idnits 2.17.1 draft-ietf-sipcore-rfc3265bis-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC3265, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC4660, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4660, updated by this document, for RFC5378 checks: 2004-02-06) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 18, 2011) is 4573 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Roach' is mentioned on line 1762, but not defined ** Obsolete normative reference: RFC 3265 (Obsoleted by RFC 6665) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Duplicate reference: RFC4660, mentioned in 'RFC4660', was also mentioned in 'RFC 4660'. Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. B. Roach 3 Internet-Draft Tekelec 4 Obsoletes: 3265 (if approved) October 18, 2011 5 Updates: 4660 (if approved) 6 Intended status: Standards Track 7 Expires: April 20, 2012 9 SIP-Specific Event Notification 10 draft-ietf-sipcore-rfc3265bis-04 12 Abstract 14 This document describes an extension to the Session Initiation 15 Protocol (SIP). The purpose of this extension is to provide an 16 extensible framework by which SIP nodes can request notification from 17 remote nodes indicating that certain events have occurred. 19 Note that the event notification mechanisms defined herein are NOT 20 intended to be a general-purpose infrastructure for all classes of 21 event subscription and notification. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on April 20, 2012. 40 Copyright Notice 42 Copyright (c) 2011 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 1.1. Overview of Operation . . . . . . . . . . . . . . . . . . 5 59 1.2. Documentation Conventions . . . . . . . . . . . . . . . . 6 60 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 3. SIP Methods for Event Notification . . . . . . . . . . . . . . 7 62 3.1. SUBSCRIBE . . . . . . . . . . . . . . . . . . . . . . . . 7 63 3.1.1. Subscription Duration . . . . . . . . . . . . . . . . 7 64 3.1.2. Identification of Subscribed Events and Event 65 Classes . . . . . . . . . . . . . . . . . . . . . . . 8 66 3.1.3. Additional SUBSCRIBE Header Field Values . . . . . . . 9 67 3.2. NOTIFY . . . . . . . . . . . . . . . . . . . . . . . . . . 9 68 3.2.1. Identification of Reported Events, Event Classes, 69 and Current State . . . . . . . . . . . . . . . . . . 9 70 4. Node Behavior . . . . . . . . . . . . . . . . . . . . . . . . 10 71 4.1. Subscriber Behavior . . . . . . . . . . . . . . . . . . . 10 72 4.1.1. Detecting Support for SIP Events . . . . . . . . . . . 10 73 4.1.2. Creating and Maintaining Subscriptions . . . . . . . . 10 74 4.1.3. Receiving and Processing State Information . . . . . . 14 75 4.1.4. Forking of SUBSCRIBE Requests . . . . . . . . . . . . 16 76 4.2. Notifier Behavior . . . . . . . . . . . . . . . . . . . . 17 77 4.2.1. Subscription Establishment and Maintenance . . . . . . 17 78 4.2.2. Sending State Information to Subscribers . . . . . . . 20 79 4.2.3. PINT Compatibility . . . . . . . . . . . . . . . . . . 23 80 4.3. Proxy Behavior . . . . . . . . . . . . . . . . . . . . . . 23 81 4.4. Common Behavior . . . . . . . . . . . . . . . . . . . . . 23 82 4.4.1. Dialog Creation and Termination . . . . . . . . . . . 24 83 4.4.2. Notifier Migration . . . . . . . . . . . . . . . . . . 24 84 4.4.3. Polling Resource State . . . . . . . . . . . . . . . . 25 85 4.4.4. Allow-Events header field usage . . . . . . . . . . . 26 86 4.5. Targeting Subscriptions at Devices . . . . . . . . . . . . 26 87 4.5.1. Using GRUUs to Route to Devices . . . . . . . . . . . 27 88 4.5.2. Sharing Dialogs . . . . . . . . . . . . . . . . . . . 27 89 4.6. CANCEL Requests for SUBSCRIBE and NOTIFY Transactions . . 29 90 5. Event Packages . . . . . . . . . . . . . . . . . . . . . . . . 29 91 5.1. Appropriateness of Usage . . . . . . . . . . . . . . . . . 29 92 5.2. Event Template-packages . . . . . . . . . . . . . . . . . 30 93 5.3. Amount of State to be Conveyed . . . . . . . . . . . . . . 30 94 5.3.1. Complete State Information . . . . . . . . . . . . . . 31 95 5.3.2. State Deltas . . . . . . . . . . . . . . . . . . . . . 31 97 5.4. Event Package Responsibilities . . . . . . . . . . . . . . 32 98 5.4.1. Event Package Name . . . . . . . . . . . . . . . . . . 32 99 5.4.2. Event Package Parameters . . . . . . . . . . . . . . . 32 100 5.4.3. SUBSCRIBE Request Bodies . . . . . . . . . . . . . . . 32 101 5.4.4. Subscription Duration . . . . . . . . . . . . . . . . 33 102 5.4.5. NOTIFY Request Bodies . . . . . . . . . . . . . . . . 33 103 5.4.6. Notifier processing of SUBSCRIBE requests . . . . . . 33 104 5.4.7. Notifier generation of NOTIFY requests . . . . . . . . 33 105 5.4.8. Subscriber processing of NOTIFY requests . . . . . . . 34 106 5.4.9. Handling of forked requests . . . . . . . . . . . . . 34 107 5.4.10. Rate of notifications . . . . . . . . . . . . . . . . 34 108 5.4.11. State Aggregation . . . . . . . . . . . . . . . . . . 35 109 5.4.12. Examples . . . . . . . . . . . . . . . . . . . . . . . 35 110 5.4.13. Use of URIs to Retrieve State . . . . . . . . . . . . 35 111 6. Security Considerations . . . . . . . . . . . . . . . . . . . 35 112 6.1. Access Control . . . . . . . . . . . . . . . . . . . . . . 35 113 6.2. Notifier Privacy Mechanism . . . . . . . . . . . . . . . . 36 114 6.3. Denial-of-Service attacks . . . . . . . . . . . . . . . . 36 115 6.4. Replay Attacks . . . . . . . . . . . . . . . . . . . . . . 36 116 6.5. Man-in-the middle attacks . . . . . . . . . . . . . . . . 37 117 6.6. Confidentiality . . . . . . . . . . . . . . . . . . . . . 37 118 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 119 7.1. Event Packages . . . . . . . . . . . . . . . . . . . . . . 38 120 7.1.1. Registration Information . . . . . . . . . . . . . . . 38 121 7.1.2. Registration Template . . . . . . . . . . . . . . . . 39 122 7.2. Reason Codes . . . . . . . . . . . . . . . . . . . . . . . 39 123 7.3. Header Field Names . . . . . . . . . . . . . . . . . . . . 40 124 7.4. Response Codes . . . . . . . . . . . . . . . . . . . . . . 41 125 8. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 126 8.1. New Methods . . . . . . . . . . . . . . . . . . . . . . . 41 127 8.1.1. SUBSCRIBE method . . . . . . . . . . . . . . . . . . . 41 128 8.1.2. NOTIFY method . . . . . . . . . . . . . . . . . . . . 41 129 8.2. New Header Fields . . . . . . . . . . . . . . . . . . . . 42 130 8.2.1. "Event" Header Field . . . . . . . . . . . . . . . . . 42 131 8.2.2. "Allow-Events" Header Field . . . . . . . . . . . . . 42 132 8.2.3. "Subscription-State" Header Field . . . . . . . . . . 42 133 8.3. New Response Codes . . . . . . . . . . . . . . . . . . . . 42 134 8.3.1. "202 Accepted" Response Code . . . . . . . . . . . . . 42 135 8.3.2. "489 Bad Event" Response Code . . . . . . . . . . . . 43 136 8.4. Augmented BNF Definitions . . . . . . . . . . . . . . . . 43 137 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 44 138 9.1. Normative References . . . . . . . . . . . . . . . . . . . 44 139 9.2. Informative References . . . . . . . . . . . . . . . . . . 45 140 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 46 141 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 47 142 B.1. Changes from draft-ietf-sipcore-rfc3265bis-03 to 143 draft-ietf-sipcore-rfc3265bis-04 . . . . . . . . . . . . . 47 144 B.2. Changes from draft-ietf-sipcore-rfc3265bis-02 to 145 draft-ietf-sipcore-rfc3265bis-03 . . . . . . . . . . . . . 47 146 B.3. Changes from draft-ietf-sipcore-rfc3265bis-01 to 147 draft-ietf-sipcore-rfc3265bis-02 . . . . . . . . . . . . . 47 148 B.4. Changes from draft-ietf-sipcore-rfc3265bis-00 to 149 draft-ietf-sipcore-rfc3265bis-01 . . . . . . . . . . . . . 48 150 B.5. Changes from draft-roach-sipcore-rfc3265bis-00 to 151 draft-ietf-sipcore-rfc3265bis-00 . . . . . . . . . . . . . 48 152 B.6. Changes since RFC 3265 . . . . . . . . . . . . . . . . . . 48 153 B.6.1. Bug 666: Clarify use of expires=xxx with terminated . 48 154 B.6.2. Bug 667: Reason code for unsub/poll not clearly 155 spelled out . . . . . . . . . . . . . . . . . . . . . 48 156 B.6.3. Bug 669: Clarify: SUBSCRIBE for a duration might 157 be answered with a NOTIFY/expires=0 . . . . . . . . . 48 158 B.6.4. Bug 670: Dialog State Machine needs clarification . . 48 159 B.6.5. Bug 671: Clarify timeout-based removal of 160 subscriptions . . . . . . . . . . . . . . . . . . . . 48 161 B.6.6. Bug 672: Mandate expires= in NOTIFY . . . . . . . . . 49 162 B.6.7. Bug 673: INVITE 481 response effect clarification . . 49 163 B.6.8. Bug 677: SUBSCRIBE response matching text in error . . 49 164 B.6.9. Bug 695: Document is not explicit about response 165 to NOTIFY at subscription termination . . . . . . . . 49 166 B.6.10. Bug 696: Subscription state machine needs 167 clarification . . . . . . . . . . . . . . . . . . . . 49 168 B.6.11. Bug 697: Unsubscription behavior could be clarified . 49 169 B.6.12. Bug 699: NOTIFY and SUBSCRIBE are target refresh 170 requests . . . . . . . . . . . . . . . . . . . . . . . 49 171 B.6.13. Bug 722: Inconsistent 423 reason phrase text . . . . . 49 172 B.6.14. Bug 741: guidance needed on when to not include 173 Allow-Events . . . . . . . . . . . . . . . . . . . . . 49 174 B.6.15. Bug 744: 5xx to NOTIFY terminates a subscription, 175 but should not . . . . . . . . . . . . . . . . . . . . 50 176 B.6.16. Bug 752: Detection of forked requests is incorrect . . 50 177 B.6.17. Bug 773: Reason code needs IANA registry . . . . . . . 50 178 B.6.18. Bug 774: Need new reason for terminating 179 subscriptions to resources that never change . . . . . 50 180 B.6.19. Clarify handling of Route/Record-Route in NOTIFY . . . 50 181 B.6.20. Eliminate implicit subscriptions . . . . . . . . . . . 50 182 B.6.21. Deprecate dialog re-use . . . . . . . . . . . . . . . 50 183 B.6.22. Rationalize dialog creation . . . . . . . . . . . . . 50 184 B.6.23. Refactor behavior sections . . . . . . . . . . . . . . 51 185 B.6.24. Clarify sections that need to be present in event 186 packages . . . . . . . . . . . . . . . . . . . . . . . 51 187 B.6.25. Make CANCEL handling more explicit . . . . . . . . . . 51 188 B.6.26. Remove State Agent Terminology . . . . . . . . . . . . 51 189 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 52 191 1. Introduction 193 The ability to request asynchronous notification of events proves 194 useful in many types of SIP services for which cooperation between 195 end-nodes is required. Examples of such services include automatic 196 callback services (based on terminal state events), buddy lists 197 (based on user presence events), message waiting indications (based 198 on mailbox state change events), and PSTN and Internet 199 Internetworking (PINT) [RFC2848] status (based on call state events). 201 The methods described in this document provide a framework by which 202 notification of these events can be ordered. 204 The event notification mechanisms defined herein are NOT intended to 205 be a general-purpose infrastructure for all classes of event 206 subscription and notification. Meeting requirements for the general 207 problem set of subscription and notification is far too complex for a 208 single protocol. Our goal is to provide a SIP-specific framework for 209 event notification which is not so complex as to be unusable for 210 simple features, but which is still flexible enough to provide 211 powerful services. Note, however, that event packages based on this 212 framework may define arbitrarily elaborate rules which govern the 213 subscription and notification for the events or classes of events 214 they describe. 216 This document does not describe an extension which may be used 217 directly; it must be extended by other documents (herein referred to 218 as "event packages"). In object-oriented design terminology, it may 219 be thought of as an abstract base class which must be derived into an 220 instantiatable class by further extensions. Guidelines for creating 221 these extensions are described in Section 5. 223 1.1. Overview of Operation 225 The general concept is that entities in the network can subscribe to 226 resource or call state for various resources or calls in the network, 227 and those entities (or entities acting on their behalf) can send 228 notifications when those states change. 230 A typical flow of messages would be: 232 Subscriber Notifier 233 |-----SUBSCRIBE---->| Request state subscription 234 |<-------200--------| Acknowledge subscription 235 |<------NOTIFY----- | Return current state information 236 |--------200------->| 237 |<------NOTIFY----- | Return current state information 238 |--------200------->| 240 Subscriptions are expired and must be refreshed by subsequent 241 SUBSCRIBE requests. 243 1.2. Documentation Conventions 245 There are several paragraphs throughout this document which provide 246 motivational or clarifying text. Such passages are non-normative, 247 and are provided only to assist with reader comprehension. These 248 passages are set off from the remainder of the text by being indented 249 thus: 251 This is an example of non-normative explanatory text. It does not 252 form part of the specification, and is used only for 253 clarification. 255 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 256 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 257 document are to be interpreted as described in [RFC2119]. 259 In particular, implementors need to take careful note of the meaning 260 of "SHOULD" defined in RFC 2119. To rephrase: violation of SHOULD- 261 strength requirements requires careful analysis and clearly 262 enumerable reasons. It is inappropriate to fail to comply with 263 "SHOULD"-strength requirements whimsically or for ease of 264 implementation. 266 The use of quotation marks next to periods and commas follows the 267 convention used by the American Mathematical Society; although 268 contrary to traditional American English convention, this usage lends 269 clarity to certain passages. 271 2. Definitions 273 Event Package: An event package is an additional specification which 274 defines a set of state information to be reported by a notifier to 275 a subscriber. Event packages also define further syntax and 276 semantics based on the framework defined by this document required 277 to convey such state information. 279 Event Template-Package: An event template-package is a special kind 280 of event package which defines a set of states which may be 281 applied to all possible event packages, including itself. 283 Notification: Notification is the act of a notifier sending a NOTIFY 284 request to a subscriber to inform the subscriber of the state of a 285 resource. 287 Notifier: A notifier is a user agent which generates NOTIFY requests 288 for the purpose of notifying subscribers of the state of a 289 resource. Notifiers typically also accept SUBSCRIBE requests to 290 create subscriptions. 292 Subscriber: A subscriber is a user agent which receives NOTIFY 293 requests from notifiers; these NOTIFY requests contain information 294 about the state of a resource in which the subscriber is 295 interested. Subscribers typically also generate SUBSCRIBE 296 requests and send them to notifiers to create subscriptions. 298 Subscription: A subscription is a set of application state 299 associated with a dialog. This application state includes a 300 pointer to the associated dialog, the event package name, and 301 possibly an identification token. Event packages will define 302 additional subscription state information. By definition, 303 subscriptions exist in both a subscriber and a notifier. 305 Subscription Migration: Subscription migration is the act of moving 306 a subscription from one notifier to another notifier. 308 3. SIP Methods for Event Notification 310 3.1. SUBSCRIBE 312 The SUBSCRIBE method is used to request current state and state 313 updates from a remote node. SUBSCRIBE requests are target refresh 314 requests, as that term is defined in [RFC3261]. 316 3.1.1. Subscription Duration 318 SUBSCRIBE requests SHOULD contain an "Expires" header field (defined 319 in [RFC3261]). This expires value indicates the duration of the 320 subscription. In order to keep subscriptions effective beyond the 321 duration communicated in the "Expires" header field, subscribers need 322 to refresh subscriptions on a periodic basis using a new SUBSCRIBE 323 request on the same dialog as defined in [RFC3261]. 325 If no "Expires" header field is present in a SUBSCRIBE request, the 326 implied default MUST be defined by the event package being used. 328 200-class responses to SUBSCRIBE requests also MUST contain an 329 "Expires" header field. The period of time in the response MAY be 330 shorter but MUST NOT be longer than specified in the request. The 331 notifier is explicitly allowed to shorten the duration to zero. The 332 period of time in the response is the one which defines the duration 333 of the subscription. 335 An "expires" parameter on the "Contact" header field has no semantics 336 for the SUBSCRIBE method and is explicitly not equivalent to an 337 "Expires" header field in a SUBSCRIBE request or response. 339 A natural consequence of this scheme is that a SUBSCRIBE request with 340 an "Expires" of 0 constitutes a request to unsubscribe from an event. 342 In addition to being a request to unsubscribe, a SUBSCRIBE request 343 with "Expires" of 0 also causes a fetch of state; see 344 Section 4.4.3. 346 Notifiers may also wish to cancel subscriptions to events; this is 347 useful, for example, when the resource to which a subscription refers 348 is no longer available. Further details on this mechanism are 349 discussed in Section 4.2.2. 351 3.1.2. Identification of Subscribed Events and Event Classes 353 Identification of events is provided by three pieces of information: 354 Request URI, Event Type, and (optionally) message body. 356 The Request URI of a SUBSCRIBE request, most importantly, contains 357 enough information to route the request to the appropriate entity per 358 the request routing procedures outlined in [RFC3261]. It also 359 contains enough information to identify the resource for which event 360 notification is desired, but not necessarily enough information to 361 uniquely identify the nature of the event (e.g., 362 "sip:adam@example.com" would be an appropriate URI to subscribe to 363 for my presence state; it would also be an appropriate URI to 364 subscribe to the state of my voice mailbox). 366 Subscribers MUST include exactly one "Event" header field in 367 SUBSCRIBE requests, indicating to which event or class of events they 368 are subscribing. The "Event" header field will contain a token which 369 indicates the type of state for which a subscription is being 370 requested. This token will be registered with the IANA and will 371 correspond to an event package which further describes the semantics 372 of the event or event class. 374 If the event package to which the event token corresponds defines 375 behavior associated with the body of its SUBSCRIBE requests, those 376 semantics apply. 378 Event packages may also define parameters for the Event header field; 379 if they do so, they must define the semantics for such parameters. 381 3.1.3. Additional SUBSCRIBE Header Field Values 383 Because SUBSCRIBE requests create a dialog usage as defined in 384 [RFC3261], they MAY contain an "Accept" header field. This header 385 field, if present, indicates the body formats allowed in subsequent 386 NOTIFY requests. Event packages MUST define the behavior for 387 SUBSCRIBE requests without "Accept" header fields; usually, this will 388 connote a single, default body type. 390 Header values not described in this document are to be interpreted as 391 described in [RFC3261]. 393 3.2. NOTIFY 395 NOTIFY requests are sent to inform subscribers of changes in state to 396 which the subscriber has a subscription. Subscriptions are created 397 using the SUBSCRIBE method. In legacy implementations, it is 398 possible that other means of subscription creation have been used. 399 However, this specification does not allow the creation of 400 subscriptions except through SUBSCRIBE requests and (for backwards- 401 compatibility) REFER requests [RFC3515]. 403 NOTIFY is a target refresh request, as that term is defined in 404 [RFC3261]. 406 A NOTIFY request does not terminate its corresponding subscription; 407 in other words, a single SUBSCRIBE request may trigger several NOTIFY 408 requests. 410 3.2.1. Identification of Reported Events, Event Classes, and Current 411 State 413 Identification of events being reported in a notification is very 414 similar to that described for subscription to events (see 415 Section 3.1.2). 417 As in SUBSCRIBE requests, NOTIFY request "Event" header fields MUST 418 contain a single event package name for which a notification is being 419 generated. The package name in the "Event" header field MUST match 420 the "Event" header field in the corresponding SUBSCRIBE request. 422 Event packages may define semantics associated with the body of their 423 NOTIFY requests; if they do so, those semantics apply. NOTIFY 424 request bodies are expected to provide additional details about the 425 nature of the event which has occurred and the resultant resource 426 state. 428 When present, the body of the NOTIFY request MUST be formatted into 429 one of the body formats specified in the "Accept" header field of the 430 corresponding SUBSCRIBE request. This body will contain either the 431 state of the subscribed resource or a pointer to such state in the 432 form of a URI (see Section 5.4.13). 434 4. Node Behavior 436 4.1. Subscriber Behavior 438 4.1.1. Detecting Support for SIP Events 440 The extension described in this document does not make use of the use 441 of "Require" or "Proxy-Require" header fields; similarly, there is no 442 token defined for "Supported" header fields. Potential subscribers 443 may probe for the support of SIP Events using the OPTIONS request 444 defined in [RFC3261]. 446 The presence of "SUBSCRIBE" in the "Allow" header field of any 447 request or response indicates support for SIP Events; further, in the 448 absence of an "Allow" header field, the simple presence of an "Allow- 449 Events" header field is sufficient to indicate that the node that 450 sent the message is capable of acting as a notifier (see 451 Section 4.4.4. 453 The "methods" parameter for Contact may also be used to 454 specifically announce support for SUBSCRIBE and NOTIFY requests 455 when registering. (See [RFC3840] for details on the "methods" 456 parameter). 458 4.1.2. Creating and Maintaining Subscriptions 460 From the subscriber's perspective, a subscription proceeds according 461 to the following state diagram: 463 +-------------+ 464 | init |<-----------------------+ 465 +-------------+ | 466 | Retry-after 467 Send SUBSCRIBE expires 468 | | 469 V Timer N Fires; | 470 +-------------+ SUBSCRIBE failure | 471 +------------| notify_wait |-- response; --------+ | 472 | +-------------+ or NOTIFY, | | 473 | | state=terminated | | 474 | | | | 475 ++========|===================|============================|==|====++ 476 || | | V | || 477 || Receive NOTIFY, Receive NOTIFY, +-------------+ || 478 || state=active state=pending | terminated | || 479 || | | +-------------+ || 480 || | | Re-subscription A A || 481 || | V times out; | | || 482 || | +-------------+ Receive NOTIFY, | | || 483 || | | pending |-- state=terminated; --+ | || 484 || | +-------------+ or 481 response | || 485 || | | to SUBSCRIBE | || 486 || | Receive NOTIFY, refresh | || 487 || | state=active | || 488 || | | Re-subscription | || 489 || | V times out; | || 490 || | +-------------+ Receive NOTIFY, | || 491 || +----------->| active |-- state=terminated; -----+ || 492 || +-------------+ or 481 response || 493 || to SUBSCRIBE || 494 || Subscription refresh || 495 ++=================================================================++ 497 In the state diagram, "Re-subscription times out" means that an 498 attempt to refresh or update the subscription using a new SUBSCRIBE 499 request does not result in a NOTIFY request before the corresponding 500 Timer N expires. 502 Any transition from "notify_wait" into a "pending" or "active" state 503 results in a new subscription. Note that multiple subscriptions can 504 be generated as the result of a single SUBSCRIBE request (see 505 Section 4.4.1). Each of these new subscriptions exists in its own 506 independent state machine, and runs its own set of timers. 508 4.1.2.1. Requesting a Subscription 510 SUBSCRIBE is a dialog-creating method, as described in [RFC3261]. 512 When a subscriber wishes to subscribe to a particular state for a 513 resource, it forms a SUBSCRIBE request. If the initial SUBSCRIBE 514 request represents a request outside of a dialog (as it typically 515 will), its construction follows the procedures outlined in [RFC3261] 516 for UAC request generation outside of a dialog. 518 This SUBSCRIBE request will be confirmed with a final response. 200- 519 class responses indicate that the subscription has been accepted, and 520 that a NOTIFY request will be sent immediately. 522 The "Expires" header field in a 200-class response to SUBSCRIBE 523 request indicates the actual duration for which the subscription will 524 remain active (unless refreshed). 526 Non-200 class final responses indicate that no subscription or new 527 dialog usage has been created, and no subsequent NOTIFY request will 528 be sent. All non-200 class responses (with the exception of "489", 529 described herein) have the same meanings and handling as described in 530 [RFC3261]. For the sake of clarity: if a SUBSCRIBE request contains 531 an "Accept" header field, but that field does not indicate a MIME 532 type that the notifier is capable of generating in its NOTIFY 533 requests, then the proper error response is 406 (Not Acceptable). 535 4.1.2.2. Refreshing of Subscriptions 537 At any time before a subscription expires, the subscriber may refresh 538 the timer on such a subscription by sending another SUBSCRIBE request 539 on the same dialog as the existing subscription. The handling for 540 such a request is the same as for the initial creation of a 541 subscription except as described below. 543 If a SUBSCRIBE request to refresh a subscription receives a 404, 405, 544 410, 416, 480-485, 489, 501, or 604 response, the subscriber MUST 545 consider the subscription terminated. (See [RFC5057] for further 546 details and notes about the effect of error codes on dialogs and 547 usages within dialog, such as subscriptions). If the subscriber 548 wishes to re-subscribe to the state, he does so by composing an 549 unrelated initial SUBSCRIBE request with a freshly-generated Call-ID 550 and a new, unique "From" tag (see Section 4.1.2.1.) 552 If a SUBSCRIBE request to refresh a subscription fails with any error 553 code other than those listed above, the original subscription is 554 still considered valid for the duration of the most recently known 555 "Expires" value as negotiated by the most recent successful SUBSCRIBE 556 transaction, or as communicated by a NOTIFY request in its 557 "Subscription-State" header field "expires" parameter. 559 Note that many such errors indicate that there may be a problem 560 with the network or the notifier such that no further NOTIFY 561 requests will be received. 