idnits 2.17.1 draft-ietf-ace-aif-02.txt: -(3): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 2 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (17 February 2021) is 1163 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-46) exists of draft-ietf-ace-oauth-authz-37 -- Obsolete informational reference (is this intentional?): RFC 7231 (Obsoleted by RFC 9110) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ACE Working Group C. Bormann 3 Internet-Draft Universität Bremen TZI 4 Intended status: Informational 17 February 2021 5 Expires: 21 August 2021 7 An Authorization Information Format (AIF) for ACE 8 draft-ietf-ace-aif-02 10 Abstract 12 Constrained Devices as they are used in the "Internet of Things" need 13 security. One important element of this security is that devices in 14 the Internet of Things need to be able to decide which operations 15 requested of them should be considered authorized, need to ascertain 16 that the authorization to request the operation does apply to the 17 actual requester, and need to ascertain that other devices they place 18 requests on are the ones they intended. 20 To transfer detailed authorization information from an authorization 21 manager (such as an ACE-OAuth Authorization Server) to a device, a 22 compact representation format is needed. This document provides a 23 suggestion for such a format, the Authorization Information Format 24 (AIF). AIF is defined both as a general structure that can be used 25 for many different applications and as a specific refinement that 26 describes REST resources (potentially dynamically created) and the 27 permissions on them. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on 21 August 2021. 46 Copyright Notice 48 Copyright (c) 2021 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 53 license-info) in effect on the date of publication of this document. 54 Please review these documents carefully, as they describe your rights 55 and restrictions with respect to this document. Code Components 56 extracted from this document must include Simplified BSD License text 57 as described in Section 4.e of the Trust Legal Provisions and are 58 provided without warranty as described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. Information Model . . . . . . . . . . . . . . . . . . . . . . 3 65 2.1. REST-specific Model . . . . . . . . . . . . . . . . . . . 4 66 2.2. Limitations . . . . . . . . . . . . . . . . . . . . . . . 5 67 2.3. Extended REST-specific Model . . . . . . . . . . . . . . 5 68 3. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . 6 69 4. Media Types . . . . . . . . . . . . . . . . . . . . . . . . . 8 70 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 71 5.1. Media Types . . . . . . . . . . . . . . . . . . . . . . . 8 72 5.2. Registries . . . . . . . . . . . . . . . . . . . . . . . 10 73 5.3. Content-Format . . . . . . . . . . . . . . . . . . . . . 10 74 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 75 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 76 7.1. Normative References . . . . . . . . . . . . . . . . . . 11 77 7.2. Informative References . . . . . . . . . . . . . . . . . 12 78 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 79 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 81 1. Introduction 83 Constrained Devices as they are used in the "Internet of Things" need 84 security. One important element of this security is that devices in 85 the Internet of Things need to be able to decide which operations 86 requested of them should be considered authorized, need to ascertain 87 that the authorization to request the operation does apply to the 88 actual requester, and need to ascertain that other devices they place 89 requests on are the ones they intended. 91 To transfer detailed authorization information from an authorization 92 manager (such as an ACE-OAuth Authorization Server 93 [I-D.ietf-ace-oauth-authz]) to a device, a compact representation 94 format is needed. This document provides a suggestion for such a 95 format, the Authorization Information Format (AIF). AIF is defined 96 both as a general structure that can be used for many different 97 applications and as a specific refinement that describes REST 98 resources (potentially dynamically created) and the permissions on 99 them. 101 1.1. Terminology 103 This memo uses terms from [RFC7252] and [RFC4949]; CoAP is used for 104 the explanatory examples as it is a good fit for Constrained Devices. 106 The shape of data is specified in CDDL [RFC8610]. Terminology for 107 Constrained Devices is defined in [RFC7228]. 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 111 "OPTIONAL" in this document are to be interpreted as described in 112 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 113 capitals, as shown here. These words may also appear in this 114 document in lower case as plain English words, absent their normative 115 meanings. 