Third party registration/group registration
Roy, Radhika R, ALCOO
rrroy at ATT.COM
Tue Nov 28 11:51:57 EST 2000
Hi, Euchner:
Let me add a little more to clarify the definition of the "Third Party:"
"what I'm understanding as "3rd party registration" is something where an
arbitrary "H.323 entity" performs some kind of one-step bulk registration of
many endpoints at the GK."
I agree with this part of the definition of yours.
The next thing is the "role" of the "entity" that performs the "third party"
registration: The said entity (that performs the "role" of the third party)
should be completely OFF (or it should not have any more "role") once the
registration is done.
For example, my secretary does a registration on behalf of me, but the
secretary does not have any more role once the registration of mine is
performed. (Please also see how SIP allows the third party registration.)
If we agree with this definition of the "Third Party," we may then examine
what is being done by the H.323 GW or IWF.
It can be clearly seen that both H.323 GK and IWF remain an inherent part of
the whole process even after the registration is completed (as I explained
earlier). For example, both signaling and media MUST go through the GW, and
the signaling information must go via the IWF on behalf of those
endpoints/aliases.
So, the basic question is: Why do we call this as the "Third Party"
registration to start with?
[For security, we need help from you and others when we will start the work
for "SIP-H.323 Interworking" phase 2 that will include other complex issues
including security. Thanks for your ideas that will be useful for phase 2.]
Best regards,
Radhika
-----Original Message-----
From: Euchner Martin [mailto:Martin.Euchner at icn.siemens.de]
Sent: Tuesday, November 28, 2000 11:26 AM
To: Roy, Radhika R, ALCOO; Euchner Martin;
ITU-SG16 at mailbag.cps.INTEL.COM
Subject: AW: Third party registration/group registration
Radhika and others,
what I'm understanding as "3rd party registration" is something where an
arbitrary "H.323 entity" performs some kind of one-step bulk registration of
many endpoints at the GK. But how should this exactly work? Would the "H.323
entity" send out the bulk request whereas the terminals receive the
registration confirmation message each? Or would the "H.323 entity" act
somehow transparently in between the endpoints and the GK?
For Radhika's comment, please see my security bits below marked with meu:>
4. To make the matter more complicated as the security issue raised by
Euchner, there are two components:
1. Authenticate the IWF for the signaling and
meu:> This could be achieved without efforts using the
available H.235 security techniques, I would say. Here, the idea could be
that the IWF as an H.323 gateway performs machine authentication.
2. Authenticate the endpoints for the media streams. I do not how the
security can be dealt on end-to-end basis for two different protocols
(H.323, SIP). (Am I right, Euchner?)
Meu:> hmm, how should this work during the GK registration phase
when it is not yet clear which terminals and media streams will be in force?
But the situation is probably not that hopeless as it looks like.
Roughly speaking, PKI might help here such that a single proxy registration
through the IWF authenticates not only the IWF itself but also each
individual device on an end-to-end basis. Of course, procedural description
is needed for this... In order to keep things simple for the time being,
lets leave the SIP stuff away for some further time and let's first figure
out how the H.323 case would work.
However, following the discussion until now, it appears to me that
we all are talking not quite about the same scenario and various terms such
as gateways, IWFs, additive registration, proxys and other items have
already been mentioned.
Kind Regards
Martin Euchner.
-----------------------------------------------------------------------
| Dipl.-Inf. Phone: +49 89 722 55790
| Martin Euchner Fax : +49 89 722 46841
| Siemens AG
| ICN M NT 5 mailto:Martin.Euchner at icn.siemens.de
<mailto:Martin.Euchner at icn.siemens.de>
| mailto:martin.euchner at ties.itu.int
<mailto:martin.euchner at ties.itu.int>
| Hofmannstr. 51 Intranet:
http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm
| D-81359 Muenchen Internet: http://www.siemens.de
<http://www.siemens.de>
| __________________
| Germany
-----------------------------------------------------------------------
-----Ursprüngliche Nachricht-----
Von: Roy, Radhika R, ALCOO [SMTP:rrroy at att.com]
Gesendet am: Dienstag, 28. November 2000 16:40
An: Euchner Martin; ITU-SG16 at mailbag.cps.INTEL.COM
Betreff: RE: Third party registration/group registration
Hi, All:
Let me ask some basic questions:
1. Does H.323 define the "Third Party" in any context: Registration
or Call Control. If it is NOT, let us define what we mean by third party. In
this way, we can examine the basic definition and go from there.
2. H.323 GW does registration on behalf many endpoints. However, an
H.323 GW
is a monolithic one where RAS, Q.931, and H.245 are being dealt by
the same
entity. That is, both signaling and media are terminated in the
H.323 GW. So, can we call the registration by the H.323 GW as a third party
registration?
3. SIP-H.323 IWF is dealing only with the signaling part while the
RTP media stream is going end-to-end. Can we call the registration of many
aliases by the IWF as the third party registration because the transport
address of the IWF is still being used for signaling in all situations? 4.
