idnits 2.17.1 draft-boulton-xcon-session-chat-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 16, 2012) is 4302 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-simple-chat-15 == Outdated reference: A later version (-13) exists of draft-ietf-mediactrl-call-flows-09 == Outdated reference: A later version (-16) exists of draft-ietf-rtcweb-use-cases-and-requirements-09 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 XCON Working Group M. Barnes 3 Internet-Draft Polycom 4 Intended status: Standards Track C. Boulton 5 Expires: January 17, 2013 NS-Technologies 6 S. Loreto 7 Ericsson 8 July 16, 2012 10 Chatrooms within a Centralized Conferencing (XCON) System 11 draft-boulton-xcon-session-chat-08 13 Abstract 15 The document "A Framework for Centralized Conferencing" defines a 16 centralized conference as both signaling and protocol agnostic. The 17 primary examples within this framework focus on audio and video as 18 the media types for the session. This document provides an overview 19 of the mechanisms defined in the centralized conferencing framework 20 that can be used to support multi-user chat. In addition, the 21 document describes additional functionality and requirements 22 necessary to provide feature rich functionality. 24 Status of this Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on January 17, 2013. 41 Copyright Notice 43 Copyright (c) 2012 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 60 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 3.1. Basic Protocol Operations . . . . . . . . . . . . . . . . 5 62 3.2. Chat Session and Conferencing Identifiers . . . . . . . . 7 63 4. Advanced Operations . . . . . . . . . . . . . . . . . . . . . 8 64 5. Additional Operations . . . . . . . . . . . . . . . . . . . . 8 65 5.1. Nicknames . . . . . . . . . . . . . . . . . . . . . . . . 9 66 5.2. Logging . . . . . . . . . . . . . . . . . . . . . . . . . 10 67 5.3. History . . . . . . . . . . . . . . . . . . . . . . . . . 11 68 5.4. Indicating Alternate Venue . . . . . . . . . . . . . . . . 11 69 5.5. File Transfer . . . . . . . . . . . . . . . . . . . . . . 11 70 5.6. Real Time Collaboration . . . . . . . . . . . . . . . . . 12 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 72 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 73 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 13 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 79 1. Introduction 81 A Centralized Conference as defined by the "A Framework for 82 Centralized Conferencing" (XCON Framework) [RFC5239] is both 83 signaling and protocol agnostic. The primary examples within the 84 framework focus on audio and video as the media types for the 85 session. This document provides an overview of the mechanisms and 86 associated framework elements involved when text is the media for the 87 conference. This functionality is often referred to as a "multi-user 88 chat" as it enables a participant to join a chatroom (e.g. hosted by 89 the conference server) for the exchange of messages between multiple 90 participants. The message can be plain text or can contain different 91 format for more advanced functionality. 93 Several existing protocols support this multi-user chat 94 functionality, such as Extensible Messaging and Presence Protocol 95 (XMPP) [RFC6120], [RFC6121] and Internet Relay Chat (IRC) defined in 96 [RFC1459] and its successors: [RFC2810],[RFC2811],[RFC2812], 97 [RFC2813]. In addition, [I-D.ietf-simple-chat] provides multi-user 98 chat functionality for a purely SIP signaling based solution option 99 using Message Session Relay Protocol (MSRP) [RFC4975]. 101 The focus of this document is to describe the interface and provide 102 guidelines for the the support of existing multi-user chat 103 functionality on a conferencing system based on the XCON framework 104 using the Conference Control Manipulation Protocol (CCMP) independent 105 of the specific media type used by the chat client. 107 The functionality described in this document is not intended to 108 replace any of the existing chat protocols, nor is it specifying a 109 new chat protocol. The motivation for this document is to allow 110 clients that use the conferencing framework model for other media 111 types (e.g. voice/video) to utilize the same conference control 112 mechanisms and conferencing system to establish, update and delete a 113 chatroom associated with a conference instance, independent of the 114 chat protocol. This approach also allows the conferencing system to 115 provide a natural interworking point for various chat protocols - the 116 details of the interworking are outside the scope of this document. 118 2. Conventions and Terminology 120 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 121 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 122 document are to be interpreted as described in [RFC2119]. 124 This document reuses the terminology defined in the Centralized 125 Conferencing Framework [RFC5239] and related protocol document 127 [RFC6503]. 129 Additional terminology used in this document: 130 Chat Client: a Conferencing Client as defined in [RFC5239] that 131 participates in a "chatroom". 132 Chatroom: A virtual space that users figuratively enter in order to 133 participate in real-time, text-based conferencing with other 134 users. 135 Multi-user chat: The functionality that allows multiple users to 136 exchange messages in the context of a room or channel, similar to 137 Internet Relay Chat (IRC). 138 Private message: A message sent from one participant directly to 139 another participant - i.e., not to the chatroom itself to all 140 participants. 142 3. Overview 144 Figure 1 provides a general illustration of chat clients having a 145 direct, 1:1 connection to the conferencing system. Participants can 146 use the chat clients to join a room associated with a conference 147 instance and send messages. The conferencing system receives the 148 messages sent from a client participating in a conference instance 149 and then distributes them to the other clients associated with the 150 conference instance, that are also present in the chatroom. 152 +--------+ 153 | Chat | 154 | Client | 155 +--------+ 156 | 157 | 158 | 159 v 160 +--------+ +------------+ +--------+ 161 | Chat | |Conferencing| | Chat | 162 | Client |----------->| System |<-----------| Client | 163 +--------+ +------------+ +--------+ 164 ^ 165 | 166 | 167 | 168 +--------+ 169 | Chat | 170 | Client | 171 +--------+ 173 Figure 1: Client Connection 175 The approach in this document is to have no impact on the existing 176 chat protocols, while taking full advantage of the functionality 177 provided by the centralized conferencing framework. 179 A basic solution for MSRP based IM chat sessions is documented in 180 [I-D.ietf-simple-chat]. It uses the concept of an "MSRP switch" as 181 the centralized component, whose role is very similar to the 182 Conferencing Server in this document. The solution in 183 [I-D.ietf-simple-chat] doesn't explicitly take advantage of the 184 centralized conferencing framework model, as it primarily intends to 185 make use of the basic SIP conferencing framework to provide the basic 186 chat functionality. The MSRP based IM chat solution is compatible 187 with the solution components described in this document, with no 188 impact on that basic solution proposal. One of the advantages of 189 applying the two solutions in concert would be to take advantage of 190 the centralized conferencing framework model for advanced features, 191 such as sidebars and private conferences, and manipulation of the 192 conference data. 194 XMPP assumes a decentralized client-server architecture similar to 195 the one shown in Figure 1, wherein a client utilizing XMPP accesses a 196 server and servers can also communicate with each other over TCP 197 connections, similar to the email network. The XMPP server can 198 provide as additional functionality the multi-user conferencing 199 services [XEP-0045]. The XMPP multi-user conferencing service is 200 also compatible with the solution components described in this 201 document with no impact on the basic solution proposal. Indeed, the 202 centralized conferencing framework model is perfectly able to manage 203 the XMPP strong room control model, including the ability to kick and 204 ban users, to name room moderators and administrators, to require 205 membership or passwords in order to join the room. However it is 206 worth noting that the centralized conferencing framework does not 207 encompass the communication between servers, as XMPP does. Thus, for 208 the solution proposal in this document, the XMPP client SHOULD only 209 have a direct connection with the server hosting the chatroom 210 instance, and federations between servers SHOULD NOT be allowed. 212 3.1. Basic Protocol Operations 214 The multi-user chat protocol operations, such as create, join and 215 delete can be performed using both non-signaling specific mechanisms 216 or protocol specific mechanisms, if defined. Non-signaling specific 217 mechanisms are defined in the Centralized Conferencing Framework 218 [RFC5239] and related Conference Control Manipulation Protocol (CCMP) 219 document [RFC6503]. This document provides the details for the non- 220 signaling specific mechanisms using CCMP with detailed examples 221 provided in [RFC6504]. Protocol specific mechanisms are defined in 222 other documents such as for SIP in the SIPPING Conference Framework 223 [RFC4353] and for XMPP in Multi-User Chat [XEP-0045]. 225 The privilege to create a chatroom associated with a conference 226 instance can be restricted to certain users or can be reserved to an 227 administrator of the conference. The room creation can be performed 228 using non-signaling mechanism or protocol specific mechanism if 229 defined. In the case of CCMP, a confRequest message with a "create" 230 operation is sent by the chat client. 232 A participant can query the conferencing system to discover the list 233 of the chat rooms associated with a hosted conference instance. In 234 the case of CCMP, a blueprintsRequest message for the chatrooms 235 supported by a conferencing system or a confsRequest message for the 236 active chatrooms can be sent by the chat client. 238 In order to participate in the discussions held in a multi-user chat 239 room, a participant MUST first enter the room. A chat client wishing 240 to enter a chatroom associated with a conference instance MAY use a 241 non-signaling or protocol specific mechanism if defined. In the case 242 of CCMP, a participant MUST join a conference instance using the 243 mechanisms which are described in [RFC6503] - e.g., userRequest 244 message with a "create" operation to be added to a conference 245 instance. 247 The request to send a message is specific to the chat protocol (e.g., 248 MSRP SEND). Upon receipt of a request to send a message, the 249 conferencing system replicates and forwards the message to all other 250 chat clients that are participants of the chat room. Depending upon 251 policy, a conferencing system MAY ignore or reject messages, in which 252 case they are not distributed to the other chat room participants. 254 A participant MAY send a "private message" to a selected participant 255 or a group of participant. This privilege SHOULD be allowed for all 256 participants unless local policy dictates otherwise. 258 A chat client wishing to exit a chat room uses a non-signaling 259 mechanism or protocol specific mechanism, if defined. If the chat 260 client is the last to exit, the conferencing system can be 261 responsible for deleting the room or the originator/owner/moderator 262 The privilege to delete a chatroom associated with a conference 263 instance can be restricted to certain users or can be reserved to an 264 administrator of the conference. The room deletion can be performed 265 using non-signaling mechanism or protocol specific mechanism if 266 defined. In the case of CCMP, the client MUST send a CCMP 267 confRequest message with an operation of "delete". 269 3.2. Chat Session and Conferencing Identifiers 271 As highlighted in the overview section, a chat client connecting to a 272 conferencing system has a 1:1 relationship with the chat signaling 273 entity, each having a unique protocol specific chat session 274 identifier (chat-ID). When referring to chat-IDs the document is 275 making reference to the locally (at conferencing system) generated 276 chat-ID used for session signaling identification. An important 277 concept in this proposal is the creation and management of Group Chat 278 sessions. It is important that each chat session created, as 279 identified by a unique chat-ID, is explicitly tied to an associated 280 conference. The Centralized Conferencing Framework [RFC5239] 281 introduces the concept of a conference user identifier which is 282 defined in [RFC6501]. When a user joins a conference instance 283 through the signaling protocol, the user is allocated an appropriate 284 conference user identifier either through authentication or system 285 allocation. The conference user identifier is represented by the 286 'entity' attribute of a element in the element in the 287 conference information. The association of the chat-IDs is 288 accomplished by including each of the chat-IDs in the conference 289 information in the 'entity' attribute of an element in the 290 element. The conference information as a whole is uniquely 291 identified within the conferencing system by an XCON-URI, thus 292 providing the relevant association between a chat session and a 293 centralized conference. Figure 2 shows the logical repesentation of 294 the chat-IDs with the conf-userIDs, with each row in the table 295 representing a single entry. 