Hi, Euchner:
Let me add a little more to clarify the definition of the "Third Party:"
"what I'm understanding as "3rd party registration" is something where an arbitrary "H.323 entity" performs some kind of one-step bulk registration of many endpoints at the GK."
I agree with this part of the definition of yours.
The next thing is the "role" of the "entity" that performs the "third party" registration: The said entity (that performs the "role" of the third party) should be completely OFF (or it should not have any more "role") once the registration is done.
For example, my secretary does a registration on behalf of me, but the secretary does not have any more role once the registration of mine is performed. (Please also see how SIP allows the third party registration.)
If we agree with this definition of the "Third Party," we may then examine what is being done by the H.323 GW or IWF.
It can be clearly seen that both H.323 GK and IWF remain an inherent part of the whole process even after the registration is completed (as I explained earlier). For example, both signaling and media MUST go through the GW, and the signaling information must go via the IWF on behalf of those endpoints/aliases.
So, the basic question is: Why do we call this as the "Third Party" registration to start with?
[For security, we need help from you and others when we will start the work for "SIP-H.323 Interworking" phase 2 that will include other complex issues including security. Thanks for your ideas that will be useful for phase 2.]
Best regards, Radhika
-----Original Message----- From: Euchner Martin [mailto:Martin.Euchner@icn.siemens.de] Sent: Tuesday, November 28, 2000 11:26 AM To: Roy, Radhika R, ALCOO; Euchner Martin; ITU-SG16@mailbag.cps.INTEL.COM Subject: AW: Third party registration/group registration
Radhika and others,
what I'm understanding as "3rd party registration" is something where an arbitrary "H.323 entity" performs some kind of one-step bulk registration of many endpoints at the GK. But how should this exactly work? Would the "H.323 entity" send out the bulk request whereas the terminals receive the registration confirmation message each? Or would the "H.323 entity" act somehow transparently in between the endpoints and the GK?
For Radhika's comment, please see my security bits below marked with meu:> 4. To make the matter more complicated as the security issue raised by Euchner, there are two components: 1. Authenticate the IWF for the signaling and meu:> This could be achieved without efforts using the available H.235 security techniques, I would say. Here, the idea could be that the IWF as an H.323 gateway performs machine authentication. 2. Authenticate the endpoints for the media streams. I do not how the security can be dealt on end-to-end basis for two different protocols (H.323, SIP). (Am I right, Euchner?) Meu:> hmm, how should this work during the GK registration phase when it is not yet clear which terminals and media streams will be in force? But the situation is probably not that hopeless as it looks like. Roughly speaking, PKI might help here such that a single proxy registration through the IWF authenticates not only the IWF itself but also each individual device on an end-to-end basis. Of course, procedural description is needed for this... In order to keep things simple for the time being, lets leave the SIP stuff away for some further time and let's first figure out how the H.323 case would work.
However, following the discussion until now, it appears to me that we all are talking not quite about the same scenario and various terms such as gateways, IWFs, additive registration, proxys and other items have already been mentioned.
Kind Regards
Martin Euchner. ----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 722 55790 | Martin Euchner Fax : +49 89 722 46841 | Siemens AG | ICN M NT 5 mailto:Martin.Euchner@icn.siemens.de mailto:Martin.Euchner@icn.siemens.de | mailto:martin.euchner@ties.itu.int mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm | D-81359 Muenchen Internet: http://www.siemens.de http://www.siemens.de | __________________ | Germany -----------------------------------------------------------------------
-----Ursprüngliche Nachricht----- Von: Roy, Radhika R, ALCOO [SMTP:rrroy@att.com] Gesendet am: Dienstag, 28. November 2000 16:40 An: Euchner Martin; ITU-SG16@mailbag.cps.INTEL.COM Betreff: RE: Third party registration/group registration
Hi, All: Let me ask some basic questions: 1. Does H.323 define the "Third Party" in any context: Registration or Call Control. If it is NOT, let us define what we mean by third party. In this way, we can examine the basic definition and go from there. 2. H.323 GW does registration on behalf many endpoints. However, an H.323 GW is a monolithic one where RAS, Q.931, and H.245 are being dealt by the same entity. That is, both signaling and media are terminated in the H.323 GW. So, can we call the registration by the H.323 GW as a third party registration? 3. SIP-H.323 IWF is dealing only with the signaling part while the RTP media stream is going end-to-end. Can we call the registration of many aliases by the IWF as the third party registration because the transport address of the IWF is still being used for signaling in all situations? 4. To make the matter more complicated as the security issue raised by Euchner, there are two components: 1. Authenticate the IWF for the signaling and 2. Authenticate the endpoints for the media streams. I do not how the security can be dealt on end-to-end basis for two different protocols (H.323, SIP). (Am I right, Euchner?) The last question that I have: What do we loose, if we do not use the term "Third Party" registration for the IWF? Best regards, Radhika R. Roy AT&T
-----Original Message----- From: Euchner Martin [mailto:Martin.Euchner@ICN.SIEMENS.DE] mailto:[mailto:Martin.Euchner@ICN.SIEMENS.DE] Sent: Tuesday, November 28, 2000 6:26 AM To: ITU-SG16@MAILBAG.INTEL.COM mailto:ITU-SG16@MAILBAG.INTEL.COM Subject: AW: Third party registration/group registration
I'm not certain whether the term "3rd party registration" is really clearly defined and described; although technically, there might be some means to realize this. My understanding here is, that a third party which is probably not actually involved in the call, registers one or more H.323 endpoints in one step. An interesting question for security is: Who gets authenticated? How does the 3rd party registration interact with the usual user-based authentication? Thus, there is certainly some need for clarification and better description. Kind Regards Martin Euchner.
