Sipping P. Kyzivat Internet-Draft Cisco Systems, Inc. Intended status: Informational October 19, 2006 Expires: April 22, 2007 Registration Event Package Extension for Session Initiation Protocol (SIP) Globally Routable User Agent URIs (GRUUs) draft-ietf-sipping-gruu-reg-event-08 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 22, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract RFC 3680 defines a Session Initiation Protocol (SIP) event package for registration state. This package allows a watcher to learn about information stored by a SIP registrar, including its registered contact. However, the registered contact is frequently unreachable and thus not useful for watchers. The Globally Routable User Agent URI Kyzivat Expires April 22, 2007 [Page 1] Internet-Draft Reg Event GRUU Extension October 2006 (GRUU), defined in RFC YYYY [3], is a URI that is capable of reaching a particular contact. However this URI is not included in the document format defined in RFC 3680. This specification defines an extension to the registration event package to include GRUUs assigned by the registrar. [[NOTE TO RFC-EDITOR/IANA: Please replace YYYY throughout this document with the RFC number assigned to the referenced draft [3] when it is published.]] Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Notifier Processing of SUBSCRIBE Requests . . . . . . . . . . 4 5. Notifier Generation of NOTIFY Requests . . . . . . . . . . . . 4 6. Subscriber Processing of NOTIFY Requests . . . . . . . . . . . 5 7. Sample reginfo Document . . . . . . . . . . . . . . . . . . . 5 8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 8.1. Example: Welcome Notice . . . . . . . . . . . . . . . . . 6 8.2. Example: Implicit Registration . . . . . . . . . . . . . . 7 9. XML Schema Definition . . . . . . . . . . . . . . . . . . . . 10 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 10.1. URN Sub-Namespace Registration . . . . . . . . . . . . . . 10 10.2. XML Schema Registration . . . . . . . . . . . . . . . . . 11 11. Security Considerations . . . . . . . . . . . . . . . . . . . 11 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 13.1. Normative References . . . . . . . . . . . . . . . . . . . 12 13.2. Informative References . . . . . . . . . . . . . . . . . . 13 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 14 Kyzivat Expires April 22, 2007 [Page 2] Internet-Draft Reg Event GRUU Extension October 2006 1. Introduction RFC 3680 [2] defines a Session Initiation Protocol (SIP) event package for registration state. This package allows a watcher to learn about information stored by a SIP registrar, including the registered contacts. However, a registered contact is frequently unreachable from hosts outside of the domain of the user agent. It is commonly a private address, or even when public direct access to it may be blocked by firewalls. The Globally Routable User Agent URI (GRUU), defined in RFC YYYY [3], is a URI that reaches a particular UA instance, but is reachable by any host on the Internet. GRUUs assigned by the registrar represent additional registration state. However, GRUUs assigned by the registrar are not included in the notifications provided by RFC 3680. For many applications of the registration event package, a GRUU is needed, and not the registered contact. For example, the Welcome Notices example in [2] will only operate correctly if the contact address in the "reg" event notification is reachable by the sender of the welcome notice. When the registering device is using the GRUU extension, it is likely that the registered contact address will not be globally addressable, and a GRUU should be used as the target address for the MESSAGE. Another case where this feature may be helpful is within the 3GPP IP Multimedia Subsystem (IMS). IMS employs a technique where a REGISTER of a contact address to one Address of Record (AOR) causes the implicit registration of the same contact to other associated AORs. If GRUUs are requested and obtained as part of the registration request, then additional GRUUs will also be needed for the implicit registrations. While assigning the additional GRUUs is straightforward, informing the registering UA of them is not. In IMS, UAs typically subscribe to the "reg" event, and subscriptions to the "reg" event for an AOR result in notifications containing registration state for all the associated AORs. The proposed extension provides a way to easily deliver the GRUUs for the associated AORs. The "reg" event package has provision for including extension elements within the element. This document defines new elements that may be used in that context to deliver the public and temporary GRUUs corresponding to the contact. Kyzivat Expires April 22, 2007 [Page 3] Internet-Draft Reg Event GRUU Extension October 2006 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. [1] 3. Description Two new elements ( and ) are defined, each of which contains a GRUU. These optional elements may be included within the body of a NOTIFY for the "reg" event package when GRUUs are associated with the contact. The contact URI and the GRUUs are then all available to the watcher. 4. Notifier Processing of SUBSCRIBE Requests Unchanged from RFC 3680 [2]. 5. Notifier Generation of NOTIFY Requests A notifier for the "reg" event package [2] SHOULD include the element when a contact has an Instance ID and a public GRUU is associated with the combination of the AOR and the Instance ID. When present, the element MUST be be positioned as a child of the element. A notifier for the "reg" event package [2] MAY include the element when a contact has an Instance ID and a temporary GRUU is associated with the combination of the AOR and the Instance ID. This element SHOULD be included if the subscriber is also authorized to register to the AOR. This element SHOULD NOT be included if the subscriber is not authorized to register to the AOR, unless there is an explicitly configured policy directing that it be included. When present, the element MUST be be positioned as a child of the element. Note that it is possible for multiple registered contacts to share the same instance ID. In such a case, each element will have child and elements, and those child elements of each element will be identical. Since a particular contact can not be associated with more than one instance ID, a element will never have more than one and one child element. Kyzivat Expires April 22, 2007 [Page 4] Internet-Draft Reg Event GRUU Extension October 2006 The content of the element is the public GRUU that is associated with the instance ID and AOR of the registered contact. The content of the element is the temporary GRUU that is associated with the instance ID and AOR of the registered contact. 6. Subscriber Processing of NOTIFY Requests When a subscriber receives a "reg" event notification [2] with a containing a and/or , it SHOULD use one of the GRUUs in preference to the corresponding when sending SIP requests to the contact. Subscribers that are unaware of this extension will, as required by [2], ignore the and elements. 7. Sample reginfo Document Note: This example and others in the following section are indented for readability by the addition of a fixed amount of whitespace to the beginning of each line. This whitespace is not part of the example. The conventions of [7] are used to describe representation of long message lines. The following is an example registration information document including the new element: Kyzivat Expires April 22, 2007 [Page 5] Internet-Draft Reg Event GRUU Extension October 2006 sip:user@192.0.2.1 "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" sip:user@example.com ;gr=hha9s8d-999a sip:8ffkas08af7fasklzi9@example.com ;gr 8. Examples Note: In the following examples the SIP messages have been simplified, removing headers that are not pertinent to the example. When the value of the Content-Length header field is "..." this means that the value should be whatever the computed length of the body is. 8.1. Example: Welcome Notice Consider the Welcome Notices example in [2]. When the application server receives a notification of a new registration containing the reginfo shown in Section 7 it should address messages using the contained public GRUU as follows: Kyzivat Expires April 22, 2007 [Page 6] Internet-Draft Reg Event GRUU Extension October 2006 MESSAGE sip:user@example.com;gr=hha9s8d-999a SIP/2.0 To: From: "SIPland Notifier" ;tag=7xy8 Content-Type: text/plain Content-Length: ... Welcome to SIPland! Blah, blah, blah. 8.2. Example: Implicit Registration In an 3GPP IMS setting, a UA may send a single register message, requesting assignment of GRUUs, as follows: REGISTER sip:example.net SIP/2.0 From: ;tag=5ab4 To: Contact: ;expires=3600 ;+sip.instance="" Supported: path, gruu Content-Length: 0 The response reports success of the registration and returns the GRUUs assigned for the combination of AOR, Instance ID, and Contact. It also indicates (via the P-Associated-URI header [6]) that there are two other associated AORs that may have been implicitly registered using the same contact. Each of those implicitly registered AORs will have unique GRUUs assigned. The REGISTER response will not include those GRUUs; it will only include the GRUUs for the AOR and instance ID explicitly included in the registration. SIP/2.0 200 OK From: ;tag=5ab4 To: ;tag=373392 Path: Service-Route: Contact: ;expires=3600 ;+sip.instance="" ;pub-gruu="sip:user_aor_1@example.net;gr=hha9s8d-999a" ;temp-gruu="sip:8ffkas08af7fasklzi9@example.net;gr" P-Associated-URI: , Content-Length: 0 The UA then subscribes to the "reg" event package as follows: Kyzivat Expires April 22, 2007 [Page 7] Internet-Draft Reg Event GRUU Extension October 2006 SUBSCRIBE sip:user_aor_1@example.net SIP/2.0 From: ;tag=27182 To: Route: Event: reg Expires: 3600 Accept: application/reginfo+xml Contact: Content-Length: 0 (The successful response to the subscription is not shown.) Once the subscription is established an initial notification is sent giving registration status. In IMS deployments the response includes, in addition to the status for the requested URI, the status for the other associated URIs. NOTIFY sip:user_aor_1@example.net;gr=hha9s8d-999a SIP/2.0 From: ;tag=27182 To: ;tag=262281 Subscription-State: active;expires=3600 Event: reg Content-Type: application/reginfo+xml Contact: Content-Length: ... sip:ua.example.com "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" sip:user_aor_1@example.net ;gr=hha9s8d-999a sip:8ffkas08af7fasklzi9@example.net ;gr Kyzivat Expires April 22, 2007 [Page 8] Internet-Draft Reg Event GRUU Extension October 2006 