Third party registration/group registration

Roy, Radhika R, ALCOO rrroy at ATT.COM
Tue Nov 28 11:51:57 EST 2000


Hi, Euchner:

Let me add a little more to clarify the definition of the "Third Party:"

"what I'm understanding as "3rd party registration" is something where an
arbitrary "H.323 entity" performs some kind of one-step bulk registration of
many endpoints at the GK."

I agree with this part of the definition of yours.

The next thing is the "role" of the "entity" that performs the "third party"
registration: The said entity (that performs the "role" of the third party)
should be completely OFF (or it should not have any more "role") once the
registration is done.

For example, my secretary does a registration on behalf of me, but the
secretary does not have any more role once the registration of mine is
performed. (Please also see how SIP allows the third party registration.)

If we agree with this definition of the "Third Party," we may then examine
what is being done by the H.323 GW or IWF.

It can be clearly seen that both H.323 GK and IWF remain an inherent part of
the whole process even after the registration is completed (as I explained
earlier). For example, both signaling and media MUST go through the GW, and
the signaling information must go via the IWF on behalf of those
endpoints/aliases.

So, the basic question is: Why do we call this as the "Third Party"
registration to start with?

[For security, we need help from you and others when we will start the work
for "SIP-H.323 Interworking" phase 2 that will include other complex issues
including security. Thanks for your ideas that will be useful for phase 2.]

Best regards,
Radhika


-----Original Message-----
From: Euchner Martin [mailto:Martin.Euchner at icn.siemens.de]
Sent: Tuesday, November 28, 2000 11:26 AM
To: Roy, Radhika R, ALCOO; Euchner Martin;
ITU-SG16 at mailbag.cps.INTEL.COM
Subject: AW: Third party registration/group registration


Radhika and others,

what I'm understanding as "3rd party registration" is something where an
arbitrary "H.323 entity" performs some kind of one-step bulk registration of
many endpoints at the GK. But how should this exactly work? Would the "H.323
entity" send out the bulk request whereas the terminals receive the
registration confirmation message each? Or would the "H.323 entity" act
somehow transparently in between the endpoints and the GK?

For Radhika's comment, please see my security bits below marked with meu:>
4. To make the matter more complicated as the security issue raised by
Euchner, there are two components:
1.      Authenticate the IWF for the signaling and
                meu:> This could be achieved without efforts using the
available H.235 security techniques, I would say. Here, the idea could be
that the IWF as an H.323 gateway performs machine authentication.
2.      Authenticate the endpoints for the media streams. I do not how the
security can be dealt on end-to-end basis for two different protocols
(H.323, SIP). (Am I right, Euchner?)
        Meu:> hmm, how should this work during the GK registration phase
when it is not yet clear which terminals and media streams will be in force?
        But the situation is probably not that hopeless as it looks like.
Roughly speaking, PKI might help here such that a single proxy registration
through the IWF authenticates not only the IWF itself but also each
individual device on an end-to-end basis. Of course, procedural description
is needed for this... In order to keep things simple for the time being,
lets leave the SIP stuff away for some further time and let's first figure
out how the H.323 case would work.

        However, following the discussion until now, it appears to me that
we all are talking not quite about the same scenario and various terms such
as gateways, IWFs, additive registration, proxys and other items have
already been mentioned.



Kind Regards

Martin Euchner.
-----------------------------------------------------------------------
| Dipl.-Inf.                     Phone: +49 89 722 55790
| Martin Euchner                 Fax  : +49 89 722 46841
| Siemens AG
| ICN M NT 5                     mailto:Martin.Euchner at icn.siemens.de
<mailto:Martin.Euchner at icn.siemens.de>
|                                mailto:martin.euchner at ties.itu.int
<mailto:martin.euchner at ties.itu.int>
| Hofmannstr. 51                 Intranet:
http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm
| D-81359 Muenchen               Internet: http://www.siemens.de
<http://www.siemens.de>
| __________________
| Germany
-----------------------------------------------------------------------


        -----Ursprüngliche Nachricht-----
        Von:    Roy, Radhika R, ALCOO [SMTP:rrroy at att.com]
        Gesendet am:    Dienstag, 28. November 2000 16:40
        An:     Euchner Martin; ITU-SG16 at mailbag.cps.INTEL.COM
        Betreff:        RE: Third party registration/group registration

        Hi, All:
        Let me ask some basic questions:
        1. Does H.323 define the "Third Party" in any context: Registration
or Call Control. If it is NOT, let us define what we mean by third party. In
this way, we can examine the basic definition and go from there.
        2. H.323 GW does registration on behalf many endpoints. However, an
H.323 GW
        is a monolithic one where RAS, Q.931, and H.245 are being dealt by
the same
        entity. That is, both signaling and media are terminated in the
H.323 GW.  So, can we call the registration by the H.323 GW as a third party
registration?
        3. SIP-H.323 IWF is dealing only with the signaling part while the
RTP media stream is going end-to-end. Can we call the registration of many
aliases by the IWF as the third party registration because the transport
address of the IWF is still being used for signaling in all situations?  4.
To make the matter more complicated as the security issue raised by Euchner,
there are two components: 1. Authenticate the IWF for the signaling and 2.
Authenticate the endpoints for the media streams. I do not how the security
can be dealt on end-to-end basis for two different protocols (H.323, SIP).
(Am I right, Euchner?)
        The last question that I have: What do we loose, if we do not use
the term "Third Party" registration for the IWF?
        Best regards,
        Radhika R. Roy
        AT&T

        -----Original Message-----
        From:   Euchner Martin [mailto:Martin.Euchner at ICN.SIEMENS.DE]
<mailto:[mailto:Martin.Euchner at ICN.SIEMENS.DE]>
        Sent:   Tuesday, November 28, 2000 6:26 AM
        To:     ITU-SG16 at MAILBAG.INTEL.COM
<mailto:ITU-SG16 at MAILBAG.INTEL.COM>
        Subject:        AW: Third party registration/group registration


        I'm not certain whether the term "3rd party registration" is really
clearly defined and described; although technically, there might be some
means to realize this.
        My understanding here is, that a third party which is probably not
actually involved in the call, registers one or more H.323 endpoints in one
step.
        An interesting question for security is: Who gets authenticated? How
does the 3rd party registration interact with the usual user-based
authentication?
        Thus, there is certainly some need for clarification and better
description.
        Kind Regards
        Martin Euchner.

-----------------------------------------------------------------------
        | Dipl.-Inf.                     Phone: +49 89 722 55790
        | Martin Euchner                 Fax  : +49 89 722 46841
        | Siemens AG
        | ICN M NT 5
mailto:Martin.Euchner at icn.siemens.de <mailto:Martin.Euchner at icn.siemens.de>
        <mailto:Martin.Euchner at icn.siemens.de
<mailto:Martin.Euchner at icn.siemens.de> >
        |                                mailto:martin.euchner at ties.itu.int
<mailto:martin.euchner at ties.itu.int>
        <mailto:martin.euchner at ties.itu.int
<mailto:martin.euchner at ties.itu.int> >
        | Hofmannstr. 51                 Intranet:

http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm
<http://intranet.icn.siemens.de/marketing/network_technology/security/pki.ht
m>
        | D-81359 Muenchen               Internet: http://www.siemens.de
<http://www.siemens.de>
        <http://www.siemens.de <http://www.siemens.de> >
        | __________________
        | Germany

-----------------------------------------------------------------------


        -----Ursprüngliche Nachricht-----
                Von:    Chris Wayman Purvis [SMTP:cwp at ISDN-COMMS.CO.UK]
<mailto:[SMTP:cwp at ISDN-COMMS.CO.UK]>
                Gesendet am:    Dienstag, 28. November 2000 10:36
                An:     ITU-SG16 at mailbag.cps.intel.com
<mailto:ITU-SG16 at mailbag.cps.intel.com>
                Betreff:        Re: Third party registration/group
registration

