ECRIT Direct Emergency Calling

The current IETF ECRIT architecture, as described in and in , focuses on devices where emergency calls are routed primarily through the subscriber's home VSP and the direct signaling communication between the end host and the PSAP that contains the IP-based PSAP is only an exception. This is a convenient assumption if one considers the regular communication patterns of the device and the potential proprietary protocol implementations used between the end host and the VSP and the ability to move the interoperability challenges away from the end device and closer to VSPs. There are, however, challenges for regulators to enforce emergency services functionality when the VSP is located in a different jurisdiction with the current model. Inclusion of a VSP introduces unnecessary elements into the emergency call path making the overall solution more cumbersome. This document describes the regulatory challenge and illustrates a model for direct communication between the end host and the PSAP that is supported by the basic SIP communication patterns. With the help of the Location-to-Service Translation protocol a PSAP URI is discovered that allows the end device to directly send SIP communication requests towards the PSAP. Note that the information returned by LoST may not necessarily be the address of the PSAP itself but might rather be an entity that gets the emergency call closer to the PSAP by returning the address of an Emergency Services Routing Proxy (ESRP). This memo attempts to address the issues raised above and describe the requirements, procedures and operations necessary for a generic IP emergency calling client. The intent of this client is that it will be able to use the available ECRIT building blocks to allow any IP enabled device with access to the Internet to make an emergency call without requiring a voice service subscription. Further more, a means for call-back in the event of a dropped call is also described.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

The jurisdictional problem is illustrated with that highlights that providing the data in the Location Information Server (LIS) and the LoST server are correct, that the caller and the PSAP are assured of being in the same regulatory jurisdiction. This is important, because it shows that it is the access component of the network and not the service component against which reguatory obligations can be imposed with any hope of enforcement. Regulation without the possibility of enforcement is challenging as there is very little coordination between regulators world wide in this area, consequently any emergency calling procedure should ensure that all nodes against which the procedures apply fall within the same regulatory boundary.

In many deployments today the emergency calling device is located behind a NAT or a firewall, and there is no assumption or requirement for a VSP subscription to exist. illustrates such a typical scenario. Indeed any subscription of this nature is immaterial to the operation described in this memo.

| NAT | --->: ISP :----->| ESRP | +--------+ +----------+ ; ; +------+ `, ,', ,' { } { } ```` ```` ]]>

The ESRP is discovered by the emergency client obtaing its location from a LIS, for example, using HELD, and then using LoST to resolve the location and 'urn:services.sos' Service URN to the ESRP URI. When the emergency client is started the device needs to perform LIS and LoST server discovery, as described in Section 7 of . The emergency client MUST support location acquisition and the LCPs described in Section 6.5 of . The description in Section 6.5 and 6.6 of regarding the interaction between the device and the LIS applies to this document. The emergency client MUST use LoST to obtain an ESRP URI. The exact timing of individual LoST lookups may vary based on a number of factors, including the design of the user interface. For example, a hypothetical user interface may offer an emergency call button that triggers a <listServicesByLocation> interaction to learn about the available emergency services (potentially using the serviceListBoundary extension defined in ). The service options may be presented to the emergency caller in a graphical fashion and once a specific service is selected a LoST query would be initiated (unless a cached mapping is available that makes this request obsolete). The LoST <findService> query to obtain the ESRP URI for the selected service is in this example initiated at the time the emergency call setup is performed. It is recommended that ESRP discovery occurs at call time.

Emergency registration is only necessary when an emergency call procedure is initiated. Immediately prior to making an emergency call, the emergency client performs a SIP emergency registration with the registrar in the ESRP, the ESRP-registrar. The emergency registration is a SIP registration with specific options and headers which are required in order to guard the emergency network and ensure callback should it be required. Each emergency client MUST provide an instance-id, as defined in , this allows the ESRP-registrar to generate a GRUU that can be used as a callback identifier. A GRUU is necessary as the callback identifier because the emergency client does not provide a longer-term contact address to the ESRP-registrar prior to registration, and the GRUU provides a handle by which the PSAP can identify the calling emergency client. To simplify the emergency client and ESRP-registrar implementations, only public GRUUs are provided by the ESRP-registrar. The public GRUU is guaranteed to be the same for a device regardless of re-registration with a different call-id, which may occur if the device unexpectedly reboots. This is not true for temporary GRUUs, which makes temporary GRUUs undesriable in the scope of this application space. The PSAP is able to define and mandate the time over which callback is possible. This needs to be a reasonable period of time, nominally 10s of minutes, as the device may well be transient with regards to network attachment. The ESRP-registrar reflects the regulatory callback period in the expiry value of emergency registration responses. Emergency clients claiming compliance to this specification MUST honour the value in the registration response from the ESRP-registrar, up to a maximum of 60 minutes. An emergency client SHOULD respect a registration expiry of longer than 60 minutes, but MAY terminate its registration with and ESRP-registrar at 60 minutes if the expiry value provided by the ESRP-registrar was longer. In the event that a registration is lost by the emergency client prior to reaching registration expiry then the emergency client MUST re-register with the ESRP-registrar and SHOULD use the same call-id. In this circumstance the ESRP-registrar SHOULD match the instance-id and the call-id to recognize that it is a re-registration for a dropped connection, and expiry time in the registration response SHOULD be set to the time remaining from the original registration occurred. requires a device to support at least 2 registrations to different proxies. The emergency client requirements in this memo relax this requirement down to one registration, but more than one is allowed. There are several reasons for relaxing the connection redundancy requirement. Firstly, ESRPs are expected to have inbuilt redundancy, so if a connection is dropped due to a failed proxy in the ESRP, then a new connection or registration will automatically be directed to an active proxy in the ESRP cluster. If the connection dropped because of some other failure along the path from the emergency client to the ESRP, then multiple SIP registrations are unlikely to provide any measurable reliability improvements since single points of failure in this path are inherently likely. Secondly, re-registrations only occur immediately prior to call placement, so any outbound failure will also likely result in the call dropping. If this occurs then the emergency client MUST re-register with the ESRP-registrar, and since instance-id and public GRUU will remain unchanged as a result of this, the emergency client can either receive a callback from the PSAP, or it can initiate a new call to the emergency network. Location information is critical to emergency calling. Providing location information to the calling-entity with sufficient granularity to allow ESRP route determination is crucial. Since this must occur prior to the emergency client registering with the ESRP-registrar, the emergency client must have access to a certain amount of location information (and the amount varies depending on the specific emergency services deployment architecture). The device SHOULD include all the location information it has when registering with the ERSP-registrar. Inclusion of location information in SIP REGISTER messages is specified in . There are three possible execution paths for the ESRP-registrar when receiving a REGISTER message: If the REGISTER message does not include location information the ESRP-registrar MUST use HELD identity to obtain the location of the device as both a location value and reference. In order to contact the LIS the ESRP-registrar SHOULD determine the LIS address using the mechanism described in . The ESRP-registrar MAY use other methods for LIS determination where available. If the REGISTER message contains a location URI then the ESRP-registrar MUST dereference it so that it has a location available to route the impending emergency call. The ESRP-registrar MAY validate the LIS address in the location URI with that of the LIS serving the network from which the REGISTER message originated. LIS determination MAY be performed using the methods described in . The REGISTER message contains location information by value. Any actions performed by the ESRP-registrar to valid this information are specific to the jurisdiction in which the ESRP operates and are out of the scope of this document. Where location conveyance is used confidentiality protection SHOULD be provided using Transport Layer Security (TLS). show the registration message exchange graphically.

