A Federated Model for Secure Web-Based Videoconferencing

Size: px
Start display at page:

Download "A Federated Model for Secure Web-Based Videoconferencing"

Transcription

1 A Federated Model for Secure Web-Based Videoconferencing Douglas C. Sicker, Ameet Kulkarni, Anand Chavali, and Mudassir Fajandar Interdisciplinary Telecommunications Dept. and Dept. of Computer Science University of Colorado at Boulder s: and Abstract This paper describes efforts underway within Internet2 to create a secure federated IP based videoconferencing model. The objective is to create an environment that is user-friendly, ensures user privacy, and simplifies user management. This model makes use of the Session Initiation Protocol (SIP) as the underlying session establishment protocol. Since the session can (and most often will) be between domains, securing the process will involve inter-realm authentication and authorization, which gives rise to host of issues such as user privacy and authorization granularity. To address this issue, we make use of a federated trust model for sharing resources based on Shibboleth and the Security Assertion Markup Language (SAML), an XML-based security standard that describes the format and exchange of authentication and authorization information, such as identity, attributes, and artifacts. 1. Introduction Videoconferencing has failed to become as ubiquitous as many had hoped and predicted. In recent times, the development of low rate video codecs, the proliferation of the Internet, the web, and personal computers, and the advent of high rate access technologies have reduced some of the obstacles contributing to this failure. However, there still are a number of fundamental problems with the use and operation of videoconferencing. For videoconferencing to be more ubiquitous, it needs to become easier to deploy, manage and use. It should also be secure, particularly as this relates to requirements of interrealm communications. The model should focus on security from its inception, rather than apply such functions as afterthoughts. Such a cross-domain authentication and authorization processes should satisfy certain requirements and not burden users of network administrators. In order to support a federated model, delegation is practiced with each network domain in control of the information of the users on its domain. This seconds the general practice of network administrators to keep local information within the domain and reduces administrative man-hours, maintenance and investment. Further, it minimizes the concerns of exposing or releasing information that might be viewed as private. The last requirement is that these processes be transparent to the user, needing as little action from the user as possible. The environment should be as easy to use and familiar as browsing the web. This paper is organized as follows: First we provide an overview of some relevant background material. Next, we describe our approach to solving this problem with a focus on the security required for such a model. This entails describing the necessary protocol changes, including extending SIP response messaging, revising client behavior, creating a new role for MIME, and specifying a new binding for SAML. Finally, we present our conclusions and future work Background In this section of the paper, we briefly describe some background material relevant to this research. 1 Sponsoring Agency: UCAID/Internet 2, Project Title: Supporting Research and Collaboration through Integrated Middleware, Proposal No.: B.

2 2.1. SIP SIP is a protocol used for locating end points, and subsequently establishing, maintaining and terminating sessions between these endpoints. It operates by exchanging request messages called methods and responses to these methods. A SIP network essentially consists of SIP user agents that initiate requests and servers that reply. While this is an oversimplification of SIP, a detailed explanation can be found in RFC [1] 2.2. Federation Network resources exist as islands, controlled and maintained by a network authority, typically a network administrator. This control of resources includes access control mechanisms in the form of authentication and authorization. A problem arises when someone from outside of a particular realm wishes to access a resource for which he/she has no authorization. Resources may be perceived as ranging from public to highly restricted, which suggests the need for granularity of access control. One means of providing this authorization is through the development of an agreement between the user and the realm in which the resource exists. The problem with this approach is that the network authority controlling the resource must now maintain information, such as a username and password, for each foreign user. This can quickly become a burden for the network authority as the number of foreign users increase. An alternative is to create a mutual agreement between realms, explicitly for the sharing of resources between realms. This is the federation, where access is controlled jointly by adopting certain trust agreements between realms. The user must trust the sharing of identifiable user information to access the remote resource. This raises several opportunities to exploit that user s privacy. An alternative would be to assert an attribute (e.g. authority level such as professor/researcher/student etc.) and have this attribute examined by the authority of the remote resource. The remote authority may examine the authenticity of this assertion and make a decision regarding access. The authority need not maintain a separate access control list for each remote user and the remote user is exposing less information about themselves across a network. A federated model brings together parties with common interest while offering them protection at different levels between themselves and from others SAML It is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. Assertions can convey information about authentication acts performed by subjects, attributes of subjects, and authorization decisions (already made) about whether subjects are allowed to access certain resources. The protocol, consisting of XML-based request and response message formats, can be bound to many different underlying communications and transport. SAML currently defines one binding, SOAP over HTTP. [2] We are presently working on developing a SIP binding and profile for SAML Shibboleth Shibboleth is an Internet2/MACE project that is developing architectures, frameworks, and practical technologies to support inter-institutional sharing of resources that are subject to access controls and is based on SAML. One difference between Shibboleth and other efforts in the access control arena is Shibboleth's emphasis on user privacy and control over information release. Shibboleth is a system for securely transferring attributes about a user from the user's origin site to a resource provider site. It assumes that users employ browsers and that the resources are accessible via standard browser technologies. Shibboleth is also a system for allowing user choice in what information gets released about the user and to which site. Thus, the job of balancing access and privacy lies ultimately with the user, where it belongs. An important element of the Shibboleth architecture is the component that releases information about users, it being the Attribute Authority (AA). Each origin site (i.e. a site with administrative authority over users who access resources at remote providers) has its own AA. The AA's job is to provide attributes about a user to a resource provider. But the AA also has the responsibility of providing a means for users to specify exactly which of their allowable attributes gets sent to each site they visit. The Handle Service (HS) is another component of SHIB that resides at the origin site. It is a web-based service that creates "handles" for attribute queries of a user without revealing the users identity thus guarding the user's privacy. This handle is then used to obtain the attributes of the user requesting access.