To make the matter more complicated as the security issue raised by Euchner,
there are two components: 1. Authenticate the IWF for the signaling and 2.
Authenticate the endpoints for the media streams. I do not how the security
can be dealt on end-to-end basis for two different protocols (H.323, SIP).
(Am I right, Euchner?)
The last question that I have: What do we loose, if we do not use
the term "Third Party" registration for the IWF?
Best regards,
Radhika R. Roy
AT&T
-----Original Message-----
From: Euchner Martin [mailto:Martin.Euchner at ICN.SIEMENS.DE]
<mailto:[mailto:Martin.Euchner at ICN.SIEMENS.DE]>
Sent: Tuesday, November 28, 2000 6:26 AM
To: ITU-SG16 at MAILBAG.INTEL.COM
<mailto:ITU-SG16 at MAILBAG.INTEL.COM>
Subject: AW: Third party registration/group registration
I'm not certain whether the term "3rd party registration" is really
clearly defined and described; although technically, there might be some
means to realize this.
My understanding here is, that a third party which is probably not
actually involved in the call, registers one or more H.323 endpoints in one
step.
An interesting question for security is: Who gets authenticated? How
does the 3rd party registration interact with the usual user-based
authentication?
Thus, there is certainly some need for clarification and better
description.
Kind Regards
Martin Euchner.
-----------------------------------------------------------------------
| Dipl.-Inf. Phone: +49 89 722 55790
| Martin Euchner Fax : +49 89 722 46841
| Siemens AG
| ICN M NT 5
mailto:Martin.Euchner at icn.siemens.de <mailto:Martin.Euchner at icn.siemens.de>
<mailto:Martin.Euchner at icn.siemens.de
<mailto:Martin.Euchner at icn.siemens.de> >
| mailto:martin.euchner at ties.itu.int
<mailto:martin.euchner at ties.itu.int>
<mailto:martin.euchner at ties.itu.int
<mailto:martin.euchner at ties.itu.int> >
| Hofmannstr. 51 Intranet:
http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm
<http://intranet.icn.siemens.de/marketing/network_technology/security/pki.ht
m>
| D-81359 Muenchen Internet: http://www.siemens.de
<http://www.siemens.de>
<http://www.siemens.de <http://www.siemens.de> >
| __________________
| Germany
-----------------------------------------------------------------------
-----Ursprüngliche Nachricht-----
Von: Chris Wayman Purvis [SMTP:cwp at ISDN-COMMS.CO.UK]
<mailto:[SMTP:cwp at ISDN-COMMS.CO.UK]>
Gesendet am: Dienstag, 28. November 2000 10:36
An: ITU-SG16 at mailbag.cps.intel.com
<mailto:ITU-SG16 at mailbag.cps.intel.com>
Betreff: Re: Third party registration/group
registration
All,
Please please PLEASE can we have some more opinions on this
important
definition, though. Charles and I simply disagree, and a wider pool
of opinion
is needed in order for consensus to be reached. Although I disagree
with
Charles's view I am willing to espouse it if that's the way the
majority of
experts see things. Without further input we'll simply go round in
circles.
Charles, All,
I believe the fundamental question about "third-partyness" in this
context is
what entity or entities will handle the H.225.0/Q.931 and or H.245
signalling.
My understanding of the type of IWF you are talking about (at least,
the way I
would implement such a thing!) is that the IWF terminates all
signalling, with
RTP data going direct end to end. So it is the entity that is
performing the
registration that will handle all signalling (namely what you in
your
SIP-centred way call and IWF and I in my H.323-centred way call a
gateway!).
To me this is a fair definition of first-party. The only thing the
IWF is not
terminating is (voice, video and application) data. This does not
make the
registration third-party in my opinion. There is no assumption (as
far as I
can remember, anyway) that H.323 entities have to handle their own
RTP sessions
* they are required only to exchange addresses to terminate these
sessions.
Simple question: What is your definition of a "*true* H.323 entity"?
In what
sense is your gateway/IWF not a "*true* H.323 entity"?
Additive registration is NOT third-party registration by my
definition.
Regards,
Chris
"Agboh, Charles" wrote:
>
> Hi Chris,
>
> I see what you mean. I think you are working under the
assumption
that the
> "..other H.323 entities" are *true* H.323 entites. The
IWF may
give the
> impression that they are H.323 entities but it doesn't
mean they
are.
>
> In this model, I am assuming that the "third-party" is
receving
all
> signalling from the GK whether it (the GK) is in DRC or
GRC mode.
>
> Q: Do I really care if the "..other H.323 entities" are
*true*
H.323
> entities or not? A GK probably couldn't say if the
"first-party" being
> registered (the entitry being registered as apposed to
the
entity
> receiving the registration) is a *true* H.323 entity or
not.
> A: It may be usefull. A GK can invoke a special feature
if it
can
> differentiate.
