Internet Engineering Task Force MMUSIC WG Internet Draft Schulzrinne/Rosenberg draft-ietf-mmusic-sip-cc-01.txt Columbia U./Bell Laboratories June 17, 1999 Expires: December, 1999 SIP Call Control Services STATUS OF THIS MEMO This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as work in progress. The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes a set of extensions to SIP which allow for various call control services. Example services include blind transfer, transfer with consultation, multi-party calls, bridged conferences, and ad-hoc conferencing. The services are supported in a fully distributed manner, so that they can be provided without a central conference server. However, a SIP proxy can act as a conference server to provide these services. For the various services described here, we overview the requirements for the service, and specify the protocol functions needed to support it. We then define a basic set of SIP primitives which can be used to construct these services, and others. 1 Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", Schulzrinne/Rosenberg [Page 1] Internet Draft SIP Control June 17, 1999 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 [1] and indicate requirement levels for compliant SIP implementations. 2 Introduction The Session Initiation Protocol (SIP) [2] is a signaling protocol used for the initiation of multimedia sessions. SIP also defines mechanisms for termination of sessions using the BYE method. However, SIP has less support for signaling of services that take place during the call itself. These kinds of services can be broken into several classes: Session Control Services These services relate to the media session. Examples include floor and chair control (which controls who can send/receive data in the session), hold, and mute. Call Control Services These services relate to participant management. These services are all built on the basic blocks of adding and removing users from a call. Examples include transfer (the simultaneous removal and addition of a member from a call), multi-party calling, call bridging, and ad-hoc bridged conferences. This document describes extensions to SIP for providing call control services. The services are supported in a fully distributed manner, so that they can be provided without a central conference server. However, a SIP proxy can act as a conference server to provide these services. Our aim is to provide a general set of tools which can be used to construct, at a minimum, a core set of services, but be potentially useful as building blocks for future services. To accomplish this goal, we begin by overviewing the requirements for each of the core services. This includes its basic functional requirements and its security requirements. Then, we overview the technical issues in providing these services, and outline the basic primitives that we have concluded are needed. The next section formally defines these primitives through new headers and UA behavior. 3 Services We overview the services which we desire to support at a minimum. For each, we define the requirements for the service, with a particular focus on security. Security is a primary concern for many of these services. As such, the following general principles apply: o Parties involved in some service should be able to cyryptographically verify the identity of the other parties in Schulzrinne/Rosenberg [Page 2] Internet Draft SIP Control June 17, 1999 the service o Parties involved in some service should have a choice about their participation in the service o Parties involved in some service should know what the service being invoked is These three basic requirements are a natural consequence of an architecture where endpoints are assumed to be intelligent. Note, however, that just because the protocol provides information and gives choices, does not mean all implementations need to take advantage of this. Thin and dumb endpoints can choose not to provide information to the end users, and can choose not to provide choices to them. This has the advantage of enabling one common protocol for smart and dumb endpoints alike. 3.1 Blind Transfer In the blind transfer service, two parties are in an existing call. One party, the transferring party , wishes to terminate the call with the other party the transferred pary , and at the same time, transfer them to another party, the transferred-to party ---------------- -> | Transferred-to | / | party | / ---------------- / / -------------- ---------------- | Transferred |<------------------------| Transferring | | party | | party | -------------- ---------------- Figure 1: Transfer Service Some of the requirements for this service include: o The original call terminates regardless of whether the Schulzrinne/Rosenberg [Page 3] Internet Draft SIP Control June 17, 1999 transfer succeeds or not. o The transferring party does not know whether the transfer succeeds or not. o The transferred party should be able to know that they are being transferred o The transferred party should be able to know to whom they are being transferred o The transferred party should be able to decide whether to accept or reject the transfer o If the transferred party rejects the transfer, the call with the transferring party still terminates o The transferred party should be able to verify that they are being transferred by the transferring party o The transferred-to party should know that they are being transferred-to o The transferred-to party should be able to know the identity of the transferring party o The transferred-to party should be able to accept or reject the transferred call just like any other call 3.2 Transfer and Hold This service is a variation on blind transfer. The difference is that the transferring party does not leave the call with the transferred party. If the service is successful, the transferred party is involved in two calls - one with the transferring party, and one with the transferred to party. Many of the requirements are similar. The requirements for the service are: o The call between the transferring and transferred parties remains active, regardless of the status of the new call between the transferred and transferred-to parties. o The transferring party does not know whether the transfer succeeds or not. o The transferred party should be able to know that they are being transferred Schulzrinne/Rosenberg [Page 4] Internet Draft SIP Control June 17, 1999 o The transferred party should be able to know to whom they are being transferred o The transferred party should be able to decide whether to accept or reject the transfer o If the transferred party rejects the transfer, the call with the transferring party remains unchanged o The transferred party should be able to verify that they are being transferred by the transferring party o The transferred-to party should know that they are being transferred-to o The transferred-to party should be able to know the identity of the transferring party o The transferred-to party should be able to accept or reject the transferred call just like any other call o The transferred-to party should not be able to ascertain, through signaling messages, that the transferring party is still communicating with the transferred party. In other words, blind transfer and transfer and hold appear identical to the transferred-to party. 