[VOIPSEC] Thoughts about OpenID as a means for SIP identification?

[Chris Boulton]

Hi Dan - thanks for the note (I will certainly take a close look and
comment soon).  Just one small initial comment embedded below:

So Aswath's question is - could OpenID be used in the SIP message 
initiation process as a potential way to authenticate (or not) the
sender. 
 Aswath writes (and "OP" stands for "OpenID Provider"):

> The initiator of a session can include the validation response it 
received from OP to the 
> SIP INVITE message as a MIME encoded parameter. The recipient then can

use the 
> content of the parameter to authenticate it  with OP. If the initiator

did not include this 
> parameter, but the recipient prefers to authenticate the initiator,
the 
SIP protocol could 
> be extended so that the recipient can request the authentication 
information by sending
> an INFO message. 

[Chris Boulton] Yuck - All readers please strike using SIP INFO in this
way from there brains :-).

Chris.




Information contained in this e-mail and any attachments are intended for the use of the addressee only, and may contain confidential information of Ubiquity Software Corporation.  All unauthorized use, disclosure or distribution is strictly prohibited.  If you are not the addressee, please notify the sender immediately and destroy all copies of this email.  Unless otherwise expressly agreed in writing signed by an officer of Ubiquity Software Corporation, nothing in this communication shall be deemed to be legally binding.  Thank you.