>
> H.323v4 defines the additive registration feature, which
by your
definition
> is a third-party registration, right? So how does the GK
know
that the
> "first-party" is a *true* H.323 entitry?
>
> Best Regards,
> charles
>
> -----Original Message-----
> From: Chris Wayman Purvis [mailto:cwp at isdn-comms.co.uk]
<mailto:[mailto:cwp at isdn-comms.co.uk]>
> Sent: Monday, November 27, 2000 6:19 PM
> To: Agboh, Charles
> Cc: 'ITU-SG16 at mailbag.cps.intel.com'
> Subject: Re: Third party registration/group
registration
>
> Charles,
>
> > My undstanding of "third-party" registration is
the same as
yours. But,
> in
> > some applications a registration by the IWF may
not be on its
own behalf.
> These two sentences contradict each other. Please reread
my
explanation of
> my
> understanding, as it is impossible for you to agree with
it and
believe what
> you have written in the second sentence above.
> Unless I misunderstand your definition of an "IWF", which
I take
to be
> synonymous with a "gateway" as defined in the H.323 series
of
standards.
>
> > H.323v4 provides this feature (a way to bypass
the UDP packet
size
> > limitation) for this same reason.
> >
> > Does it make sense to have this?, If no, then
why not?
> >
> > SupportedProtocols ::= CHOICE
> > {
> > nonStandardData
NonStandardParameter,
> > h310
H310Caps,
> > h320
H320Caps,
> > h321
H321Caps,
> > h322
H322Caps,
> > h323
H323Caps,
> > h324
H324Caps,
> > voice
> > .......,
> > SIP
SIPCaps
> > }
> This may make sense (and is what I meant when I referred
to
> "supportedPrefixes"). If this is a way forward that you
believe
would be
> useful for SIP gateways I would encourage you to write a
formal
proposal to
> an
> ITU SG16 experts meeting on this basis.
>
> Regards,
> Chris
>
> > -----Original Message-----
> > From: Chris Wayman Purvis
[mailto:cwp at isdn-comms.co.uk] <mailto:[mailto:cwp at isdn-comms.co.uk]>
> > Sent: Monday, November 27, 2000 10:41 AM
> > To: Agboh, Charles
> > Cc: ITU-SG16 at mailbag.cps.intel.com
<mailto:ITU-SG16 at mailbag.cps.intel.com>
> > Subject: Re: Third party registration/group
registration
> >
> > Charles,
> >
> > Wrong in my opinion, but I would hope other
experts would
express their
> > opinions too! The problem is I'm not sure
whether this is a
question of
> > understanding or of detailed definition of the
phrase "third
party" in
> this
> > context.
> > My understanding of the phrase "third party
registration" would
be one
> H.323
> > entity registering at a gatekeeper on behalf of
other H.323
entities. My
> > understanding of the word "registration" of this
context is that
it can
> only
> > apply to H.323 entities. In this context the
IWF can be
considered to be
> at
> > the extreme edge of the H.323 network, so any
"registration" it
does is on
> > its
> > own behalf.
> > Maybe what you actually want is some equivalent
to the
supportedPrefixes
> > that
> > arrived in version 2, for SIP gateways.
> > Whatever we agree you want, though, I think it
is worth trying
to reach
> some
> > consensus among experts in this group as to what
the phrase
"third party"
> > means
> > in this context - as your understanding and mine
are clearly in
> > disagreement.
> >
> > Regards,
> > Chris
> >
> > "Agboh, Charles" wrote:
> > >
> > > Chris,
> > >
> > > There are applications where an IWF
can register an EP from
one domain
> > into
> > > another. This allows automatic
visibility of EP from one
domain from
> > > another. In this case the IWF is
registering not only itself
but other
> > EPs.
> > > For this scenario, the third-party
entity is the IWF, right?
> > >
> > > regards,
> > >
> > > charles
> > --
> > Dr Chris Purvis-Development Manager
> > ISDN Communications Ltd, The Stable Block,
Ronans, Chavey Down
Road
> > Winkfield Row, Berkshire. RG42 6LY ENGLAND
> > Phone: +44 1344 899 007
> > Fax: +44 1344 899 001
>
> --
> Dr Chris Purvis-Development Manager
> ISDN Communications Ltd, The Stable Block, Ronans, Chavey
Down
Road
> Winkfield Row, Berkshire. RG42 6LY ENGLAND
> Phone: +44 1344 899 007
> Fax: +44 1344 899 001
--
Dr Chris Purvis-Development Manager
ISDN Communications Ltd, The Stable Block, Ronans, Chavey Down Road
Winkfield Row, Berkshire. RG42 6LY ENGLAND
Phone: +44 1344 899 007
Fax: +44 1344 899 001
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at mailbag.intel.com <mailto:listserv at mailbag.intel.com>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at mailbag.intel.com <mailto:listserv at mailbag.intel.com>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at mailbag.intel.com
More information about the sg16-avd
mailing list