+ | | | | | | +----locationRequest--->+ | | | | | | +<---locationResponse---| | | | | | | +------------------findService------------->+ | | | | | +<--------------findServiceResponse---------+ | | | | | +------------------------REGISTER------------------------>+ | | | | | +<------locationRequest-----------+ | | | | | +-------locationResponse--------->+ | | | | +<-------------------------200 OK ------------------------+ | | | | ]]>

;tag=7F94778B653B To: anon Call-ID: 16CB75F21C70 CSeq: 1 REGISTER Geolocation: ;inserted-by="anon@192.0.2.2" ;routing-allowed=yes Geolocation: ;inserted-by="anon@192.0.2.2" ;routing-allowed=no Require: gruu, geolocation Supported: outbound, gruu Contact: ;+sip.instance="" Content-Type: multipart/mixed; boundary=boundary1 Content-Length: ... ]]> Since the emergency client does not have a nominal domain, it MUST register in the same domain as the ESRP. This is illustrated in the example REGISTER message show in .

Immediately subsequent to the registration a SIP INVITE request is sent to the ESRP in the following form: The Request URI MUST be the service URN in the "sos" tree. The To header MUST be a service URN in the "sos" tree. The From header MUST be present and MUST be the public GRUU returned from the registration with the ESRP-registrar. A Route header MUST be present with an ESRP URI, obtained from LoST. A Contact header MUST be present and contain the public GRUU , and be valid for several minutes following the termination of the call, provided that the UAC remains registered with the same registrar, to permit an immediate call-back to the specific device which placed the emergency call. A SDP offer MUST be included in the INVITE. If voice is supported the offer MUST include the G.711 codec, see Section 14 of . SIP Caller Preferences SHOULD be used to signal how the PSAP should handle the call. For example, a language preference expressed in an Accept-Language header may be used as a hint to cause the PSAP to route the call to a call taker who speaks the requested language. SIP Caller Preferences may also be used to indicate a need to invoke a relay service for communication with people with disabilities in the call.

The description in is relevant for this document.

The functionality defined in Section 9.3 in regarding disabling of certain features is relevant for this document and an emergency client MUST NOT implement the the features listed in ED-70, and ED-71.

The description in Section 15 of regarding emergency call testing is used by this specification. Since this specification mandates a registration with the ESRP-registrar a similar tagging URI to that described in is used to indicate a test registration. Test registrations SHALL be of short durations, but MUST be long enough to allow completion of a "test call" as described in .

When the emergency client sends a REGISTER request for emergency test registration, the "sos.test" URI parameter MUST be appended to the URI in the Contact header. This indicates to the ESRP-registrar that the request is for emergency test registration.

;+sip.instance="" Content-Type: multipart/mixed; boundary=boundary1 Content-Length: ... ]]> Only one Contact header field SHOULD be included in the emergency REGISTER test request. If more than one Contact header is included then the presence of the "sos.test" URI in any of the Contact fields SHALL result in the ESRP-registrar treating the registration as a test registration.

The following syntax specification uses the augmented Backus-Naur Form (BNF) as described in . The "sos.test" URI parameter is a "uri-parameter", as defined by . uri-parameter =/ sos-param-test sos-param-test = "sos.test"

PSAP callback occurs as described in .

TBD

This specification defines one new SIP URI parameter, as per the registry created by . Parameter Name: sos.test Predefined Values: none Reference: [RFCXXXX] [NOTE TO IANA: Please replace XXXX with the RFC number of this specification.]

Thanks to Elaine Quah for being a sounding board.