----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 722 55790 | Martin Euchner Fax : +49 89 722 46841 | Siemens AG | ICN M NT 5 mailto:Martin.Euchner@icn.siemens.de mailto:Martin.Euchner@icn.siemens.de <mailto:Martin.Euchner@icn.siemens.de mailto:Martin.Euchner@icn.siemens.de > | mailto:martin.euchner@ties.itu.int mailto:martin.euchner@ties.itu.int <mailto:martin.euchner@ties.itu.int mailto:martin.euchner@ties.itu.int > | Hofmannstr. 51 Intranet:
http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm http://intranet.icn.siemens.de/marketing/network_technology/security/pki.ht m | D-81359 Muenchen Internet: http://www.siemens.de http://www.siemens.de <http://www.siemens.de http://www.siemens.de > | __________________ | Germany
-----------------------------------------------------------------------
-----Ursprüngliche Nachricht----- Von: Chris Wayman Purvis [SMTP:cwp@ISDN-COMMS.CO.UK] mailto:[SMTP:cwp@ISDN-COMMS.CO.UK] Gesendet am: Dienstag, 28. November 2000 10:36 An: ITU-SG16@mailbag.cps.intel.com mailto:ITU-SG16@mailbag.cps.intel.com Betreff: Re: Third party registration/group registration
All, Please please PLEASE can we have some more opinions on this important definition, though. Charles and I simply disagree, and a wider pool of opinion is needed in order for consensus to be reached. Although I disagree with Charles's view I am willing to espouse it if that's the way the majority of experts see things. Without further input we'll simply go round in circles. Charles, All, I believe the fundamental question about "third-partyness" in this context is what entity or entities will handle the H.225.0/Q.931 and or H.245 signalling. My understanding of the type of IWF you are talking about (at least, the way I would implement such a thing!) is that the IWF terminates all signalling, with RTP data going direct end to end. So it is the entity that is performing the registration that will handle all signalling (namely what you in your SIP-centred way call and IWF and I in my H.323-centred way call a gateway!). To me this is a fair definition of first-party. The only thing the IWF is not terminating is (voice, video and application) data. This does not make the registration third-party in my opinion. There is no assumption (as far as I can remember, anyway) that H.323 entities have to handle their own RTP sessions * they are required only to exchange addresses to terminate these sessions.