297 +-------------------------------------------------+ 298 | XCON-URI: 711331@example.com | 299 +-----------------------+-------------------------+ 300 | Chat-ID=8asjdhk | xcon-userid: 839ULjj | 301 | Chat-ID=38iuhds | xcon-userid: 0283hHu | 302 | Chat-ID=djiowid | xcon-userid: ncH37Hs | 303 | Chat-ID=389hewu | xcon-userid: pakdjjH | 304 +-----------------------+-------------------------+ 306 Figure 2: Session Association 308 A more complex session association is necessary due to potential for 309 a user to have multiple group chats in a single conference instance, 310 such as multi-lingual conference support. In an example with SIP and 311 MSRP, the conference representation in Figure 2 allows for such 312 functionality when separate SIP dialogs represent MSRP sessions. 314 This process becomes complex in the case that multiple SDP MSRP media 315 sessions (m=) are defined in a single payload. This internal 316 representation needs expanding to enable a conferencing system to 317 explicitly associate a media session (m=). This involves including 318 the media label, as defined in [RFC4574], to maintain the internal 319 conference association. An example is illustrated in Figure 3. 321 +----------------------------------------------------------------+ 322 | XCON-URI: 711331@example.com | 323 +----------------------------------------------------------------+ 324 | Chat-ID=8asjdhk | xcon-userid: 839ULjj | Label=iede3 | 325 | Chat-ID=38iuhds | xcon-userid: 0283hHu | Label=8heus | 326 | Chat-ID=838unaH | xcon-userid: 0283hHu | Label=3cnu7 | 327 | Chat-ID=djiowid | xcon-userid: ncH37Hs | Label=jd38J | 328 | Chat-ID=389hewu | xcon-userid: pakdjjH | Label=U83hd | 329 | Chat-ID=Ko03jdk | xcon-userid: pakdj7H | Label=ehy3h | 330 +----------------------------------------------------------------+ 332 Figure 3: Advanced Session Association + Media Label 334 In Figure 3, conference user identifiers '0283hHu' and 'pakdj7H' 335 appear twice. The combination of multiple conference user 336 identifiers and a unique chat-ID enables the conference system to 337 clearly identify a specific Group Chat instance. Even in the 338 simplest conferencing system, where users are allowed to enter 339 anonymously, the internal representation described in this section 340 should be observed. In this case, the conferencing system would 341 still internally create a conference user identifier for participant 342 reference purposes. 344 4. Advanced Operations 346 Advanced chat features, such as sidebars and private messages can 347 also be supported within the context of the centralized conferencing 348 framework using CCMP. Additional protocol details for these advanced 349 features are provided in [RFC6504]. 351 5. Additional Operations 353 This section discusses additional operations or features required to 354 provide chat room functionality. Most of the operations are not 355 explicitly defined in the centralized conferencing framework. While 356 most of the features and operations are achievable using the XCON 357 data model [RFC6501] and data maintained by a conferencing system per 358 the XCON framework, some advanced features require extensions to the 359 XCON data model and may be optimized with more discrete CCMP 360 messages. 362 5.1. Nicknames 364 Nicknames allow a user to define a text string that uniquely 365 identifies the user within a particular chatroom without necessarily 366 reflecting any protocol specific identity (e.g., SIP URI, Conference 367 User Identifier, etc.). It is also important to note that the 368 functionality to provide nicknames is not limited to users involved 369 in chatrooms, thus it should be a general feature of the conferencing 370 system. 