117 (Note that this document is itself informational, but it is 118 discussing normative statements that MUST be put into concrete terms 119 in each specification that makes use of this document.) 121 The term "byte", abbreviated by "B", is used in its now customary 122 sense as a synonym for "octet". 124 2. Information Model 126 Authorizations are generally expressed through some data structures 127 that are cryptographically secured (or transmitted in a secure way). 128 This section discusses the information model underlying the payload 129 of that data (as opposed to the cryptographic armor around it). 131 For the purposes of this specification, the underlying access control 132 model will be that of an access matrix, which gives a set of 133 permissions for each possible combination of a subject and an object. 134 We do not concern the AIF format with the subject for which the AIF 135 data item is issued, so we are focusing the AIF data item on a single 136 row in the access matrix (such a row traditionally is also called a 137 capability list). As a consequence, AIF MUST be used in a way that 138 the subject of the authorizations is unambiguously identified (e.g., 139 as part of the armor around it). 141 The generic model of such a capability list is a list of pairs of 142 object identifiers and the permissions the subject has on the 143 object(s) identified. 145 AIF-Generic = [* [Toid, Tperm]] 147 Figure 1: Definition of Generic AIF 149 In a specific data model, the object identifier ("Toid") will often 150 be a text string, and the set of permissions ("Tperm") will be 151 represented by a bitset in turn represented as a number (see 152 Section 3). 154 AIF-Specific = AIF-Generic 156 Figure 2: Likely shape of a specific AIF 158 2.1. REST-specific Model 160 In the specific instantiation of the REST resources and the 161 permissions on them, for the object identifiers ("Toid"), we use the 162 URI of a resource on a CoAP server. More specifically, the parts of 163 the URI that identify the server ("authority" in [RFC3986]) are 164 considered the realm of the authentication mechanism (which are 165 handled in the cryptographic armor); we therefore focus on the "path- 166 absolute" and "query" parts of the URI (URI "local-part" in this 167 specification, as expressed by the Uri-Path and Uri-Query options in 168 CoAP). As a consequence, AIF MUST be used in a way that it is 169 unambiguous who is the target (enforcement point) of these 170 authorizations. 172 For the permissions ("Tperm"), we simplify the model permissions to 173 giving the subset of the CoAP methods permitted. This model is 174 summarized in Table 1. 176 +============+================+ 177 | local-part | Permission Set | 178 +============+================+ 179 | /s/temp | GET | 180 +------------+----------------+ 181 | /a/led | PUT, GET | 182 +------------+----------------+ 183 | /dtls | POST | 184 +------------+----------------+ 186 Table 1: An authorization 187 instance in the AIF 188 Information Model 190 In this example, a device offers a temperature sensor "/s/temp" for 191 read-only access and a LED actuator "/a/led" for read/write. 193 2.2. Limitations 195 This simple information model only allows granting permissions for 196 statically identifiable objects, e.g., URIs for the REST-specific 197 instantiation. One might be tempted to extend the model towards URI 198 templates [RFC6570], however, that requires some considerations of 199 the ease and unambiguity of matching a given URI against a set of 200 templates in an AIF object. 202 This simple information model also does not allow further 203 conditionalizing access based on state outside the identification of 204 objects (e.g., "opening a door is allowed if that is not locked"). 206 Finally, the model does not provide any special access for a set of 207 resources that are specific to a subject, e.g., that the subject 208 created itself by previous operations (PUT, POST, or PATCH/iPATCH 209 [RFC8132]) or that were specifically created for the subject by 210 others. 212 2.3. Extended REST-specific Model 214 The extended REST-specific model addresses the need to provide 215 defined access to dynamic resources that were created by the subject 216 itself, specifically, a resource that is made known to the subject by 217 providing Location-* options in a CoAP response or using the Location 218 header field in HTTP [RFC7231] (the Location-indicating mechanisms). 219 (The concept is somewhat comparable to "ACL inheritance" in NFSv4 220 [RFC8881], except that it does not use a containment relationship but 221 the fact that the dynamic resource was created from a resource to 222 which the subject had access.) In other words, it addresses the 223 third limitation mentioned in Section 2.2. 