Search This Blog

Friday, December 28, 2007

A Document Format for Expressing Authorization Policies to Tackle Spam

Members of the IETF SIPPING Working Group have published an updated draft
defining SPIT authorization documents that use SAML. The problem of SPAM
for Internet Telephony (SPIT) is an imminent challenge and only the
combination of several techniques can provide a framework for dealing
with unwanted communication. The responsibility for filtering or blocking
calls can belong to different elements in the call flow and may depend
on various factors. This document defines an authorization based policy
language that allows end users to upload anti-SPIT policies to
intermediaries, such as SIP proxies. These policies mitigate unwanted SIP
communications. It extends the Common Policy authorization framework with
additional conditions and actions. The new conditions match a particular
Session Initiation Protocol (SIP) communication pattern based on a number
of attributes. The range of attributes includes information provided, for
example, by SIP itself, by the SIP identity mechanism, by information
carried within SAML assertions... A SPIT authorization document is an
XML document, formatted according to the schema defined in RFC 4745.
SPIT authorization documents inherit the MIME type of common policy
documents, application/auth-policy+xml. As described in RFC 4745, this
document is composed of rules which contain three parts -- conditions,
actions, and transformations. Each action or transformation, which is
also called a permission, has the property of being a positive grant to
the authorization server to perform the resulting actions, be it allow,
block etc . As a result, there is a well-defined mechanism for combining
actions and transformations obtained from several sources. This
mechanism therefore can be used to filter connection attempts thus
leading to effective SPIT prevention... Policies are XML documents that
are stored at a Proxy Server or a dedicated device. The Rule Maker
therefore needs to use a protocol to create, modify and delete the
authorization policies defined in this document. Such a protocol is
available with the Extensible Markup Language (XML) Configuration
Access Protocol (XCAP), per RFC 4825..." More Information See also SAML references: Click Here

No comments: