< draft-mavrakis-vemmi-url-spec-02.txt   draft-mavrakis-vemmi-url-spec-03.txt >
ETSI TE1 VEMMI Working Group D. Mavrakis ETSI TE1 VEMMI Working Group D. Mavrakis
Internet-Draft H. Layec Internet-Draft H. Layec
draft-mavrakis-vemmi-url-spec-02.txt K. Kartmann draft-mavrakis-vemmi-url-spec-03.txt K. Kartmann
October 22, 1996 Expires -> April 21, 1996 December 26, 1996 Expires -> June 25, 1996
VEMMI URL Specification VEMMI URL Specification
<draft-mavrakis-vemmi-url-spec-02.txt> <draft-mavrakis-vemmi-url-spec-03.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
skipping to change at page 1, line 47 skipping to change at page 1, line 48
A new URL scheme, "vemmi" is defined. It allows VEMMI client software A new URL scheme, "vemmi" is defined. It allows VEMMI client software
and VEMMI terminals to connect to multimedia interactive services and VEMMI terminals to connect to multimedia interactive services
compliant to the VEMMI standard (Enhanced Man-Machine Interface for compliant to the VEMMI standard (Enhanced Man-Machine Interface for
Videotex and Multimedia/Hypermedia Information Retrieval Services), Videotex and Multimedia/Hypermedia Information Retrieval Services),
sometimes abbreviated as "VErsatile MultiMedia Interface". sometimes abbreviated as "VErsatile MultiMedia Interface".
VEMMI is a new international standard for on-line multimedia services, VEMMI is a new international standard for on-line multimedia services,
that is both an ITU-T (International Telecommunications Union, ex. that is both an ITU-T (International Telecommunications Union, ex.
CCITT) International Standard (T.107) [2] and an European Standard CCITT) International Standard (T.107) [2] and an European Standard
(ETSI European Telecommunications Standard Institute) standard (ETSI European Telecommunications Standard Institute) standard
(ETS 300 382 [3], obsoleted by prETS 300 709 [1]). (ETS 300 382 [3], obsoleted by ETS 300 709 [1]).
VEMMI could be described as an on-line multimedia protocol describing VEMMI could be described as an on-line multimedia protocol describing
both the man-machine interface and the client/server exchange protocol. both the man-machine interface and the client/server exchange protocol.
VEMMI operates usually on a single continuous session between a client VEMMI operates usually on a single continuous session between a client
and a host and supports an object-oriented, event-driven, client/server and a host and supports an object-oriented, event-driven, client/server
oriented and platform independent multimedia interface. The well-known oriented and platform independent multimedia interface. The well-known
tcp port number 575 has been assigned by IANA to the VEMMI protocol [14]. tcp port number 575 has been assigned by IANA to the VEMMI protocol [14].
A description of the VEMMI standard along with its last approved version A description of the VEMMI standard along with its last approved version
is publicly available on the Web: see the URL is publicly available on the Web: see the URL
skipping to change at page 3, line 10 skipping to change at page 3, line 10
protocols). Thanks to the VEMMI URL, Web browsers will be able to protocols). Thanks to the VEMMI URL, Web browsers will be able to
activate a VEMMI client software module to start a VEMMI session to activate a VEMMI client software module to start a VEMMI session to
the requested service when the user activate a vemmi URL included in the requested service when the user activate a vemmi URL included in
the HTML document. the HTML document.
------------------------------------------------------------------------ ------------------------------------------------------------------------
3) Description of the VEMMI scheme 3) Description of the VEMMI scheme
The VEMMI URL scheme is used to designate multimedia interactive The VEMMI URL scheme is used to designate multimedia interactive
services conforming to the VEMMI standard (ITU/T T.107 and services conforming to the VEMMI standard (ITU/T T.107 and
prETS 300 709). ETS 300 709).
A VEMMI URL takes the form: A VEMMI URL takes the form:
vemmi://<user>:<password>@<host>:<port>/<vemmiservice>; vemmi://<host>:<port>/<vemmiservice>;
<attribute>=<value> <attribute>=<value>
as specified in Section 3.1. of RFC 1738. If :<port> is omitted, the as specified in Section 3.1. of RFC 1738. If :<port> is omitted, the
port defaults to 575 (client software may choose to ignore the optional port defaults to 575 (client software may choose to ignore the optional
port number in order to increase security). The :<password> may be port number in order to increase security). The <vemmiservice> part is
omitted, as well as the whole <user>:<password> part, or the optional and may be omitted.
<vemmiservice> part.
This URL does not designate a data object, but rather a multimedia This URL does not designate a data object, but rather a multimedia
interactive service. A VEMMI service starts a multimedia session managing interactive service. A VEMMI service starts a multimedia session managing
multimedia objects and interacting with the user during the session. To multimedia objects and interacting with the user during the session. To
the difference of other stateless protocols, the link between the client the difference of other stateless protocols, the link between the client
and the server is usually maintained during the whole session (although and the server is usually maintained during the whole session (although
in some cases other mechanisms may be used, see below). in some cases other mechanisms may be used, see below).
The <vemmiservice> is the name of the VEMMI service to activate. This The <vemmiservice> is the name of the VEMMI service to activate. This
field is not mandatory and could be omitted for example if the remote field is not mandatory and could be omitted for example if the remote
skipping to change at page 4, line 18 skipping to change at page 4, line 18
during an interactive videotex or telnet session, the VEMMI service during an interactive videotex or telnet session, the VEMMI service
selection is performed by a simple dialog between the client and the selection is performed by a simple dialog between the client and the
server. server.
The service, username and password information are transmitted by The service, username and password information are transmitted by
the client software to the host in answer to the corresponding the client software to the host in answer to the corresponding
requests received from the host. The following behavior is expected requests received from the host. The following behavior is expected
from the client: from the client:
- wait for the optional request strings from the host server - wait for the optional request strings from the host server
('service:', 'username:' and 'password:') and answer them ('service:', 'username:' and 'password:') and answer them
(respectively by <vemmiservice>, <username> and <password> values). (respectively by <vemmiservice> value defined in the URL and the
<username> and <password> entered by the user if required).
The terminal answer may be sent automatically if the answers are known The terminal answer may be sent automatically if the answers are known
(that is if they are specified in the URL or terminal configuration) (that is if they are specified in the URL or terminal configuration)
or it may prompt the user for the needed informations. or it may prompt the user for the needed informations.
When parameters (attribute and value pairs) are present in the URL, When parameters (attribute and value pairs) are present in the URL,
these fields will be sent following the <vemmiservice> transmitted these fields will be sent following the <vemmiservice> transmitted
to the host in answer to the 'service:' request received from the to the host in answer to the 'service:' request received from the
host, separated from the <vemmiservice> value by a semicolon. host, separated from the <vemmiservice> value by a semicolon.
- the client answers must always be followed by a Carriage Return (CR). - the client answers must always be followed by a Carriage Return (CR).
If a Line Feed (LF) is transmitted after the CR, it will be If a Line Feed (LF) is transmitted after the CR, it will be
ignored by the server. ignored by the server.
skipping to change at page 5, line 11 skipping to change at page 5, line 12
alive keyword in the Connection header to request a persistent alive keyword in the Connection header to request a persistent
connection [9]. Protocol switching using the upgrade header field may connection [9]. Protocol switching using the upgrade header field may
be used in such case to switch to vemmi protocol [9]. This possible use be used in such case to switch to vemmi protocol [9]. This possible use
of HTTP for VEMMI is not described in this document. of HTTP for VEMMI is not described in this document.