3.3 Transfer with Consultation This service is similar to blind transfer. However, the transferring party first contacts the transferred-to party to approve the transfer through multimedia communication. Pending approval, the transferring party then simultaneosly disconnects from the transferred-to and transferred parties, and connects the transferred and transferred-to parties. The transferring and transferred parties stay connected if, for some reason, the transfer fails. The requirements for this service are more complex. They include: o The transferring party should not need to know ahead of time that they will transfer the call to the transferred-to party. In other words, it should not be neccesary to know ahead of time that the consultation call (between the transferring and transferred-to parties) is for the purposes of a transfer. o The transferred party should be able to know that they are being transferred Schulzrinne/Rosenberg [Page 5] Internet Draft SIP Control June 17, 1999 o The transferred party should be able to know to whom they are being transferred o The transferred party should be able to decide whether to accept or reject the transfer o The transferred party should be able to verify that they are being transferred by the transferring party o The transferred-to party should know that they are being transferred-to o The transferred-to party should be able to know the identity of the transferring party o The transferred-to party should be able to know that the transferred party is being transferred as a result of the consultation call in progress with the transferring party. o The transferred-to party should be able to accept or reject the transferred call just like any other call o If the transferred-to party accepts the transfer, the transferring party should be able to know this o If the transferred-to party rejects the transfer, the transferring party should be able to know this o The call between the transferring and transferred-to party terminates at the same time as the call between the transferring and transferred party, should the transfer be successful This service is harder to implement. To be done in a distributed manner requires that information on the success of the call between transferred and transferred-to parties is communicated back to the transferring party. 3.4 Multi-party Conferencing Multiparty conferencing allows multiple participants to simultaneously exchange media so that each party hears media from every other one. There are many flavors of this service. 3.4.1 Loosely Coupled Multicast Conference In this flavor, there is a very large conference, for which multicast is being used to distribute the media. The conference is large enough Schulzrinne/Rosenberg [Page 6] Internet Draft SIP Control June 17, 1999 so that there is not a direct signaling relationship between all parties. Session participants simply join the multicast group, and learn about each other through RTCP [3]. This kind of conference model is often referred to as a loosely coupled conference The main requirement is to be able to invite another participant to join in this conference. In fact, this kind of conference is readily supported by baseline SIP, as it was the initial application for it. The only new requirement is that the called party needs some way to know that there will not be an actual SIP session - no BYE will ever arrive (nor should one be sent). The INVITE delivers the session invitation, and thats it. Relying on session parameters for this is undesirable, since it leads to a dependency between SIP behavior and the specific session type. Furthermore, it may not be possible to ascertain from the media session whether an actual SIP session is needed. 3.4.2 Distributed Full Mesh In this conference model, each participant has a SIP signaling session open with each other participant. The media session may be multi-unicast or multicast. To support these conferences, the signaling must provide support for: o Transitioning gracefully from a normal two-party call to a conference without knowing apriori this will happen o Adding parties to the conference o Leaving the conference The requirements for the service are: o Any member of an existing conference can add another party to the conference. o The new party should know they are being asked to join an existing conference. o The new party should be able to accept or reject the invitation to join the existing call. o If the new party rejects the invitation to the conference, no other participant should have received any messages which indicates they were ever asked to join the conference o The new party should be able to know, within the limits of synchronization of state across participants, the current set Schulzrinne/Rosenberg [Page 7] Internet Draft SIP Control June 17, 1999 of participants in the call before they decide whether to reject or accept the invitation. o Each participant in the call should learn that a new party is being added. o Each participant in the call should be able to cryptographically verify that the new party has been invited by a specific participant. o Each participant in the call should be able to decide whether to accept or reject the new participant. o If any existing participant in the call rejects the new participant, the new participant is not added to the call at all. o The inviting party can learn the success or failure of the addition of the new party. o Each participant should be able to know whether the new party was successfully added or not. o Any participant should be able to leave the conference at any time. o Each participant should know within a short period of time when some other participant has left o A participant who leaves the conference should have its SIP signaling relationship terminated with all other participants. o It must be possible for two participants to simultaneously add a new party to the conference. o It must be possible for a participant to add another to the conference while some other participant leaves the conference. o The existence of the conference does not depend on the presence of any single user in the conference. o The conference terminates when the last two parties terminate their signaling relationships. It is important to note that this kind of conference does not require the use of a centralized conference controller. 3.4.3 Dial-in Bridge Schulzrinne/Rosenberg [Page 8] Internet Draft SIP Control June 17, 1999 Another conferencing application is the "dial-up bridge". In this scenario, a media bridge is used, and this device also acts as a centralized signaling server. Users join the conference by "dialing- in", which means they try and initiate a SIP session with the conference bridge directly. Participants do not maintain a signaling session with each other. Rather, each participant maintains a single SIP session with the conference bridge. The requirements for this kind of conference are: o It should not be neccesary for a participant to know apriori that they are contacting a dial-up bridge - it should take place as a regular SIP call. o Participants should be able to join the conference at any time by dialing in. o Participants should be able to invite another participant to join the conference call. o Participants should still be able to learn, through some means, the identity of the other participants in the call. o Participants should be able to leave the conference at any time. o When a participant leaves or joins, this information should be propagated to all other conference participants through some means besides tones or announcements in the media stream. o It must be possible for the conference bridge to authenticate the identity of participants. 3.4.4 Ad-hoc Bridge This service is not so much another conferencing model, as a transition mechanism between conferencing models. A conference starts out as a fully distributed mesh. These conferences become unwieldy as this number of participants approaches tens to hundreds. Someone in the conference then decides to transition the call to a conference bridge. The bring a conference bridge into the call, and then instruct each participant to drop their signaling relationships with the other participants in favor of a single signaling relationship with the bridge. After the transition is complete, the conference runs similar to the dial-in bridge case. However, there are some distinctions. In the dialup conference, any participant can join in without being invited if they know a conference code of some sort. In the ad-hoc bridge case, participants must still be actively invited. Schulzrinne/Rosenberg [Page 9] Internet Draft SIP Control June 17, 1999 The requirements for this service are: o The transition must be at the behest of one of the participants. o Any participant can cause the transition to take place. o It is not necessary for the protocol to detect and resolve simultaneous transitions. It is assumed that the persons in the conference would coordinate this themselves. o The conference should continue to be operable during the transition o Participants should be informed of the transition, but it must be possible for the perception to be that there has been no change. o It should be possible for some participants to accept the transition, and appear through the bridge, and for others to remain in full mesh. o Participants should be able to leave the conference at any time, including the transition period. o Participants should be able to invite others to the conference, even during the transition period. The mechanism for inviting them should not depend on the fact that a transition is taking place. 3.4.5 Conference out of Consultation In this service, a user A has a call in progress with B, and a separate call in progress with C. These calls are unrelated, with different Call-ID's. From this double call scenario, the conference out of consultation service allows the calls to be merged, resulting in a single, full-mesh conference, as described above. The requirements for this service are: o Only participant A can invoke the service o It must not be neccesary for A to know that he will merge the two calls before any or either of them is made o It must not be neccesary for A to have been the initiator of the calls that are being merged Schulzrinne/Rosenberg [Page 10] Internet Draft SIP Control June 17, 1999 o It must be possible to merge an arbitrary number of calls o The participants being merged must be informed that the merging is taking place o A participant must be able to reject the merge, in which case they are disconnected with all parties o A participant must be able to verify that A was the party that initiated the merge. 4 Discussion of Implementation Options This section discusses some of the technical issues in designing a protocol mechanism to support the above requirements. 4.1 Transfer For the discussion which follows, we assume the transferring party is A, the transferred party is B, and the transferred-to party is C. The nature of the transfer service is that the transferred party (B) must be informed about the transfer and accept it before C (the transferred-to party) is contacted. This implies that the messaging flow for the service must consist of a message from A to B, and then B to C. The message from A to B must simultaneously disconnect A and B, and alert B about the transfer. This is most readily accomplished by including some kind of header in the BYE message which indicates that B should initiate a call to C. This header is the Also header, which is described in greater detail in section 5.1. It contains the address of a participant, along with a signed token. This token is the signature over the sender of the message (the From field), the address in the Also header, and the Call-ID. Since C needs to know that he is being contacted as a result of a transfer, the INVITE from B to C must contain some kind of header indicating that it was A who asked for the transfer. This header needs to contain A's name along with the authorization token from the Also header. This token allows C to verify that A requested the transfer to C for this particular call. This header is the Requested-By header, described in greater detail in section 5.3. Therefore, the basic transfer messaging flow is simple. A sends a BYE to B, containing an Also header listing C. The BYE causes A and B to be disconnected. User B is alerted about the transfer. If accepted, B sends an INVITE to C, including a Requested-By header in the INVITE. Schulzrinne/Rosenberg [Page 11] Internet Draft SIP Control June 17, 1999 4.2 Full mesh conferences We assume the conference starts as a standard two party call in SIP. One of the parties wishes to add a third to the conference. Based on the requirements, the new party needs to first be asked if they wish to join the conference. This implies that messaging begins with the inviting party (party A) sending a message to the new participant (party B). This message must contain a list of the other participants. If the invitation is acceptable to B, B can begin to join the conference. To join the conference, a signaling relationship must be established between B and all other participants. This can be done by having existing participants contact B, or B contacting existing participants. Since B has the list of participants in the initial INVITE from A, the most efficient approach is to have B contact each participant directly. Thus, in the simplest scenario, A (who is in a call with C), sends an INVITE to B. This INVITE contains an Also header, indicating C. B sends an INVITE to C, containing a Requested-By header naming A. C accepts, and then B sends a 200 OK to A. Now, there is a signaling relationship between all parties. Adding additional parties is done in a similar fashion. On the surface, this simple mechanism appears sufficient. However, it is not. Consider the following problematic cases (assume A,B, and C are already in a conference): o While A is adding D, B adds E. Since A did not tell D about E (as it didn't know about E), D may not know of E's existence. This results in a partially connected conference. o While A is adding D, B sends a BYE to the group. If this BYE is sent by B before the INVITE from D arrives at B, B should respond to the INVITE with an error. As far as B is concerned, the INVITE has failed, and it responds with an error to A. What should A do now? It cannot tell whether the add party failed because someone left the group, or because someone refused to add that party. In one case, the add should be tried again, and in the other, it should not. Even worse, should B accept the call from D, a partially disconnected conference will occur. o What happens if a transfer takes place at the same time as an add party? o A participant leaves the conference, but fails to send a BYE to all the other participants (either on purpose or by accident). The result is a partially disconnected conference. Schulzrinne/Rosenberg [Page 12] Internet Draft SIP Control June 17, 1999 The problems can all be categorized as difficulties in synchronizing a distributed database. The database, in this case, is the set of participants. This database is replicated at each participant. The database is dynamic, with each participant owning the entry in the database corresponding to itself. As changes occur, everyone must be quickly synchronized to achieve a consistent view of the conference participants. 4.2.1 Approach I: Caretaker In this approach, the party (A) that invites another (D) to the conference is its caretaker. When A adds D, it informs D of the other participants it knows about. D then sends an INVITE to each of these in turn, establishing a signaling relationship. Should the participant list (at A) change during the time D is being addded (until a 200 OK arrives from D), A makes note of these changes, and then propagates them to D. The difficulty with this approach is there is no easy way for A to know when it can cease being caretaker for D. Lets say A invited D, and told it to contact B and C, which it did. After receiving the 200 OK from D, A receives an INVITE from E, a new party added by B. Now, does A need to inform D about E? If B had invited E after knowing about D, A does not have to inform E, but if B invited E before knowing about D, A does have to inform D. Furthermore, should the caretaker itself leave the conference, the mechanism ceases to work. As a result, we don not believe this approach is viable. 