Trait-based Authorization Mechanisms for SIP Based on SAML

This paper presents a method for using the Security Assertion Markup Language (SAML) in collaboration with SIP to accommodate richer authorization mechanisms and enable trait-based authorization whereby users are authorized based on traits (or attributes) instead of identity. As such, this provides an alternative to existing authorization mechanisms for SIP. Existing mechanisms are generally identity based and present challenges in face of frequent changing identities, pseudonyms or even privacy enabling environments. Such a trait-based authorization mechanism has significant applicability to SIP. There are numerous instances in which it is valuable to assert particular facts about a principal other than the principal's identity to aid the recipient of a request in making an authorization policy decision. For example, a telephony service provider might assert that a particular user is a 'customer' as a trait. An emergency services network might indicate that a particular user has a privileged status as a caller. Although trait-based authorization offers an alternative to traditional identity based authorization, this effort should be considered complementary to sophisticated SIP security mechanisms available today.