[Serusers] Distributing "OSP enable SER" binary file w/ source code

Jan Janak jan at iptel.org
Fri Aug 12 18:26:05 CEST 2005


In what form does the come come ? Did you implement it as a SER module
? If so then we can put it in the experimental branch in CVS. If you
made some changes to other modules or the core then it would be great if
you could generate patches against the latest development version.

  Jan.

On 12-08-2005 14:59, vmathur at transnexus.com wrote:
> Hernan,
> 
> OSP uses Public key based authentication and encrytion schemes, which are stronger than Radius's shared secrets. If you use OSP for authentication and authorization, you need not use Radius. OSP, just like Radius, has a client stack, which is implemented in the SER, and has a Server, which provides centralized call routing, accounting, and security. At the time of startup, the OSP server and the client, the SER in this case, exchange their public keys. The public and private keys can then be used to encode/decode messages as desired.
> 
> A typical call setup procedure looks like this
> 1. The source SER goes to the osp server to get the SIP URI corresopnding to the destination. The message is encoded using the source SER's private key.
> 2. The osp server decodes the message using source SERs public key and after successful decoding (authentication) returns the route back to the source. Along with the route, it also sends back a digitally signed (using the OSP Servers private key) token.
> 3. The Source uses the route returned by the OSP Srver to send an INVITE. The INVITE message contains the token issued by the OSP Server
> 4. The destination decodes/validates the token using the OSP Servers public key. Upon successful validation (authorization) it accepts the call.
> 
> This saves you the effort of mantaining cumbersome access lists for authentication. I can provide you with more documentatin on OSP and how to
> use SER with OSP if you wish
> 
> Thanks,
> Vikrant
> 
> -------------------------------------------------------------------------------------------------------------
> Fogive my ignorance for I have never heard of OSP before ;) You mentioned Radius in your message. How does Radius authentication work in OSP? I am having a tough time getting mine to work.
> 
> hernan
> 
> vmathur at transnexus.com wrote:
> Dear All,
> 
> I have recently implemented OSP w/ SER. OSP is an ETSI defined protocol, which I am using for ceneralised routing, and security of my inter-domain calls. The problem, however, is that the build process is a little lengthy. I want to contribute my implementation to this group so that anyone who is struggling with SER routing configurations or Radius authentication issues may benefit from it. I was, thus, wondering if we can have a binary file of the OSP enabled SER, that can be distributed with the source code. Does anyone have an opinion on this?
> 
> Also, for anyone who wants to check-out this implementation, I can provide more details.
> 
> Thanks,
> Vikrant
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
> 

> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list