Simple question: What is your definition of a "*true* H.323 entity"? In what sense is your gateway/IWF not a "*true* H.323 entity"? Additive registration is NOT third-party registration by my definition. Regards, Chris
"Agboh, Charles" wrote: > > Hi Chris, > > I see what you mean. I think you are working under the assumption that the > "..other H.323 entities" are *true* H.323 entites. The IWF may give the > impression that they are H.323 entities but it doesn't mean they are. > > In this model, I am assuming that the "third-party" is receving all > signalling from the GK whether it (the GK) is in DRC or GRC mode. > > Q: Do I really care if the "..other H.323 entities" are *true* H.323 > entities or not? A GK probably couldn't say if the "first-party" being > registered (the entitry being registered as apposed to the entity > receiving the registration) is a *true* H.323 entity or not. > A: It may be usefull. A GK can invoke a special feature if it can > differentiate. > > H.323v4 defines the additive registration feature, which by your definition > is a third-party registration, right? So how does the GK know that the > "first-party" is a *true* H.323 entitry? > > Best Regards, > charles > > -----Original Message----- > From: Chris Wayman Purvis [mailto:cwp@isdn-comms.co.uk] mailto:[mailto:cwp@isdn-comms.co.uk] > Sent: Monday, November 27, 2000 6:19 PM > To: Agboh, Charles > Cc: 'ITU-SG16@mailbag.cps.intel.com' > Subject: Re: Third party registration/group registration > > Charles, > > > My undstanding of "third-party" registration is the same as yours. But, > in > > some applications a registration by the IWF may not be on its own behalf. > These two sentences contradict each other. Please reread my explanation of > my > understanding, as it is impossible for you to agree with it and believe what > you have written in the second sentence above. > Unless I misunderstand your definition of an "IWF", which I take to be > synonymous with a "gateway" as defined in the H.323 series of standards. > > > H.323v4 provides this feature (a way to bypass the UDP packet size > > limitation) for this same reason. > > > > Does it make sense to have this?, If no, then why not? > > > > SupportedProtocols ::= CHOICE > > { > > nonStandardData NonStandardParameter, > > h310 H310Caps, > > h320 H320Caps, > > h321 H321Caps, > > h322 H322Caps, > > h323 H323Caps, > > h324 H324Caps, > > voice > > ......., > > SIP SIPCaps > > } > This may make sense (and is what I meant when I referred to > "supportedPrefixes"). If this is a way forward that you believe would be > useful for SIP gateways I would encourage you to write a formal proposal to > an > ITU SG16 experts meeting on this basis. > > Regards, > Chris > > > -----Original Message----- > > From: Chris Wayman Purvis [mailto:cwp@isdn-comms.co.uk] mailto:[mailto:cwp@isdn-comms.co.uk] > > Sent: Monday, November 27, 2000 10:41 AM > > To: Agboh, Charles > > Cc: ITU-SG16@mailbag.cps.intel.com mailto:ITU-SG16@mailbag.cps.intel.com > > Subject: Re: Third party registration/group registration > > > > Charles, > > > > Wrong in my opinion, but I would hope other experts would express their > > opinions too! The problem is I'm not sure whether this is a question of > > understanding or of detailed definition of the phrase "third party" in > this > > context. > > My understanding of the phrase "third party registration" would be one > H.323 > > entity registering at a gatekeeper on behalf of other H.323 entities. My > > understanding of the word "registration" of this context is that it can > only > > apply to H.323 entities. In this context the IWF can be considered to be > at > > the extreme edge of the H.323 network, so any "registration" it does is on > > its > > own behalf. > > Maybe what you actually want is some equivalent to the supportedPrefixes > > that > > arrived in version 2, for SIP gateways. > > Whatever we agree you want, though, I think it is worth trying to reach > some > > consensus among experts in this group as to what the phrase "third party" > > means > > in this context - as your understanding and mine are clearly in > > disagreement. > > > > Regards, > > Chris > > > > "Agboh, Charles" wrote: > > > > > > Chris, > > > > > > There are applications where an IWF can register an EP from one domain > > into > > > another. This allows automatic visibility of EP from one domain from > > > another. In this case the IWF is registering not only itself but other > > EPs. > > > For this scenario, the third-party entity is the IWF, right? > > > > > > regards, > > > > > > charles > > -- > > Dr Chris Purvis-Development Manager > > ISDN Communications Ltd, The Stable Block, Ronans, Chavey Down Road > > Winkfield Row, Berkshire. RG42 6LY ENGLAND > > Phone: +44 1344 899 007 > > Fax: +44 1344 899 001 > > -- > Dr Chris Purvis-Development Manager > ISDN Communications Ltd, The Stable Block, Ronans, Chavey Down Road > Winkfield Row, Berkshire. RG42 6LY ENGLAND > Phone: +44 1344 899 007 > Fax: +44 1344 899 001
-- Dr Chris Purvis-Development Manager ISDN Communications Ltd, The Stable Block, Ronans, Chavey Down Road Winkfield Row, Berkshire. RG42 6LY ENGLAND Phone: +44 1344 899 007 Fax: +44 1344 899 001
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com mailto:listserv@mailbag.intel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com mailto:listserv@mailbag.intel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com