563 When refreshing a subscription, a subscriber starts Timer N, set to 564 64*T1, when it sends the SUBSCRIBE request. If this Timer N expires 565 prior to the receipt of a NOTIFY request, the subscriber considers 566 the subscription terminated. If the subscriber receives a success 567 response to the SUBSCRIBE request that indicates that no NOTIFY 568 request will be generated -- such as the 204 response defined for use 569 with the optional extension described in [RFC5839] -- then it MUST 570 cancel Timer N. 572 4.1.2.3. Unsubscribing 574 Unsubscribing is handled in the same way as refreshing of a 575 subscription, with the "Expires" header field set to "0". Note that 576 a successful unsubscription will also trigger a final NOTIFY request. 578 The final NOTIFY request may or may not contain information about the 579 state of the resource; subscribers need to be prepared to receive 580 final NOTIFY requests both with and without state. 582 4.1.2.4. Confirmation of Subscription Creation 584 The subscriber can expect to receive a NOTIFY request from each node 585 which has processed a successful subscription or subscription 586 refresh. To ensure that subscribers do not wait indefinitely for a 587 subscription to be established, a subscriber starts a Timer N, set to 588 64*T1, when it sends a SUBSCRIBE request. If this Timer N expires 589 prior to the receipt of a NOTIFY request, the subscriber considers 590 the subscription failed, and cleans up any state associated with the 591 subscription attempt. 593 Until Timer N expires, several NOTIFY requests may arrive from 594 different destinations (see Section 4.4.1). Each of these requests 595 establish a new dialog usage and a new subscription. After the 596 expiration of Timer N, the subscriber SHOULD reject any such NOTIFY 597 requests that would otherwise establish a new dialog usage with a 598 "481" response code. 600 Until the first NOTIFY request arrives, the subscriber should 601 consider the state of the subscribed resource to be in a neutral 602 state. Event package specifications MUST define this "neutral state" 603 in such a way that makes sense for their application (see 604 Section 5.4.7). 606 Due to the potential for both out-of-order messages and forking, the 607 subscriber MUST be prepared to receive NOTIFY requests before the 608 SUBSCRIBE transaction has completed. 610 Except as noted above, processing of this NOTIFY request is the same 611 as in Section 4.1.3. 613 4.1.3. Receiving and Processing State Information 615 Subscribers receive information about the state of a resource to 616 which they have subscribed in the form of NOTIFY requests. 618 Upon receiving a NOTIFY request, the subscriber should check that it 619 matches at least one of its outstanding subscriptions; if not, it 620 MUST return a "481 Subscription does not exist" response unless 621 another 400- or 500-class response is more appropriate. The rules 622 for matching NOTIFY requests with subscriptions that create a new 623 dialog usage are described in Section 4.4.1. Notifications for 624 subscriptions which were created inside an existing dialog match if 625 they are in the same dialog and the "Event" header fields match (as 626 described in Section 8.2.1). 628 If, for some reason, the event package designated in the "Event" 629 header field of the NOTIFY request is not supported, the subscriber 630 will respond with a "489 Bad Event" response. 632 To prevent spoofing of events, NOTIFY requests SHOULD be 633 authenticated, using any defined SIP authentication mechanism. 635 NOTIFY requests MUST contain "Subscription-State" header fields which 636 indicate the status of the subscription. 638 If the "Subscription-State" header field value is "active", it means 639 that the subscription has been accepted and (in general) has been 640 authorized. If the header field also contains an "expires" 641 parameter, the subscriber SHOULD take it as the authoritative 642 subscription duration and adjust accordingly. The "retry-after" and 643 "reason" parameters have no semantics for "active". 645 If the "Subscription-State" value is "pending", the subscription has 646 been received by the notifier, but there is insufficient policy 647 information to grant or deny the subscription yet. If the header 648 field also contains an "expires" parameter, the subscriber SHOULD 649 take it as the authoritative subscription duration and adjust 650 accordingly. No further action is necessary on the part of the 651 subscriber. The "retry-after" and "reason" parameters have no 652 semantics for "pending". 654 If the "Subscription-State" value is "terminated", the subscriber 655 MUST consider the subscription terminated. The "expires" parameter 656 has no semantics for "terminated" -- notifiers SHOULD NOT include an 657 "expires" parameter on a "Subscription-State" header field with a 658 value of "terminated," and subscribers MUST ignore any such 659 parameter, if present. If a reason code is present, the client 660 should behave as described below. If no reason code or an unknown 661 reason code is present, the client MAY attempt to re-subscribe at any 662 time (unless a "retry-after" parameter is present, in which case the 663 client SHOULD NOT attempt re-subscription until after the number of 664 seconds specified by the "retry-after" parameter). The reason codes 665 defined by this document are: 667 deactivated: The subscription has been terminated, but the 668 subscriber SHOULD retry immediately with a new subscription. One 669 primary use of such a status code is to allow migration of 670 subscriptions between nodes. The "retry-after" parameter has no 671 semantics for "deactivated". 673 probation: The subscription has been terminated, but the client 674 SHOULD retry at some later time. If a "retry-after" parameter is 675 also present, the client SHOULD wait at least the number of 676 seconds specified by that parameter before attempting to re- 677 subscribe. 679 rejected: The subscription has been terminated due to change in 680 authorization policy. Clients SHOULD NOT attempt to re-subscribe. 681 The "retry-after" parameter has no semantics for "rejected". 683 timeout: The subscription has been terminated because it was not 684 refreshed before it expired. Clients MAY re-subscribe 685 immediately. The "retry-after" parameter has no semantics for 686 "timeout". This reason code is also associated with polling of 687 resource state, as detailed in Section 4.4.3 689 giveup: The subscription has been terminated because the notifier 690 could not obtain authorization in a timely fashion. If a "retry- 691 after" parameter is also present, the client SHOULD wait at least 692 the number of seconds specified by that parameter before 693 attempting to re-subscribe; otherwise, the client MAY retry 694 immediately, but will likely get put back into pending state. 696 noresource: The subscription has been terminated because the 697 resource state which was being monitored no longer exists. 698 Clients SHOULD NOT attempt to re-subscribe. The "retry-after" 699 parameter has no semantics for "noresource". 701 invariant: The subscription has been terminated because the resource 702 state is guaranteed not to change for the foreseeable future. 703 This may be the case, for example, when subscribing to the 704 location information of a fixed-location land-line telephone. 705 When using this reason code, notifiers are advised to include a 706 "retry-after" parameter with a large value (for example, 31536000 707 -- or one year) to prevent older, RFC 3265-compliant clients from 708 periodically resubscribing. Clients SHOULD NOT attempt to 709 resubscribe after receiving a reason code of "invariant," 710 regardless of the presence of or value of a "retry-after" 711 parameter. 713 Other specifications may define new reason codes for use with the 714 "Subscription-State" header field. 716 Once the notification is deemed acceptable to the subscriber, the 717 subscriber SHOULD return a 200 response. In general, it is not 718 expected that NOTIFY responses will contain bodies; however, they 719 MAY, if the NOTIFY request contained an "Accept" header field. 721 Other responses defined in [RFC3261] may also be returned, as 722 appropriate. In no case should a NOTIFY transaction extend for any 723 longer than the time necessary for automated processing. In 724 particular, subscribers MUST NOT wait for a user response before 725 returning a final response to a NOTIFY request. 727 4.1.4. Forking of SUBSCRIBE Requests 729 In accordance with the rules for proxying non-INVITE requests as 730 defined in [RFC3261], successful SUBSCRIBE requests will receive only 731 one 200-class response; however, due to forking, the subscription may 732 have been accepted by multiple nodes. The subscriber MUST therefore 733 be prepared to receive NOTIFY requests with "From:" tags which differ 734 from the "To:" tag received in the SUBSCRIBE 200-class response. 736 If multiple NOTIFY requests are received in different dialogs in 737 response to a single SUBSCRIBE request, each dialog represents a 738 different destination to which the SUBSCRIBE request was forked. 739 Subscriber handling in such situations varies by event package; see 740 Section 5.4.9 for details. 742 4.2. Notifier Behavior 744 4.2.1. Subscription Establishment and Maintenance 746 Notifiers learn about subscription requests by receiving SUBSCRIBE 747 requests from interested parties. Notifiers MUST NOT create 748 subscriptions except upon receipt of a SUBSCRIBE request. However, 749 for historical reasons, the implicit creation of subscriptions as 750 defined in [RFC3515] is still permitted. 752 [RFC3265] allowed the creation of subscriptions using means other 753 than the SUBSCRIBE method. The only standardized use of this 754 mechanism is the REFER method [RFC3515]. Implementation 755 experience with REFER has shown that the implicit creation of a 756 subscription has a number of undesirable effects, such as the 757 inability to signal the success of a REFER request while signaling 758 a problem with the subscription; and difficulty performing one 759 action without the other. Additionally, the proper exchange of 760 dialog identifiers is difficult without dialog re-use (which has 761 its own set of problems; see Section 4.5). 763 4.2.1.1. Initial SUBSCRIBE Transaction Processing 765 In no case should a SUBSCRIBE transaction extend for any longer than 766 the time necessary for automated processing. In particular, 767 notifiers MUST NOT wait for a user response before returning a final 768 response to a SUBSCRIBE request. 770 This requirement is imposed primarily to prevent the non-INVITE 771 transaction timeout timer F (see [RFC3261]) from firing during the 772 SUBSCRIBE transaction, since interaction with a user would often 773 exceed 64*T1 seconds. 775 The notifier SHOULD check that the event package specified in the 776 "Event" header field is understood. If not, the notifier SHOULD 777 return a "489 Bad Event" response to indicate that the specified 778 event/event class is not understood. 780 The notifier SHOULD also perform any necessary authentication and 781 authorization per its local policy. See Section 4.2.1.3. 783 The notifier MAY also check that the duration in the "Expires" header 784 field is not too small. If and only if the expiration interval is 785 greater than zero AND smaller than one hour AND less than a notifier- 786 configured minimum, the notifier MAY return a "423 Interval Too 787 Brief" error which contains a "Min-Expires" header field field. The 788 "Min-Expires" header field is described in [RFC3261]. 790 Once the notifier determines that it has enough information to create 791 the subscription (i.e., it understands the event package, the 792 subscription pertains to a known resource, and there are no other 793 barriers to creating the subscription), it creates the subscription 794 and a dialog usage, and returns a 200 (OK) response. 796 When a subscription is created in the notifier, it stores the event 797 package name as part of the subscription information. 799 The "Expires" values present in SUBSCRIBE 200-class responses behave 800 in the same way as they do in REGISTER responses: the server MAY 801 shorten the interval, but MUST NOT lengthen it. 803 If the duration specified in a SUBSCRIBE request is unacceptably 804 short, the notifier may be able to send a 423 response, as 805 described earlier in this section. 807 200-class responses to SUBSCRIBE requests will not generally contain 808 any useful information beyond subscription duration; their primary 809 purpose is to serve as a reliability mechanism. State information 810 will be communicated via a subsequent NOTIFY request from the 811 notifier. 813 The other response codes defined in [RFC3261] may be used in response 814 to SUBSCRIBE requests, as appropriate. 816 4.2.1.2. Confirmation of Subscription Creation/Refreshing 818 Upon successfully accepting or refreshing a subscription, notifiers 819 MUST send a NOTIFY request immediately to communicate the current 820 resource state to the subscriber. This NOTIFY request is sent on the 821 same dialog as created by the SUBSCRIBE response. If the resource 822 has no meaningful state at the time that the SUBSCRIBE request is 823 processed, this NOTIFY request MAY contain an empty or neutral body. 824 See Section 4.2.2 for further details on NOTIFY request generation. 826 Note that a NOTIFY request is always sent immediately after any 200- 827 class response to a SUBSCRIBE request, regardless of whether the 828 subscription has already been authorized. 830 4.2.1.3. Authentication/Authorization of SUBSCRIBE Requests 832 Privacy concerns may require that notifiers apply policy to determine 833 whether a particular subscriber is authorized to subscribe to a 834 certain set of events. Such policy may be defined by mechanisms such 835 as access control lists or real-time interaction with a user. In 836 general, authorization of subscribers prior to authentication is not 837 particularly useful. 