3 3. Our Solution The architecture of our proposed solution is based on three modular functions; resource registration, resource discovery and call initiation. Resource registration allows a user to register within the local domain. Resource discovery allows a user to locate other users from within the same domain as well as other domains. Call initiation allows a user to setup a session with another user. It is desirable for a solution to be modular, which necessitates that each of these three processes be independent of each other; meaning, for instance, that call initiation can take place without resource discovery. In order to preserve complete modularity in terms of all the three processes, it is necessary to protect each of these three processes separately. As with any diverse network, securing this service is difficult. It involves many trust boundaries (and relationships), many modes of operation, a reliance on intermediaries and numerous points of failure. We try to create a model that weighs the risk versus the operational, management and deployment ease. To address common security concerns, we make use of the tools that SIP and HTTP employs. [1] [3] This might include digest authentication, user-to-user and proxy-to-user challenges, S/MIME, TLS, IPSEC and SIPS. However, we would like to take this process one step further by applying an inter-realm transfer of attributes service based on Shibboleth and making use of SAML as a means of providing secure inter-realm authentication. The goal being to make use of practical security functions while providing a robust level of privacy to the end user. We describe the details of this model in the following sections Resource Registration A SIP User Agent (UA) registers itself with a Registrar, likely in its local domain. It is this process that creates the mapping between the SIP URI and the IP address of the host on which the SIP UA is running. This allows the network to route calls to the proper destination. Registration creates a binding in the location service for a particular domain that associates a URI with one or more contact addresses. Registration requires sending a REGISTER method to a Registrar, which acts as a front end to the location service for a domain, reading and writing mappings based on the contents of the REGISTER request. SIP provides for some basic security mechanism during the call signaling and they have been described in RFC [1] We propose to use the same mechanism for the registration process. In our model, once the user has registered, the contact information of that user is pushed to a presence server. The presence server displays the contact information of only those users who are online and available for call setup. Thus the registration process will trigger the population of that user s information to the presence server. Such a presence server could either be centrally managed or it could be distributed. In a centrally managed server, all users contact information would be stored and managed by a central body. In the other case where it is distributed, a central server could exist that would have information about the different federations and links to the local presence servers. Network administrators may be unwilling to allow information about their users to be displayed outside their domain. Hence, it might make better sense to have a distributed model. The final model may resemble the Instant Message and Presence work under way within the IETF. [4] 3.2. Resource Discovery Resource discovery is the process wherein one user determines the location information of another user. In our model, the user will browse a webpage, which will display the presence information of all users. On locating the person or resource with whom the user wants to establish a video session, the user would click on the hyperlink to that person. This would cause the SIP UA to be invoked on the initiating user s machine. Note that our modularity is not disrupted here, as the tying is optional to the user only by clicking on the link does he launch call initiation during resource discovery. The information on the presence server should be accessible to only those that are authorized to access that information. To implement authorization we propose to use Shibboleth in our solution. When an initiator requests for a resource from the destination, the destination resource authority seeks attributes of the initiator, and on receiving these attributes checks them to validate the initiator and accordingly allows or disallows the request. In effect it brings about a situation where the initiator does not have to log on multiple times at different destination. Further, the initiator can set different release policies for different destination. Hence this model minimizes multiple sign on and enforces selective release of information according to the destination end point and origin end point. [5] Since Shibboleth was designed for HTTP requests, it fits this part of the model perfectly. The presence server is designated as a protected resource and sits behind the Shibboleth process. Whenever an HTTP request is directed to the presence server it is intercepted by the Shibboleth process and requests

