The Trust Association Interceptor security
component is intended to enhance the overall authentication security
for the IBM® WebSphere® software for Telecom.
An implementation scenario describes how you can deploy the TAI for Presence Server.
About the scenario
The following section depicts a common system configuration
in which components are deployed in a production scenarios. The scenario is
presented with the following conditions:
Presence Server implementation
scenario
The following diagram illustrates the scenario.
Three
Presence Server nodes,
with the
Trust Association Interceptor deployed
on each one, receive SIP traffic that flows through a converged proxy.
Note: - The WebSphere Application Server converged
proxy or any third-party load balancer may be deployed pair-wise (for
HA reasons).
- The converged proxy must be used for SIP traffic to maintain session
affinity.
- The Trust Association Interceptor detects
authenticated user identity from inbound messages.
- IBM Tivoli Composite Application Management (ITCAM) users communicate
directly with the Presence Server node for purposes of collecting PMI data from that node.
- The S-CSCF is the reverse proxy security server (RPSS) and performs
authentication.
- The S-CSCF adds a P-asserted identity header to the SIP message.