize over time. It's not final yet and I don't know how many implementation exist already. Need to move quickly if we are to change. 3GPP has these release cycles that don't necessarily work with the IETF schedule/process.

Robert: This issue of OAuth came up before. SIPCORE asked for information, which never came. We asked again, nnd it never came. We asked again, and now it's too late. We need to understand what security assertions are being made and whether that is appropriate for a SIP environment.

Adam: And we need IETF security experts involved. This arrived as a mechanism draft, we didn't participate in the requirements phase.

Andrew: Yes there is a requirements phase in 3GPP which is very high level.

Jon: Need to Dispatch some requirements.

Robert: That would make a nice container to get communications back and forth.

Jon: alternative is 3GPP does what it wants itself and we don't rubber stamp.

Christer: 3GPP didn't come up with this mechanism. 3GPP found the [individual] OAuth draft, assumed it would move forward and used it.

Cullen: 3GPP knows how we work, knows the difference between individual and adopted drafts. I have heard of use cases of enterprise SSO sign on to phones. Get a bunch of folks who want to solve a problem, and DISPATCH it.

Chairs: We now have someone who can present the Happy Eyeballs draft, so we will cut off discussion around the OAuth document, and the chairs will decide how to proceed.

Locating SIP Servers in a Dual-Stack Network: Happy Eyeballs for SIP

Presenter: Olle Johansson (remote)
Slides: https://www.ietf.org/proceedings/95/slides/slides-95-sipcore-1.pdf
Drafts: draft-ietf-sipcore-dns-dual-stack

Robert: are we just reaffirming the WGLC results (and agreeing on fixing the comments we got)?

Chairs: yes

Cullen: what does this change that requires an Update

Adam: changes how 3263 works

Robert: 3263 had incomplete guidance on what happens with multiple interfaces. The draft specifies how this work. I think it's good. Hoping today would be a discussion of any issues. Don't appear to me any.

Chairs: Any issues with the draft?

<none>