4 authorization information from the user. Once it receives the authorization information and decides that the user is authorized to access the presence server, the HTTP request is forwarded to the server and the user can access the information on it. One of the reasons for protecting the resources on the presence server is to prevent spamming (via resource harvesting) and also to protect the privacy of the users whose contact information is displayed. In our model, when the user clicks on the hyperlink of the target, a metafile is sent to the browser as an HTTP response. The browser on receiving the metafile invokes the associated plug-in and sends the metafile to the plug-in. The plug-in parses the metafile, invokes the user s SIP UA, and places a call to the target using the SIP URI extracted from the metafile Call Initiation Call initiation is the process in which the session is setup. It is in this process that we incorporate various SAML mechanisms to secure the call signaling process. The security requirements we are focusing on include authentication and authorization. In this section, we assume that local authentication has already taken place (either during web authentication or during REG process). The authentication requirements during call initiation consist of conveying this authentication information to the remote domain for authorization purposes. However, we would like to provide more information about the user to the remote domain to allow greater granularity in the authorization process; for example, to allow a remote campus to authorize INVITEs only from faculty members or students of a certain course at a certain time of the day. Providing more information about the user allows the remote domain to have more granular authorization policies. For the purpose of dividing authorization functions, Policy Decision Points (PDPs) are defined. We would ideally like to have two Institutional PDPs, one at the origin and one at the target domain. In addition, we would also like to define the target user as an individual PDP. Of course, in most real-time communication sessions, the target user is an individual PDP by default, as the ultimate decision to accept or decline a call lies with the user. These decisions are generally made on the basis of some form of caller identity (for e.g. telephone number, etc.). While defining the target user as an individual PDP here other attributes apart from the caller-id may be used to make the decision. There are a couple of other requirements that need to be satisfied for this protected call initiation process. The process should not require any special action, like password entry for instance, on the part of the user. Also, for the security reasons discussed earlier, information about a user in one domain should not be stored in another domain. This rules out mechanisms like directory replication across domains and so the required information should be transferred across domains on a per-need basis. The amount of information transferred across domains about the user should also be in accordance with the privacy policies of the local domain and the user. Thus, the information transferred to the remote domain about the user should be just the minimum required for it to make authorization decisions. The lifetime of that information should also be minimal; to avoid reauthorizations for multiple sessions of the user to the same remote domain, the lifetime of the authorization decision can be adjusted. We now make use of an authentication service that will perform the role of verifying authentication of the user and convey information about it and also additional user information in the form of attributes to the remote domain. This service can be provided by the proxy server. This server needs to communicate with a SAML entity (likely a directory server), which would contain the attributes and release policies associated with that user. The specific manner in which the proxy server and the SAML entities will interface as well as the directory database structure is presently being investigated. At the end of the resource registration process, this database is populated with the authenticated user s attributes, which get added the details of the local authentication for the duration the authentication is valid. These details have to be conveyed to the remote domain by the authentication service (local proxy). This transfer is done in the form of a MIME body. The contents of this MIME body shall be discussed in the next section. For now, let us just say that these contents are sufficient for proper authorization at the target domain. There is an important decision that needs to be made here. We need to decide where this MIME body is attached at the SIP user agent or the SIP proxy. It is attractive from the SIP standpoint to push as much control as possible, out to the endpoint. However, given the nature of a federated administration, we require some participation by a local authentication entity. The solution that we take is for a local authentication entity to pass the body back to the UA, where a new INVITE (including the additional MIME body) will be created. The overall requirements for this process are the definition of a new MIME type for conveying authentication information and attributes. New server and user agent behavior needs to be defined and implemented to appropriately attach and deal with this new MIME type. This approach is a variation of the method described in [6].

5 4. SIP Bindings for SAML In the call initiation section, we discussed exchanging SAML information across domains within a MIME body. This MIME body would provide the necessary information needed at the PDPs to make authorization decisions. There are a few challenges to sending SAML assertions as MIME attachments to SIP messages. SAML assertions are presently defined around web profiles. We need to define a way for them to be ported to the SIP world. Thus there needs to be enhancements that will allow SIP entities to create SAML assertions to interface with SAML entities, package them into MIME type attachments, unpack and interpret SAML assertions (either directly or indirectly), and make authorization decisions based on them. We are currently working on defining the SIP bindings and profiles for SAML. In this, we define two profiles reflecting a push or a pull architecture that describes the manner in which assertions are exchanged. The difference between the two is essentially in what is transmitted initially, as the MIME attachment in the SIP method, the assertions themselves or a reference to them, called an artifact. Basic and Digest Access Authentication, Network Working Group, RFC 2069, June [4] "A Model for Presence and Instant Messaging", Day M., Rosenberg J.,Sugano H., Network Working Group, February [5] Shibboleth Project, [6] J. Peterson, Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP), Internet-Draft, SIP WG, October 28, Conclusions and Future Work In this paper, we have described a videoconferencing model that is user friendly, ensures user privacy through a federated model, and supports network administration with flexible policy decision and enforcement points. The model allows user choice in what information gets released about the user and to which site. Thus, the job of balancing access and privacy lies ultimately with the user, where it belongs. This paper describes a very high level architecture. Many of the specifics of this architecture are areas of present and future research. This includes the SIP/SAML bindings and profiles, the details of the directory/database design, the implementation and the interoperability testing. 6. References [1] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, E. Schooler, SIP: Session Initiation Protocol, Network Working Group, RFC 3261, June [2] Security Assertion Markup Language (SAML), OASIS, [3] J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart, HTTP Authentication:

