SIP over WebSocket (draft-ietf-sipcore-sip-websocket)

OverSIP implements the “SIP WebSocket Transport” as defined in RFC 7118. OverSIP acts as a “SIP WebSocket Server”:

SIP WebSocket Server:  A SIP entity capable of listening for inbound
      connections from WebSocket clients and communicating using the
      WebSocket SIP sub-protocol.

Outbound

Given the nature of WebSocket clients (usually JavaScript stacks in modern web browsers) usage of Outbound mechanism is highly recommended. OverSIP provides it by behaving as a perfect Outbound Edge Proxy (check the Outbound section).

WebSocket authentication/authorization

When a WebSocket client attempts to establish a WebSocket connection, OverSIP invokes user programmable callbacks (check WebSocket Events). The user can there inspect parameters from the connection (including the HTTP GET request of the WebSocket handshake) in order to decide, based on any custom policy, whether to allow or deny the connection.

The user can also assign custom parameters to the authorized WebSocket connection (via the cvars Hash) and retrieve such parameters when processing SIP requests coming through that WebSocket connection. By playing with these features several architectural solutions can be built for implementing any kind of authentication/authorization system.