4.2.2 Approach II: Flooding We make the following important observation: synchronization of the set of participants in a fully meshed multiparty conference is similar to the problem of database synchronization in link state routing protocols, like OSPF. Based on this, we can develop mechanisms for SIP based on the same synchronization, flooding, and adjacency notions in OSPF. We further observe that this approach has already been used as the basis for existing conferencing mechanisms [4]. To solve the first problem above, we introduce additional semantics and behavior into the Also header. When A invites D into the conference, the INVITE includes an Also header listing B and C. This Schulzrinne/Rosenberg [Page 13] Internet Draft SIP Control June 17, 1999 prompts D to send an INVITE to both B and C. In OSPF terminology, this effectively establishes an adjacency between D and B, and D and C. These INVITEs contain Also headers as well, listing the set of participants the D believes is in the call. When B and C receive this INVITE, they compare the set of participants in the Also header with the set of participants they believe are in the call. Note that this is effectively the same operation as database synchronization in OSPF. The result is three sets for each pair (assume B below): S1: S1 is BD - the intersection of the set of participants B and D both believe to be in the conference. S2: S2 is B - BD - the set of participants B believes to be in the conference, but D is not aware of S3: S3 is D - BD - the set of participants D has been asked to contact, which are not known to B First consider S2. There are only two ways this inconsistency can happen. The first way is that B has learned of a new participant before A issued the add party to D. The second is that A has learned the party has left the call before the INVITE from D arrives at B. Unfortunately, the desired behavior is different in each case. If B is correct, and a new party has joined, B should return the address of the party in the 200 OK to the INVITE from D. This would prompt D, in turn, to add those parties. On the other hand, if B is wrong, and the party has left the conference, B should say nothing in the 200 OK about this participant. To enable these differing cases, we can add two additional pieces of information to the addresses in the Also header. These are the participant state (either active or inactive), and the version number. When a participant receives a BYE from another, they mark that participant as inactive, and hold onto the state for a short duration (time TBD). This member is included in Also headers as other participants, but they are marked as inactive. Based on this, in the case above, B can ascertain the right behavior. The version number satisfies a different need. What happens if the participant that left, comes back because they are re-INVITEd? In this case, some of the participants will think this participant is inactive, and others will consider them active. To determine which piece of state is correct, the version number increments each time the state changes. The version with the highest value is always the most recent. (TBD: who sets this? Can't always be the originator). This is identical to the use of sequence numbers in LSA's in OSPF. Schulzrinne/Rosenberg [Page 14] Internet Draft SIP Control June 17, 1999 Consider now the set S3. When B receives the INVITE, this represents the set of users D claims is in the conference, but B does not know about. Since B keeps a cache of users who have left the conference, B can be sure these are new participants that it has not learned of yet. B should then send an INVITE to these users to establish signaling relationships with them. As with other INVITEs' the Also field contains B's perspective on the set of conference participants. This is effectively the same process as flooding of new LSA's in OSPF. TBD: How is requested-by handled in these various cases? We believe the flooding approach to be robust and well-proven from many other protocols. 4.3 Dial-up Bridges Dial up bridges are easily supported. We model them as virtual users. When a user wants to join a dial-up conference, they send an INVITE to the conference bridge. The bridge answers the call, and establishes a point to point signaling relationship with the new participant. The bridge performs the mixing locally, and sends the mixed stream to each participant separately. As far as each participant is concerned, they have a single signaling relationship with one other entity - the conference server. Fortunately, this does not prohibit each party from learning the identity of the others in the call. The bridge is effectively an RTP mixer. As such, it can use contributing sources (CSRC) in the RTP and RTCP packets to identify the other participants in the call. A user leaves the conference by hanging up with the bridge, as they would hang up with any other user in a normal two party call. An important issue is how conferences are identified. In the telephone network, there is usual a dial-in number and a passcode that the participant must know. In SIP, there are many more possibilities: o The conference is identified by a single URL - sip:conference332@conferences.com, for example. A user sends an INVITE to this address. The bridge identifies the conference by looking at the URI in the Request-URI. o There is a single URI for each bridge - sip:bridge3@conferences.com. The specific conference is identified by a passcode sent as the password in the URI: sip:bridge3:9987097@conferences.com. Schulzrinne/Rosenberg [Page 15] Internet Draft SIP Control June 17, 1999 o The conference is identified by a single URL, as in the first case. However, participants must also have a passcode. When the server receives an INVITE for this URI, it responds with a 401 demanding digest authorization. The shared secret used for authenticating the caller is the passcode. o The conference is identified by a single URL, as in the first case. The server is programmed with the public keys of those participants allowed to join. When a participant tries to join the conference by sending an INVITE to its address, the server uses PGP authentication to verify the user is one of those permitted. This allows for tight, per user controls on conference participation. Some have suggested identifying the conference by Call-ID. We do not believe this is the right approach. The Call-ID represents a SIP signaling relationship shared among two or more users. Since, in the conference bridge case, each user has a separate signaling relationship with the bridge, using a common Call-ID is not appropriate. Note that, based on this description, dial-in conferences are readily supported in baseline SIP without any extensions. However, the situation is more complex when a participant wishes to add another to the conference. We believe it is essential that the act of adding a party to a bridged conference is no different than the act of adding a party to a fully meshed one. Consider a bridged conference with participants A, B, and C. Each has a signaling relationship with the bridge, X. A wishes to bring D into the conference. Using the same mechanisms as for fully meshed conferences, A sends an INVITE to D, with the Also header indicating X. D then sends an INVITE to X, which accepts. The result is that D has a signaling relationship with the bridge, but is still maintaining its signaling relationship with A. To resolve this, the bridge needs to step up and instruct D to effectively abandon its signaling relationship with A (and vice a versa). This does not mean the bridge wants A to send an BYE to D. Rather, the bridge wants another one call leg to subsume another. For D, this means that the D-X call leg should subsume the D-A call leg. To accomplish this, the bridge sends an INVITE to D with a header called Replaces. Replaces indicates that the call leg the INVITE arrived on is subsuming the one identified in the header. The Replaces contains the address of A. The request must also be authenticated, since the Replaces header presents a powerful DOS attack. Users should accept an INVITE with a Replaces header only after either requesting confirmation from the user, or if the request Schulzrinne/Rosenberg [Page 16] Internet Draft SIP Control June 17, 1999 is signed by an authorized bridging service. 4.4 Conference out of Consultation In this service, A is in a call with B, and separately, A is in a call with C. These are two separate calls, and thus have identical Call-IDs. Transitioning to a full mesh multiparty conference is relatively straightforward. A can simply send an INVITE to B, with an Also listing C. As far as B is concerned, the process is a normal add party. The only difference is that the Call-ID is different in both calls. Thus, the INVITE to C from B would not appear to be for the same call. To resolve this, A must effectively change the Call-ID with B, and then perform an add party. The change in Call-ID is accomplished by having A send an INVITE to B (using the Call-ID from the A-C call), with a Replaces header containing the A-B Call-ID and A's address. The Replaces header has the same semantic here as in the bridged conference case above. The call leg identified in the Replaces header is subsumed by the call-leg of the INVITE. Once this transition has taken place, A can send an INVITE to B, containing Also:C, as discussed above. If the calls being connected are multi-party calls, the situation is more complex. (TBD: does this mechanism work for bridging two full mesh calls?) 