between the user agent requestor and the proxy or user agent requiring the
authentication. Any SIP request can be challenged for authentication.
The shared secret usually will be an encrypted username and password. A
typical authentication SIP message exchange between user agents has the form
INVITE/401 Authentication Required/ACKin which the user agent
discovers that the request requires authentication, and also learns the nature of
the authentication challenge from the 401 response. Then, a new INVITEcon-
taining an Authorizationheader is resent. If it contains the correct creden-
tials, the call will proceed as normal. Otherwise, another 401 response will be
received.
A proxy server can also request authentication using the 407 Proxy
Authentication Requiredresponse. However, there is no support for one
proxy to authenticate another proxy in SIP. Instead, a proxy can establish a
secure connection to another proxy using IPSec.
Figure 6.12 Presence publication
SIP User Agent
1 INVITEProxy Server SIP User Agent5 100 Trying8 401 Unauthorized
9 ACK
10 ACK7 401 Unauthorized6 INVITE13 100 Trying15 180 Ringing17 200 OK18 ACK
19 ACK11 INVITE
12 INVITE16 200 OK2 407 Proxy Authentication Req.14 180 Ringing3 ACK4 INVITEAuthenticated Media SessionSIP Overview 129