IMG 1010 - SIP Privacy Overview

The IMG supports SIP Privacy as explained in RFC 3323 and also supports RFC 3325 which adds the P-Asserted-Identity header and the P-Preferred Identity Header in a Trusted Network. SIP Privacy is an extension to SIP that allows parties in a SIP session to withhold their identity and remain anonymous. SIP Privacy is similar to withholding a caller ID in the PSTN. There are a few reasons why SIP Privacy would want to be implemented in a network.

  • Users might want to contact a particular party without revealing their identity in order to impart information with which they would not like to be associated.

  • Users might fear that the exposure of their identity or personal information to some networks or destinations will make them a target for unsolicited advertising, legal censure or other undesirable consequences

  • Users might want to withhold from participants in a session the identity by which they are known to network intermediaries for the purposes of billing and accounting

RFC 3325 adds the P-Asserted Identity Header which provides network asserted identity to other trusted network elements such as Application Servers and other Call Agents. The IMG can select on a gateway by gateway basis which gateways are part of this trusted domain or network and which are not. Below is more information on the fields on SIP privacy.

 

 

SIP Privacy Settings:

SIP Privacy is configured differently depending on which software is being used. You must configure SIP Privacy on both the SIP Signaling Stack Pane and at the External Gateway Pane for the IMG to send the Privacy Headers. See Configuring SIP Privacy 10.5.x or Configuring SIP Privacy 10.3.x for information on configuring SIP Privacy on each separate build.

 

10.3.x:

To enable SIP Privacy select either P-Asserted only, Remote-Party only, or Both from a drop down menu in the Privacy Support field located in the SIP Signaling pane (Physical IMG > Signaling > SIP Signaling). All calls will be handled according to this setting, regardless of other SIP Privacy settings on an External Gateway or ISDN/ISUP Group.

The second place SIP Privacy can be set is in the External Gateway Pane. In the External Gateway Pane you can select whether the gateway is part of a trusted network or not and you can also configure whether that gateway will have SIP Privacy enabled on it.

The settings for SIP Privacy on SIP Signaling Object are:

  • P-Asserted

  • Remote Party

  • Both

The settings for SIP Privacy on the External Gateway are:

  • Off (Default)

  • On

10.5.x:

SIP Privacy is configured in two separate objects in ClientView. Under the SIP Signaling Stack (Physical IMG > Signaling > SIP Signaling) the SIP Privacy can be set globally either On or Off. The second object SIP Privacy is configured under is Profiles (Dialogic IMG EMS > Profiles > SIP SGP). If any of the SIP gateways being configured will have SIP Privacy enabled then the first  global setting must be enabled.

In order to configure SIP Privacy on the individual gateways the following must be followed. This will allow configuring SIP Privacy on some gateways and not others.

  • SIP Privacy must be set to ON under SIP Signaling Stack

  • A profile must be set under the Dialogic IMG EMS > Profiles > SIP SGP which has SIP Privacy On

  • Under the gateway object in ClientView the profile must be selected in the SIP Profile field

SIP Privacy Headers

P-Asserted-Identity:

The P-Asserted-Identity header field is used among trusted SIP entities to carry the identity of a user sending a SIP message as it was verified by authentication. A proxy server which handles a message can, after authenticating the originating user can insert such a P-Asserted-Identity header field into the message and forward it to other trusted proxies. A proxy that is about to forward a message to a proxy server or UA that it does not trust MUST remove all the P-Asserted-Identity header field values if the user requested that this information be kept private.

P-Preferred-Identity Header

The P-Preferred-Identity header field is used from a user agent to a trusted proxy to carry the identity the user sending the SIP message wishes to be used for the P-Asserted-Header field value that the trusted element will insert.

Remote Party ID

The SIP Remote-Party-ID header identifies the calling party and includes user, party, screen and privacy headers that specify how a call is presented and screened. The new header contains a URL and an optional display name that identifies a user. A valid Remote-Party-ID header may be either a SIP URL or a TEL URL. See the sections Remote-Party-ID Syntax and Screening and Presentation Information for more information on the syntax of the new header. The following example shows representative Remote-Party-ID headers, including user, party, screen, and privacy.

Call Flows

Return to Documentation Home I Return to Sangoma Support