4.5 Ad-hoc conference bridging To support an ad-hoc conference bridge, the following operations must take place: o One of the parties in the call must contact a bridge, informing it of the set of participants o The bridge must contact those participants, and cause them to replace their signaling relationship with the other parties with the relationship with the bridge To support the first, the initiator sends a message to the bridge, containing the list of participants. We use an INVITE method for this, and the participants are listed in the Also headers. It is not clear if this is the right approach. The semantics of INVITE with Also are not the same here. The bridge is not being asked to join the call, rather, its being asked to take over the the signaling and media connectivity for the call. For this reason, it might be appropriate to define a new method to indicate this, or perhaps a new Schulzrinne/Rosenberg [Page 17] Internet Draft SIP Control June 17, 1999 header or parameter to Also. Once the bridge has been contacted with the list of participants, it must send an INVITE to each (using the same Call-ID as the current call) to establish a relationship with them. This call leg must eventually replace the call legs the user has with all the other users. However, the user should not subsume a call leg with some other user until the bridge has succesfully contacted that other user. For this to work, the initial INVITE with each user is treated as a normal add-party. The Also list contains those users the bridge knows about (initially, those the initiator told the bridge about). As far as the contacted user is concerned, a normal add party is taking place. The response is (under normal cases) a 200 OK containing those additional parties the contacted user knows about. This way, if a user was in the process of an add party while someone else transitioned to a bridge, the bridge can learn about the new party. Should the user add parties after being contacted by the bridge, the user will tell the new party about the bridge. This allows the bridge to learn about all users that come (and go) during the transition period. Once the bridge has completed contacting all participants in the party, it attempts to subsume the various call legs into its own call leg. To do this, it sends another INVITE to each participant, listing those call legs which must be subsumed. In the case where a participant has added another user after the response to the bridges initial INVITE was sent, but before the the "subsuming INVITE" arrives, things still work. The new party will be informed about the bridge, contact the bridge, and the bridge accepts. The bridge can then send another INVITE to each user subsuming this particular new call leg. 4.6 Transfers to Multiparty Conferences This situation is more complex than normal transfers. We first consider the case of a full mesh signaling relatioship. Assume A, B, and C are already in a call. A wishes to transfer both B and C to Z. Extending the mechanism for a single party call is the ideal choice. In this case, A would ask B to contact Z, and A would ask C to contact Z. Everything works fine so long as (1) both B and C perform the transfer (i.e., both contact Z), and (2) Z accepts both B and C's invitations. However, if these assumptions fail to hold, the resulting transfer will only partially complete. For example, it is possible that only A gets transferred to Z. Schulzrinne/Rosenberg [Page 18] Internet Draft SIP Control June 17, 1999 Whether this behavior is acceptable or not is a good question. We believe that since the blind transfer mechanism has no guarantees on success (the transferring party disconnects in either case), this behavior is acceptable. Another issue that arises for multiparty conference transfers is a flooding effect at the transferred-to party. If a large number of participants where transferred, Z would receive, in rapid succession, an INVITE from each. To facilitate a usable application, Z should not really prompt the user about accepting each of these parties. Rather, it should accept them all if it accepts the first. So, we therefore have the rule: if a user accepts a transfer, it must accept all other parties which have been transferred. The specific mechanism is the same for multiparty conferences. A sends a BYE to B and C containing an Also header listing Z. B and C send a 200 OK to the BYE, and then send an INVITE to Z. This INVITE contains a Requested-By header listing A. When Z gets the first of these, it alerts the user and accepts the call. (TBD: should these triggered INVITEs contain Also's? Probably. But, in this case, Z is going to get the first INVITE with lots of Also's. Many of these (but perhaps not all) will eventually contact Z directly. So, should Z send an INVITE to those in the Also headers it doesn't know about already? Perhaps it should wait a while to see who contacts it first. As an alternative, the BYE from A can contain Z's address, PLUS those it send the BYE to. As a result, the INVITE from B or C to Z would only contain those users in the Also which Z did not list in the BYE. What is the right approach here?) 5 Header Syntax This section defines the syntax for the three new headers defined here - Also, Replaces, and Requested-By. 5.1 Also The Also header is used to list other participants in a call. It is a request and response header, and contains a list of SIP URI's, along with some special parameters. Also = ``Also'' ``:'' 1#Also-Values Also-Values = name-addr [parameters] parameters = 1*parameter parameter = ``;'' (status-param | version-param | crypto-param) status-param = ``status'' ``='' (``active'' | ``inactive'') version-param = ``version'' ``='' 1*3digit Schulzrinne/Rosenberg [Page 19] Internet Draft SIP Control June 17, 1999 crypto-param = ``token'' ``='' token The crypto-param is a token which is copied into the Requested-By header for requests that are "triggered" as a result of an Also header. The token is a signature over the URI of the entity generating the Also header, the address in the Also header itself, and the Call-ID. See section 6.1 for details on its computation. 5.2 Replaces The Replaces header is used to indicate that the call leg identified in the header is to be subsumed by the one initiated by this INVITE. It is a request header only, valid only in INVITE messages. The syntax is: Replaces = ``Replaces'' ``:'' 1#Replaces-Values Replaces-Values= SIP-URI [call-id-param] call-id-param = ``;'' ``call-id'' ``='' token When the call-id parameter is not present, it is presumed to be the same as the Call-ID of the INVITE itself. 5.3 Requested-By The Requested-By header is a request header only. It identifies the participant who asked the UAC to send the request. The syntax is: Requested-By = ``Requested-By'' ``:'' name-addr [req-params] req-params = ``;'' token-param token-param = ``token'' ``='' token 6 Also and Requested-By Header Semantics This section overviews the detailed semantics associated with the Also and Requested-By headers. 