[Users] RE: [Serusers] Distributing "OSP enable SER" binary file w/ source code

Wed Dec 28 00:03:54 CET 2005

Hi,

After some hours around OpenOSP I did it to compile under FreeBSD ;)

So.. Next step was to try to find documentation about OpenOSP Server.
Problem iscould find much not to say anything. 
Everything I found is about the client and about openser and asterisk
modules. 

Can you provide me some sort of configuration for the server? 

I'm trying to using it with Openser 1.0.0 and my system is running Freebsd
6.0 

I had a hard time to get it under it as it request some changes in code and
also very old stuff, it is possible to have it cooworking with openldad 2.3
and a newer openssl an berkley db? 

So any information would be usefull as I can't figure out much with
documentation avaible I'm more insterested in OpenOSP Server side as I have
clear information about client side. 

Regards, 

Elton Machado

  _____  

De: serusers-bounces at iptel.org [mailto:serusers-bounces at iptel.org] Em nome
de vmathur at transnexus.com
Enviada: sexta-feira, 12 de Agosto de 2005 16:00
Para: hernan_gomez_1 at yahoo.com
Cc: serusers at iptel.org
Assunto: Re: [Serusers] Distributing "OSP enable SER" binary file w/ source
code

Hernan,

OSP uses Public key based authentication and encrytion schemes, which are
stronger than Radius's shared secrets. If you use OSP for authentication and
authorization, you need not use Radius. OSP, just like Radius, has a client
stack, which is implemented in the SER, and has a Server, which provides
centralized call routing, accounting, and security. At the time of startup,
the OSP server and the client, the SER in this case, exchange their public
keys. The public and private keys can then be used to encode/decode messages
as desired. 

A typical call setup procedure looks like this
1. The source SER goes to the osp server to get the SIP URI corresopnding to
the destination. The message is encoded using the source SER's private key.
2. The osp  server decodes the message using source SERs public key and
after successful decoding (authentication) returns the route back to the
source. Along with the route, it also sends back a digitally signed (using
the OSP Servers private key) token.
3. The Source uses the route returned by the OSP Srver to send an INVITE.
The INVITE message contains the token issued by the OSP Server 
4. The destination decodes/validates the token using the OSP Servers public
key. Upon successful validation (authorization) it accepts the call. 

This saves you the effort  of mantaining cumbersome access lists for
authentication. I can provide you with more documentatin on OSP and how to 
use SER with OSP if you wish

Thanks,
Vikrant

----------------------------------------------------------------------------
---------------------------------
Fogive my ignorance for I have never heard of OSP before ;) You mentioned
Radius in your message. How does Radius authentication work in OSP? I am
having a tough time getting mine to work. 

hernan

vmathur at transnexus.com wrote:

Dear All,

I have recently implemented OSP w/ SER. OSP is an ETSI defined protocol,
which I am using for ceneralised routing, and security of my inter-domain
calls. The problem, however, is that the build process is a little lengthy.
I want to contribute my implementation to this group so that anyone who is
struggling with SER routing configurations or Radius authentication issues
may benefit from it. I was, thus, wondering if we can have a binary file of
the OSP enabled SER, that can be distributed with the source code. Does
anyone have an opinion on this? 

Also, for anyone who wants to check-out this implementation, I can provide
more details.

Thanks,
Vikrant

_______________________________________________
Serusers mailing list
Serusers at iptel.org
http://mail.iptel.org/mailman/listinfo/serusers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051227/132b1118/attachment.htm>