RFC 3324 (rfc3324) - Page 2 of 11


Short Term Requirements for Network Asserted Identity



Alternative Format: Original Text Document



RFC 3324       Requirements for Network Asserted Identity  November 2002


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.1 Identity . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.2 Network Asserted Identity  . . . . . . . . . . . . . . . . . .  3
   2.3 Trust Domains  . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.4 Spec(T)  . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
   3.  Generation of Networks Asserted Identity . . . . . . . . . . .  7
   4.  Transport of Network Asserted Identity . . . . . . . . . . . .  7
   4.1 Sending of Networks Asserted Identity within a Trust Domain  .  7
   4.2 Receiving of Network Asserted Identity within a Trust Domain .  7
   4.3 Sending of Network Asserted Identity to entities outside a
       Trust Domain . . . . . . . . . . . . . . . . . . . . . . . . .  7
   4.4 Receiving of Network Asserted Identity by a node outside the
       Trust Domain . . . . . . . . . . . . . . . . . . . . . . . . .  8
   5.  Parties with Network Asserted Identities . . . . . . . . . . .  8
   6.  Types of Network Asserted Identity . . . . . . . . . . . . . .  8
   7.  Privacy of Network Asserted Identity . . . . . . . . . . . . .  9
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 10
       Normative References . . . . . . . . . . . . . . . . . . . . . 10
       Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10
       Full Copyright Statement . . . . . . . . . . . . . . . . . . . 11

1. Introduction

   SIP [1] allows users to assert their identity in a number of ways
   e.g., using the From: header.  However, there is no requirement for
   these identities to be anything other than the users desired alias.

   An authenticated identity of a user can be obtained using SIP Digest
   Authentication (or by other means).  However, UAs do not always have
   the necessary key information to authenticate another UA.

   A Network Asserted Identity is an identity initially derived by a SIP
   network intermediary as a result of an authentication process.  This
   may or may not be based on SIP Digest authentication.  This document
   describes short term requirements for the exchange of Network
   Asserted Identities within networks of securely interconnected
   trusted nodes and also to User Agents with secure connections to such
   networks.








Watson                       Informational