        All,
        Please please PLEASE can we have some more opinions on this
        important
        definition, though.  Charles and I simply disagree, and a wider pool
        of opinion
        is needed in order for consensus to be reached.  Although I disagree
        with
        Charles's view I am willing to espouse it if that's the way the
        majority of
        experts see things.  Without further input we'll simply go round in
circles.
        Charles, All,
        I believe the fundamental question about "third-partyness" in this
        context is
        what entity or entities will handle the H.225.0/Q.931 and or H.245
signalling.
        My understanding of the type of IWF you are talking about (at least,
        the way I
        would implement such a thing!) is that the IWF terminates all
        signalling, with
        RTP data going direct end to end.  So it is the entity that is
        performing the
        registration that will handle all signalling (namely what you in
        your
        SIP-centred way call and IWF and I in my H.323-centred way call a
gateway!).
        To me this is a fair definition of first-party.  The only thing the
        IWF is not
        terminating is (voice, video and application) data.  This does not
        make the
        registration third-party in my opinion.  There is no assumption (as
        far as I
        can remember, anyway) that H.323 entities have to handle their own
        RTP sessions
*       they are required only to exchange addresses to terminate these
sessions.

        Simple question: What is your definition of a "*true* H.323 entity"?
        In what
        sense is your gateway/IWF not a "*true* H.323 entity"?
        Additive registration is NOT third-party registration by my
definition.
        Regards,
        Chris