372 Within a conferencing system, all nicknames MUST map to a conference 373 user identifier. The nicknames are unique only to the specific 374 conferencing system. To ensure uniqueness of nicknames, any new 375 'nickname' created MUST be compared with nicknames already in use or 376 reserved following the rules defined in Preparation and Comparison of 377 Nicknames [I-D.saintandre-precis-nickname]. 379 There may be multiple nicknames associated with a single conference 380 user identifier (e.g., a user that has different nicknames for 381 different chat rooms and/or voice/video conferences). In order to 382 support nicknames, a 'nickname' attribute is defined in the XCON data 383 model within the element. A 'nickname' can be assigned to the 384 conference user when an XCON-USERID is assigned to the user. The 385 conferencing client MAY include a preferred nickname in the CCMP 386 userRequest with a "create" operation. 388 The conferencing system allocates a conference user identifier and a 389 nickname using system specific mechanisms, which can also include 390 authentication. The conferencing system MUST associate the assigned 391 nickname with the specific conference user identifier that has been 392 allocated by updating the conference information. Another option 393 would be to define a new CCMP message to just manipulate the 394 'nickname' element, but that is not necessary. 396 As described Section 3.2, the XCON-userid identifier is used in 397 conjunction with a chat-ID to internally represent a participant in a 398 conference instance. This association is created when a conferencing 399 client requests to create or join a specific chatroom. The nickname 400 allocated for the specific conferencing user identifier MUST also be 401 associated with the chat session ID. Figure 4 provides an example of 402 the association between the chat session identifier, the conference 403 user identifier and conference nickname for a specific Group Chat 404 represented by the conference identifier. 406 +-----------------------------------------------------------------+ 407 | XCON-URI: 711331@example.com | 408 +-------------------+---------------------------------------------+ 409 | Chat-ID=8asjdhk | xcon-userid: 839ULjj | nickname=Alice | 410 | Chat-ID=38iuhds | xcon-userid: 0283hHu | nickname=Bob | 411 | Chat-ID=838unaH | xcon-userid: 0283hHu | nickname=CliffyBob | 412 | Chat-ID=djiowid | xcon-userid: ncH37Hs | nickname=Dude | 413 | Chat-ID=389hewu | xcon-userid: pakdjjH | nickname=Elliott | 414 | Chat-ID=Ko03jdk | xcon-userid: pakdj7H | nickname=Fluffy | 415 +-----------------------------------------------------------------+ 417 Figure 4: Nickname Associations for a Group Chat 419 Depending upon the conferencing system, the conference system either 420 allocates the preferred nickname for that user or allocates a 421 different nickname. The nickname MUST be included in the CCMP 422 userResponse message. 424 In the future, if a more generic nickname mechanism is available, 425 rather than provide nicknames that are specific to the conferencing 426 system, a conferencing system may interface with a nickname registry, 427 for example, in order to allocate a new nickname for a specific 428 conferencing client. This change in how a conferencing system 429 allocates nicknames should not impact the CCMP protocol interface to 430 support nicknames. 432 5.2. Logging 434 A common chat feature involves logging the history of a chat room. 435 This provides a record of a chat room that can be used when a user 436 first joins a chat room as discussed in Section 5.3. It can also be 437 used to provide a complete capture of a specific chat room session. 438 When a participant enters a room in which the discussions are logged, 439 the conferencing system MUST warn the participant that the 440 discussions are logged. 442 The centralized conferencing framework does not fully describe the 443 role of recording or logging of active conferences. However, this 444 functionality can be realized with the manipulation of the 445 appropriate elements in the data model using the general conference 446 control protocol operations. One approach for implementing this 447 function would be to have it be based on specific manipulation of the 448 conference by a user with the appropriate permissions (i.e., 449 confRequest messaage with an "update" operation to start and stop 450 recording). Another mechanism for implementing this function would 451 be to have a specific user as part of the conference to perform this 452 function, and having the media proxied to a logging device. In the 453 case of systems that support the Media Control archictecture 454 [RFC5567] and SIP Control Framework [RFC6230] along with the specific 455 Mixer control package [RFC6505], the addition of a user to proxy the 456 media for recording is described in section 6.2.3 in 457 [I-D.ietf-mediactrl-call-flows] 459 5.3. History 461 A common chat feature allows users to view the past history of chat 462 rooms. This operation is common when a user first joins a chat room 463 that is underway. A user is often offered the option to review a 464 specific number of past messages. 466 Conferencing systems that maintain the history associated with 467 specific chat rooms through logging, as described in Section 5.2, 468 should provide a mechanism, using the conference identifier, to 469 access the specific information requested by a user based on a 470 specific timestamp. The user request for the information and the 471 rendering of the information is specific to the user's session based 472 messaging protocol and may not be supported by all the messaging 473 protocols. 475 5.4. Indicating Alternate Venue 477 Another chat room feature provides the details of an alternate chat 478 room venue for previously active chat rooms that have been closed, 479 with a related topic. While not detailed in the centralized 480 conferencing framework, this functionality can be accomplished by 481 creating the new chat room as a child or sibling of the previous chat 482 room and providing the Active chat conference object identifier to 483 any valid users that attempt to join a previous chat room. The 484 information about the new chat room can also be provided at the end 485 of a chat room that is being de-activated at the end of the session. 487 5.5. File Transfer 489 The ability to send files to a selected participant or group of 490 participants is another common functionality, supported by messaging 491 protocols. This functionality also enables the exchange of 492 information (e.g. name, size, and date) about the file to be 493 transferred and usually provides a mechanism to show an image 494 thumbnail for files such as photos. This capability could be 495 reflected in the conference data (in the conference instance) and 496 requires at least an extension to the "available-media" element. The 497 thumbnail rendering of the image is outside the scope of the data 498 model and is specific to the client application. Additional 499 functionality to support this capability requires further study. 501 5.6. Real Time Collaboration 503 The messaging protocols can be used, and are being used, in 504 applications quite different from a simple exchange of text messages 505 between two participants in the context of a chatroom. Real-time 506 collaboration tools (e.g. Whiteboarding, screen-share, co-browse or 507 document-share) are some of these applications. 509 The Conferencing Systems are usually bound to Real-time collaboration 510 tools to increase the productivity of distributed teams. In terms of 511 correlating this functionality with CCMP, the mechanisms for 512 manipulating the conference are the same in terms of updating the 513 data associated with the conference with the additional attributes to 514 reflect the multiple sources of media for the chatroom. This 515 capability could be reflected in the conference data (in the 516 conference instance) with an extension to the "available-media" 517 element. Some current systems using SIP embed the attributes in the 518 media stream. Overall, supporting this functionality requires 519 further study, in particular with regards to the RTCWeb initiative as 520 described in documents such as 521 [I-D.ietf-rtcweb-use-cases-and-requirements] 523 6. Security Considerations 525 As discussed in the Centralized Conferencing Framework, there are a 526 wide variety of potential attacks related to conferencing, due to the 527 natural involvement of multiple endpoints and the many, often user- 528 invoked, capabilities provided by the conferencing system. Examples 529 of attacks associated with chatrooms includes the following: an 530 endpoint attempting to receive the messages for conferences in which 531 it is not authorized to participate, an endpoint attempting to 532 disconnect other users, and theft of service, by an endpoint, in 533 attempting to create conferences it is not allowed to create. 535 Since this document describes the use of existing protocols (i.e., 536 MSRP/SIP, CCMP, XMPP, etc.), it depends on the security solutions for 537 those protocols and the associated authorization mechanisms. This 538 solution is based on the Centralized Conferencing framework and makes 539 use of the policy associated with the conference object to ensure 540 that only authorized entities are able to manipulate the data to 541 access the capabilities. This solution also makes use of the privacy 542 and security of the identity of a user in the conference, as 543 discussed in the Centralized Conferencing Framework. 545 7. IANA Considerations 547 This document requires no IANA registrations. 549 8. Acknowledgments 551 The authors appreciate the input and comments from Miguel Garcia- 552 Martin and Dave Morgan. 554 9. References 556 9.1. Normative References 558 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 559 Requirement Levels", BCP 14, RFC 2119, March 1997. 561 [RFC5239] Barnes, M., Boulton, C., and O. Levin, "A Framework for 562 Centralized Conferencing", RFC 5239, June 2008. 564 [RFC6501] Novo, O., Camarillo, G., Morgan, D., and J. Urpalainen, 565 "Conference Information Data Model for Centralized 566 Conferencing (XCON)", RFC 6501, March 2012. 568 [RFC6503] Barnes, M., Boulton, C., Romano, S., and H. Schulzrinne, 569 "Centralized Conferencing Manipulation Protocol", 570 RFC 6503, March 2012. 572 [I-D.saintandre-precis-nickname] 573 Saint-Andre, P., "Preparation and Comparison of 574 Nicknames", draft-saintandre-precis-nickname-00 (work in 575 progress), March 2012. 577 9.2. Informative References 579 [RFC6504] Barnes, M., Miniero, L., Presta, R., and SP. Romano, 580 "Centralized Conferencing Manipulation Protocol (CCMP) 581 Call Flow Examples", RFC 6504, March 2012. 583 [RFC1459] Oikarinen, J. and D. Reed, "Internet Relay Chat Protocol", 584 RFC 1459, May 1993. 586 [RFC2810] Kalt, C., "Internet Relay Chat: Architecture", RFC 2810, 587 April 2000. 589 [RFC2811] Kalt, C., "Internet Relay Chat: Channel Management", 590 RFC 2811, April 2000. 592 [RFC2812] Kalt, C., "Internet Relay Chat: Client Protocol", 593 RFC 2812, April 2000. 595 [RFC2813] Kalt, C., "Internet Relay Chat: Server Protocol", 596 RFC 2813, April 2000. 598 [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence 599 Protocol (XMPP): Core", RFC 6120, March 2011. 601 [RFC6121] Saint-Andre, P., "Extensible Messaging and Presence 602 Protocol (XMPP): Instant Messaging and Presence", 603 RFC 6121, March 2011. 605 [RFC4353] Rosenberg, J., "A Framework for Conferencing with the 606 Session Initiation Protocol (SIP)", RFC 4353, 607 February 2006. 609 [RFC4975] Campbell, B., Mahy, R., and C. Jennings, "The Message 610 Session Relay Protocol (MSRP)", RFC 4975, September 2007. 612 [I-D.ietf-simple-chat] 613 Niemi, A., Garcia, M., and G. Sandbakken, "Multi-party 614 Chat Using the Message Session Relay Protocol (MSRP)", 615 draft-ietf-simple-chat-15 (work in progress), July 2012. 617 [RFC4574] Levin, O. and G. Camarillo, "The Session Description 618 Protocol (SDP) Label Attribute", RFC 4574, August 2006. 620 [RFC5567] Melanchuk, T., "An Architectural Framework for Media 621 Server Control", RFC 5567, June 2009. 623 [RFC6505] McGlashan, S., Melanchuk, T., and C. Boulton, "A Mixer 624 Control Package for the Media Control Channel Framework", 625 RFC 6505, March 2012. 627 [RFC6230] Boulton, C., Melanchuk, T., and S. McGlashan, "Media 628 Control Channel Framework", RFC 6230, May 2011. 630 [I-D.ietf-mediactrl-call-flows] 631 Amirante, A., Castaldi, T., Miniero, L., and S. Romano, 632 "Media Control Channel Framework (CFW) Call Flow 633 Examples", draft-ietf-mediactrl-call-flows-09 (work in 634 progress), July 2012. 636 [I-D.ietf-rtcweb-use-cases-and-requirements] 637 Holmberg, C., Hakansson, S., and G. Eriksson, "Web Real- 638 Time Communication Use-cases and Requirements", 639 draft-ietf-rtcweb-use-cases-and-requirements-09 (work in 640 progress), June 2012. 642 [XEP-0045] 643 Saint-Andre, P., "Multi-User Chat", XSF XEP 0045, 644 July 2007. 646 Authors' Addresses 648 Mary Barnes 649 Polycom 651 Email: mary.ietf.barnes@gmail.com 653 Chris Boulton 654 NS-Technologies 656 Email: chris@ns-technologies.com 658 Salvatore Loreto 659 Ericsson 660 Hirsalantie 11 661 Jorvas 02420, Finland 663 Email: salvatore.loreto@ericsson.com