------------------------------------------------------------------------ ------------------------------------------------------------------------
5) Proposed syntax 5) Proposed syntax
The proposed BNF syntax is encoded as specified in RFC 1738 [5]: The proposed BNF syntax is encoded as specified in RFC 1738 [5]:
; vemmi (see ITU-T T.107 and ETSI prETS 300 709) ; vemmi (see ITU-T T.107 and ETSI ETS 300 709)
vemmiurl = "vemmi://" login [ "/" vemmiservice *[ parameter ] ] vemmiurl = "vemmi://" hostport [ "/" vemmiservice *[ parameter ] ]
vemmiservice = *[ uchar | "/" | "?" | ":" | "@" | "&" | "=" ] vemmiservice = *[ uchar | "/" | "?" | ":" | "@" | "&" | "=" ]
parameter = ";" attribute "=" value parameter = ";" attribute "=" value
attribute = *[ uchar | "/" | "?" | ":" | "@" | "&" ] attribute = *[ uchar | "/" | "?" | ":" | "@" | "&" ]
value = *[ uchar | "/" | "?" | ":" | "@" | "&" ] value = *[ uchar | "/" | "?" | ":" | "@" | "&" ]
This syntax: This syntax:
- allows the user to specify the remote host address by its name or - allows the user to specify the remote host address by its name or
numeric address, along with optional login information (user and numeric address. Although he could select a specific port, it is
password, as login = [ user [ ":" password ] "@" ] hostport). Although expected the information providers and VEMMI software will mostly
he could select a specific port, it is expected the information use the port number assigned to VEMMI (575) [14]. For security
providers and VEMMI software will mostly use the port number assigned reasons, the username and password could not be specified in the URL.
to VEMMI (575) [14].
- allows him to select a specific VEMMI service if the remote host - allows him to select a specific VEMMI service if the remote host
manages several different VEMMI services. manages several different VEMMI services.
- allows also to send additional data to the service using the - allows also to send additional data to the service using the
parameter syntax, either during the service selection phase or when parameter syntax, either during the service selection phase or when
the user selects a vemmi hyperlink within a HTML document displayed in the user selects a vemmi hyperlink within a HTML document displayed in
a VEMMI multimedia area. To the difference of the params syntax used a VEMMI multimedia area. To the difference of the params syntax used
in [4], the parameter syntax requires each value to be labeled by an in [4], the parameter syntax requires each value to be labeled by an
attribute. The parameter attribute names are case-insensitive. attribute. The parameter attribute names are case-insensitive.
Parameter values may or may not be case-sensitive, depending on the Parameter values may or may not be case-sensitive, depending on the
attribute. attribute.
skipping to change at page 6, line 5 skipping to change at page 6, line 5
- $OBJECT_REQUEST: requests the retransmission of a given VEMMI object. - $OBJECT_REQUEST: requests the retransmission of a given VEMMI object.
- $USERDATA: user data specific by the user and to be processed by the - $USERDATA: user data specific by the user and to be processed by the
VEMMI service. VEMMI service.
------------------------------------------------------------------------ ------------------------------------------------------------------------
6) Examples: 6) Examples:
Some examples of VEMMI URLs along with the corresponding client/server Some examples of VEMMI URLs along with the corresponding client/server
dialog are presented below, they are for information only: dialog are presented below, they are for information only:
a) A simple VEMMI URL for a VEMMI service that does not enforce access a) A simple VEMMI URL and the corresponding dialog for a VEMMI service
control might be: that does not enforce access control might be:
URL: vemmi://zeus.mctel.fr/demo URL: vemmi://zeus.mctel.fr/demo
In this case, the exchange between client and server will be as In this case, the exchange between client and server will be as
follow (the server requests are presented left, client answers follow (the server requests are presented left, client answers
right): right):
...establishing TCP/IP link to zeus.mctel.fr... ...establishing TCP/IP link to zeus.mctel.fr...
service: demo service: demo
200 OK {status code returned by the VEMMI host} 200 OK {status code returned by the VEMMI host}
...starting VEMMI session... ...starting VEMMI session...