6.1 Sending an Untriggered INVITE When a UAC sends an INVITE containing an Also header, without having been asked by some other UAC to do so, it is called an untriggered Schulzrinne/Rosenberg [Page 20] Internet Draft SIP Control June 17, 1999 INVITE. Untriggered INVITEs are sent when a user wishes to add another user to a call, or to perform a transfer and hold service. Other uses may exist. An untriggered INVITE MUST NOT contain a Requested-By header. This header is used to determine whether an INVITE is triggered or not. When a UAC sends an untriggered INVITE containing an Also header, it implies that the UAC wishes the recipient to send an INVITE to those parties listed in the Also headers. If sent to a party not already in the call, the INVITE effects an add party operation. If sent to a party already in a call, it affects a transfer and hold operation. To ensure fully connected conferences, it is RECOMMENDED that a UAC include a URI for each participant it is aware of. Each element in the Also list should additionally contain a status and a version parameter. If the UAC believes the participant is no longer in the call, the status parameter is set to inactive, otherwise its active. The version parameter contains the version of the status for each participant that the UAC is currently aware of. The Also header SHOULD contain a token parameter for each URI listed. This parameter is computed in the following fashion: 1. Initialize a string to the value of the Call-ID. 2. Append the URI from the Also, not including any displaynames, but otherwise including all URI parameters. Also append the Also parameters status and version. 3. Append the URI that will be included in the From field of the INVITE. 4. Append the URI that will be included in the To field of the INVITE. 5. Compute a signature over this field, using a XXX hash and encryption using XXX. 6. The signature is then base64 encoded. The result is the token. The response to the INVITE is a non-200 value if the UAS failed to establish a call leg with all the participants listed in the Also fields, or if the UAS was unwilling or unable to execute the request. A 200 OK response means that the UAS successfully established the call with those participants which have not already left the call. In Schulzrinne/Rosenberg [Page 21] Internet Draft SIP Control June 17, 1999 other words, if A sends an untriggered INVITE to B, containing C in the Also header, B will send an INVITE to C. If C has left the call (a fact which A did not know yet), C will respond with a specific error code indicating this. In this fashion, B will know that it may still respond with a 200 OK to A should all other call legs become established. Furthermore, if other participants have joined the call since A sent the INVITE to B, B may have established call legs to them as well. The triggered INVITE will fail if B fails to establish a call leg with those participants, even if they are not listed in the Also header. Thus, a UAC SHOULD NOT treat a 200 OK to an untriggered INVITE as an indication that a call leg was established with all (and only) the participants listed in the Also header. 6.2 Receiving an Untriggered INVITE A UAS can determine whether or not an INVITE was triggered or untriggered based on the presence of the Requested-By header. Presence of this header means that the INVITE was triggered, and its absence implies untriggered. If the UAS receiving the INVITE is not currently in the call identified by the Call-ID, the UAS is being invited to join an existing call as a new member. The UAS SHOULD alert the user and ask for confirmation. If the UAS receiving the INVITE is currently in a call identified by the Call-ID, the UAS is being transferred and held. The UAS SHOULD alert the user and ask for confirmation. 6.2.1 New Call The UAS SHOULD send a 100 Trying response. If the transfer or add party request is not acceptable to the user, a 6XX response SHOULD be sent to the UAC. If the transfer/add-party is acceptable, the UAS MUST NOT respond definitively at this point. Instead, the UA formulates an INVITE for each participant listed in the Also header. Each INVITE MUST also contain a Requested-By header. This header is formed by attaching the URI in the From field in the INVITE to the Requested-By header. The token from the element in the Also field is copied to the token parameter in the Requested-By header. The URI for the Also field is copied into the To field of the INVITE. The remaining fields are initialized as they would be for any other INVITE sent by this UA. The INVITE's generated by the UA are called triggered INVITEs. Schulzrinne/Rosenberg [Page 22] Internet Draft SIP Control June 17, 1999 The UA also formulates an internal participant list. This list contains a set of URIs for each user, and for each, a version and status parameter. This list is initialized to the set contained in the Also header in the INVITE. This list is also placed into the Also headers of each triggered INVITE. The token in the Also field is generated as described in section 6.1. Note that this is NOT the same token received for this Also element in the untriggered INVITE. It is regenerated with the UA as the originator. Each triggered INVITE is then sent. The INVITEs MAY be sent in parallel, or MAY be sent sequentially, or MAY be sent in any groupings deemed appropriate. However, for sake of low latencies, sending the triggered INVITEs all at once is RECOMMENDED. If the UA receives a response to any of these INVITEs that is not 200 or 6XX (Not in Call), the UA determines that it was not successfully added to the call. It MUST send a BYE to those participants which: o responded to a triggered INVITE with a 200 o have not yet responded o sent it a triggered INVITE for the same call The latter case occurs when another party in the call (who has received an INVITE from the UA) adds a new party as well. This new party is informed of the UA, and sends it a triggered INVITE. The UA MUST then respond to the original untriggered INVITE with an error code (TBD: what code?). If a response to a triggered INVITE is a 200, this response may contain additional Also headers. These headers contain additional participants that the recipient of the triggered INVITE knew about, but the UA did not. The 200 may also contain updated status on participants the UA knew about. The UA uses this list to update its own list of participants. New users learned about from the 200 OK are added to the list. Users listed in the 200 OK, which are known to the UA, but whose version number in the 200 OK is higher, are updated. If the resulting update generates new active members, the UA MUST generate additional triggered INVITEs for them. The generation of these triggered INVITEs is identical to the above process, with an important difference. The URI in the Requested-By field is copied from the To field in the 200 OK. 200 responses to these triggered INVITEs may cause further triggered invites. Schulzrinne/Rosenberg [Page 23] Internet Draft SIP Control June 17, 1999 If the resulting update causes members to move from active to inactive, the UA should not send them a triggered INVITE if it has not already done so. If the response to a triggered INVITE is a 6xx (not in call), the UA changes the status of that member to inactive, and increments the version number (TBD: should this be an increment? Perhaps the 6xx should contain the new version number). Once responses have been received to all triggered INVITEs, all of which were either 200 or 6xx, the UA responds to the original INVITE (TBD: should this contain an Also list?). The UA is now in the call. 6.2.2 Existing Call When a UA receives an INVITE containing an Also field, but no Requested-By field, the INVITE is to transfer/hold the UA. If the originator of the INVITE is not already in the call, the INVITE is ignored. A 200 OK response is sent, however. (Transfers can only take place from parties already in the call). Those users in the Also header, who are already in the call, are ignored. If there are no remaining users from the Also list, the INVITE is ignored. The UA then generates triggered INVITEs to the remaining UA's in the Also list. The behavior from this point forward is identical to processing triggered INVITE responses in the previous section. 