839 SIP authentication mechanisms are discussed in [RFC3261]. Note that, 840 even if the notifier node typically acts as a proxy, authentication 841 for SUBSCRIBE requests will always be performed via a "401" response, 842 not a "407;" notifiers always act as a user agents when accepting 843 subscriptions and sending notifications. 845 Of course, when acting as a proxy, a node will perform normal 846 proxy authentication (using 407). The foregoing explanation is a 847 reminder that notifiers are always UAs, and as such perform UA 848 authentication. 850 If authorization fails based on an access list or some other 851 automated mechanism (i.e., it can be automatically authoritatively 852 determined that the subscriber is not authorized to subscribe), the 853 notifier SHOULD reply to the request with a "403 Forbidden" or "603 854 Decline" response, unless doing so might reveal information that 855 should stay private; see Section 6.2. 857 If the notifier owner is interactively queried to determine whether a 858 subscription is allowed, a 200 (OK) response is returned immediately. 859 Note that a NOTIFY request is still formed and sent under these 860 circumstances, as described in the previous section. 862 If subscription authorization was delayed and the notifier wishes to 863 convey that such authorization has been declined, it may do so by 864 sending a NOTIFY request containing a "Subscription-State" header 865 field with a value of "terminated" and a reason parameter of 866 "rejected". 868 4.2.1.4. Refreshing of Subscriptions 870 When a notifier receives a subscription refresh, assuming that the 871 subscriber is still authorized, the notifier updates the expiration 872 time for subscription. As with the initial subscription, the server 873 MAY shorten the amount of time until expiration, but MUST NOT 874 increase it. The final expiration time is placed in the "Expires" 875 header field in the response. If the duration specified in a 876 SUBSCRIBE request is unacceptably short, the notifier SHOULD respond 877 with a "423 Interval Too Brief" response. 879 If no refresh for a notification address is received before its 880 expiration time, the subscription is removed. When removing a 881 subscription, the notifier SHOULD send a NOTIFY request with a 882 "Subscription-State" value of "terminated" to inform it that the 883 subscription is being removed. If such a request is sent, the 884 "Subscription-State" header field SHOULD contain a "reason=timeout" 885 parameter. 887 Clients can cause a subscription to be terminated immediately by 888 sending a SUBSCRIBE request with an "Expires" header field set to 889 '0'. Notifiers largely treat this the same way as any other 890 subscription expiration: they send a NOTIFY request containing a 891 "Subscription-State" of "terminated", with a reason code of 892 "timeout." For consistency with state polling (see Section 4.4.3) 893 and subscription refreshes, the notifier may choose to include 894 resource state in this final NOTIFY request. However, in some cases, 895 including such state makes no sense. Under such circumstances, the 896 notifier may choose to omit state information from the terminal 897 NOTIFY request. 899 The sending of a NOTIFY request when a subscription expires allows 900 the corresponding dialog usage to be terminated, if appropriate. 902 4.2.2. Sending State Information to Subscribers 904 Notifiers use the NOTIFY method to send information about the state 905 of a resource to subscribers. The notifier's view of a subscription 906 is shown in the following state diagram: 908 +-------------+ 909 | init | 910 +-------------+ 911 | 912 Receive SUBSCRIBE, 913 Send NOTIFY 914 | 915 V NOTIFY failure, 916 +-------------+ subscription expires, 917 +------------| resp_wait |-- or terminated ----+ 918 | +-------------+ per local policy | 919 | | | 920 | | | 921 | | V 922 Policy grants Policy needed +-------------+ 923 permission | | terminated | 924 | | +-------------+ 925 | | A A 926 | V NOTIFY failure, | | 927 | +-------------+ subscription expires,| | 928 | | pending |-- or terminated -------+ | 929 | +-------------+ per local policy | 930 | | | 931 | Policy changed to | 932 | grant permission | 933 | | | 934 | V NOTIFY failure, | 935 | +-------------+ subscription expires, | 936 +----------->| active |-- or terminated ---------+ 937 +-------------+ per local policy 939 When a SUBSCRIBE request is answered with a 200-class response, the 940 notifier MUST immediately construct and send a NOTIFY request to the 941 subscriber. When a change in the subscribed state occurs, the 942 notifier SHOULD immediately construct and send a NOTIFY request, 943 subject to authorization, local policy, and throttling 944 considerations. 946 If the NOTIFY request fails due to expiration of SIP Timer F 947 (transaction timeout), the notifier SHOULD remove the subscription. 949 This behavior prevents unnecessary transmission of state 950 information for subscribers who have crashed or disappeared from 951 the network. Because such transmissions will be sent multiple 952 times, per the retransmission algorithm defined in [RFC3261] 953 (instead of the typical single transmission for functioning 954 clients), continuing to service them when no client is available 955 to acknowledge them could place undue strain on a network. Upon 956 client restart or reestablishment of a network connection, it is 957 expected that clients will send SUBSCRIBE requests to refresh 958 potentially stale state information; such requests will re-install 959 subscriptions in all relevant nodes. 961 If the NOTIFY transaction fails due to the receipt of a 404, 405, 962 410, 416, 480-485, 489, 501, or 604 response to the NOTIFY request, 963 the notifier MUST remove the corresponding subscription. See 964 [RFC5057] for further details and notes about the effect of error 965 codes on dialogs and usages within dialog (such as subscriptions). 967 A notify error response would generally indicate that something 968 has gone wrong with the subscriber or with some proxy on the way 969 to the subscriber. If the subscriber is in error, it makes the 970 most sense to allow the subscriber to rectify the situation (by 971 re-subscribing) once the error condition has been handled. If a 972 proxy is in error, the periodic sending of SUBSCRIBE requests to 973 refresh the expiration timer will re-install subscription state 974 once the network problem has been resolved. 976 NOTIFY requests MUST contain a "Subscription-State" header field with 977 a value of "active", "pending", or "terminated". The "active" value 978 indicates that the subscription has been accepted and has been 979 authorized (in most cases; see Section 6.2). The "pending" value 980 indicates that the subscription has been received, but that policy 981 information is insufficient to accept or deny the subscription at 982 this time. The "terminated" value indicates that the subscription is 983 not active. 985 If the value of the "Subscription-State" header field is "active" or 986 "pending", the notifier MUST also include in the "Subscription-State" 987 header field an "expires" parameter which indicates the time 988 remaining on the subscription. The notifier MAY use this mechanism 989 to shorten a subscription; however, this mechanism MUST NOT be used 990 to lengthen a subscription. 992 Including expiration information for active and pending 993 subscriptions is necessary in case the SUBSCRIBE request forks, 994 since the response to a forked SUBSCRIBE request may not be 995 received by the subscriber. [RFC3265] allowed the notifier some 996 discretion in the inclusion of this parameter, so subscriber 997 implementations are warned to handle the lack of an "expires" 998 parameter gracefully. Note well that this "expires" value is a 999 parameter on the "Subscription-State" header field, NOT an 1000 "Expires" header field. 1002 The period of time for a subscription can be shortened to zero by 1003 the notifier. In other words, it is perfectly valid for a 1004 SUBSCRIBE request with a non-zero expires to be answered with a 1005 NOTIFY request that contains "Subscription-Status: 1006 terminated;reason=expired". This merely means that the notifier 1007 has shortened the subscription timeout to zero, and the 1008 subscription has expired instantaneously. The body may contain 1009 valid state, or it may contain a neutral state (see 1010 Section 5.4.7). 1012 If the value of the "Subscription-State" header field is 1013 "terminated", the notifier SHOULD also include a "reason" parameter. 1014 The notifier MAY also include a "retry-after" parameter, where 1015 appropriate. For details on the value and semantics of the "reason" 1016 and "retry-after" parameters, see Section 4.1.3. 1018 4.2.3. PINT Compatibility 1020 The "Event" header field is considered mandatory for the purposes of 1021 this document. However, to maintain compatibility with PINT (see 1022 [RFC2848]), notifiers MAY interpret a SUBSCRIBE request with no 1023 "Event" header field as requesting a subscription to PINT events. If 1024 a notifier does not support PINT, it SHOULD return "489 Bad Event" to 1025 any SUBSCRIBE requests without an "Event" header field. 1027 4.3. Proxy Behavior 1029 Proxies need no additional behavior beyond that described in 1030 [RFC3261] to support SUBSCRIBE and NOTIFY transactions. If a proxy 1031 wishes to see all of the SUBSCRIBE and NOTIFY requests for a given 1032 dialog, it MUST add a Record-Route header field to the initial 1033 SUBSCRIBE request and all NOTIFY requests. It MAY choose to include 1034 Record-Route in subsequent SUBSCRIBE requests; however, these 1035 requests cannot cause the dialog's route set to be modified. 1037 Proxies that did not add a Record-Route header field to the initial 1038 SUBSCRIBE request MUST NOT add a Record-Route header field to any of 1039 the associated NOTIFY requests. 1041 Note that subscribers and notifiers may elect to use S/MIME 1042 encryption of SUBSCRIBE and NOTIFY requests; consequently, proxies 1043 cannot rely on being able to access any information that is not 1044 explicitly required to be proxy-readable by [RFC3261]. 1046 4.4. Common Behavior 1047 4.4.1. Dialog Creation and Termination 1049 Dialogs usages are created upon completion of a NOTIFY transaction 1050 for a new subscription, unless the NOTIFY request contains a 1051 "Subscription-State" of "terminated." 1053 Because the dialog usage is established by the NOTIFY request, the 1054 route set at the subscriber is taken from the NOTIFY request itself, 1055 as opposed to the route set present in the 200-class response to the 1056 SUBSCRIBE request. 1058 NOTIFY requests are matched to such SUBSCRIBE requests if they 1059 contain the same "Call-ID", a "To" header field "tag" parameter which 1060 matches the "From" header field "tag" parameter of the SUBSCRIBE 1061 request, and the same "Event" header field. Rules for comparisons of 1062 the "Event" header fields are described in Section 8.2.1. 1064 A subscription is destroyed after a notifier sends a NOTIFY request 1065 with a "Subscription-State" of "terminated," or in certain error 1066 situations described elsewhere in this document. The subscriber will 1067 generally answer such final requests with a "200 OK" response (unless 1068 a condition warranting an alternate response has arisen). Except 1069 when the mechanism described in Section 4.5.2 is used, the 1070 destruction of a subscription results in the termination of its 1071 associated dialog. 1073 A subscriber may send a SUBSCRIBE request with an "Expires" header 1074 field of 0 in order to trigger the sending of such a NOTIFY 1075 request; however, for the purposes of subscription and dialog 1076 lifetime, the subscription is not considered terminated until the 1077 NOTIFY transaction with a "Subscription-State" of "terminated" 1078 completes. 1080 4.4.2. Notifier Migration 1082 It is often useful to allow migration of subscriptions between 1083 notifiers. Such migration may be effected by sending a NOTIFY 1084 request with a "Subscription-State" header field of "terminated", and 1085 a reason parameter of "deactivated". This NOTIFY request is 1086 otherwise normal, and is formed as described in Section 4.2.2. 1088 Upon receipt of this NOTIFY request, the subscriber SHOULD attempt to 1089 re-subscribe (as described in the preceding sections). Note that 1090 this subscription is established on a new dialog, and does not re-use 1091 the route set from the previous subscription dialog. 1093 The actual migration is effected by making a change to the policy 1094 (such as routing decisions) of one or more servers to which the 1095 SUBSCRIBE request will be sent in such a way that a different node 1096 ends up responding to the SUBSCRIBE request. This may be as simple 1097 as a change in the local policy in the notifier from which the 1098 subscription is migrating so that it serves as a proxy or redirect 1099 server instead of a notifier. 1101 Whether, when, and why to perform notifier migrations may be 1102 described in individual event packages; otherwise, such decisions are 1103 a matter of local notifier policy, and are left up to individual 1104 implementations. 1106 4.4.3. Polling Resource State 1108 A natural consequence of the behavior described in the preceding 1109 sections is that an immediate fetch without a persistent subscription 1110 may be effected by sending a SUBSCRIBE with an "Expires" of 0. 1112 Of course, an immediate fetch while a subscription is active may be 1113 effected by sending a SUBSCRIBE request with an "Expires" equal to 1114 the number of seconds remaining in the subscription. 