idnits 2.17.1 

draft-ietf-simple-pres-filter-reqs-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 18, 2003) is 7616 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Possible downref: Normative reference to a draft: ref. '3' 

  == Outdated reference: A later version (-03) exists of
     draft-kiss-simple-presence-wireless-reqs-02

  -- Possible downref: Normative reference to a draft: ref. '4' 

  ** Obsolete normative reference: RFC 3265 (ref. '6') (Obsoleted by RFC 6665)

  == Outdated reference: A later version (-07) exists of
     draft-ietf-simple-event-list-03

  == Outdated reference: A later version (-02) exists of
     draft-lonnfors-simple-partial-notify-01

  -- Possible downref: Normative reference to a draft: ref. '9' 


     Summary: 4 errors (**), 0 flaws (~~), 6 warnings (==), 5 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	SIMPLE WG                                                       T. Moran
3	Internet-Draft
4	Expires: December 17, 2003                                  S. Addagatla
5	                                                             E. Leppanen
6	                                                                   Nokia
7	                                                                A. Allen
8	                                                           June 18, 2003

10	    Requirements for Presence Specific Event Notification Filtering
11	                 draft-ietf-simple-pres-filter-reqs-01

13	Status of this Memo

15	   This document is an Internet-Draft and is in full conformance with
16	   all provisions of Section 10 of RFC2026.

18	   Internet-Drafts are working documents of the Internet Engineering
19	   Task Force (IETF), its areas, and its working groups. Note that other
20	   groups may also distribute working documents as Internet-Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time. It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at http://
28	   www.ietf.org/ietf/1id-abstracts.txt.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on December 17, 2003.

35	Copyright Notice

37	   Copyright (C) The Internet Society (2003). All Rights Reserved.

39	Abstract

41	   This document defines a set of structured requirements whereby a
42	   presence information subscriber may select specific information to be
43	   received in the presence infomation notification sent by the
44	   notifier. The purpose is to limit the content and frequency of
45	   notifications so that only essential information on a need basis is
46	   delivered by the server.

48	Table of Contents

50	   1.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3
51	   2.    Conventions  . . . . . . . . . . . . . . . . . . . . . . . .  3
52	   3.    Overview of functionality  . . . . . . . . . . . . . . . . .  4
53	   4.    Requirements for Specification of Filters  . . . . . . . . .  4
54	   4.1   Common Syntax  . . . . . . . . . . . . . . . . . . . . . . .  4
55	   4.2   Package Identification . . . . . . . . . . . . . . . . . . .  4
56	   4.3   Target URI . . . . . . . . . . . . . . . . . . . . . . . . .  4
57	   4.4   Notification Triggering  . . . . . . . . . . . . . . . . . .  4
58	   4.5   Notification Content Limiting  . . . . . . . . . . . . . . .  5
59	   4.6   Discovery of Items . . . . . . . . . . . . . . . . . . . . .  5
60	   5.    Requirements for Uploading Filter Criteria (Operational
61	         Rules) . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
62	   5.1   SUBSCRIBE Method . . . . . . . . . . . . . . . . . . . . . .  6
63	   5.1.1 Retention of Filter Criteria . . . . . . . . . . . . . . . .  6
64	   5.1.2 Changing Filter Criteria . . . . . . . . . . . . . . . . . .  6
65	   5.2   Server does not Support Filters  . . . . . . . . . . . . . .  6
66	   5.3   Server does not Support Filter Criteria  . . . . . . . . . .  6
67	   5.4   Server can no Longer Support Filter Criteria . . . . . . . .  7
68	   6.    Interaction with Other Features  . . . . . . . . . . . . . .  7
69	   6.1   Resource Lists . . . . . . . . . . . . . . . . . . . . . . .  7
70	   6.2   Partial Notifications  . . . . . . . . . . . . . . . . . . .  7
71	   6.3   Authorization  . . . . . . . . . . . . . . . . . . . . . . .  7
72	   7.    Security Considerations  . . . . . . . . . . . . . . . . . .  7
73	   8.    Example Applications for Notification Filtering  . . . . . .  8
74	   9.    Acknowledgements . . . . . . . . . . . . . . . . . . . . . .  9
75	   10.   Main changes from version 00 . . . . . . . . . . . . . . . .  9
76	         References . . . . . . . . . . . . . . . . . . . . . . . . .  9
77	         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 10
78	         Intellectual Property and Copyright Statements . . . . . . . 12

