RFC 3324 (rfc3324) - Page 2 of 11
Short Term Requirements for Network Asserted Identity
Alternative Format: Original Text Document
RFC 3324 Requirements for Network Asserted Identity November 2002
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1 Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Network Asserted Identity . . . . . . . . . . . . . . . . . . 3
2.3 Trust Domains . . . . . . . . . . . . . . . . . . . . . . . . 4
2.4 Spec(T) . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Generation of Networks Asserted Identity . . . . . . . . . . . 7
4. Transport of Network Asserted Identity . . . . . . . . . . . . 7
4.1 Sending of Networks Asserted Identity within a Trust Domain . 7
4.2 Receiving of Network Asserted Identity within a Trust Domain . 7
4.3 Sending of Network Asserted Identity to entities outside a
Trust Domain . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.4 Receiving of Network Asserted Identity by a node outside the
Trust Domain . . . . . . . . . . . . . . . . . . . . . . . . . 8
5. Parties with Network Asserted Identities . . . . . . . . . . . 8
6. Types of Network Asserted Identity . . . . . . . . . . . . . . 8
7. Privacy of Network Asserted Identity . . . . . . . . . . . . . 9
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10
Normative References . . . . . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 11
1. Introduction
SIP [1] allows users to assert their identity in a number of ways
e.g., using the From: header. However, there is no requirement for
these identities to be anything other than the users desired alias.
An authenticated identity of a user can be obtained using SIP Digest
Authentication (or by other means). However, UAs do not always have
the necessary key information to authenticate another UA.
A Network Asserted Identity is an identity initially derived by a SIP
network intermediary as a result of an authentication process. This
may or may not be based on SIP Digest authentication. This document
describes short term requirements for the exchange of Network
Asserted Identities within networks of securely interconnected
trusted nodes and also to User Agents with secure connections to such
networks.
Watson Informational