idnits 2.17.1 

draft-ietf-sipping-config-framework-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == There are 2 instances of lines with non-ascii characters in the document.

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == Line 902 has weird spacing: '... Events  for t...'

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (May 17, 2004) is 7285 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: 'RFC2131' is defined on line 937, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC2132' is defined on line 940, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC2246' is defined on line 943, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC2617' is defined on line 950, but no explicit
     reference was found in the text

  == Outdated reference: A later version (-03) exists of
     draft-ietf-simple-xcap-package-01

  -- Possible downref: Normative reference to a draft: ref.
     'I-D.ietf-simple-xcap-package' 

  == Outdated reference: A later version (-05) exists of
     draft-ietf-sip-content-indirect-mech-03

  -- Possible downref: Normative reference to a draft: ref.
     'I-D.ietf-sipping-ua-prof-framewk-reqs' 

  -- Possible downref: Normative reference to a draft: ref.
     'I-D.rosenberg-simple-xcap' 

  == Outdated reference: A later version (-08) exists of
     draft-sinnreich-sipdev-req-03

  ** Downref: Normative reference to an Informational draft:
     draft-sinnreich-sipdev-req (ref. 'I-D.sinnreich-sipdev-req')

  ** Obsolete normative reference: RFC  822 (Obsoleted by RFC 2822)

  ** Obsolete normative reference: RFC 2246 (Obsoleted by RFC 4346)

  ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231,
     RFC 7232, RFC 7233, RFC 7234, RFC 7235)

  ** Obsolete normative reference: RFC 2617 (Obsoleted by RFC 7235, RFC 7615,
     RFC 7616, RFC 7617)

  ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110)

  ** Obsolete normative reference: RFC 3265 (Obsoleted by RFC 6665)

  ** Obsolete normative reference: RFC 3377 (Obsoleted by RFC 4510)

  ** Downref: Normative reference to an Informational RFC: RFC 3617


     Summary: 11 errors (**), 0 flaws (~~), 12 warnings (==), 5 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	SIPPING                                                        D. Petrie
3	Internet-Draft                                             Pingtel Corp.
4	Expires: November 15, 2004                                  May 17, 2004

6	     A Framework for Session Initiation Protocol User Agent Profile
7	                                Delivery
8	               draft-ietf-sipping-config-framework-03.txt

10	Status of this Memo

12	   This document is an Internet-Draft and is in full conformance with
13	   all provisions of Section 10 of RFC2026.

15	   Internet-Drafts are working documents of the Internet Engineering
16	   Task Force (IETF), its areas, and its working groups.  Note that
17	   other groups may also distribute working documents as
18	   Internet-Drafts.

20	   Internet-Drafts are draft documents valid for a maximum of six months
21	   and may be updated, replaced, or obsoleted by other documents at any
22	   time.  It is inappropriate to use Internet-Drafts as reference
23	   material or to cite them other than as "work in progress."

25	   The list of current Internet-Drafts can be accessed at
26	   http://www.ietf.org/ietf/1id-abstracts.txt.

28	   The list of Internet-Draft Shadow Directories can be accessed at
29	   http://www.ietf.org/shadow.html.

31	   This Internet-Draft will expire on November 15, 2004.

33	Copyright Notice

35	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

37	Abstract

39	   This document defines the application of a set of protocols for
40	   providing profile data to SIP user agents.  The objective is to
41	   define a means for automatically providing profile data a user agent
42	   needs to be functional without user or administrative intervention.
43	   The framework for discovery, delivery, notification and updates of
44	   user agent profile data is defined here.  As part of this framework a
45	   new SIP event package is defined here for the notification of profile
46	   changes.  This framework is also intended to ease ongoing
47	   administration and upgrading of large scale deployments of SIP user
48	   agents.  The contents and format of the profile data to be defined is
49	   outside the scope of this document.