80	1. Introduction

82	   SIP event notification is described in [6]. It defines a general
83	   framework for subscriptions and notifications for SIP event packages.
84	   Concrete applications of the general event framework to a specific
85	   group of events are described in [5] (user presence) and [7] (watcher
86	   information).

88	   The presence information refers to a set of presence attributes
89	   describing the availability and willingness of the user (presentity)
90	   for communication. The user makes his presence information available
91	   for other users (watchers).

93	   As the inherent usage of event packages grows, the client needs some
94	   mechanisms for controlling the event notifications at the source.
95	   Evidence of this need is found in [4].

97	   The Internet Draft describing the Presence event package [5] mentions
98	   the possibility for a filtering. Accordingly, the SUBSCRIBE request
99	   may contain a body for filtering the presence information
100	   subscription. However, the definition of the filtering has been left
101	   out of the scope of the Internet Draft. As an example, the body of
102	   the SUBSCRIBE request may include a restriction on the set of data
103	   returned in NOTIFY requests.

105	   These mechanisms are expected to be particularly valuable to users of
106	   wireless devices. The characteristics of these devices typically
107	   include low bandwidth, low data processing capabilities, small
108	   display and limited battery power. Such devices can benefit from the
109	   ability to filter the amount of information generated at the source
110	   of the event notification.

112	   However, it is expected that the control mechanisms for event
113	   notifications add value for all users irrespectively of their device
114	   or network access characteristics.

116	   Section 4 and Section 5 of this draft propose a set of requirements
117	   whereby a client may specify which notifications it is interested in.
118	   That is, a means to specify filtering rules to be executed by the
119	   server. Section 8 provides a few example applications of notification
120	   filtering.

122	2. Conventions

124	   In this document, the key words 'MUST', 'MUST NOT', 'REQUIRED',
125	   'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY',
126	   and 'OPTIONAL' are to be interpreted as described in RFC 2119 [1]
127	   and indicate requirement levels for compliant implementations.

129	3. Overview of functionality

131	   Filter Criteria set by a watcher may be set based on some
132	   predetermined knowledge of the structure of the presence information,
133	   or the filtering mechanism may itself be used to first discover the
134	   structure of the presence information thus enabling the setting new
135	   filter criteria to deliver the values of interest.

137	   The filtering may be performed either by the presence server of the
138	   presentity (the notifier) or by some intermediate server between the
139	   notifier and the watcher. The filtering should be considered as a
140	   post processing operation on the presence document after it has been
141	   modified due the rules of the authorization. As a result the
142	   authorization policy always overides any of the data or notifications
143	   requested by any of the filter criteria.

145	   Subscriptions containing filter criteria may either be accepted or
146	   rejected by the notifier based on the presence of filter criteria.

148	4. Requirements for Specification of Filters

150	   The following requirements relate to the creation of filter criteria.

152	4.1 Common Syntax

154	   A common set of constructs MUST be defined for the creation of rules.
155	   There MUST be a common set of operations that follow a common syntax.
156	   The user MUST be possible to define different rules for different
157	   purposes using a common filtering mechanism.

159	4.2 Package Identification

161	   A means is REQUIRED whereby the user may specify the package the
162	   rules apply to.

164	4.3 Target URI

166	   It MUST be possible for the watcher in the filter criteria to
167	   indicate the target presentity, resource list or sub list of the
168	   resource list to which a certain filter criteria is applied if this
169	   is different from the Request-URI in the subscription.

171	4.4 Notification Triggering

173	   This chapter presents requirements for specifying the desired
174	   conditions for when notifications are to be sent to the client.