Trait-based Authorization Mechanisms for SIP Based on SAML

Trait-based Authorization Mechanisms for SIP Based on SAML Trait-based Authorization Mechanisms for SIP Based on SAML Douglas C. Sicker, University of Colorado Boulder Hannes Tschofenig, Siemens Jon Peterson, Neustar Abstract - This paper presents a method for

More information

Middleware for Secured Video-Conferencing

Middleware for Secured Video-Conferencing Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2003 Proceedings Americas Conference on Information Systems (AMCIS) 12-31-2003 Middleware for Secured Video-Conferencing Tarun Abhichandani

More information

User authentication in SIP

User authentication in SIP User authentication in SIP Pauli Vesterinen Helsinki University of Technology pjvester@cc.hut.fi Abstract Today Voice over Internet Protocol (VoIP) is used in large scale to deliver voice and multimedia

More information

Session Initiation Protocol (SIP)

Session Initiation Protocol (SIP) Implementing Role-Based Authorization Capabilities in Session Initiation Protocol (SIP) by ANAND CHAVALI B.E., University of Mumbai, 2001 A thesis submitted to the Faculty of the Graduate School of the

More information

Developing and Integrating Java Based SIP Client at Srce

Developing and Integrating Java Based SIP Client at Srce Developing and Integrating Java Based SIP Client at Srce Davor Jovanovi and Danijel Matek University Computing Centre, Zagreb, Croatia Davor.Jovanovic@srce.hr, Danijel.Matek@srce.hr Abstract. In order

More information

Programming SIP Services University Infoline Service

Programming SIP Services University Infoline Service Programming SIP Services University Infoline Service Tatiana Kováčiková, Pavol Segeč Department of Information Networks University of Zilina Moyzesova 20, 010 26 SLOVAKIA Abstract: Internet telephony now

More information

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1 Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1 Dorgham Sisalem, Jiri Kuthan Fraunhofer Institute for Open Communication Systems (FhG Fokus) Kaiserin-Augusta-Allee

More information

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1. This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1. WASv61_SIP_overview.ppt Page 1 of 27 This presentation will provide an overview of

More information

SIP: Ringing Timer Support for INVITE Client Transaction

SIP: Ringing Timer Support for INVITE Client Transaction SIP: Ringing Timer Support for INVITE Client Transaction Poojan Tanna (poojan@motorola.com) Motorola India Private Limited Outer Ring Road, Bangalore, India 560 037 Abstract-The time for which the Phone

More information

Using LifeSize systems with Microsoft Office Communications Server 2007. Server Setup

Using LifeSize systems with Microsoft Office Communications Server 2007. Server Setup Using LifeSize systems with Microsoft Office Communications Server 2007 This technical note describes the steps to integrate a LifeSize video communications device with Microsoft Office Communication Server

More information

SIP, Session Initiation Protocol used in VoIP

SIP, Session Initiation Protocol used in VoIP SIP, Session Initiation Protocol used in VoIP Page 1 of 9 Secure Computer Systems IDT658, HT2005 Karin Tybring Petra Wahlund Zhu Yunyun Table of Contents SIP, Session Initiation Protocol...1 used in VoIP...1

More information

A Comparative Study of Signalling Protocols Used In VoIP

A Comparative Study of Signalling Protocols Used In VoIP A Comparative Study of Signalling Protocols Used In VoIP Suman Lasrado *1, Noel Gonsalves *2 Asst. Prof, Dept. of MCA, AIMIT, St. Aloysius College (Autonomous), Mangalore, Karnataka, India Student, Dept.

More information

Session Initiation Protocol and Services

Session Initiation Protocol and Services Session Initiation Protocol and Services Harish Gokul Govindaraju School of Electrical Engineering, KTH Royal Institute of Technology, Haninge, Stockholm, Sweden Abstract This paper discusses about the

More information

Session Initiation Protocol Security Considerations

Session Initiation Protocol Security Considerations Session Initiation Protocol Security Considerations Sami Knuutinen Helsinki University of Technology Department of Computer Science and Engineering May 28, 2003 Abstract Session Initiation Protocol (SIP)

More information

A Lightweight Secure SIP Model for End-to-End Communication

A Lightweight Secure SIP Model for End-to-End Communication A Lightweight Secure SIP Model for End-to-End Communication Weirong Jiang Research Institute of Information Technology, Tsinghua University, Beijing, 100084, P.R.China jwr2000@mails.tsinghua.edu.cn Abstract

More information

AN IPTEL ARCHITECTURE BASED ON THE SIP PROTOCOL

AN IPTEL ARCHITECTURE BASED ON THE SIP PROTOCOL AN IPTEL ARCHITECTURE BASED ON THE SIP PROTOCOL João Paulo Sousa Instituto Politécnico de Bragança R. João Maria Sarmento Pimentel, 5370-326 Mirandela, Portugal + 35 27 820 3 40 jpaulo@ipb.pt Eurico Carrapatoso

More information

SIP : Session Initiation Protocol

SIP : Session Initiation Protocol : Session Initiation Protocol EFORT http://www.efort.com (Session Initiation Protocol) as defined in IETF RFC 3261 is a multimedia signaling protocol used for multimedia session establishment, modification

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

NAT TCP SIP ALG Support

NAT TCP SIP ALG Support The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the

More information

Implementing Intercluster Lookup Service

Implementing Intercluster Lookup Service Appendix 11 Implementing Intercluster Lookup Service Overview When using the Session Initiation Protocol (SIP), it is possible to use the Uniform Resource Identifier (URI) format for addressing an end

More information

Emergency Services Interconnection Forum (ESIF) Emergency Services Messaging Interface Task Force ( Task Force 34 )

Emergency Services Interconnection Forum (ESIF) Emergency Services Messaging Interface Task Force ( Task Force 34 ) Emergency Services Interconnection Forum (ESIF) Emergency Services Messaging Interface Task Force ( Task Force 34 ) Contribution Title: Implementing ESMI with SIP and ESTP Contribution Number: Submission

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Securing Web Services With SAML

Securing Web Services With SAML Carl A. Foster CS-5260 Research Project Securing Web Services With SAML Contents 1.0 Introduction... 2 2.0 What is SAML?... 2 3.0 History of SAML... 3 4.0 The Anatomy of SAML 2.0... 3 4.0.1- Assertion

More information

How to Configure the Avaya IP Office 6.1 for use with Integra Telecom SIP Solutions

How to Configure the Avaya IP Office 6.1 for use with Integra Telecom SIP Solutions How to Configure the Avaya IP Office 6.1 for use with Integra Telecom SIP Solutions Overview This document provides a reference for configuration of the Avaya IP Office to connect to Integra Telecom SIP

More information

Bridging the gap between peer-to-peer and conventional SIP networks

Bridging the gap between peer-to-peer and conventional SIP networks 1 Bridging the gap between peer-to-peer and conventional SIP networks Mosiuoa Tsietsi, Alfredo Terzoli, George Wells Department of Computer Science Grahamstown, South Africa Tel: +27 46 603 8291 hezekiah@rucus.ru.ac.za

More information

How to Configure the Allworx 6x, 24x and 48x for use with Integra Telecom SIP Solutions

How to Configure the Allworx 6x, 24x and 48x for use with Integra Telecom SIP Solutions How to Configure the Allworx 6x, 24x and 48x for use with Integra Telecom SIP Solutions Overview: This document provides a reference for configuration of the Allworx 6x IP PBX to connect to Integra Telecom

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

Implementing SIP and H.323 Signalling as Web Services

Implementing SIP and H.323 Signalling as Web Services Implementing SIP and H.323 Signalling as Web Services Ge Zhang, Markus Hillenbrand University of Kaiserslautern, Department of Computer Science, Postfach 3049, 67653 Kaiserslautern, Germany {gezhang, hillenbr}@informatik.uni-kl.de

More information

Integrating a Hitachi IP5000 Wireless IP Phone

Integrating a Hitachi IP5000 Wireless IP Phone November, 2007 Avaya Quick Edition Integrating a Hitachi IP5000 Wireless IP Phone This application note explains how to configure the Hitachi IP5000 wireless IP telephone to connect with Avaya Quick Edition

More information

2.2 SIP-based Load Balancing. 3 SIP Load Balancing. 3.1 Proposed Load Balancing Solution. 2 Background Research. 2.1 HTTP-based Load Balancing

2.2 SIP-based Load Balancing. 3 SIP Load Balancing. 3.1 Proposed Load Balancing Solution. 2 Background Research. 2.1 HTTP-based Load Balancing SIP TRAFFIC LOAD BALANCING Ramy Farha School of Electrical and Computer Engineering University of Toronto Toronto, Ontario Email: rfarha@comm.utoronto.ca ABSTRACT This paper presents a novel solution to

More information

How To Attack A Phone With A Billing Attack On A Sip Phone On A Cell Phone On An At&T Vpn Vpn Phone On Vnet.Com (Vnet) On A Pnet Vnet Vip (Sip)

How To Attack A Phone With A Billing Attack On A Sip Phone On A Cell Phone On An At&T Vpn Vpn Phone On Vnet.Com (Vnet) On A Pnet Vnet Vip (Sip) Billing Attacks on SIP-Based VoIP Systems Ruishan Zhang, Xinyuan Wang, Xiaohui Yang, Xuxian Jiang Department of Information and Software Engineering George Mason University, Fairfax, VA 22030, USA {rzhang3,

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

Cisco TelePresence Manager

Cisco TelePresence Manager Cisco TelePresence Manager 1.3 Simplifying the Experience: Meeting Scheduling and Management Cisco TelePresence Manager is an integral part of the Cisco TelePresence experience that creates the feeling

More information

SIP Server Requirements

SIP Server Requirements SIP Server Requirements By Van-Si Nguyen Cyklone CTO and Co-Founder info@cyklone.com 1 Introduction Our company Cyklone is in digital economy business, specialized in video over IP. We are looking for

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

More information

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices

More information

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya

More information

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens Nick Marly, Dominique Chantrain, Jurgen Hofkens Alcatel Francis Wellesplein 1 B-2018 Antwerp Belgium Key Theme T3 Tel : (+32) 3 240 7767 Fax : (+32) 3 240 8485 E-mail : Nick.Marly@alcatel.be Tel : (+32)

More information

SIP Trunking Manual. For Samsung OfficeServ. Sep 18, 2006 doc v.1.0.2. Sungwoo Lee Senior Engineer

SIP Trunking Manual. For Samsung OfficeServ. Sep 18, 2006 doc v.1.0.2. Sungwoo Lee Senior Engineer SIP Trunking Manual For Samsung OfficeServ Sep 18, 2006 doc v.1.0.2 Sungwoo Lee Senior Engineer sungwoo1769.lee@samsung.com OfficeServ Network Lab. Telecommunication Systems Division Samsung Electronics

More information

NTP VoIP Platform: A SIP VoIP Platform and Its Services

NTP VoIP Platform: A SIP VoIP Platform and Its Services NTP VoIP Platform: A SIP VoIP Platform and Its Services Speaker: Dr. Chai-Hien Gan National Chiao Tung University, Taiwan Email: chgan@csie.nctu.edu.tw Date: 2006/05/02 1 Outline Introduction NTP VoIP

More information

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Detection and Prevention Mechanism on Call Hijacking in VoIP System

Detection and Prevention Mechanism on Call Hijacking in VoIP System Detection and Prevention Mechanism on Call Hijacking in VoIP System Amruta Ambre Department of Computer Engineering D.J.Sanghavi College of engineering Mumbai, India Narendra Shekokar, Ph.D Department

More information

IP Office Technical Tip

IP Office Technical Tip IP Office Technical Tip Tip no: 188 Release Date: September 27, 2007 Region: GLOBAL Verifying IP Office SIP Trunk Operation IP Office back-to-back SIP Line testing IP Office Release 4.0 supports SIP trunking.

More information

WebNow Single Sign-On Solutions

WebNow Single Sign-On Solutions WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,

More information

Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu

Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu International Center for Advanced Internet Research Outline Security Mechanisms Access Control Schemes

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com WebRTC for Service Providers FRAFOS GmbH FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com This document is copyright of FRAFOS GmbH. Duplication or propagation or

More information

PPreferredID = "P-Preferred-Identity" HCOLON PPreferredID-value. *(COMMA PPreferredID-value)

PPreferredID = P-Preferred-Identity HCOLON PPreferredID-value. *(COMMA PPreferredID-value) This guide provides some enhancements of calling and connected line identification presentation supported on Yealink IP phones. Yealink IP phones support to derive calling and connected line identification

More information

MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM

MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM Evelina Nicolova Pencheva, Vessela Liubomirova Georgieva Department of telecommunications, Technical University of Sofia, 7 Kliment Ohridski St.,

More information

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163. Weakness in a Mutual Authentication cheme for ession Initiation Protocol using Elliptic Curve Cryptography Debiao He chool of Mathematics and tatistics, Wuhan University, Wuhan, People s Republic of China

More information

Configuration of Applied VoIP Sip Trunks with the Toshiba CIX40, 100, 200 and 670

Configuration of Applied VoIP Sip Trunks with the Toshiba CIX40, 100, 200 and 670 Configuration of Applied VoIP Sip Trunks with the Toshiba CIX40, 100, 200 and 670 Businesses Save Money with Toshiba s New SIP Trunking Feature Unlike gateway based solutions, Toshiba s MIPU/ GIPU8 card

More information

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway) Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway) Deployment Guide Cisco VCS X8.1 D14651.08 August 2014 Contents Introduction 4 Example network deployment 5 Network

More information

Clearswift Information Governance

Clearswift Information Governance Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Using LifeSize Systems with Microsoft Office Communications Server 2007

Using LifeSize Systems with Microsoft Office Communications Server 2007 Using LifeSize Systems with Microsoft Office Communications Server 2007 This technical note describes the steps to integrate a LifeSize video communications device with Microsoft Office Communication Server

More information

How To Protect Your Phone From Being Hacked By A Man In The Middle Or Remote Attacker

How To Protect Your Phone From Being Hacked By A Man In The Middle Or Remote Attacker An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems Ruishan Zhang 1, Xinyuan Wang 1, Xiaohui Yang 1, Ryan Farley 1, and Xuxian Jiang 2 1 George Mason University, Fairfax,

More information

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities Mobile P2PSIP -to- SIP Communication in Mobile Communities Marcin Matuszewski, Esko Kokkonen Nokia Research Center Helsinki, Finland marcin.matuszewski@nokia.com, esko.kokkonen@nokia.com Abstract This

More information

A Novel Distributed Wireless VoIP Server Based on SIP

A Novel Distributed Wireless VoIP Server Based on SIP A Novel Distributed Wireless VoIP Server Based on SIP Yuebin Bai 1,Syed Aminullah 1, Qingmian Han 2, Ding Wang 1, Tan Zhang 1,and Depei Qian 1 1 (School of Computer Science and Engineering, Beihang University,

More information

Authentication in OpenStack

Authentication in OpenStack Draft Draft entication in OpenStack Jorge L Williams Khaled Hussein Ziad N Sawalha Abstract The purpose of this

More information

A Service Platform for Subscription-Based Live Video Streaming

A Service Platform for Subscription-Based Live Video Streaming A Service Platform for Subscription-Based Live Video Streaming Kelum Vithana 1, Shantha Fernando 2, Dileeka Dias 3 1 Dialog - University of Moratuwa Mobile Communications Research Laboratory 2 Department

More information

Technical Means to Combat Spam in the VoIP Service

Technical Means to Combat Spam in the VoIP Service Section Four Technical Means to Combat Spam in the VoIP Service Spam refers in general to any unsolicited communication. Spam will also become one of the serious problems for multimedia communication in

More information

NTP VoIP Platform: A SIP VoIP Platform and Its Services 1

NTP VoIP Platform: A SIP VoIP Platform and Its Services 1 NTP VoIP Platform: A SIP VoIP Platform and Its Services 1 Whai-En Chen, Chai-Hien Gan and Yi-Bing Lin Department of Computer Science National Chiao Tung University 1001 Ta Hsueh Road, Hsinchu, Taiwan,

More information

Security Services. Benefits. The CA Advantage. Overview

Security Services. Benefits. The CA Advantage. Overview PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES CA SiteMinder Federation Security Services CA SITEMINDER FEDERATION SECURITY SERVICES EXTENDS THE WEB SINGLE SIGN-ON EXPERIENCE PROVIDED BY CA

More information

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com WebRTC for the Enterprise FRAFOS GmbH FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com This document is copyright of FRAFOS GmbH. Duplication or propagation or extracts

More information

Configuring the Dolby Conference Phone with Cisco Unified Communications Manager

Configuring the Dolby Conference Phone with Cisco Unified Communications Manager Configuring the Dolby Conference Phone with Cisco Unified Communications Manager Version 1.2 December 10, 2015 This product is protected by one or more patents in the United States and elsewhere. For more

More information

Sample Configuration for SIP Trunking between Avaya IP Office R8.0 and Cisco Unified Communications Manager 8.6.2 Issue 1.0

Sample Configuration for SIP Trunking between Avaya IP Office R8.0 and Cisco Unified Communications Manager 8.6.2 Issue 1.0 Avaya Solution & Interoperability Test Lab Sample Configuration for SIP Trunking between Avaya IP Office R8.0 and Cisco Unified Communications Manager 8.6.2 Issue 1.0 Abstract These Application Notes describe

More information

SAML Federated Identity at OASIS

SAML Federated Identity at OASIS International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for

More information

Background 1 Table 1 Software & Firmware Versions Tested 1 Figure 1 Integra s Universal Access (UA) IP PBX Test Configuration 1

Background 1 Table 1 Software & Firmware Versions Tested 1 Figure 1 Integra s Universal Access (UA) IP PBX Test Configuration 1 1 Background 1 Table 1 Software & Firmware Versions Tested 1 Figure 1 Integra s Universal Access (UA) IP PBX Test Configuration 1 Configuration Data 2 Section 1: Initial IPitomy IP PBX Connection & Login

More information

Chapter 10 Session Initiation Protocol. Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University

Chapter 10 Session Initiation Protocol. Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University Chapter 10 Session Initiation Protocol Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University Outline 12.1 An Overview of SIP 12.2 SIP-based GPRS Push

More information

Security Provider Integration Kerberos Authentication

Security Provider Integration Kerberos Authentication Security Provider Integration Kerberos Authentication 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are

More information

Time Warner ITSP Setup Guide

Time Warner ITSP Setup Guide October 14 Time Warner ITSP Setup Guide Author: Zultys Technical Support This configuration guide was created to assist knowledgeable vendors with configuring the Zultys MX Phone System with Time Warner

More information

Open IMS Core with VoIP Quality Adaptation

Open IMS Core with VoIP Quality Adaptation Open IMS Core with VoIP Quality Adaptation Is-Haka Mkwawa, Emmanuel Jammeh, Lingfen Sun, Asiya Khan and Emmanuel Ifeachor Centre for Signal Processing and Multimedia Communication School of Computing,Communication

More information

Cisco Unified Communications Manager SIP Trunk Configuration Guide for the VIP-821, VIP-822 and VIP-824

