RFC 8898

Third-Party Token-Based Authentication and Authorization for Session Initiation Protocol (SIP), September 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Updates:
RFC 3261
Authors:
R. Shekh-Yusef
C. Holmberg
V. Pascual
Stream:
IETF
Source:
sipcore (art)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8898

Discuss this RFC: Send questions or comments to sipcore@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP) and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader