[OpenSIPS-Devel] Add X-XCAP-Preferred-Identity header to XCAP clients

Iñaki Baz Castillo ibc at aliax.net
Thu Nov 19 00:43:20 CET 2009

Hi, authorization in IETF's pure XCAP is not defined. This is: a XCAP request 
doesn't identify the originator but just the requested user's document.

A too much simplistic workaround is requiring authentication for all the 
requests and just allow the request if the credentials username matches the 
request XUI.

However this is not valid for some cool XCAP applications as fetching users' 
icon (alice couldn't fetch bob's icon stored in the XCAP server as alice 
cannot authenticate as bob).

As I sad above, IETF didn't manage it. Instead there are some solutions born 
in OMA, 3GPP and so...

The solution is adding an identity header in the client request identifying 
the desired identity (SIP or TEL URI), so the server would ask authentication 
based on  the identity rather than on the XUI. This would allow the server to 
authorize alice (after authentication) to access bob's icon.

This header can be:


In OMA architecture, where there is an aggregation proxy in front of the XCAP 
servers, the proxy authenticates the client and asserts its identity by adding 
"X-XCAP/3GPP-Asserted-Identity" (some mechanism as in pure SIP protocol).

I've already implemented it in my Ruby XCAP client library (version 1.2):

I suggest to include it in other XCAP clients (AG's Python xcapclient, 
sipsimpleclient, Blink...).



Iñaki Baz Castillo <ibc at aliax.net>

More information about the Devel mailing list