1116 Upon receipt of this SUBSCRIBE request, the notifier (or notifiers, 1117 if the SUBSCRIBE request was forked) will send a NOTIFY request 1118 containing resource state in the same dialog. 1120 Note that the NOTIFY requests triggered by SUBSCRIBE requests with 1121 "Expires" header fields of 0 will contain a "Subscription-State" 1122 value of "terminated", and a "reason" parameter of "timeout". 1124 Polling of event state can cause significant increases in load on the 1125 network and notifiers; as such, it should be used only sparingly. In 1126 particular, polling SHOULD NOT be used in circumstances in which it 1127 will typically result in more network messages than long-running 1128 subscriptions. 1130 When polling is used, subscribers SHOULD attempt to cache 1131 authentication credentials between polls so as to reduce the number 1132 of messages sent. 1134 Due to the requirement on notifiers to send a NOTIFY request 1135 immediately upon receipt of a SUBSCRIBE request, the state 1136 provided by polling is limited to the information that the 1137 notifier has immediate local access to when it receives the 1138 SUBSCRIBE request. If, for example, the notifier generally needs 1139 to retrieve state from another network server, then that state 1140 will be absent from the NOTIFY request that results from polling. 1142 4.4.4. Allow-Events header field usage 1144 The "Allow-Events" header field, if present, includes a list of 1145 tokens which indicates the event packages supported by a notifier. 1146 In other words, a user agent sending an "Allow-Events" header field 1147 is advertising that it can process SUBSCRIBE requests and generate 1148 NOTIFY requests for all of the event packages listed in that header 1149 field. 1151 Any user agent that can act as a notifier for one or more event 1152 packages SHOULD include an appropriate "Allow-Events" header field 1153 indicating all supported events in all methods which initiate dialogs 1154 and their responses (such as INVITE) and OPTIONS responses. 1156 This information is very useful, for example, in allowing user 1157 agents to render particular interface elements appropriately 1158 according to whether the events required to implement the features 1159 they represent are supported by the appropriate nodes. 1160 On the other hand, it doesn't necessarily make much sense to 1161 indicate supported events inside a dialog established by a NOTIFY 1162 request if the only event package supported is the one associated 1163 with that subscription. 1165 Note that "Allow-Events" header fields MUST NOT be inserted by 1166 proxies. 1168 The "Allow-Events" header field does not include a list of the event 1169 template packages supported by an implementation. If a subscriber 1170 wishes to determine which event template packages are supported by a 1171 notifier, it can probe for such support by attempting to subscribe to 1172 the event template packages it wishes to use. 1174 4.5. Targeting Subscriptions at Devices 1176 [RFC3265] defined a mechanism by which subscriptions could share 1177 dialogs with invite usages and with other subscriptions. The purpose 1178 of this behavior was to allow subscribers to ensure that a 1179 subscription arrived at the same device as an established dialog. 1180 Unfortunately, the re-use of dialogs has proven to be exceedingly 1181 confusing. [RFC5057] attempted to clarify proper behavior in a 1182 variety of circumstances; however, the ensuing rules remain confusing 1183 and prone to implementation error. At the same time, the mechanism 1184 described in [RFC5627] now provides a far more elegant and 1185 unambiguous means to achieve the same goal. 1187 Consequently, the dialog re-use technique described in RFC 3265 is 1188 now deprecated. 1190 This dialog-sharing technique has also historically been used as a 1191 means for targeting an event package at a dialog. This usage can be 1192 seen, for example, in certain applications of the REFER method 1193 [RFC3515]. With the removal of dialog re-use, an alternate (and more 1194 explicit) means of targeting dialogs needs to be used for this type 1195 of correlation. The appropriate means of such targeting is left up 1196 to the actual event packages. Candidates include the "Target-Dialog" 1197 header field [RFC4538], the "Join" header field [RFC3911], and the 1198 "Replaces" header field [RFC3891], depending on the semantics 1199 desired. Alternately, if the semantics of those header fields do not 1200 match the event package's purpose for correlation, event packages can 1201 devise their own means of identifying dialogs. For an example of 1202 this approach, see the Dialog Event Package [RFC4235]. 1204 4.5.1. Using GRUUs to Route to Devices 1206 Notifiers MUST implement the Globally Routable User-Agent URI (GRUU) 1207 extension defined in [RFC5627], and MUST use a GRUU as their local 1208 target. This allows subscribers to explicitly target desired 1209 devices. 1211 If a subscriber wishes to subscribe to a resource on the same device 1212 as an established dialog, it should check whether the remote contact 1213 in that dialog is a GRUU (i.e., whether it contains a "gr" URI 1214 parameter). If so, the subscriber creates a new dialog, using the 1215 GRUU as the request URI for the new SUBSCRIBE request. 1217 Because GRUUs are guaranteed to route to a a specific device, this 1218 ensures that the subscription will be routed to the same place as 1219 the established dialog. 1221 4.5.2. Sharing Dialogs 1223 For compatibility with older clients, subscriber and notifier 1224 implementations may choose to allow dialog sharing. The behavior of 1225 multiple usages within a dialog are described in [RFC5057]. 1227 Subscribers MUST NOT attempt to re-use dialogs whose remote target is 1228 a GRUU. 1230 Note that the techniques described in this section are included 1231 for backwards compatibility purposes only. Because subscribers 1232 cannot re-use dialogs with a GRUU for their remote target, and 1233 because notifiers must use GRUUs as their local target, any two 1234 implementations that conform to this specification will 1235 automatically use the mechanism described in Section 4.5.1. 1237 If a subscriber wishes to subscribe to a resource on the same device 1238 as an established dialog and the remote contact is not a GRUU, it MAY 1239 revert to dialog sharing behavior. Alternately, it MAY choose to 1240 treat the remote party as incapable of servicing the subscription 1241 (i.e., the same way it would behave if the remote party did not 1242 support SIP events at all). 1244 If a notifier receives a SUBSCRIBE request for a new subscription on 1245 an existing dialog, it MAY choose to implement dialog sharing 1246 behavior. Alternately, it may choose to fail the SUBSCRIBE request 1247 with a 403 response. The error text of such 403 responses SHOULD 1248 indicate that dialog sharing is not supported. 1250 To implement dialog sharing, subscribers and notifiers perform the 1251 following additional processing: 1253 o When subscriptions exist in dialogs associated with INVITE-created 1254 application state and/or other subscriptions, these sets of 1255 application state do not interact beyond the behavior described 1256 for a dialog (e.g., route set handling). In particular, multiple 1257 subscriptions within a dialog are expire independently, and 1258 require independent subscription refreshes. 1260 o If a subscription's destruction leaves no other application state 1261 associated with the dialog, the dialog terminates. The 1262 destruction of other application state (such as that created by an 1263 INVITE) will not terminate the dialog if a subscription is still 1264 associated with that dialog. This means that, when dialog are re- 1265 used, then a dialog created with an INVITE does not necessarily 1266 terminate upon receipt of a BYE. Similarly, in the case that 1267 several subscriptions are associated with a single dialog, the 1268 dialog does not terminate until all the subscriptions in it are 1269 destroyed. 1271 o Subscribers MAY include an "id" parameter in SUBSCRIBE request 1272 "Event" header field to allow differentiation between multiple 1273 subscriptions in the same dialog. This "id" parameter, if 1274 present, contains an opaque token which identifies the specific 1275 subscription within a dialog. An "id" parameter is only valid 1276 within the scope of a single dialog. 1278 o If an "id" parameter is present in the SUBSCRIBE request used to 1279 establish a subscription, that "id" parameter MUST also be present 1280 in all corresponding NOTIFY requests. 1282 o When a subscriber refreshes a the subscription timer, the 1283 SUBSCRIBE request MUST contain the same "Event" header field "id" 1284 parameter as was present in the SUBSCRIBE request that created the 1285 subscription. (Otherwise, the notifier will interpret the 1286 SUBSCRIBE request as a request for a new subscription in the same 1287 dialog). 1289 o When a subscription is created in the notifier, it stores any 1290 "Event" header field "id" parameter as part of the subscription 1291 information (along with the event package name). 1293 o If an initial SUBSCRIBE request is sent on a pre-existing dialog, 1294 a matching NOTIFY request merely creates a new subscription 1295 associated with that dialog. 1297 4.6. CANCEL Requests for SUBSCRIBE and NOTIFY Transactions 1299 Neither SUBSCRIBE nor NOTIFY requests can be canceled. If a UAS 1300 receives a CANCEL request that matches a known SUBSCRIBE or NOTIFY 1301 transaction, it MUST respond to the CANCEL request, but otherwise 1302 ignore it. In particular, the CANCEL request MUST NOT affect 1303 processing of the SUBSCRIBE or NOTIFY request in any way. 1305 UACs SHOULD NOT send CANCEL requests for SUBSCRIBE or NOTIFY 1306 transactions. 1308 5. Event Packages 1310 This section covers several issues which should be taken into 1311 consideration when event packages based on the SUBSCRIBE and NOTIFY 1312 methods are proposed. Event package definitions contain sections 1313 addressing each of these issues, ideally in the same order and with 1314 the same titles as the following sections. 1316 5.1. Appropriateness of Usage 1318 When designing an event package using the methods described in this 1319 document for event notification, it is important to consider: is SIP 1320 an appropriate mechanism for the problem set? Is SIP being selected 1321 because of some unique feature provided by the protocol (e.g., user 1322 mobility), or merely because "it can be done?" If you find yourself 1323 defining event packages for notifications related to, for example, 1324 network management or the temperature inside your car's engine, you 1325 may want to reconsider your selection of protocols. 1327 Those interested in extending the mechanism defined in this 1328 document are urged to follow the development of "Guidelines for 1329 Authors of SIP Extensions" [RFC4485] for further guidance 1330 regarding appropriate uses of SIP. 1332 Further, it is expected that this mechanism is not to be used in 1333 applications where the frequency of reportable events is excessively 1334 rapid (e.g., more than about once per second). A SIP network is 1335 generally going to be provisioned for a reasonable signaling volume; 1336 sending a notification every time a user's GPS position changes by 1337 one hundredth of a second could easily overload such a network. 1339 5.2. Event Template-packages 1341 Normal event packages define a set of state applied to a specific 1342 type of resource, such as user presence, call state, and messaging 1343 mailbox state. 1345 Event template-packages are a special type of package which define a 1346 set of state applied to other packages, such as statistics, access 1347 policy, and subscriber lists. Event template-packages may even be 1348 applied to other event template-packages. 1350 To extend the object-oriented analogy made earlier, event template- 1351 packages can be thought of as templatized C++ packages which must be 1352 applied to other packages to be useful. 1354 The name of an event template-package as applied to a package is 1355 formed by appending a period followed by the event template-package 1356 name to the end of the package. For example, if a template-package 1357 called "winfo" were being applied to a package called "presence", the 1358 event token used in "Event" and "Allow-Events" would be 1359 "presence.winfo". 1361 Event template-packages must be defined so that they can be applied 1362 to any arbitrary package. In other words, event template-packages 1363 cannot be specifically tied to one or a few "parent" packages in such 1364 a way that they will not work with other packages. 1366 5.3. Amount of State to be Conveyed 1368 When designing event packages, it is important to consider the type 1369 of information which will be conveyed during a notification. 1371 A natural temptation is to convey merely the event (e.g., "a new 1372 voice message just arrived") without accompanying state (e.g., "7 1373 total voice messages"). This complicates implementation of 1374 subscribing entities (since they have to maintain complete state for 1375 the entity to which they have subscribed), and also is particularly 1376 susceptible to synchronization problems. 1378 There are two possible solutions to this problem that event packages 1379 may choose to implement. 1381 5.3.1. Complete State Information 1383 In general, event packages need to be able to convey a well-defined 1384 and complete state, rather than just a stream of events. If it is 1385 not possible to describe complete system state for transmission in 1386 NOTIFY requests, then the problem set is not a good candidate for an 1387 event package. 