        "Agboh, Charles" wrote:
                >
                > Hi Chris,
                >
                > I see what you mean.  I think you are working under the
assumption
        that the
                > "..other H.323 entities" are *true* H.323 entites.   The
IWF may
        give the
                > impression that they are H.323 entities but it doesn't
mean they
        are.
                >
                > In this model, I am assuming that the "third-party" is
receving
        all
                > signalling from the GK whether it (the GK) is in DRC or
GRC mode.
                >
                > Q:  Do I really care if the "..other H.323 entities" are
*true*
        H.323
                > entities or not?     A GK probably couldn't say if  the
        "first-party" being
                > registered   (the entitry being registered as apposed to
the
        entity
                > receiving the registration) is a *true* H.323 entity or
not.
                > A:  It may be usefull.  A GK can invoke a special feature
if it
        can
                > differentiate.
                >
                > H.323v4 defines the additive registration feature, which
by your
        definition
                > is a third-party registration, right?  So how does the GK
know
        that the
                > "first-party" is a *true* H.323 entitry?
                >
                > Best Regards,
                > charles
                >
                > -----Original Message-----
                > From: Chris Wayman Purvis [mailto:cwp at isdn-comms.co.uk]
<mailto:[mailto:cwp at isdn-comms.co.uk]>
                > Sent: Monday, November 27, 2000 6:19 PM
                > To:   Agboh, Charles
                > Cc:   'ITU-SG16 at mailbag.cps.intel.com'
                > Subject:      Re: Third party registration/group
registration
                >
                > Charles,
                >
                        > > My undstanding of "third-party" registration is
the same as
        yours.   But,
                > in
                        > > some applications a registration by the IWF may
not be on its
        own behalf.
                > These two sentences contradict each other.  Please reread
my
        explanation of
                > my
                > understanding, as it is impossible for you to agree with
it and
        believe what
                > you have written in the second sentence above.
                > Unless I misunderstand your definition of an "IWF", which
I take
        to be
                > synonymous with a "gateway" as defined in the H.323 series
of
        standards.
                >
                        > > H.323v4 provides this feature (a way to bypass
the UDP packet
        size
                        > > limitation) for this same reason.
                        > >
                        > > Does it make sense to have this?, If no, then
why not?
                        > >
                        > >  SupportedProtocols ::= CHOICE
                        > > {
                        > >         nonStandardData
NonStandardParameter,
                        > >         h310
H310Caps,
                        > >         h320
H320Caps,
                        > >         h321
H321Caps,
                        > >         h322
H322Caps,
                        > >         h323
H323Caps,
                        > >         h324
H324Caps,
                        > >         voice
                        > >         .......,
                        > >                 SIP
SIPCaps
                        > > }
                > This may make sense (and is what I meant when I referred
to
                > "supportedPrefixes").  If this is a way forward that you
believe
        would be
                > useful for SIP gateways I would encourage you to write a
formal
        proposal to
                > an
                > ITU SG16 experts meeting on this basis.
                >
                > Regards,
                > Chris
                >
                        > > -----Original Message-----
                        > > From:       Chris Wayman Purvis
[mailto:cwp at isdn-comms.co.uk] <mailto:[mailto:cwp at isdn-comms.co.uk]>
                        > > Sent:       Monday, November 27, 2000 10:41 AM
                        > > To: Agboh, Charles
                        > > Cc: ITU-SG16 at mailbag.cps.intel.com
<mailto:ITU-SG16 at mailbag.cps.intel.com>
                        > > Subject:    Re: Third party registration/group
registration
                        > >
                        > > Charles,
                        > >
                        > > Wrong in my opinion, but I would hope other
experts would
        express their
                        > > opinions too!  The problem is I'm not sure
whether this is a
        question of
                        > > understanding or of detailed definition of the
phrase "third
        party" in
                > this
                        > > context.
                        > > My understanding of the phrase "third party
registration" would
        be one
                > H.323
                        > > entity registering at a gatekeeper on behalf of
other H.323
        entities.  My
                        > > understanding of the word "registration" of this
context is that
        it can
                > only
                        > > apply to H.323 entities.  In this context the
IWF can be
        considered to be
                > at
                        > > the extreme edge of the H.323 network, so any
"registration" it
        does is on
                        > > its
                        > > own behalf.
                        > > Maybe what you actually want is some equivalent
to the
        supportedPrefixes
                        > > that
                        > > arrived in version 2, for SIP gateways.
                        > > Whatever we agree you want, though, I think it
is worth trying
        to reach
                > some
                        > > consensus among experts in this group as to what
the phrase
        "third party"
                        > > means
                        > > in this context - as your understanding and mine
are clearly in
                        > > disagreement.
                        > >
                        > > Regards,
                        > > Chris
                        > >
                        > > "Agboh, Charles" wrote:
                                > > >
                                > > > Chris,
                                > > >
                                > > > There are applications where an IWF
can register an EP from
        one domain
                        > > into
                                > > > another.   This allows automatic
visibility of EP from one
        domain from
                                > > > another.  In this case the IWF is
registering not only itself
        but other
                        > > EPs.
                                > > > For this scenario, the third-party
entity is the IWF, right?
                                > > >
                                > > > regards,
                                > > >
                                > > > charles
                        > > --
                        > > Dr Chris Purvis-Development Manager
                        > > ISDN Communications Ltd, The Stable Block,
Ronans, Chavey Down
        Road
                        > > Winkfield Row, Berkshire.  RG42 6LY  ENGLAND
                        > > Phone: +44 1344 899 007
                        > > Fax:   +44 1344 899 001
                >
                > --
                > Dr Chris Purvis-Development Manager
                > ISDN Communications Ltd, The Stable Block, Ronans, Chavey
Down
        Road
                > Winkfield Row, Berkshire.  RG42 6LY  ENGLAND
                > Phone: +44 1344 899 007
                > Fax:   +44 1344 899 001

                --
        Dr Chris Purvis-Development Manager
        ISDN Communications Ltd, The Stable Block, Ronans, Chavey Down Road
        Winkfield Row, Berkshire.  RG42 6LY  ENGLAND
        Phone: +44 1344 899 007
        Fax:   +44 1344 899 001



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        For help on this mail list, send "HELP ITU-SG16" in a message to
        listserv at mailbag.intel.com <mailto:listserv at mailbag.intel.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        For help on this mail list, send "HELP ITU-SG16" in a message to
        listserv at mailbag.intel.com <mailto:listserv at mailbag.intel.com>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at mailbag.intel.com



More information about the sg16-avd mailing list