176	   The scope of the 'when' part is to allow a possibility for the user
177	   to specify such rules for the notification triggering where the
178	   criteria is based on the presence information, e.g., the value of the
179	   status element.

181	   The notification triggering criteria would override the default
182	   trigger conditions of the server/service as defined in the package
183	   when they are within the server's local policy constraints.

185	   It MUST be possible to specify logical expressions based on the value
186	   of elements defined in the package for the purpose of when to send
187	   notifications. This covers expressions (tests) related to the change
188	   of an element's value, and reaching a certain value of an element.

190	   It MUST be possible to construct expressions that combine multiple
191	   tests.

193	4.5 Notification Content Limiting

195	   This chapter presents requirements for specifying the content to be
196	   sent in the notifications.

198	   It MUST be possible for the watcher to specify the presence
199	   information elements [2] (XML elements and/or attributes) to be
200	   delivered in the notification. The specified elements MUST be
201	   possible to cover also extensions to PIDF formated presence
202	   information, see for example [3].

204	   E.g. the following two cases must be possible:

206	   o  It MUST be possible for the watcher to define a criteria which
207	      allows the complete tuple and all information within a tuple to be
208	      transmitted.

210	   o  It MUST be possible for the watcher to define a criteria which
211	      result notifies to contain values only for defined attributes.

213	   It MUST be possible to specify logical expressions based on the value
214	   of elements defined in the package for the purpose of determining
215	   what to send in the notification. The existence of an element SHOULD
216	   be considered as a criterion.

218	   It MUST be possible to construct expressions that combine multiple
219	   tests.

221	4.6 Discovery of Items

223	   It MUST be possible for the watcher to request to learn new items of
224	   the presence information that the notifier may make available to the
225	   watcher. E.g., to discover additions of new tuples and/or other new
226	   presence information items.

228	   It MUST be possible for the watcher using the filter criteria to
229	   determine what presence information is available before subscribing
230	   to presence information with the actual values.

232	5. Requirements for Uploading Filter Criteria (Operational Rules)

234	   It MUST be possible for the watcher to upload filter criteria to the
235	   server (notifier) and know the status - accepted or rejected.

237	5.1 SUBSCRIBE Method

239	   Placing filter criteria in the body of the subscription MUST be
240	   supported. Other means of delivering the filter criteria to the
241	   server MAY be supported. E.g. it should be possible for the rules to
242	   be (permanently) stored in the server, as in a resource list case.

244	5.1.1 Retention of Filter Criteria

246	   The server MUST retain the filter criteria through the lifetime of
247	   the subscription dialog until there is a modification to the filter
248	   settings.

250	5.1.2 Changing Filter Criteria

252	   It MUST be possible to change the filter settings during a
253	   subscription.

255	   It MUST be possible for the watcher to reset the filter settings to
256	   the service (server) defined default.

258	   Changing filter criteria SHOULD be bandwidth efficient.

260	5.2 Server does not Support Filters

262	   If the server does not support filters (the content type) then it
263	   MUST be possible to indicate so in a response.

265	5.3 Server does not Support Filter Criteria

267	   It MUST be possible for the server to explicitly indicate that it
268	   does not support or understand the filter criteria. This indication
269	   MAY include a reason about the refusal of the subscription.

271	5.4 Server can no Longer Support Filter Criteria

273	   The server MUST be able to terminate the subscription if the any of
274	   the active filters are no longer applicable due to a policy in the
275	   server.

277	6. Interaction with Other Features

279	6.1 Resource Lists

281	   It MUST be possible to support filtering for subscriptions to
282	   resource lists [8].

284	   It MUST be possible for a watcher to specify filter criteria for a
285	   resource list and/or any nested sub list of the resource list.

287	   It MUST be possible for a watcher to specify different filter for any
288	   individual member of a resource list in a resource list subscription.

290	   It MUST be possible for a watcher to specify different filter
291	   criteria for individual members of any of nested sub lists of a
292	   resource list in a resource list subscription. Any of the nested sub
293	   lists may be located in a different domain from the parent list.