51	Table of Contents

53	   1.   Motivation . . . . . . . . . . . . . . . . . . . . . . . . .   3
54	   2.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   3
55	     2.1  Requirements Terminology . . . . . . . . . . . . . . . . .   3
56	     2.2  Profile Delivery Framework Terminology . . . . . . . . . .   4
57	     2.3  Overview . . . . . . . . . . . . . . . . . . . . . . . . .   4
58	   3.   Profile Change Event Notification Package  . . . . . . . . .   6
59	     3.1  Event Package Name . . . . . . . . . . . . . . . . . . . .   6
60	     3.2  Event Package Parameters . . . . . . . . . . . . . . . . .   6
61	     3.3  SUBSCRIBE Bodies . . . . . . . . . . . . . . . . . . . . .   9
62	     3.4  Subscription Duration  . . . . . . . . . . . . . . . . . .   9
63	     3.5  NOTIFY Bodies  . . . . . . . . . . . . . . . . . . . . . .   9
64	     3.6  Notifier processing of SUBSCRIBE requests  . . . . . . . .  10
65	     3.7  Notifier generation of NOTIFY requests . . . . . . . . . .  10
66	     3.8  Subscriber processing of NOTIFY requests . . . . . . . . .  11
67	     3.9  Handling of forked requests  . . . . . . . . . . . . . . .  11
68	     3.10   Rate of notifications  . . . . . . . . . . . . . . . . .  11
69	     3.11   State Agents . . . . . . . . . . . . . . . . . . . . . .  12
70	     3.12   Examples . . . . . . . . . . . . . . . . . . . . . . . .  12
71	     3.13   Use of URIs to Retrieve State  . . . . . . . . . . . . .  13
72	   4.   Profile Delivery Framework Details . . . . . . . . . . . . .  13
73	     4.1  Discovery of Subscription URI  . . . . . . . . . . . . . .  13
74	     4.2  Enrollment with Profile Server . . . . . . . . . . . . . .  15
75	     4.3  Notification of Profile Changes  . . . . . . . . . . . . .  15
76	     4.4  Retrieval of Profile Data  . . . . . . . . . . . . . . . .  15
77	     4.5  Upload of Profile Changes  . . . . . . . . . . . . . . . .  16
78	   5.   IANA Considerations  . . . . . . . . . . . . . . . . . . . .  16
79	     5.1  SIP Event Package  . . . . . . . . . . . . . . . . . . . .  16
80	   6.   Security Considerations  . . . . . . . . . . . . . . . . . .  16
81	     6.1  Symmetric Encryption of Profile Data . . . . . . . . . . .  16
82	   7.   Differences from Simple XCAP Package . . . . . . . . . . . .  17
83	   8.   Open Issues  . . . . . . . . . . . . . . . . . . . . . . . .  17
84	   9.   Change History . . . . . . . . . . . . . . . . . . . . . . .  17
85	     9.1  Changes from draft-ietf-sipping-config-framework-02.txt  .  18
86	     9.2  Changes from draft-ietf-sipping-config-framework-01.txt  .  18
87	     9.3  Changes from draft-ietf-sipping-config-framework-00.txt  .  18
88	     9.4  Changes from
89	          draft-petrie-sipping-config-framework-00.txt . . . . . . .  18
90	     9.5  Changes from draft-petrie-sip-config-framework-01.txt  . .  19
91	     9.6  Changes from draft-petrie-sip-config-framework-00.txt  . .  19
92	   10.  References . . . . . . . . . . . . . . . . . . . . . . . . .  19
93	        Author's Address . . . . . . . . . . . . . . . . . . . . . .  21
94	   A.   Acknowledgments  . . . . . . . . . . . . . . . . . . . . . .  21
95	        Intellectual Property and Copyright Statements . . . . . . .  22

97	1.  Motivation

99	   Today all SIP user agent implementers use proprietary means of
100	   delivering user or device profiles to the user agent.  The profile
101	   delivery framework defined in this document is intended to enable a
102	   first phase migration to a standard means of providing profiles to
103	   SIP user agents.  It is expected that UA implementers will be able to
104	   use this framework as a means of delivering their existing
105	   proprietary user and device data profiles (i.e.  using their existing
106	   proprietary binary or text formats).  This in itself is a tremendous
107	   advantage in that a SIP environment can use a single profile delivery
108	   server for profile data to user agents from multiple implementers.
109	   Follow-on standardization activities can:
110	   1.  define a standard profile content format framework (e.g.  XML
111	       with name spaces [??] or name-value pairs [RFC0822]).
112	   2.  specify the content (i.e.  name the profile data parameters, xml
113	       schema, name spaces) of the data profiles.