1389 For packages which typically convey state information that is 1390 reasonably small (on the order of 1 KB or so), it is suggested that 1391 event packages are designed so as to send complete state information 1392 whenever an event occurs. 1394 In some circumstances, conveying the current state alone may be 1395 insufficient for a particular class of events. In these cases, the 1396 event packages should include complete state information along with 1397 the event that occurred. For example, conveying "no customer service 1398 representatives available" may not be as useful as conveying "no 1399 customer service representatives available; representative 1400 sip:46@cs.xyz.int just logged off". 1402 5.3.2. State Deltas 1404 In the case that the state information to be conveyed is large, the 1405 event package may choose to detail a scheme by which NOTIFY requests 1406 contain state deltas instead of complete state. 1408 Such a scheme would work as follows: any NOTIFY request sent in 1409 immediate response to a SUBSCRIBE request contains full state 1410 information. NOTIFY requests sent because of a state change will 1411 contain only the state information that has changed; the subscriber 1412 will then merge this information into its current knowledge about the 1413 state of the resource. 1415 Any event package that supports delta changes to states MUST include 1416 a version number that increases by exactly one for each NOTIFY 1417 transaction in a subscription. Note that the state version number 1418 appears in the body of the message, not in a SIP header field. 1420 If a NOTIFY request arrives that has a version number that is 1421 incremented by more than one, the subscriber knows that a state delta 1422 has been missed; it ignores the NOTIFY request containing the state 1423 delta (except for the version number, which it retains to detect 1424 message loss), and re-sends a SUBSCRIBE request to force a NOTIFY 1425 request containing a complete state snapshot. 1427 5.4. Event Package Responsibilities 1429 Event packages are not required to reiterate any of the behavior 1430 described in this document, although they may choose to do so for 1431 clarity or emphasis. In general, though, such packages are expected 1432 to describe only the behavior that extends or modifies the behavior 1433 described in this document. 1435 Note that any behavior designated with "SHOULD" or "MUST" in this 1436 document is not allowed to be weakened by extension documents; 1437 however, such documents may elect to strengthen "SHOULD" requirements 1438 to "MUST" strength if required by their application. 1440 In addition to the normal sections expected in standards-track 1441 RFCs and SIP extension documents, authors of event packages need 1442 to address each of the issues detailed in the following 1443 subsections, whenever applicable. 1445 5.4.1. Event Package Name 1447 This section, which MUST be present, defines the token name to be 1448 used to designate the event package. It MUST include the information 1449 which appears in the IANA registration of the token. For information 1450 on registering such types, see Section 7. 1452 5.4.2. Event Package Parameters 1454 If parameters are to be used on the "Event" header field to modify 1455 the behavior of the event package, the syntax and semantics of such 1456 header fields MUST be clearly defined. 1458 Any "Event" header field parameters defined by an event package MUST 1459 be registered in the "Header Field Parameters and Parameter Values" 1460 registry defined by [RFC3968]. An "Event" header field parameter, 1461 once registered in conjunction with an event package, MUST NOT be re- 1462 used with any other event package. Non-event-package specifications 1463 MAY define "Event" header field parameters that apply across all 1464 event packages (with emphasis on "all", as opposed to "several"), 1465 such as the "id" parameter defined in this document. The restriction 1466 of a parameter to use with a single event package only applies to 1467 parameters that are defined in conjunction with an event package. 1469 5.4.3. SUBSCRIBE Request Bodies 1471 It is expected that most, but not all, event packages will define 1472 syntax and semantics for SUBSCRIBE request bodies; these bodies will 1473 typically modify, expand, filter, throttle, and/or set thresholds for 1474 the class of events being requested. Designers of event packages are 1475 strongly encouraged to re-use existing MIME types for message bodies 1476 where practical. 1478 This mandatory section of an event package defines what type or types 1479 of event bodies are expected in SUBSCRIBE requests (or specify that 1480 no event bodies are expected). It should point to detailed 1481 definitions of syntax and semantics for all referenced body types. 1483 5.4.4. Subscription Duration 1485 It is RECOMMENDED that event packages give a suggested range of times 1486 considered reasonable for the duration of a subscription. Such 1487 packages MUST also define a default "Expires" value to be used if 1488 none is specified. 1490 5.4.5. NOTIFY Request Bodies 1492 The NOTIFY request body is used to report state on the resource being 1493 monitored. Each package MUST define what type or types of event 1494 bodies are expected in NOTIFY requests. Such packages MUST specify 1495 or cite detailed specifications for the syntax and semantics 1496 associated with such event body. 1498 Event packages also MUST define which MIME type is to be assumed if 1499 none are specified in the "Accept" header field of the SUBSCRIBE 1500 request. 1502 5.4.6. Notifier processing of SUBSCRIBE requests 1504 This section describes the processing to be performed by the notifier 1505 upon receipt of a SUBSCRIBE request. Such a section is required. 1507 Information in this section includes details of how to authenticate 1508 subscribers and authorization issues for the package. 1510 5.4.7. Notifier generation of NOTIFY requests 1512 This section of an event package describes the process by which the 1513 notifier generates and sends a NOTIFY request. This includes 1514 detailed information about what events cause a NOTIFY request to be 1515 sent, how to compute the state information in the NOTIFY, how to 1516 generate neutral or fake state information to hide authorization 1517 delays and decisions from users, and whether state information is 1518 complete or deltas for notifications; see Section 5.3. Such a 1519 section is required. 1521 This section may optionally describe the behavior used to process the 1522 subsequent response. 1524 5.4.8. Subscriber processing of NOTIFY requests 1526 This section of an event package describes the process followed by 1527 the subscriber upon receipt of a NOTIFY request, including any logic 1528 required to form a coherent resource state (if applicable). 1530 5.4.9. Handling of forked requests 1532 Each event package MUST specify whether forked SUBSCRIBE requests are 1533 allowed to install multiple subscriptions. 1535 If such behavior is not allowed, the first potential dialog- 1536 establishing message will create a dialog. All subsequent NOTIFY 1537 requests which correspond to the SUBSCRIBE request (i.e., match "To", 1538 "From", "From" header field "tag" parameter, "Call-ID", "Event", and 1539 "Event" header field "id" parameter) but which do not match the 1540 dialog would be rejected with a 481 response. Note that the 200- 1541 class response to the SUBSCRIBE request can arrive after a matching 1542 NOTIFY request has been received; such responses might not correlate 1543 to the same dialog established by the NOTIFY request. Except as 1544 required to complete the SUBSCRIBE transaction, such non-matching 1545 200-class responses are ignored. 1547 If installing of multiple subscriptions by way of a single forked 1548 SUBSCRIBE request is allowed, the subscriber establishes a new dialog 1549 towards each notifier by returning a 200-class response to each 1550 NOTIFY request. Each dialog is then handled as its own entity, and 1551 is refreshed independent of the other dialogs. 1553 In the case that multiple subscriptions are allowed, the event 1554 package MUST specify whether merging of the notifications to form a 1555 single state is required, and how such merging is to be performed. 1556 Note that it is possible that some event packages may be defined in 1557 such a way that each dialog is tied to a mutually exclusive state 1558 which is unaffected by the other dialogs; this MUST be clearly stated 1559 if it is the case. 1561 5.4.10. Rate of notifications 1563 Each event package is expected to define a requirement (SHOULD or 1564 MUST strength) which defines an absolute maximum on the rate at which 1565 notifications are allowed to be generated by a single notifier. 1567 Each package MAY further define a throttle mechanism which allows 1568 subscribers to further limit the rate of notification. 1570 5.4.11. State Aggregation 1572 Many event packages inherently work by collecting information about a 1573 resource from a number of other sources -- either through the use of 1574 PUBLISH [RFC3903], by subscribing to state information, or through 1575 other state gathering mechanisms. 1577 Event packages that involve retrieval of state information for a 1578 single resource from more than one source need to consider how 1579 notifiers aggregate information into a single, coherent state. Such 1580 packages MUST specify how notifiers aggregate information and how 1581 they provide authentication and authorization. 1583 5.4.12. Examples 1585 Event packages SHOULD include several demonstrative message flow 1586 diagrams paired with several typical, syntactically correct, and 1587 complete messages. 1589 It is RECOMMENDED that documents describing event packages clearly 1590 indicate that such examples are informative and not normative, with 1591 instructions that implementors refer to the main text of the document 1592 for exact protocol details. 1594 5.4.13. Use of URIs to Retrieve State 1596 Some types of event packages may define state information which is 1597 potentially too large to reasonably send in a SIP message. To 1598 alleviate this problem, event packages may include the ability to 1599 convey a URI instead of state information; this URI will then be used 1600 to retrieve the actual state information. 1602 [RFC4483] defines a mechanism that can be used by event packages to 1603 convey information in such a fashion. 1605 6. Security Considerations 1607 6.1. Access Control 1609 The ability to accept subscriptions should be under the direct 1610 control of the notifier's user, since many types of events may be 1611 considered sensitive for the purposes of privacy. Similarly, the 1612 notifier should have the ability to selectively reject subscriptions 1613 based on the subscriber identity (based on access control lists), 1614 using standard SIP authentication mechanisms. The methods for 1615 creation and distribution of such access control lists is outside the 1616 scope of this document. 1618 6.2. Notifier Privacy Mechanism 1620 The mere act of returning certain 4xx and 6xx responses to SUBSCRIBE 1621 requests may, under certain circumstances, create privacy concerns by 1622 revealing sensitive policy information. In these cases, the notifier 1623 SHOULD always return a 200 (OK) response. While the subsequent 1624 NOTIFY request may not convey true state, it MUST appear to contain a 1625 potentially correct piece of data from the point of view of the 1626 subscriber, indistinguishable from a valid response. Information 1627 about whether a user is authorized to subscribe to the requested 1628 state is never conveyed back to the original user under these 1629 circumstances. 1631 Individual packages and their related documents for which such a mode 1632 of operation makes sense can further describe how and why to generate 1633 such potentially correct data. For example, such a mode of operation 1634 is mandated by [RFC2779] for user presence information. 1636 6.3. Denial-of-Service attacks 1638 The current model (one SUBSCRIBE request triggers a SUBSCRIBE 1639 response and one or more NOTIFY requests) is a classic setup for an 1640 amplifier node to be used in a smurf attack. 1642 Also, the creation of state upon receipt of a SUBSCRIBE request can 1643 be used by attackers to consume resources on a victim's machine, 1644 rendering it unusable. 1646 To reduce the chances of such an attack, implementations of notifiers 1647 SHOULD require authentication. Authentication issues are discussed 1648 in [RFC3261]. 1650 6.4. Replay Attacks 1652 Replaying of either SUBSCRIBE or NOTIFY requests can have detrimental 1653 effects. 1655 In the case of SUBSCRIBE requests, attackers may be able to install 1656 any arbitrary subscription which it witnessed being installed at some 1657 point in the past. Replaying of NOTIFY requests may be used to spoof 1658 old state information (although a good versioning mechanism in the 1659 body of the NOTIFY requests may help mitigate such an attack). Note 1660 that the prohibition on sending NOTIFY requests to nodes which have 1661 not subscribed to an event also aids in mitigating the effects of 1662 such an attack. 1664 To prevent such attacks, implementations SHOULD require 1665 authentication with anti-replay protection. Authentication issues 1666 are discussed in [RFC3261]. 1668 6.5. Man-in-the middle attacks 1670 Even with authentication, man-in-the-middle attacks using SUBSCRIBE 1671 requests may be used to install arbitrary subscriptions, hijack 1672 existing subscriptions, terminate outstanding subscriptions, or 1673 modify the resource to which a subscription is being made. To 1674 prevent such attacks, implementations SHOULD provide integrity 1675 protection across "Contact", "Route", "Expires", "Event", and "To" 1676 header fields of SUBSCRIBE requests, at a minimum. If SUBSCRIBE 1677 request bodies are used to define further information about the state 1678 of the call, they SHOULD be included in the integrity protection 1679 scheme. 