295	   It MUST be possible for each watcher to define own filter criteria
296	   within resource list subscription if there are several simultaneous
297	   watchers using the same list.

299	6.2 Partial Notifications

301	   It MUST be possible to use filtering along with the partial
302	   notification [9] within the same subscription.

304	6.3 Authorization

306	   Authorization SHOULD occur irrespective of the filtering.

308	7. Security Considerations

310	   Security requirements specified for [5] also applies to the presence
311	   filtering. Additional security considerations related to the presence
312	   filtering are described as follows.

314	   The filter criteria should not be rejected based on the authorization
315	   policy since this would enable the watcher by experimentation with
316	   the use of filter criteria to determine the authorization policy the
317	   presentity has set for him and thus discover what the presentity
318	   wants to hide from him.

320	   The presence of filter criteria in the body in a SIP message has a
321	   significant effect on the way in which the request is handled at a
322	   server. As a result, it is especially important that messages
323	   containing filter criteria are authenticated and authorized.

325	   Modification to the Filter Criteria by an intermediary could also
326	   result in the watcher either not receiving notifications of presence
327	   information they are interested in or receiving a very large presence
328	   document. Therefore the filter criteria should be integrity protected
329	   between those nodes that are authorised to modify it (e.g., the
330	   resource list servers).

332	   Processing of requests and looking up filter criteria requires some
333	   amount of computation. This enables a DoS attack whereby a user can
334	   send requests with substantial numbers messages with large contents,
335	   in the hopes of overloading the server. To prevent this the number of
336	   filter criteria allowed in a request should be limited.

338	   Requests containing filter criteria can reveal sensitive information
339	   about a UA's capabilities. If this information is sensitive, it
340	   SHOULD be encrypted using methods that allow it to be read by those
341	   nodes that need to do so (e.g., the resource list servers).

343	   The resource list servers should convey only those parts of filter
344	   information targetted to the same destination as the fanned out
345	   individual subscriptions, if the filter information is conveyed
346	   further within the subscription.

348	8. Example Applications for Notification Filtering

350	   1.  A watcher wishes to get to know presentity's availability and
351	       willingness for messaging (e.g. IM and MMS).

353	   2.  A watcher is interested in getting information about the
354	       communication means and contact addresses the presentity is
355	       currently available for communication.

357	   3.  A watcher requires a notification if the state of a buddy has
358	       changed to 'open'.

360	   4.  A Subscriber only wants to be notified when the presentity's
361	       location is Dallas or Fort Worth. The notification should include
362	       the vehicle license, driver name, and city.

364	   5.  A Basic location tracking service requires notification when the
365	       presentity's cell id changes. The notification should include the
366	       cell id.

368	   6.  A watcher is intrested in being notified when a presentity gains
369	       a new communication capability such as a new networked
370	       multi-player game.

372	9. Acknowledgements

374	   The authors would like to thank Hisham Khartabil, Mikko Lonnfors,
375	   Juha Kalliokulju, Aki Niemi, Jose Costa-Requena and Markus Isomaki
376	   for their valuable input.

378	10. Main changes from version 00

380	   o  Overview of functionality chapter added.

382	   o  More specific requirements for supporting filtering with the
383	      resource lists, and nested lists.

385	   o  Interaction with other features chapter added.

387	   o  More specific requirements to support getting information about
388	      the structure of presence document, and changes in it.

390	   o  Several filter specific additions to security considerations.

392	   o  Several editorial changes, e.g., reference and terminology
393	      updates.

395	References

397	   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
398	        Levels", BCP 14, RFC 2119, March 1997.

400	   [2]  Sugano, H., "CPIM Presence Information Data Format",
401	        draft-ietf-impp-cpim-pidf-08.txt, May 2003.

403	   [3]  Schulzrinne, H., "RPIDS -- Rich Presence Information Data Format
404	        for Presence Based on the Session Initiation Protocol (SIP)",
405	        draft-schulzrinne-simple-rpids-01.txt, February 2003.

407	   [4]  Kiss, K., "Requirements for Presence Service based on 3GPP
408	        specifications and wireless environment characteristics",
409	        draft-kiss-simple-presence-wireless-reqs-02, February 2003.

411	   [5]  Rosenberg, J., "Session Initiation Protocol (SIP) Extensions for
412	        Presence",  draft-ietf-simple-presence-10.txt, January 2003.

414	   [6]  Roach, A., "Session Initiation Protocol (SIP)-Specific Event
415	        Notification", RFC 3265, June 2002.

417	   [7]  Rosenberg, J., "A Watcher Information Event Template-Package for
418	        the Session Initiation Protocol (SIP)",
419	        draft-ietf-simple-winfo-package-05.txt, January 2003.

421	   [8]  Rosenberg, J., "A Session Initiation Protocol (SIP) Event
422	        Notification Extension for Resource Lists",
423	        draft-ietf-simple-event-list-03.txt, May 2003.

425	   [9]  Lonnfors, M., "Partial Notification of Presence Information",
426	        draft-lonnfors-simple-partial-notify-01.txt, May 2003.

428	Authors' Addresses

430	   Tim Moran
431	   2800 Britt Drive
432	   Argyle, Texas 76226
433	   USA

435	   Phone: +1 972 849 8821
436	   EMail: tl_moran@att.net

438	   Sreenivas Addagatla
439	   Nokia
440	   6000 Connection Drive
441	   Irving, Texas 75039
442	   USA

444	   Phone: +1 972 374 1917
445	   EMail: sreenivas.addagatla@nokia.com

447	   Eva Leppanen
448	   Nokia
449	   P.O BOX 785
450	   Tampere
451	   Finland

453	   Phone: +358 7180 77066
454	   EMail: eva-maria.leppanen@nokia.com
455	   Andrew Allen
456	   1937 McRae Lane
457	   Mundelein, Illinois 60060
458	   USA

460	   EMail: AndrewAllen007@aol.com

462	Intellectual Property Statement

464	   The IETF takes no position regarding the validity or scope of any
465	   intellectual property or other rights that might be claimed to
466	   pertain to the implementation or use of the technology described in
467	   this document or the extent to which any license under such rights
468	   might or might not be available; neither does it represent that it
469	   has made any effort to identify any such rights. Information on the
470	   IETF's procedures with respect to rights in standards-track and
471	   standards-related documentation can be found in BCP-11. Copies of
472	   claims of rights made available for publication and any assurances of
473	   licenses to be made available, or the result of an attempt made to
474	   obtain a general license or permission for the use of such
475	   proprietary rights by implementors or users of this specification can
476	   be obtained from the IETF Secretariat.

478	   The IETF invites any interested party to bring to its attention any
479	   copyrights, patents or patent applications, or other proprietary
480	   rights which may cover technology that may be required to practice
481	   this standard. Please address the information to the IETF Executive
482	   Director.

484	Full Copyright Statement

486	   Copyright (C) The Internet Society (2003). All Rights Reserved.

488	   This document and translations of it may be copied and furnished to
489	   others, and derivative works that comment on or otherwise explain it
490	   or assist in its implementation may be prepared, copied, published
491	   and distributed, in whole or in part, without restriction of any
492	   kind, provided that the above copyright notice and this paragraph are
493	   included on all such copies and derivative works. However, this
494	   document itself may not be modified in any way, such as by removing
495	   the copyright notice or references to the Internet Society or other
496	   Internet organizations, except as needed for the purpose of
497	   developing Internet standards in which case the procedures for
498	   copyrights defined in the Internet Standards process must be
499	   followed, or as required to translate it into languages other than
500	   English.

502	   The limited permissions granted above are perpetual and will not be
503	   revoked by the Internet Society or its successors or assignees.

505	   This document and the information contained herein is provided on an
506	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
507	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
508	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
509	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
510	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

512	Acknowledgment

514	   Funding for the RFC Editor function is currently provided by the
515	   Internet Society.