b) The service name may be omitted (for example if the remote server b) The service name may be omitted (for example if the remote server
hosts only one VEMMI service), and the URL might then be: hosts only one VEMMI service), and the URL might then be:
URL: vemmi://zeus.mctel.fr URL: vemmi://zeus.mctel.fr
In this case, the VEMMI interactive session is started immediately In this case, the VEMMI interactive session is started immediately
by the host without requesting first the service name (should the by the host without requesting first the service name (should the
client receive a service request from the host, it will prompt the client receive a service request from the host, it will prompt the
user for service name). user for service name).
c) A similar URL to a service that requires an username and password c) The URL could not include the username and password. In this case,
might have an URL that looks like:
URL: vemmi://smith:12345678@mctel.fr/demo
The exchange between the client and server will be:
...establishing TCP/IP link to mctel.fr...
service: demo
login: smith
password: 12345678
200 OK
...starting VEMMI session...
Should the server does not prompt the client for login and password,
the login information stored in the URL will not be used. The
password characters echo may be scrambled.
d) The URL may not include the username and password. In this case,
should they be requested by the host, the VEMMI client may use a should they be requested by the host, the VEMMI client may use a
default value specified for this service or prompt the user for them default value specified for this service or prompt the user for them
(for example it could propose anonymous and user e-mail address as (for example it could propose anonymous and user e-mail address as
defaults): defaults):
URL: vemmi://mctel.fr/demo URL: vemmi://mctel.fr/demo
In this case, the exchange between client and server may be as follow In this case, the exchange between client and server may be as follow
(server requests at the left, client answers at the right): (server requests at the left, client answers at the right):
...establishing TCP/IP link to mctel.fr... ...establishing TCP/IP link to mctel.fr...
service: demo service: demo
login: anonymous {user has been prompted for username} login: anonymous {user has been prompted for username}
password: mavrakis@ties.itu.ch {user prompted for password} password: mavrakis@ties.itu.ch {user prompted for password}
401 Unauthorized {an anonymous user is not allowed to 401 Unauthorized {an anonymous user is not allowed to
access the service} access the service}
...closing TCP/IP link between client and server... ...closing TCP/IP link between client and server...
e) Some services may use additional data transmitted in the parameter d) Some services may use additional data transmitted in the parameter
fields, for example: fields, for example:
URL: vemmi://mctel.fr/demo;$USERDATA=smith;account=1234 URL: vemmi://mctel.fr/demo;$USERDATA=smith;account=1234
If no access check is done by the host, the dialog might be: If no access check is done by the host, the dialog might be:
...establishing TCP/IP link to mctel.fr... ...establishing TCP/IP link to mctel.fr...
service: demo;$USERDATA=smith;account=1234 service: demo;$USERDATA=smith;account=1234
200 OK 200 OK
...starting VEMMI session... ...starting VEMMI session...
------------------------------------------------------------------------ ------------------------------------------------------------------------
7) Procedure to use when a VEMMI URL is encountered in a HTML document 7) Procedure to use when a VEMMI URL is encountered in a HTML document
skipping to change at page 7, line 45 skipping to change at page 7, line 36
vemmi:// string is transmitted to the server, the HTTPD server may vemmi:// string is transmitted to the server, the HTTPD server may
be modified in order to recognize such URL and to propose the be modified in order to recognize such URL and to propose the
downloading of a VEMMI client software. downloading of a VEMMI client software.
- the HTML document including the vemmi URL allowing to start the - the HTML document including the vemmi URL allowing to start the
VEMMI session may propose both options, for example: VEMMI session may propose both options, for example:
If your browser supports VEMMI, directly If your browser supports VEMMI, directly
<A HREF="vemmi://ares.mctel.fr/TEST">start the interactive <A HREF="vemmi://ares.mctel.fr/TEST">start the interactive
multimedia service</A>, otherwise multimedia service</A>, otherwise
<A HREF="ftp://ftp.mctel.fr/vemmi.exe">download first a VEMMI <A HREF="ftp://ftp.mctel.fr/vemmi.exe">download first a VEMMI
client software</A>. client software</A>.