225 +================+===================================+ 226 | local-part | Permission Set | 227 +================+===================================+ 228 | /a/make-coffee | POST, Dynamic-GET, Dynamic-DELETE | 229 +----------------+-----------------------------------+ 231 Table 2: An authorization instance in the AIF 232 Information Model 234 For a method X, the presence of a Dynamic-X permission means that the 235 subject holds permission to exercise the method X on resources that 236 have been returned by a Location-indicating mechanism to a request 237 that the subject made to the resource listed ("/a/make-coffee" in the 238 example shown in Table 2, which might return the location of a 239 resource that allows GET to find out about the status and DELETE to 240 cancel the coffee-making operation). 242 Since the use of the extension defined in this section can be 243 detected by the mentioning of the Dynamic-X permissions, there is no 244 need for another explicit switch between the basic and the extended 245 model; the extended model is always presumed once a Dynamic-X 246 permission is present. 248 3. Data Model 250 Different data model specializations can be defined for the generic 251 information model given above. 253 In this section, we will give the data model for basic REST 254 authorization as per Section 2.1 and Section 2.3. As discussed, in 255 this case the object identifier is specialized as a text string 256 giving a relative URI (local-part as absolute path on the server 257 serving as enforcement point). The permission set is specialized to 258 a single number by the following steps: 260 * The entries in the table that specify the same local-part are 261 merged into a single entry that specifies the union of the 262 permission sets. 264 * The (non-dynamic) methods in the permission sets are converted 265 into their CoAP method numbers, minus 1. 267 * Dynamic-X permissions are converted into what the number would 268 have been for X, plus a Dynamic-Offset chosen as 32 (e.g., 35 for 269 Dynamic-DELETE). 271 * The set of numbers is converted into a single number by taking 272 each number to the power of two and computing the inclusive OR of 273 the binary representations of all the power values. 275 This data model could be interchanged in the JSON [RFC8259] 276 representation given in Figure 3. 278 [["/s/temp", 1], ["/a/led", 5], ["/dtls", 2]] 280 Figure 3: An authorization instance encoded in JSON (46 bytes) 282 In Figure 4, a straightforward specification of the data model 283 (including both the methods from [RFC7252] and the new ones from 284 [RFC8132], identified by the method code minus 1) is shown in CDDL 285 [RFC8610]: 287 AIF-REST = AIF-Generic 288 path = tstr ; URI relative to enforcement point 289 permissions = uint .bits methods 290 methods = &( 291 GET: 0 292 POST: 1 293 PUT: 2 294 DELETE: 3 295 FETCH: 4 296 PATCH: 5 297 iPATCH: 6 298 Dynamic-GET: 32; 0 .plus Dynamic-Offset 299 Dynamic-POST: 33; 1 .plus Dynamic-Offset 300 Dynamic-PUT: 34; 2 .plus Dynamic-Offset 301 Dynamic-DELETE: 35; 3 .plus Dynamic-Offset 302 Dynamic-FETCH: 36; 4 .plus Dynamic-Offset 303 Dynamic-PATCH: 37; 5 .plus Dynamic-Offset 304 Dynamic-iPATCH: 38; 6 .plus Dynamic-Offset 305 ) 307 Figure 4: AIF in CDDL 309 A representation of this information in CBOR [RFC8949] is given in 310 Figure 5; again, several optimizations/improvements are possible. 312 83 # array(3) 313 82 # array(2) 314 67 # text(7) 315 2f732f74656d70 # "/s/temp" 316 01 # unsigned(1) 317 82 # array(2) 318 66 # text(6) 319 2f612f6c6564 # "/a/led" 320 05 # unsigned(5) 321 82 # array(2) 322 65 # text(5) 323 2f64746c73 # "/dtls" 324 02 # unsigned(2) 326 Figure 5: An authorization instance encoded in CBOR (28 bytes) 328 Note that choosing 32 as Dynamic-Offset means that all future CoAP 329 methods that can be registered can be represented both as themselves 330 and in the Dynamic-X variant, but only the dynamic forms of methods 1 331 to 21 are typically usable in a JSON form [RFC7493]. 333 4. Media Types 335 This specification defines media types for the generic information 336 model, expressed in JSON ("application/aif+json") or in CBOR 337 ("application/aif+cbor"). These media types have parameters for 338 specifying "Toid" and "Tperm"; default values are the values "local- 339 uri" for "Toid" and "REST-method-set" for "Tperm". 341 A specification that wants to use Generic AIF with different "Toid" 342 and/or "Tperm" is expected to request these as media type parameters 343 (Section 5.2) and register a corresponding Content-Format 344 (Section 5.3). 346 5. IANA Considerations 348 5.1. Media Types 350 IANA is requested to add the following Media-Types to the "Media 351 Types" registry. 353 +==========+======================+=====================+ 354 | Name | Template | Reference | 355 +==========+======================+=====================+ 356 | aif+cbor | application/aif+cbor | RFC XXXX, Section 4 | 357 +----------+----------------------+---------------------+ 358 | aif+json | application/aif+json | RFC XXXX, Section 4 | 359 +----------+----------------------+---------------------+ 361 Table 3 363 // RFC Ed.: please replace RFC XXXX with this RFC number and remove 364 this note. 366 For "application/aif+cbor": 368 Type name: application 369 Subtype name: aif+cbor 370 Required parameters: 371 * "Toid": the identifier for the object for which permissions are 372 supplied. A value from the subregistry for "Toid". Default 373 value: "local-uri" (RFC XXXX). 375 * "Tperm": the data type of a permission set for the the object 376 identified via a "Toid". Default value: "REST-method-set" (RFC 377 XXXX). 378 Optional parameters: none 379 Encoding considerations: binary (CBOR) 380 Security considerations: Section 6 of RFC XXXX 381 Interoperability considerations: none 382 Published specification: Section 4 of RFC XXXX 383 Applications that use this media type: No known applications 384 currently use this media type. 385 Fragment identifier considerations: The syntax and semantics of 386 fragment identifiers is as specified for "application/cbor". (At 387 publication of RFC XXXX, there is no fragment identification 388 syntax defined for "application/cbor".) 389 Person & email address to contact for further information: ACE WG 390 mailing list (ace@ietf.org), or IETF Applications and Real-Time 391 Area (art@ietf.org) 392 Intended usage: COMMON 393 Restrictions on usage: none 394 Author/Change controller: IETF 395 Provisional registration: no 397 For "application/aif+json": 399 Type name: application 400 Subtype name: aif+json 401 Required parameters: 402 * "Toid": the identifier for the object for which permissions are 403 supplied. A value from the subregistry for "Toid". Default 404 value: "local-uri" (RFC XXXX). 406 * "Tperm": the data type of a permission set for the the object 407 identified via a "Toid". Default value: "REST-method-set" (RFC 408 XXXX). 409 Optional parameters: none 410 Encoding considerations: binary (JSON is UTF-8-encoded text) 411 Security considerations: Section 6 of RFC XXXX 412 Interoperability considerations: none 413 Published specification: Section 4 of RFC XXXX 414 Applications that use this media type: No known applications 415 currently use this media type. 416 Fragment identifier considerations: The syntax and semantics of 417 fragment identifiers is as specified for "application/json". (At 418 publication of RFC XXXX, there is no fragment identification 419 syntax defined for "application/json".) 420 Person & email address to contact for further information: ACE WG 421 mailing list (ace@ietf.org), or IETF Applications and Real-Time 422 Area (art@ietf.org) 423 Intended usage: COMMON 424 Restrictions on usage: none 425 Author/Change controller: IETF 426 Provisional registration: no 428 5.2. Registries 430 IANA is requested to create a registry for AIF with two sub- 431 registries for "Toid" and "Tperm", populated with: 433 +=============+=================+=================================+ 434 | Subregistry | name | Description/Specification | 435 +=============+=================+=================================+ 436 | Toid | local-part | local-part of URI as specified | 437 | | | in RFC XXXX | 438 +-------------+-----------------+---------------------------------+ 439 | Tperm | REST-method-set | set of REST methods represented | 440 | | | as specified in RFC XXXX | 441 +-------------+-----------------+---------------------------------+ 443 Table 4 445 The registration policy is Specification required [RFC8126]. The 446 designated expert will engage with the submitter to ascertain the 447 requirements of this document are addressed. 449 // RFC Ed.: please replace RFC XXXX with this RFC number and remove 450 this note. 452 5.3. Content-Format 454 IANA is requested to register Content-Format numbers in the "CoAP 455 Content-Formats" subregistry, within the "Constrained RESTful 456 Environments (CoRE) Parameters" Registry [IANA.core-parameters], as 457 follows: 459 +======================+================+======+===========+ 460 | Media Type | Content Coding | ID | Reference | 461 +======================+================+======+===========+ 462 | application/aif+cbor | - | TBD1 | RFC XXXX | 463 +----------------------+----------------+------+-----------+ 464 | application/aif+json | - | TBD2 | RFC XXXX | 465 +----------------------+----------------+------+-----------+ 467 Table 5 469 // RFC Ed.: please replace TBD1 and TBD2 with assigned IDs and remove 470 this note. // RFC Ed.: please replace RFC XXXX with this RFC number 471 and remove this note. 473 Note that applications that register "Toid" and "Tperm" values are 474 encouraged to also register Content-Formats for the relevant 475 combinations. 477 6. Security Considerations 479 The security considerations of [RFC7252] apply. Some wider issues 480 are discussed in [RFC8576]. 482 When applying these formats, the referencing specification must be 483 careful to: 485 * ensure that the cryptographic armor employed around this format 486 fulfills the security objectives, and that the armor or some 487 additional information included in it with the AIF information 488 unambiguously identifies the subject to which the authorizations 489 shall apply, and 491 * ensure that the types used for "Toid" and "Tperm" provide the 492 appropriate granularity so that application requirements on the 493 precision of the authorization information are fulfilled. 495 For the data formats, the security considerations of [RFC8259] and 496 [RFC8949] apply. 498 A generic implementation of AIF might implement just the basic REST 499 model as per Section 2.1. If it receives authorizations that include 500 permissions that use the Section 2.3, it should either reject the AIF 501 data item entirely or it should act only on the permissions that it 502 does understand. In other words, the usual principle "everything is 503 denied until it is explicitly allowed" should hold here as well. 505 7. References 507 7.1. Normative References 509 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 510 Requirement Levels", BCP 14, RFC 2119, 511 DOI 10.17487/RFC2119, March 1997, 512 . 514 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 515 Application Protocol (CoAP)", RFC 7252, 516 DOI 10.17487/RFC7252, June 2014, 517 . 519 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 520 Writing an IANA Considerations Section in RFCs", BCP 26, 521 RFC 8126, DOI 10.17487/RFC8126, June 2017, 522 . 524 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 525 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 526 May 2017, . 528 [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data 529 Definition Language (CDDL): A Notational Convention to 530 Express Concise Binary Object Representation (CBOR) and 531 JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, 532 June 2019, . 534 7.2. Informative References 536 [I-D.ietf-ace-oauth-authz] 537 Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and 538 H. Tschofenig, "Authentication and Authorization for 539 Constrained Environments (ACE) using the OAuth 2.0 540 Framework (ACE-OAuth)", Work in Progress, Internet-Draft, 541 draft-ietf-ace-oauth-authz-37, 4 February 2021, 542 . 545 [IANA.core-parameters] 546 IANA, "Constrained RESTful Environments (CoRE) 547 Parameters", 548 . 550 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 551 Resource Identifier (URI): Generic Syntax", STD 66, 552 RFC 3986, DOI 10.17487/RFC3986, January 2005, 553 . 555 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 556 FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, 557 . 559 [RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M., 560 and D. Orchard, "URI Template", RFC 6570, 561 DOI 10.17487/RFC6570, March 2012, 562 . 564 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for 565 Constrained-Node Networks", RFC 7228, 566 DOI 10.17487/RFC7228, May 2014, 567 . 569 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 570 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 571 DOI 10.17487/RFC7231, June 2014, 572 . 574 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 575 DOI 10.17487/RFC7493, March 2015, 576 . 578 [RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and 579 FETCH Methods for the Constrained Application Protocol 580 (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017, 581 . 583 [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 584 Interchange Format", STD 90, RFC 8259, 585 DOI 10.17487/RFC8259, December 2017, 586 . 588 [RFC8576] Garcia-Morchon, O., Kumar, S., and M. Sethi, "Internet of 589 Things (IoT) Security: State of the Art and Challenges", 590 RFC 8576, DOI 10.17487/RFC8576, April 2019, 591 . 593 [RFC8881] Noveck, D., Ed. and C. Lever, "Network File System (NFS) 594 Version 4 Minor Version 1 Protocol", RFC 8881, 595 DOI 10.17487/RFC8881, August 2020, 596 . 598 [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object 599 Representation (CBOR)", STD 94, RFC 8949, 600 DOI 10.17487/RFC8949, December 2020, 601 . 603 Acknowledgements 605 Jim Schaad, Francesca Palombini, Olaf Bergmann, and Marco Tiloca 606 provided comments that shaped the direction of this document. Alexey 607 Melnikov pointed out that there were gaps in the media type 608 specifications. 610 Author's Address 611 Carsten Bormann 612 Universität Bremen TZI 613 Postfach 330440 614 D-28359 Bremen 615 Germany 617 Phone: +49-421-218-63921 618 Email: cabo@tzi.org