1681 Man-in-the-middle attacks may also attempt to use NOTIFY requests to 1682 spoof arbitrary state information and/or terminate outstanding 1683 subscriptions. To prevent such attacks, implementations SHOULD 1684 provide integrity protection across the "Call-ID", "CSeq", and 1685 "Subscription-State" header fields and the bodies of NOTIFY requests. 1687 Integrity protection of message header fields and bodies is discussed 1688 in [RFC3261]. 1690 6.6. Confidentiality 1692 The state information contained in a NOTIFY request has the potential 1693 to contain sensitive information. Implementations MAY encrypt such 1694 information to ensure confidentiality. 1696 While less likely, it is also possible that the information contained 1697 in a SUBSCRIBE request contains information that users might not want 1698 to have revealed. Implementations MAY encrypt such information to 1699 ensure confidentiality. 1701 To allow the remote party to hide information it considers sensitive, 1702 all implementations SHOULD be able to handle encrypted SUBSCRIBE and 1703 NOTIFY requests. 1705 The mechanisms for providing confidentiality are detailed in 1706 [RFC3261]. 1708 7. IANA Considerations 1710 (This section is not applicable until this document is published as 1711 an RFC.) 1713 7.1. Event Packages 1715 This document defines an event-type namespace which requires a 1716 central coordinating body. The body chosen for this coordination is 1717 the Internet Assigned Numbers Authority (IANA). 1719 There are two different types of event-types: normal event packages, 1720 and event template-packages; see Section 5.2. To avoid confusion, 1721 template-package names and package names share the same namespace; in 1722 other words, an event template-package MUST NOT share a name with a 1723 package. 1725 Policies for registration of SIP event packages and SIP event package 1726 templates are defined in section 4.1 of [RFC5727]. 1728 Registrations with the IANA MUST include the token being registered 1729 and whether the token is a package or a template-package. Further, 1730 packages MUST include contact information for the party responsible 1731 for the registration and/or a published document which describes the 1732 event package. Event template-package token registrations MUST 1733 include a pointer to the published RFC which defines the event 1734 template-package. 1736 Registered tokens to designate packages and template-packages MUST 1737 NOT contain the character ".", which is used to separate template- 1738 packages from packages. 1740 7.1.1. Registration Information 1742 As this document specifies no package or template-package names, the 1743 initial IANA registration for event types will be empty. The 1744 remainder of the text in this section gives an example of the type of 1745 information to be maintained by the IANA; it also demonstrates all 1746 five possible permutations of package type, contact, and reference. 1748 The table below lists the event packages and template-packages 1749 defined in "SIP-Specific Event Notification" [RFC xxxx]. Each name 1750 is designated as a package or a template-package under "Type". 1752 Package Name Type Contact Reference 1753 ------------ ---- ------- --------- 1754 example1 package [Roach] 1755 example2 package [Roach] [RFC xxxx] 1756 example3 package [RFC xxxx] 1757 example4 template [Roach] [RFC xxxx] 1758 example5 template [RFC xxxx] 1760 PEOPLE 1761 ------ 1762 [Roach] Adam Roach 1764 REFERENCES 1765 ---------- 1766 [RFC xxxx] A.B. Roach, "SIP-Specific Event Notification", RFC XXXX, 1767 Monthname 20XX 1769 7.1.2. Registration Template 1771 To: ietf-sip-events@iana.org 1772 Subject: Registration of new SIP event package 1774 Package Name: 1776 (Package names must conform to the syntax described in 1777 Section 8.2.1.) 1779 Is this registration for a Template Package: 1781 (indicate yes or no) 1783 Published Specification(s): 1785 (Template packages require a published RFC. Other packages may 1786 reference a specification when appropriate). 1788 Person & email address to contact for further information: 1790 7.2. Reason Codes 1792 This document further defines "reason" codes for use in the 1793 "Subscription-State" header field (see Section 4.1.3). 1795 Following the policies outlined in "Guidelines for Writing an IANA 1796 Considerations Section in RFCs" [RFC5226], new reason codes require a 1797 Standards Action. 1799 Registrations with the IANA include the reason code being registered 1800 and a reference to a published document which describes the event 1801 package. Insertion of such values takes place as part of the RFC 1802 publication process or as the result of inter-SDO liaison activity. 1803 New reason codes must conform to the syntax of the ABNF "token" 1804 element defined in [RFC3261]. 1806 [RFC4660] defined a new reason code prior to the establishment of an 1807 IANA registry. We include its reason code ("badfilter") in the 1808 initial list of reason codes to ensure a complete registry. 1810 The IANA registry for reason code will be initialized with the 1811 following values: 1813 Reason Code Reference 1814 ----------- --------- 1815 deactivated [RFC xxxx] 1816 probation [RFC xxxx] 1817 rejected [RFC xxxx] 1818 timeout [RFC xxxx] 1819 giveup [RFC xxxx] 1820 noresource [RFC xxxx] 1821 invariant [RFC xxxx] 1822 badfilter [RFC 4660] 1824 REFERENCES 1825 ---------- 1826 [RFC xxxx] A.B. Roach, "SIP-Specific Event Notification", RFC XXXX, 1827 Monthname 20XX 1829 [RFC 4660] Khartabil, H., Leppanen, E., Lonnfors, M., and 1830 J. Costa-Requena, "Functional Description of Event 1831 Notification Filtering", September 2006. 1833 7.3. Header Field Names 1835 This document registers three new header field names, described 1836 elsewhere in this document. These header fields are defined by the 1837 following information, which is to be added to the header field sub- 1838 registry under http://www.iana.org/assignments/sip-parameters. 1840 Header Name: Allow-Events 1841 Compact Form: u 1843 Header Name: Subscription-State 1844 Compact Form: (none) 1846 Header Name: Event 1847 Compact Form: o 1849 7.4. Response Codes 1851 This document registers two new response codes. These response codes 1852 are defined by the following information, which is to be added to the 1853 method and response-code sub-registry under 1854 http://www.iana.org/assignments/sip-parameters. 1856 Response Code Number: 202 1857 Default Reason Phrase: Accepted 1859 Response Code Number: 489 1860 Default Reason Phrase: Bad Event 1862 8. Syntax 1864 This section describes the syntax extensions required for event 1865 notification in SIP. Semantics are described in Section 4. Note 1866 that the formal syntax definitions described in this document are 1867 expressed in the ABNF format used in [RFC3261], and contain 1868 references to elements defined therein. 1870 8.1. New Methods 1872 This document describes two new SIP methods: SUBSCRIBE and NOTIFY. 1874 8.1.1. SUBSCRIBE method 1876 "SUBSCRIBE" is added to the definition of the element "Method" in the 1877 SIP message grammar. 1879 Like all SIP method names, the SUBSCRIBE method name is case 1880 sensitive. The SUBSCRIBE method is used to request asynchronous 1881 notification of an event or set of events at a later time. 1883 8.1.2. NOTIFY method 1885 "NOTIFY" is added to the definition of the element "Method" in the 1886 SIP message grammar. 1888 The NOTIFY method is used to notify a SIP node that an event which 1889 has been requested by an earlier SUBSCRIBE method has occurred. It 1890 may also provide further details about the event. 1892 8.2. New Header Fields 1894 8.2.1. "Event" Header Field 1896 Event is added to the definition of the element "message-header 1897 field" in the SIP message grammar. 1899 For the purposes of matching NOTIFY requests with SUBSCRIBE requests, 1900 the event-type portion of the "Event" header field is compared byte- 1901 by-byte, and the "id" parameter token (if present) is compared byte- 1902 by-byte. An "Event" header field containing an "id" parameter never 1903 matches an "Event" header field without an "id" parameter. No other 1904 parameters are considered when performing a comparison. SUBSCRIBE 1905 responses are matched per the transaction handling rules in 1906 [RFC3261]. 1908 Note that the forgoing text means that "Event: foo; id=1234" would 1909 match "Event: foo; param=abcd; id=1234", but not "Event: foo" (id 1910 does not match) or "Event: Foo; id=1234" (event portion does not 1911 match). 1913 This document does not define values for event-types. These values 1914 will be defined by individual event packages, and MUST be registered 1915 with the IANA. 1917 There MUST be exactly one event type listed per event header field. 1918 Multiple events per message are disallowed. 1920 8.2.2. "Allow-Events" Header Field 1922 Allow-Events is added to the definition of the element "general- 1923 header field" in the SIP message grammar. Its usage is described in 1924 Section 4.4.4. 1926 8.2.3. "Subscription-State" Header Field 1928 Subscription-State is added to the definition of the element 1929 "request-header field" in the SIP message grammar. Its usage is 1930 described in Section 4.1.3. 1932 8.3. New Response Codes 1934 8.3.1. "202 Accepted" Response Code 1936 For historical purposes, the 202 (Accepted) response code is added to 1937 the "Success" header field definition. 1939 This document does not specify the use of the 202 response code in 1940 conjunction with the SUBSCRIBE or NOTIFY methods. Previous versions 1941 of the SIP Events Framework assigned specific meaning to the 202 1942 response code. 1944 Due to response handling in forking cases, any 202 response to a 1945 SUBSCRIBE request may be absorbed by a proxy, and thus it can never 1946 be guaranteed to be received by the UAC. Furthermore, there is no 1947 actual processing difference for a 202 as compared to a 200; a NOTIFY 1948 request is sent after the subscription is processed, and it conveys 1949 the correct state. SIP interoperability tests found that 1950 implementations were handling 202 differently from 200, leading to 1951 incompatibilities. Therefore, the 202 response is being deprecated 1952 to make it clear there is no such difference and 202 should not be 1953 handled differently than 200. 1955 Implementations conformant with the current specification MUST treat 1956 an incoming 202 response as identical to a 200 response, and MUST NOT 1957 generate 202 response codes to SUBSCRIBE or NOTIFY requests. 1959 This document also updates [RFC4660], which reiterates the 202-based 1960 behavior in several places. Implementations compliant with the 1961 present document MUST NOT send a 202 response to a SUBSCRIBE request, 1962 and will send an alternate success response (such as 200) in its 1963 stead. 1965 8.3.2. "489 Bad Event" Response Code 1967 The 489 event response is added to the "Client-Error" header field 1968 field definition. "489 Bad Event" is used to indicate that the server 1969 did not understand the event package specified in a "Event" header 1970 field. 1972 8.4. Augmented BNF Definitions 1974 The Augmented BNF definitions for the various new and modified syntax 1975 elements follows. The notation is as used in [RFC3261], and any 1976 elements not defined in this section are as defined in SIP and the 1977 documents to which it refers. 1979 SUBSCRIBEm = %x53.55.42.53.43.52.49.42.45 ; SUBSCRIBE in caps 1980 NOTIFYm = %x4E.4F.54.49.46.59 ; NOTIFY in caps 1981 extension-method = SUBSCRIBEm / NOTIFYm / token 1983 Event = ( "Event" / "o" ) HCOLON event-type 1984 *( SEMI event-param ) 1985 event-type = event-package *( "." event-template ) 1986 event-package = token-nodot 1987 event-template = token-nodot 1988 token-nodot = 1*( alphanum / "-" / "!" / "%" / "*" 1989 / "_" / "+" / "`" / "'" / "~" ) 1991 ; The use of the "id" parameter is deprecated; it is included 1992 ; for backwards compatibility purposes only. 1993 event-param = generic-param / ( "id" EQUAL token ) 1995 Allow-Events = ( "Allow-Events" / "u" ) HCOLON event-type 1996 *(COMMA event-type) 1998 Subscription-State = "Subscription-State" HCOLON substate-value 1999 *( SEMI subexp-params ) 2000 substate-value = "active" / "pending" / "terminated" 2001 / extension-substate 2002 extension-substate = token 2003 subexp-params = ("reason" EQUAL event-reason-value) 2004 / ("expires" EQUAL delta-seconds) 2005 / ("retry-after" EQUAL delta-seconds) 2006 / generic-param 2007 event-reason-value = "deactivated" 2008 / "probation" 2009 / "rejected" 2010 / "timeout" 2011 / "giveup" 2012 / "noresource" 2013 / "invariant" 2014 / event-reason-extension 2015 event-reason-extension = token 2017 9. References 2019 9.1. Normative References 2021 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2022 Requirement Levels", BCP 14, RFC 2119, March 1997. 2024 [RFC2848] Petrack, S. and L. Conroy, "The PINT Service Protocol: 2025 Extensions to SIP and SDP for IP Access to Telephone Call 2026 Services", RFC 2848, June 2000. 2028 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 2029 A., Peterson, J., Sparks, R., Handley, M., and E. 2030 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 2031 June 2002. 2033 [RFC3265] Roach, A., "Session Initiation Protocol (SIP)-Specific 2034 Event Notification", RFC 3265, June 2002. 2036 [RFC3968] Camarillo, G., "The Internet Assigned Number Authority 2037 (IANA) Header Field Parameter Registry for the Session 2038 Initiation Protocol (SIP)", BCP 98, RFC 3968, 2039 December 2004. 