Cisco Unified Communications Manager SIP Trunk Configuration Guide for the VIP-821, VIP-822 and VIP-824 Valcom Network Trunk Ports, models, are compatible with Cisco Unified Communications Manager as either a Third-party SIP Device (Basic or Advanced) or as a SIP Trunk. To preserve the Caller ID information

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes Configuring Steel-Belted RADIUS Proxy to Send Group Attributes Copyright 2007 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in retrieval system, or transmitted,

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

Application Note. Onsight TeamLink And Firewall Detect v6.3

Application Note. Onsight TeamLink And Firewall Detect v6.3 Application Note Onsight And Firewall Detect v6.3 1 ONSIGHT TEAMLINK HTTPS TUNNELING SERVER... 3 1.1 Encapsulation... 3 1.2 Firewall Detect... 3 1.2.1 Firewall Detect Test Server Options:... 5 1.2.2 Firewall

More information

CyberData VoIP V2 Speaker with VoIP Clock Kit Configuration Guide for OmniPCX Enterprise

CyberData VoIP V2 Speaker with VoIP Clock Kit Configuration Guide for OmniPCX Enterprise CyberData VoIP V2 Speaker with VoIP Clock Kit Configuration Guide for OmniPCX Enterprise CyberData Corporation 2555 Garden Road Monterey, CA 93940 T:831-373-2601 F: 831-373-4193 www.cyberdata.net 2 Introduction

More information

Feide Integration Guide. Technical Requisites

Feide Integration Guide. Technical Requisites Feide Integration Guide Technical Requisites Document History Version Date Author Comments 1.1 Apr 2015 Jaime Pérez Allow the use of the HTTP-POST binding. 1.0 Oct 2014 Jaime Pérez First version of this

More information

Application Notes for Configuring Broadvox SIP Trunking with Avaya IP Office - Issue 1.0

Application Notes for Configuring Broadvox SIP Trunking with Avaya IP Office - Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Configuring Broadvox SIP Trunking with Avaya IP Office - Issue 1.0 Abstract These Application Notes describe the procedures for configuring

More information

Request for Comments: 4579. August 2006

Request for Comments: 4579. August 2006 Network Working Group Request for Comments: 4579 BCP: 119 Category: Best Current Practice A. Johnston Avaya O. Levin Microsoft Corporation August 2006 Status of This Memo Session Initiation Protocol (SIP)

More information

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com WebRTC: Why and How? FRAFOS GmbH FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com This docume nt is copyright of FRAFOS GmbH. Duplication or propagation or e xtracts

More information

A Call Conference Room Interception Attack and its Detection

A Call Conference Room Interception Attack and its Detection A Call Conference Room Interception Attack and its Detection Nikos Vrakas 1, Dimitris Geneiatakis 2 and Costas Lambrinoudakis 1 1 Department of Digital Systems, University of Piraeus 150 Androutsou St,

More information

Preparatory Meeting for Phase 2 of Philippine National ENUM Trial

Preparatory Meeting for Phase 2 of Philippine National ENUM Trial Preparatory Meeting for Phase 2 of Philippine National Trial IP Telephony Group Advanced Science and Technology Institute Department of Science and Technology December 12, 2005 NCC-CICT Dialing Scheme

More information

Network Convergence and the NAT/Firewall Problems

Network Convergence and the NAT/Firewall Problems Network Convergence and the NAT/Firewall Problems Victor Paulsamy Zapex Technologies, Inc. Mountain View, CA 94043 Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

More information

How To Guide. SIP Trunking Configuration Using the SIP Trunk Page

How To Guide. SIP Trunking Configuration Using the SIP Trunk Page How To Guide SIP Trunking Configuration Using the SIP Trunk Page For the Ingate SIParators and Firewalls using software release 4.9.2 or later. Updated to show features available from release 4.10.x May

More information

Sangheon Pack, EunKyoung Paik, and Yanghee Choi

Sangheon Pack, EunKyoung Paik, and Yanghee Choi 1 Design of SIP Server for Efficient Media Negotiation Sangheon Pack, EunKyoung Paik, and Yanghee Choi Multimedia & Communication Laboratory, Seoul National University, Korea ABSTRACT Voice over IP (VoIP)

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide I. Introduction This provides general instructions for integration of the VOIP-500 Series Phone with a Cisco Call Manager installation. It is recommended to read this instruction set completely before

More information

SIP and VoIP 1 / 44. SIP and VoIP

SIP and VoIP 1 / 44. SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies

More information

Non-Cisco SIP phones setup

Non-Cisco SIP phones setup n-cisco SIP phones setup This appendix provides information about Configuring n-cisco Phones That Are Running SIP. About non-cisco SIP phone setup, page 1 Third-party SIP phone setup process, page 1 Different

More information

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011 Mediatrix 4404 Step by Step Configuration Guide June 22, 2011 Proprietary 2011 Media5 Corporation Table of Contents First Steps... 3 Identifying your MAC Address... 3 Identifying your Dynamic IP Address...

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com

More information