sip:ua.example.com "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" sip:user_aor_2@example.net ;gr=hha9s8d-999b sip:07hcovy36vp6vngvbia@example.net ;gr sip:ua.example.com "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" sip:+358504821437@example.net;user=phone ;gr=hha9s8d-999c sip:h99egjbv17fe8ibvlka@example.net ;gr Kyzivat Expires April 22, 2007 [Page 9] Internet-Draft Reg Event GRUU Extension October 2006 The status indicates that the associated URIs all have the same contact registered. It also includes the unique GRUUs that have been assigned to each. The UA may then retain those GRUUs for use when establishing dialogs using the corresponding AORs. 9. XML Schema Definition The and elements are defined within a new XML namespace URI. This namespace is "urn:ietf:params:xml:ns:gruuinfo". The schema for these elements is: 10. IANA Considerations There are two IANA considerations associated with this specification. 10.1. URN Sub-Namespace Registration This section registers a new XML namespace, per the guidelines in [4]. URI: The URI for this namespace is urn:ietf:params:xml:ns:gruuinfo Registrant Contact: IETF, SIPPING working group, , Paul Kyzivat XML: Kyzivat Expires April 22, 2007 [Page 10] Internet-Draft Reg Event GRUU Extension October 2006 BEGIN Reg Information GRUU Extension Namespace

Namespace for Reg Information GRUU Extension

urn:ietf:params:xml:ns:gruuinfo

See RFCXXXX [[NOTE TO RFC-EDITOR/IANA: Please replace XXXX with the RFC Number of this specification]].

END 10.2. XML Schema Registration This section registers an XML schema per the procedures in [4]. URI: urn:ietf:params:xml:schema:gruuinfo. Registrant Contact: IETF, SIPPING working group, , Paul Kyzivat The XML for this schema can be found in Section 9. 11. Security Considerations Security considerations for the registration event package are discussed in RFC 3680 [2], and those considerations apply here. If a contact address obtained via subscription to the registration event package is not reachable by the subscriber then its disclosure may arguably be considered a minimal security risk. In that case the inclusion of a GRUU may be considered to increase the risk by providing a reachable address. On the other hand requests addressed to a GRUU are always first processed by the servicing proxy before they reach the intended user agent. The proxy may control access as desired, just as it may for the AOR. For instance, the proxy servicing a GRUU may accept requests from senders whose identity appears on a white list, and reject other requests. In this respect disclosing a GRUU presents no more risk than disclosing the AOR. Kyzivat Expires April 22, 2007 [Page 11] Internet-Draft Reg Event GRUU Extension October 2006 Temporary GRUUs have an additional security consideration. The intent of the temporary GRUU is to provide a contact address that cannot be correlated to the identity of the calling party. The recipient of a call using a temporary GRUU may guess the identity of the calling party and then attempt to obtain the temporary GRUUs assigned to that caller to confirm the conjecture. Two possible approaches to obtaining the temporary GRUUs are: o Send a REGISTER request to a conjectured caller. o Send a SUBSCRIBE request for the "reg" event package to the conjectured caller. Typically REGISTER is restricted to devices or users that are authorized to originate and received calls with the AOR. Anonymity among users of the same AOR is hard to achieve and typically unnecessary. It is recommended (see Section 5) that the authorization policy for the "reg" event package permit only those subscribers authorized to register to the AOR to receive temporary GRUUs. With this policy, the confidentiality of the temporary GRUU will be the same with and without the "reg" event package. User agents that use a temporary GRUU should note that confidentiality does not extend to parties that are permitted to register to the AOR or obtain the temporary GRUU when subscribing the "reg" event package. 12. Acknowledgements The author would like to thank Jonathan Rosenberg for help with this draft, and Jari Urpalainen for assistance with the XML. 13. References 13.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Rosenberg, J., "A Session Initiation Protocol (SIP) Event Package for Registrations", RFC 3680, March 2004. [3] Rosenberg, J., "Obtaining and Using Globally Routable User Agent (UA) URIs (GRUU) in the Session Initiation Protocol (SIP)", draft-ietf-sip-gruu-11 (work in progress), April 2007. [4] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. Kyzivat Expires April 22, 2007 [Page 12] Internet-Draft Reg Event GRUU Extension October 2006 13.2. Informative References [5] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [6] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd-Generation Partnership Project (3GPP)", RFC 3455, January 2003. [7] Sparks, R., "Session Initiation Protocol Torture Test Messages", draft-ietf-sipping-torture-tests-09 (work in progress), November 2005. Author's Address Paul H. Kyzivat Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA 01719 USA Email: pkyzivat@cisco.com Kyzivat Expires April 22, 2007 [Page 13] Internet-Draft Reg Event GRUU Extension October 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Kyzivat Expires April 22, 2007 [Page 14]