2041 [RFC4483] Burger, E., "A Mechanism for Content Indirection in 2042 Session Initiation Protocol (SIP) Messages", RFC 4483, 2043 May 2006. 2045 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 2046 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 2047 May 2008. 2049 [RFC5627] Rosenberg, J., "Obtaining and Using Globally Routable User 2050 Agent URIs (GRUUs) in the Session Initiation Protocol 2051 (SIP)", RFC 5627, October 2009. 2053 [RFC5727] Peterson, J., Jennings, C., and R. Sparks, "Change Process 2054 for the Session Initiation Protocol (SIP) and the Real- 2055 time Applications and Infrastructure Area", BCP 67, 2056 RFC 5727, March 2010. 2058 9.2. Informative References 2060 [RFC2779] Day, M., Aggarwal, S., Mohr, G., and J. Vincent, "Instant 2061 Messaging / Presence Protocol Requirements", RFC 2779, 2062 February 2000. 2064 [RFC3515] Sparks, R., "The Session Initiation Protocol (SIP) Refer 2065 Method", RFC 3515, April 2003. 2067 [RFC3840] Rosenberg, J., Schulzrinne, H., and P. Kyzivat, 2068 "Indicating User Agent Capabilities in the Session 2069 Initiation Protocol (SIP)", RFC 3840, August 2004. 2071 [RFC3891] Mahy, R., Biggs, B., and R. Dean, "The Session Initiation 2072 Protocol (SIP) "Replaces" Header", RFC 3891, 2073 September 2004. 2075 [RFC3903] Niemi, A., "Session Initiation Protocol (SIP) Extension 2076 for Event State Publication", RFC 3903, October 2004. 2078 [RFC3911] Mahy, R. and D. Petrie, "The Session Initiation Protocol 2079 (SIP) "Join" Header", RFC 3911, October 2004. 2081 [RFC4235] Rosenberg, J., Schulzrinne, H., and R. Mahy, "An INVITE- 2082 Initiated Dialog Event Package for the Session Initiation 2083 Protocol (SIP)", RFC 4235, November 2005. 2085 [RFC4485] Rosenberg, J. and H. Schulzrinne, "Guidelines for Authors 2086 of Extensions to the Session Initiation Protocol (SIP)", 2087 RFC 4485, May 2006. 2089 [RFC4538] Rosenberg, J., "Request Authorization through Dialog 2090 Identification in the Session Initiation Protocol (SIP)", 2091 RFC 4538, June 2006. 2093 [RFC4660] Khartabil, H., Leppanen, E., Lonnfors, M., and J. Costa- 2094 Requena, "Functional Description of Event Notification 2095 Filtering", RFC 4660, September 2006. 2097 [RFC5057] Sparks, R., "Multiple Dialog Usages in the Session 2098 Initiation Protocol", RFC 5057, November 2007. 2100 [RFC5839] Niemi, A. and D. Willis, "An Extension to Session 2101 Initiation Protocol (SIP) Events for Conditional Event 2102 Notification", RFC 5839, May 2010. 2104 Appendix A. Acknowledgements 2106 Thanks to the participants in the Events BOF at the 48th IETF meeting 2107 in Pittsburgh, as well as those who gave ideas and suggestions on the 2108 SIP Events mailing list. In particular, I wish to thank Henning 2109 Schulzrinne of Columbia University for coming up with the final 2110 three-tiered event identification scheme, Sean Olson for 2111 miscellaneous guidance, Jonathan Rosenberg for a thorough scrubbing 2112 of the -00 draft, and the authors of the "SIP Extensions for 2113 Presence" document for their input to SUBSCRIBE and NOTIFY request 2114 semantics. 2116 I also owe a debt of gratitude to all the implementors who have 2117 provided feedback on areas of confusion or difficulty in the original 2118 specification. In particular, Robert Sparks' Herculean efforts 2119 organizing, running, and collecting data from the SIPit events have 2120 proven invaluable in shaking out specification bugs. Robert Sparks 2121 is also responsible for untangling the dialog usage mess, in the form 2122 of RFC 5057 [RFC5057]. 2124 Appendix B. Changes 2126 This section, and all of its subsections, will be consolidated into a 2127 single "Changes Since RFC 3265" section prior to publication. Bug 2128 numbers refer to the identifiers for the bug reports kept on file at 2129 http://bugs.sipit.net/. 2131 B.1. Changes from draft-ietf-sipcore-rfc3265bis-03 to 2132 draft-ietf-sipcore-rfc3265bis-04 2134 Added rationale text to deprecation of 202 response code. 2136 B.2. Changes from draft-ietf-sipcore-rfc3265bis-02 to 2137 draft-ietf-sipcore-rfc3265bis-03 2139 o Clarified scope of Event header field parameters. In RFC3265, the 2140 scope is ambiguous, which causes problems with the RFC3968 2141 registry. The new text ensures that Event header field parameters 2142 are unique across all event packages. 2143 o Removed obsoleted language around IANA registration policies for 2144 event packages. Instead, we now cite RFC5727, which supersedes 2145 RFC3265, and is authoritative on event package registration 2146 policy. 2147 o Several editorial updates after input from working group, 2148 including proper designation of "dialog usage" rather than 2149 "dialog" where appropriate. 2150 o Fixed left-over language that allowed implicit subscriptions (in 2151 contradiction to text elsewhere in the document) 2152 o Fixed subscriber state machine handling of Timer N 2153 o Clarified two normative statements about subscription termination 2154 by changing from plain English prose to RFC2119 language. 2156 B.3. Changes from draft-ietf-sipcore-rfc3265bis-01 to 2157 draft-ietf-sipcore-rfc3265bis-02 2159 o Removed "Table 2" expansions, per WG consensus on how SIP table 2 2160 is to be handled. 2161 o Removed 202 response code. 2162 o Clarified that "Allow-Events" does not list event template 2163 packages. 2164 o Clarified that Timer N *does* apply to subscription refreshes. 2166 B.4. Changes from draft-ietf-sipcore-rfc3265bis-00 to 2167 draft-ietf-sipcore-rfc3265bis-01 2169 o Renamed Timer L to Timer N, to avoid a naming conflict. 2170 o Added clarification about proper response when the SUBSCRIBE 2171 indicates an unknown MIME type in its Accept header field. 2172 o Clarification around Route and Record-Route behavior. 2173 o Added non-normative warning about the limitations of state 2174 polling. 2175 o Added information about targeting subscriptions at specific 2176 dialogs. 2177 o Added "Call-Info" header field to RFC 3261 Table 2 expansion. 2179 B.5. Changes from draft-roach-sipcore-rfc3265bis-00 to 2180 draft-ietf-sipcore-rfc3265bis-00 2182 None 2184 B.6. Changes since RFC 3265 2186 B.6.1. Bug 666: Clarify use of expires=xxx with terminated 2188 Strengthened language in Section 4.1.3 to clarify that expires should 2189 not be sent with terminated, and must be ignored if received. 2191 B.6.2. Bug 667: Reason code for unsub/poll not clearly spelled out 2193 Clarified description of "timeout" in Section 4.1.3. (n.b., the text 2194 in Section 4.4.3 is actually pretty clear about this). 2196 B.6.3. Bug 669: Clarify: SUBSCRIBE for a duration might be answered 2197 with a NOTIFY/expires=0 2199 Added clarifying text to Section 4.2.2 explaining that shortening a 2200 subscription to zero seconds is valid. Also added sentence to 2201 Section 3.1.1 explicitly allowing shortening to zero. 2203 B.6.4. Bug 670: Dialog State Machine needs clarification 2205 The issues associated with the bug deal exclusively with the handling 2206 of multiple usages with a dialog. This behavior has been deprecated 2207 and moved to Section 4.5.2. This section, in turn, cites [RFC5057], 2208 which addresses all of the issues in Bug 670. 2210 B.6.5. Bug 671: Clarify timeout-based removal of subscriptions 2212 Changed Section 4.2.2 to specifically cite Timer F (so as to avoid 2213 ambiguity between transaction timeouts and retransmission timeouts). 2215 B.6.6. Bug 672: Mandate expires= in NOTIFY 2217 Changed strength of including of "expires" in a NOTIFY from SHOULD to 2218 MUST in Section 4.2.2. 2220 B.6.7. Bug 673: INVITE 481 response effect clarification 2222 This bug was addressed in [RFC5057]. 2224 B.6.8. Bug 677: SUBSCRIBE response matching text in error 2226 Fixed Section 8.2.1 to remove incorrect "...responses and..." -- 2227 explicitly pointed to SIP for transaction response handling. 2229 B.6.9. Bug 695: Document is not explicit about response to NOTIFY at 2230 subscription termination 2232 Added text to Section 4.4.1 indicating that the typical response to a 2233 terminal NOTIFY is a "200 OK". 2235 B.6.10. Bug 696: Subscription state machine needs clarification 2237 Added state machine diagram to Section 4.1.2 with explicit handling 2238 of what to do when a SUBSCRIBE never shows up. Added definition of 2239 and handling for new Timer N to Section 4.1.2.4. Added state machine 2240 to Section 4.2.2 to reinforce text. 2242 B.6.11. Bug 697: Unsubscription behavior could be clarified 2244 Added text to Section 4.2.1.4 encouraging (but not requiring) full 2245 state in final NOTIFY request. Also added text to Section 4.1.2.3 2246 warning subscribers that full state may or may not be present in the 2247 final NOTIFY. 2249 B.6.12. Bug 699: NOTIFY and SUBSCRIBE are target refresh requests 2251 Added text to both Section 3.1 and Section 3.2 explicitly indicating 2252 that SUBSCRIBE and NOTIFY are target refresh methods. 2254 B.6.13. Bug 722: Inconsistent 423 reason phrase text 2256 Changed reason code to "Interval Too Brief" in Section 4.2.1.1 and 2257 Section 4.2.1.4, to match 423 reason code in SIP [RFC3261]. 2259 B.6.14. Bug 741: guidance needed on when to not include Allow-Events 2261 Added non-normative clarification to Section 4.4.4 regarding 2262 inclusion of Allow-Events in a NOTIFY for the one-and-only package 2263 supported by the notifier. 2265 B.6.15. Bug 744: 5xx to NOTIFY terminates a subscription, but should 2266 not 2268 Issue of subscription (usage) termination versus dialog termination 2269 is handled in [RFC5057]. The text in Section 4.2.2 has been updated 2270 to summarize the behavior described by 5057, and cites it for 2271 additional detail and rationale. 2273 B.6.16. Bug 752: Detection of forked requests is incorrect 2275 Removed erroneous "CSeq" from list of matching criteria in 2276 Section 5.4.9. 2278 B.6.17. Bug 773: Reason code needs IANA registry 2280 Added Section 7.2 to create and populate IANA registry. 2282 B.6.18. Bug 774: Need new reason for terminating subscriptions to 2283 resources that never change 2285 Added new "invariant" reason code to Section 4.1.3, ABNF syntax. 2287 B.6.19. Clarify handling of Route/Record-Route in NOTIFY 2289 Changed text in Section 4.3 mandating Record-Route in initial 2290 SUBSCRIBE and all NOTIFY requests, and adding "MAY" level statements 2291 for subsequent SUBSCRIBE requests. 2293 B.6.20. Eliminate implicit subscriptions 2295 Added text to Section 4.2.1 explaining some of the problems 2296 associated with implicit subscriptions, normative language 2297 prohibiting them. Removed language from Section 3.2 describing "non- 2298 SUBSCRIBE" mechanisms for creating subscriptions. Simplified 2299 language in Section 4.2.2, now that the soft-state/non-soft-state 2300 distinction is unnecessary. 2302 B.6.21. Deprecate dialog re-use 2304 Moved handling of dialog re-use and "id" handling to Section 4.5.2. 2305 It is documented only for backwards-compatibility purposes. 2307 B.6.22. Rationalize dialog creation 2309 Section 4.4.1 has been updated to specify that dialogs should be 2310 created when the NOTIFY arrives. Previously, the dialog was 2311 established by the SUBSCRIBE 200, or by the NOTIFY transaction. This 2312 was unnecessarily complicated; the newer rules are easier to 2313 implement (and result in effectively the same behavior on the wire). 2315 B.6.23. Refactor behavior sections 2317 Reorganized Section 4 to consolidate behavior along role lines 2318 (subscriber/notifier/proxy) instead of method lines. 2320 B.6.24. Clarify sections that need to be present in event packages 2322 Added sentence to Section 5 clarifying that event packages are 2323 expected to include explicit sections covering the issues discussed 2324 in this section. 2326 B.6.25. Make CANCEL handling more explicit 2328 Text in Section 4.6 now clearly calls out behavior upon receipt of a 2329 CANCEL. We also echo the "...SHOULD NOT send..." requirement from 2330 [RFC3261]. 2332 B.6.26. Remove State Agent Terminology 2334 As originally planned, we anticipated a fairly large number of event 2335 packages that would move back and forth between end-user devices and 2336 servers in the network. In practice, this has ended up not being the 2337 case. Certain events, like dialog state, are inherently hosted at 2338 end-user devices; others, like presence, are almost always hosted in 2339 the network (due to issues like composition, and the ability to 2340 deliver information when user devices are offline). Further, the 2341 concept of State Agents is the most misunderstood by event package 2342 authors. In my expert review of event packages, I have yet to find 2343 one that got the concept of State Agents completely correct -- and 2344 most of them start out with the concept being 100% backwards from the 2345 way RFC 3265 described it. 2347 Rather than remove the ability to perform the actions previously 2348 attributed to the widely misunderstood term "State Agent," we have 2349 simply eliminated this term. Instead, we talk about the behaviors 2350 required to create state agents (state aggregation, subscription 2351 notification) without defining a formal term to describe the servers 2352 that exhibit these behaviors. In effect, this is an editorial change 2353 to make life easier for event package authors; the actual protocol 2354 does not change as a result. 2356 The definition of "State Agent" has been removed from Section 2. 2357 Section 4.4.2 has been retooled to discuss migration of subscription 2358 in general, without calling out the specific example of state agents. 2360 Section 5.4.11 has been focused on state aggregation in particular, 2361 instead of state aggregation as an aspect of state agents. 2363 Author's Address 2365 Adam Roach 2366 Tekelec 2367 17210 Campbell Rd. 2368 Suite 250 2369 Dallas, TX 75252 2370 US 2372 Email: adam@nostrum.com