- the application/vemmi MIME type is pending registration (to allow for - the application/vemmi MIME type is defined below (to allow for
example exchange of vemmi objects). A possible way is for the server example exchange of vemmi objects). A possible way is for the server
to look in the HTTP Accept header field and to deduce that if to look in the HTTP Accept header field and to deduce that if
application/vemmi is supported, then the VEMMI support exists (in this application/vemmi is supported, then the VEMMI support exists (in this
case, application/vemmi is to be defined in the browser and associated case, application/vemmi is to be defined in the browser and associated
with the vemmi decoder). with the vemmi decoder).
------------------------------------------------------------------------ ------------------------------------------------------------------------
8) Security considerations: 8) Security considerations:
The VEMMI URL scheme is subject to the same security implications as the The VEMMI URL scheme is subject to the same security implications as the
general URL scheme [5], so the usual precautions outlined in [5] apply general URL scheme [5], so the usual precautions outlined in [5] apply
(for example, the use of URLs containing passwords that should be secret (for example, it is not allowed to store the username and password in
is clearly unwise). the URLs).
Furthermore, among VEMMI objects that could be used during the Furthermore, among VEMMI objects that could be used during the
interactive session, metacode objects (representing a sequence of VEMMI interactive session, metacode objects (representing a sequence of VEMMI
commands) and operative objects (they are executable programs to be run commands) and operative objects (they are executable programs to be run
on the client platform) may be downloaded and/or started. on the client platform) may be downloaded and/or started.
In order to protect the user against the activation of an harmful In order to protect the user against the activation of an harmful
operative object, it is strongly recommended that the users use the operative object, it is strongly recommended that the users use the
configuration menu of their VEMMI software to disable the option of configuration menu of their VEMMI software to disable the option of
running operative objects when receiving potentially unsafe VEMMI running operative objects when receiving potentially unsafe VEMMI
objects, or at least enable the option to request first user approval objects, or at least enable the option to request first user approval
before starting the execution of an operative object. before starting the execution of an operative object.
The VEMMI remote interactive services may vary widely in their access The VEMMI remote interactive services may vary widely in their access
control policies; in practice, the <user> and <password> supplied are control policies; in practice, when a prompt for username or password
advisory only: clients accessing a VEMMI URL merely advise the user of is received, the VEMMI terminal should request them from the user.
the suggested username and password, and the user could supersede them. The VEMMI terminal implementation could support additional features,
The <user> and <password> fields supplied either in the URL or the by for example proposing by default "anonymous" as username and the
user will be used to answer the user and password commands received from user Internet e-mail address as password, or looking in an encrypted
the remote host after establishing the connection to the VEMMI server. local database for user identification on this service.
If no user and password commands are received from the remote host,
these fields will not be used. If no user name or password is supplied
and one is requested by the VEMMI server, the program interpreting the
VEMMI URL should request one from the user, proposing by default
"anonymous" as user name and the Internet e-mail address of the end user
accessing the service as password.
Such an identification mechanism using the username/password scheme is Such an identification mechanism using the username/password scheme is
unsecure and is provided for backwards compatibility only. The VEMMI unsecure and is provided for backwards compatibility only. The VEMMI
services requiring a safe identification procedure must rely on other services requiring a safe identification procedure must rely on other
alternative mechanisms (e.g. S/KEY or other). In numerous cases, the alternative mechanisms (e.g. S/KEY or other). In numerous cases, the
user identification procedure will be performed by the VEMMI service. user identification procedure will be performed by the VEMMI service.
------------------------------------------------------------------------ ------------------------------------------------------------------------
9) application/vemmi MIME type 9) application/vemmi MIME type
 End of changes. 17 change blocks. 
50 lines changed or deleted 30 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/