----- Mensaje original ----- De: Iñaki Baz Castillo ibc@aliax.net Fecha: Jueves, Diciembre 11, 2008 4:52 pm Asunto: Re: [Kamailio-Users] Kamalio Support for RFC 3323 " Privacy"
El Jueves, 11 de Diciembre de 2008, ingdavidcespedes@cable.net.co escribió:> SORRYYYYYYY, you were right. What i'm trying to say is that if the UA
insert the p-p-i and privacy headers, the proxy should understand
this and
do what I say above.
The user sends the request with: From: Anonymous sip:anonymous@XXXXXx P-Preferred-Identity: sip:alice@domain.com Privacy: id
Then the proxy knows who is by checking PPI header and could ask for credentiales. After it, the proxy would remove PPI before routing the request.
If the proxy sends the request to a trusted node, it could add PAI header: P-Asserted-Identity: sip:alice@domain.com Privacy: id
And the next element would remove it if it routes to an untrusted node/endpoint.
Agree with all that you say. Only that the "P-Preferred-Identity:" is optional. If it is not present, the proxy should add a predefined P-Asserted-Identity: header field, if it is going to send the request to a trusted node.
But as you can see, this implies different possible cases. So it would be very nice if we can do all of this using some module or something like that, don't you think so?
-- Iñaki Baz Castillo
Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
El Jueves, 11 de Diciembre de 2008, ingdavidcespedes@cable.net.co escribió:
Agree with all that you say. Only that the "P-Preferred-Identity:" is optional. If it is not present, the proxy should add a predefined P-Asserted-Identity: header field, if it is going to send the request to a trusted node.
Well, PPI is just used by the client if it wants to tell him proxy who he is (and doesn't want to indicate it in the From since theorically the From shouldn't be changed by the proxy).
But as you can see, this implies different possible cases. So it would be very nice if we can do all of this using some module or something like that, don't you think so?
I already implement this exactly behaviour by examining the PPI header instead of From when PPI is present. Perhaps you mean a specific module/functions for this task? Could you describe these functions?
Regards.
ingdavidcespedes@cable.net.co writes:
But as you can see, this implies different possible cases. So it would be very nice if we can do all of this using some module or something like that, don't you think so?
i'm using ppi and pai headers and have never thought that i need some module for that. kamailio scripting language as it is today, has been enough for me.
-- juha
On Friday 12 December 2008, Juha Heinanen wrote:
ingdavidcespedes@cable.net.co writes:
But as you can see, this implies different possible cases. So it would be very nice if we can do all of this using some module or something like that, don't you think so?
i'm using ppi and pai headers and have never thought that i need some module for that. kamailio scripting language as it is today, has been enough for me.
Hi Juha,
i agree. We also just use a sub-route in the script, that tries to get the identity from the auth, prefered or from user (if not anonymous), and set a AVP that is used in the script for example to later to set the asserted identity.
Cheers,
Henning
-
Henning Westerholt -
ingdavidcespedes@cable.net.co -
Iñaki Baz Castillo -
jh@tutpro.com