13 Jan
2015
13 Jan
'15
11:05 p.m.
I have been considering this for some time.
I think there should be a new auth_jwt module, probably based on auth_ephemeral (which is
similar in concept). For SIP over WebSockets this can then be used to authenticate the
client during the WebSocket handshake.
There should be a “Private Claim Name” defined to contain the identity of the
calling/registering party. This can be cached during the WebSocket handshake and then
used to valid the To-URI (REGISTER/PUBLISH) and From-URI (other requests without To-tags).
The “Expiration Time Claim” should be cached too.
auth_jwt should contain helper functions for checking URIs and whether the token is still
valid - similar to those in auth_ephemeral.
Regards,
Peter
—
Peter Dunkley
http://www.dunkley.me.uk/ <http://www.dunkley.me.uk/>
http://www.linkedin.com/in/pdunkley <http://www.linkedin.com/in/pdunkley>
On 13 Jan 2015, at 20:59, kamailio-sync
<notifications(a)github.com> wrote:
On 12 Jan 2015, at 21:34, mading087 <notifications(a)github.com> wrote:
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/29#issuecomment-69819723
It seems a good idea to support JWT as a new SIP
authorization method. Wonder if anyone is interested? Think auth_db would be the best spot
to add support for JWT.
Please check the work that is ongoing with OAuth - there is an IETF draft on
that.
/O
—
Reply to this email directly or view it on GitHub
<https://github.com/kamailio/kamailio/issues/29#issuecomment-69818698>.