6.3 Receiving a Triggered INVITE When a UA receives an INVITE containing a Requested-By header, it has received a triggered INVITE. If the INVITE is for a new call, the UA has just been transferred-to. If the INVITE is for an existing call, the UA is being informed of a new party in this call. 6.3.1 New Call The UA has just been transferred-to. The Requested-By header contains the address of the transferring party. The UA SHOULD verify that the token in the Requested-By header is valid. This will verify that the transferring party is, in fact the one listed, and that this party did, in fact, transfer the user listed in the From field. If the token is not verified, the UAS SHOULD respond with a 4xx code, and SHOULD NOT alert the user. If the token is verified, the UA SHOULD alert the user, and ask for confirmation. If the user rejects the transfer-to, the UAS SHOULD send a 6xx response. Schulzrinne/Rosenberg [Page 24] Internet Draft SIP Control June 17, 1999 In either case, the UA MUST remember that it rejected the transfer for this Call-ID. Subsequent triggered INVITEs for the same call MUST be responded to with the same error response code. The UA MUST cache its rejection of this transfer (identified by the Call-ID and URI of the transferring party) for at least XX minutes. (TBD - what happens if a very old INVITE arrives after the cache expires, and the user accepts this time - we get a partial disconnect). The UA SHOULD alert the user if it receives a triggered INVITE with a different user listed in the Requested-By header, and MAY respond differently to this transfer. If the INVITE is acceptable, the UA sends a 200 OK. Processing of subsequent triggered INVITEs (one will likely come from each participant in the call) follows the rules below for an existing call. 6.3.2 Existing Call When a UA receives a triggered INVITE for an existing call, the INVITE is an attempt to inform the participant of new members for that call. The UA SHOULD first verify the token. It does so by computing the hash of the Call-ID, To address, Requested-By address, and From address. This is compared to the decrypted value of the token using the public key of the user listed in the Requested-By. If the two match, the token is verified. If the token is not verified, the INVITE is rejected with a 4xx response. If the token is verified, the UA checks to see if the user listed in the Requested-By is an active call participant. If they are not, the INVITE is rejected with a 4xx response (TBD: is there a case where the UA might not know about this participant yet?). If the user is a participant, the INVITE is accepted. The user SHOULD NOT be alerted. The list of users in the Also header is then examined. If this list contains users already known to the UA, the local list of participants is updated if the version number is higher. If the list contains users not known to the UA, they are added to the local list of participants. The UA then computes a difference set between its updated list and the list in the Also header. This set includes any users in its local list and not in the Also list. The set also includes users in both lists, but whose version is higher in the local list. This set is included in the Also header in the 200 OK to the INVITE. The token in the 200 OK is generated as described in 6.1. Schulzrinne/Rosenberg [Page 25] Internet Draft SIP Control June 17, 1999 The UA then computes a second difference set between its updated list and the list in the Also header. This set includes any users in the Also list not in its local list. The set also includes users in both lists, but whose version is higher than in the local list. The active users from this set are then sent triggered INVITEs. The Requested-By and Also fields in these triggered INVITEs are computed as described above. The inactive users in this set are then sent triggered BYE's. The Requested-By and Also fields in the triggered BYEs are computed in the same fashion as triggered INVITEs, except a triggered BYE contains no Also fields. 6.4 Sending an untriggered BYE A UA MAY send a BYE, containing Also headers, at any time. This BYE simulataneously terminates a call leg with the recipient, and causes the recipient to attempt to set up a call leg to the parties listed in the Also header. Unlike the INVITE, the BYE response is sent immediately, without first adding the various parties. Sending an untriggered BYE is equivalent to a blind transfer. The Also headers in the untriggered BYE MUST contain tokens. These tokens are generated in the same way described in section 6.1. 6.5 Receiving an untriggered BYE If the BYE corresponds to an existing call leg, the UA sends a 200 OK to the BYE. If it does not, it sends a 481. The UA then generates triggered INVITEs to all participants listed in the Also field. Generation of the triggered INVITEs, and processing of their responses, is done in the same fashion as described in section 6.1. The difference is, of course, that no additional response is sent to the BYE. 6.6 Receiving a triggered BYE If the BYE doesn't correspond to an existing call leg, the UA sends a 481. The UA then validates the token in the Requested-By header. If it is validated, a 200 OK is sent to the BYE, and the call-leg is torn down. 7 Replaces header semantics The Replaces header is used to allow one call leg to subsume another. The new call leg is identified by the combination of To, From, and Call-ID in the INVITE carrying the Replaces header. Replaces is a request header only, and MUST appear only in INVITEs. A UAS receiving a Replaces header in a non-INVITE request MUST respond with a 4xx Schulzrinne/Rosenberg [Page 26] Internet Draft SIP Control June 17, 1999 status code. The request containing a Replaces header SHOULD be authenticated. The Replaces header contains a list of call-legs, identified by the URI of the remote party and a Call-ID. If any of these are not valid call-legs as known to the UAS, the INVITE MUST be responded to with a 4xx status code. Otherwise, the UAS "abandons" each call leg listed - acting as if it had never been established. No BYE is sent. A 200 OK is then sent to the client. If a BYE additionally contains Also headers, the UAS MUST first generate the triggered INVITEs implied by the Also headers. Only if all triggered INVITEs succeed should the UAS act on the Replaces header. 8 Example Call Flows This section illustrates some example call flows. Messages are of the form: INV B Also:C,D BYE A Also:Y Where INV implies an INVITE request, and BYE a BYE request. The letter after the method is the Request URI. Also:C,D implies that URI's C and D were in the Also header. 8.1 Basic Transfer Figure 2 exemplifies the basic transfer in a two party call. A first sets up a call to B, and then transfers B to C. 8.2 Basic Add Party Figure 3 exemplifies the basic add party. A and B are already in a call. A adds C to the call. 8.3 Add Party during Add Party In this example (Figure 4), A and B are in a call. A adds another party, C, while B adds a different party, D. In the example, B adds D before learning about C. Schulzrinne/Rosenberg [Page 27] Internet Draft SIP Control June 17, 1999 A B C INV -----------------> 200 OK <---------------- ACK -----------------> BYE B Also:C ------------------> 200 OK <------------------ INV C ReqBy:A ---------------------> 200 OK <--------------------- ACK ---------------------> Figure 2: Transfer Message Flow In the example, C acts on the untriggered INVITE, and sends a triggered INVITE to B. B responds with a 200 OK, also alerting it to D's new presence in the call. D, acting on its untriggered INVITE, sends a triggered INVITE to A, and learns about C. Now, both C and D know about each other. In the example, C sends the INVITE to D first. It is possible in other cases for D to send the INVITE to C first, or for both INVITEs cross each other on the wire (in this case, both sides back off with a 500 and a Retry-After, so that eventually one invitation reaches the other side without an invite in transit in the other direction). Having received an INVITE from C, D doesn't bother to INVITE C. Both D and C then OK their respective INVITEs. 