P-Asserted-Identity

From Kolmisoft Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Description

The P-Asserted-Identity header field can be used to convey the proven identity of the originator of a request within a trusted network. Since the From header field is populated by the originating UA it may not necessarly contain the actual identity. It usually is established by means of authentication between the originating UA and its outgoing proxy. The outgoing proxy then adds a P-Asserted-Identity header field to assert the identity of the originator to other proxies.

This header field has only meaning within what is called a trusted network by mutual aggreement on the requirements for its use by the parties involved.

The P-Asserted-Identity header field is defined in RFC 3325.

Source: http://www.z9hg4bk.org/sip/hf/p-asserted-identity.html

How P-Asserted-Identity (PAI) is handled in MOR

  • If caller sends PAI, MOR reads it and resends to the calee automatically.
  • If caller sends PAI and CallerID Number is 'Anonymous', MOR changes CallerID Number to the value from the PAI.
    • NOTE: CallerID Name is not changed! Only CallerID Number.
  • If caller sends PAI and some Provider has P-Asserted-Identity usage enabled in it's Edit window, MOR ignores this setting, because it resends original PAI
  • If caller is NOT sending PAI and some Provider has P-Asserted-Identity usage enabled in it's Edit window, MOR constructs PAI from CallerID, Server IP (from mor.conf file) and SIP Port (from sip.conf file).
    • NOTE: Provider CallerID rules are applied to every PAI sent to that Provider

In order to pass PAI from Caller to Callee automatically, set pass_pai = 1 mor.conf



"mor"

Configuration for Provider to send PAI if it is not present from the Caller

Enable it per Provider basis in its Settings:

"mor"

  • Make sure correct external IP address is set in mor.conf in variable server_ip.
  • SIP port will be taken from sip.conf, if not found, default one (5060) will be used.



How P-Asserted-Identity (PAI) is handled in MOR X11 and later versions

MOR internal logic for PAI sending is controlled by three variables:

  • If Caller sends PAI or not.
  • pass_pai - pass_pai value in mor.conf configuration file. If pass_pai is not defined, default value is 0.
  • Pass PAI - Pass PAI check-box value in Provider Settings and Device settings page. This setting can overwrite global pass_pai variable for specific Provider/Device. Available options are 'Global' (same as pass_pai value in mor.conf), 'Yes' and 'No'. Please check table bellow to see how MOR checks if Pass PAI is active or not for specific Device/Provider combination.
  • P-Asserted-Identity usage - P-Asserted-Identity check-box value in Provider Settings page.

Pass PAI is controlled by global pass_pai option in mor.conf which can be overwritten for specific provider/device. Please follow table bellow to determine if pass PAI will be active or not.

pass_pai in mor.conf Pass PAI in Device settings Pass PAI in Provider settings pass PAI active?
1 Global Global Yes
1 Global Yes Yes
1 Global No No
1 Yes Global Yes
1 Yes Yes Yes
1 Yes No No
1 No Global No
1 No Yes No
1 No No No
0 Global Global No
0 Global Yes Yes
0 Global No No
0 Yes Global Yes
0 Yes Yes Yes
0 Yes No No
0 No Global No
0 No Yes No
0 No No No

If callflow is DID provider -> End Device, then DID provider will act as Device and End Device as Provider in PAI active calculation table above.



PAI sending behaviour can be summarised by these rules:

  • If caller sends PAI, pass PAI is active, then P-Asserted-Identity usage setting does not matter, MOR resends received PAI to the callee automatically.
  • If caller does not send PAI (or caller sends PAI but pass PAI is not active) and P-Asserted-Identity usage is enabled, MOR always constructs new PAI. New PAI is constructed from CallerID, Server IP (defined in server_ip variable from mor.conf file) and SIP Port (from /etc/asterisk/sip.conf file).
  • If caller does not send PAI (or caller sends PAI but pass PAI is not active) and P-Asserted-Identity usage is disabled, PAI is not sent by MOR.

All available options are described in table bellow.

Caller Sends PAI pass PAI is active P-Asserted-Identity usage MOR Action?
Yes Yes Yes Resends received PAI to the callee automatically
Yes Yes No Resends received PAI to the callee automatically
Yes No Yes Constructs new PAI
Yes No No PAI is not sent
No Yes Yes Constructs new PAI
No No Yes Constructs new PAI
No Yes No PAI is not sent
No No No PAI is not sent



P-Asserted-Identity and CallerID

P-Asserted-Identity header can overwrite CallerID headers, depending on options in Device settings and/or Provider Settings pages and settings in /etc/asterisk/mor.conf configuration file.

  • If Trustrpid is enabled in device settings (if call originates from device) or provider settings (if call originates from DID provider), Asterisk will replace CallerID headers with values from P-Asserted-Identity headers.
  • anonymous_callerid_by_rpidpai and use_callerid_from_pai variables defined in /etc/asterisk/mor.conf file can overwrite CallerID headers with P-Asserted-Identity headers. Their usage is described here.



Provider see my Calls with CallerID and name details as Anonymous (anonymous@anonymous.invalid)

In such case, check these details:

  • If in Device of User which sends Calls Trustpid is enabled;
  • If in Provider settings, to which Calls are being sent with PAI re-send, PAI is disabled;
  • If pass_pai is enabled in mor.conf;
  • If Trustpid is enabled on Provider side;



Asterisk CLI example



"mor"

Configuration Examples

Sending anonymous call with original callerid in PAI header

The client wants to send calls anonymously by including the Privacy: id header.

 INVITE sip:37068311111@xx.xx.xx.xx;transport=UDP SIP/2.0
 ...
 To: <sip:37068311111@192.168.56.104;transport=UDP>
 From: <sip:123456789@192.168.56.104;transport=UDP>;tag=efa8f069
 Privacy: id
 ...

Provider expects From header anonymous, but original callerid in PAI header.

INVITE sip:37068311111@yy.yy.yy.yy:5060 SIP/2.0
...
From: "anonymous" <sip:anonymous@anonymous.invalid>;tag=as00bf2b78
To: <sip:37068311111@yy.yy.yy.yy:5060>
...
P-Asserted-Identity: <sip:+123456789@xx.xx.xx.xx:5060>
Privacy: id
...

Configuration In Provider Settings:

  • P-Asserted-Identity usage: set to yes
  • Privacy CallerID: set to 'anonymous'
  • Privacy From Domain: set to 'anonymous.invalid'



PaI anoymous cli settings.png