8.4 Party leaves during add party In this example (Figure 5), a three party call is in place between A, Schulzrinne/Rosenberg [Page 28] Internet Draft SIP Control June 17, 1999 A B C INV C Also:B ----------------------------------> INV B Also:C ReqBy:A <------------------- 200 OK --------------------> ACK <-------------------- 200 OK <----------------------------------- ACK -----------------------------------> Figure 3: Add Party Message Flow B and C. A adds another user, D, and shortly thereafer, C leaves the call. Since D learns from B that C has left the call, D does not bother to contact C, and responds right away to the add party. The result is now a three party call with A,B, and D. 9 A note on multicast media Another useful service, which we have not discussed so far, is to transition a conference from distributing media through multi-unicast to distribution through multicast. In fact, this is not a SIP issue at all. However, we discuss it here for completeness. Assume a call between A, B, and C. Media is being distributed through multi-unicast. At some point, A decides its appropriate to transition to multicast. It should send a re-INVITE to B and C, containing an updated SDP with a multicast group (allocated by A by some means, perhaps MADCAP [5]. If the transition to multicast is acceptable, both B and C respond with a 200 OK. No SDP is needed in the response, as per [2]. If B and C decide to switch to multicast, it is in their interest (but not required) to send a re-INVITE to the other participants they Schulzrinne/Rosenberg [Page 29] Internet Draft SIP Control June 17, 1999 A B C D INV C Also:B ----------------------------------> INV D Also:A ---------------------------------> INV B Also:A ReqBy:A <---------------- 200 OK Also:D -----------------> INV A Also:A,B <-------------------------------------------------- 200 OK Also:C ---------------------------------------------------> INV D Also:A,B ReqBy:B ------------------> 200 OK <------------------ ACK -------------------> 200 OK <----------------------------------- ACK -----------------------------------> 200 OK <----------------- ACK ------------------> Figure 4: Add Party During Add Party Message Flow know about, containing the SDP describing the multicast session. The result is that some or all of the sessions on the call-legs transition to multicast. If not all have transitioned, the user may still need to send some packets unicast. There is no capability for determining the codec parameters for the multicast session based on the intersection of the capabilities of each participant. The model for multicast media distribution in a tightly coupled conference is identical to that for loosely coupled sessions. The initiator of the multicast session chooses a codec, and that is what is used. Note, however, that in the case where the Schulzrinne/Rosenberg [Page 30] Internet Draft SIP Control June 17, 1999 A B C D INV D Also:B,C --------------------------------------------------> BYE B <----------------- BYE A <-------------------------------- 200 OK -----------------> 200 OK --------------------------------> INV B Also:A,B,C ReqBy:A <----------------------------------- 200 OK Also:C;status=inactive -----------------------------------> ACK <----------------------------------- 200 OK <-------------------------------------------------- ACK --------------------------------------------------> Figure 5: Party Leaves During Add Message Flow sessions start as multi-unicast, the originator will know the capabilities of all the other parties, and thus can intelligently choose the codecs for the session. 10 Security Considerations Security issues are addressed throughout this document. The call control mechanisms have serious security issues. An INVITE with an Also cause the recipient to add or drop other parties, possibly without user interaction. This implies that authorization of the requests is critical. 11 Open Issues There are many, many open issues: Schulzrinne/Rosenberg [Page 31] Internet Draft SIP Control June 17, 1999 1. How to do this with shared secrets rather than public keys? 2. If the transferred-to party in a transfer accepts some, but not all (or rejects some, but not all) of the INVITEs for it, we end up with a partially disconnected conference. 3. Should we use a session timer to refresh things and periodically re-flood the participant list, in an attempt to keep things synchronized? 4. The version/status concept is still very vague. Does it work? Is it needed? 5. Conference out of consultation for multi-party calls - not clear the Replaces mechanism works here. 12 Acknowledgements The authors would like to especially thank Jonathan Lennox for his many insightful comments and contributions to this work. 13 Bibliography [1] S. Bradner, "Key words for use in RFCs to indicate requirement levels," Request for Comments (Best Current Practice) 2119, Internet Engineering Task Force, Mar. 1997. [2] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, "SIP: session initiation protocol," Request for Comments (Proposed Standard) 2543, Internet Engineering Task Force, Mar. 1999. [3] H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: a transport protocol for real-time applications," Request for Comments (Proposed Standard) 1889, Internet Engineering Task Force, Jan. 1996. [4] C. Elliott, "A 'sticky' conference control protocol," vol. 5, pp. 97--119, 1994. [5] S. Hanna, B. Patel, and M. Shah, "Multicast address dynamic client allocation protocol (MADCAP)," Internet Draft, Internet Engineering Task Force, May 1999. Work in progress. Full Copyright Statement Copyright (c) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to Schulzrinne/Rosenberg [Page 32] Internet Draft SIP Control June 17, 1999 others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Table of Contents 1 Terminology ......................................... 1 2 Introduction ........................................ 2 3 Services ............................................ 2 3.1 Blind Transfer ...................................... 3 3.2 Transfer and Hold ................................... 4 3.3 Transfer with Consultation .......................... 5 3.4 Multi-party Conferencing ............................ 6 3.4.1 Loosely Coupled Multicast Conference ................ 6 3.4.2 Distributed Full Mesh ............................... 7 3.4.3 Dial-in Bridge ...................................... 8 3.4.4 Ad-hoc Bridge ....................................... 9 3.4.5 Conference out of Consultation ...................... 10 4 Discussion of Implementation Options ................ 11 4.1 Transfer ............................................ 11 4.2 Full mesh conferences ............................... 12 4.2.1 Approach I: Caretaker ............................... 13 4.2.2 Approach II: Flooding ............................... 13 4.3 Dial-up Bridges ..................................... 15 Schulzrinne/Rosenberg [Page 33] Internet Draft SIP Control June 17, 1999 4.4 Conference out of Consultation ...................... 17 4.5 Ad-hoc conference bridging .......................... 17 4.6 Transfers to Multiparty Conferences ................. 18 5 Header Syntax ....................................... 19 5.1 Also ................................................ 19 5.2 Replaces ............................................ 20 5.3 Requested-By ........................................ 20 6 Also and Requested-By Header Semantics .............. 20 6.1 Sending an Untriggered INVITE ....................... 20 6.2 Receiving an Untriggered INVITE ..................... 22 6.2.1 New Call ............................................ 22 6.2.2 Existing Call ....................................... 24 6.3 Receiving a Triggered INVITE ........................ 24 6.3.1 New Call ............................................ 24 6.3.2 Existing Call ....................................... 25 6.4 Sending an untriggered BYE .......................... 26 6.5 Receiving an untriggered BYE ........................ 26 6.6 Receiving a triggered BYE ........................... 26 7 Replaces header semantics ........................... 26 8 Example Call Flows .................................. 27 8.1 Basic Transfer ...................................... 27 8.2 Basic Add Party ..................................... 27 8.3 Add Party during Add Party .......................... 27 8.4 Party leaves during add party ....................... 28 9 A note on multicast media ........................... 29 10 Security Considerations ............................. 31 11 Open Issues ......................................... 31 12 Acknowledgements .................................... 32 13 Bibliography ........................................ 32 Schulzrinne/Rosenberg [Page 34]