115	   One of the objectives of the framework described in this document is
116	   to provide a start up experience similar to that of users of an
117	   analog telephone.  When you plug in an analog telephone it just works
118	   (assuming the line is live and the switch has been provisioned).
119	   There is no end user configuration required to make analog phone
120	   work, at least in a basic sense.  So the objective here is to be able
121	   to take a new SIP user agent out of the box, plug it in or install
122	   the software and have it get its profiles without human intervention
123	   other than security measures.  This is necessary for cost effective
124	   deployment of large numbers of user agents.

126	   Another objective is to provide a scalable means for ongoing
127	   administration of profiles.  Administrators and users are likely to
128	   want to make changes to user and device profiles.

130	   Additional requirements for the framework defined in this document
131	   are described in: [I-D.ietf-sipping-ua-prof-framewk-reqs],
132	   [I-D.sinnreich-sipdev-req]

134	2.  Introduction

136	2.1  Requirements Terminology

138	   Keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT" and
139	   "MAY" that appear in this document are to be interpreted as described
140	   in RFC 2119[RFC2119].

142	2.2  Profile Delivery Framework Terminology

144	   profile - data set specific to a user or device.
145	   device - SIP user agent, either software or hardware appliance.
146	   profile content server - The server that provides the content of the
147	      profiles using the protocol specified by the URL scheme.
148	   notifier - The SIP user agent server which processes SUBSCRIBE
149	      requests for events and sends NOTIFY requests with profile data or
150	      URI(s) point to the data.
151	   profile delivery server - The logical collection of the SIP notifier
152	      and the server which provides the contents of the profile URI(s).

154	2.3  Overview

156	   The profile life cycle can be described by five functional steps.
157	   These steps are not necessarily discrete.  However it is useful to
158	   describe these steps as logically distinct.  These steps are named as
159	   follows:

161	   Discovery -  discover a profile delivery server
162	   Enrollment - enroll with the profile delivery server
163	   Profile Retrieval - retrieve profile data
164	   Profile Change Notification - receive notification of profile changes
165	   Profile Change Upload - upload profile data changes back to the
166	      profile delivery server

168	   Discovery is the process by which a UA finds the address and port at
169	   which it enrolls with the profile delivery server.  As there is no
170	   single discovery mechanism which will work in all network
171	   environments, a number of discovery mechanisms are defined with a
172	   prescribed order in which the UA tries them until one succeeds.

174	   Enrollment is the process by which a UA makes itself known to the
175	   profile delivery server.  In enrolling the UA provides identity
176	   information, name requested profile type(s) and supported protocols
177	   for profile retrieval.  It also subscribes to a mechanism for
178	   notification of profile changes.  As a result of enrollment, the UA
179	   receives the data or the URI for each of the profiles that the
180	   profile delivery server is able to provide.  Each profile type (set)
181	   requires a separate enrollment or SUBSCRIBE session.

183	   Profile Retrieval is the process of retrieving the content for each
184	   of the profiles the UA requested.

186	   Profile Change Notification is the process by which the profile
187	   delivery server notifies the UA that the content of one or more of
188	   the profiles has changed.  If the content is provided indirectly the
189	   UA SHOULD retrieve the profile from the specified URI upon receipt of
190	   the change notification.

192	   Profile Upload is the process by which a UA or other entity (e.g.
193	   OSS, corporate directory or configuration management server) pushes a
194	   change to the profile data back up to the profile delivery server.

196	   This framework defines a new SIP event package [RFC3265] to solve
197	   enrollment and profile change notification steps.

199	   The question arises as to why SIP should be used for the profile
200	   delivery framework.  In this document SIP is used for only a small
201	   portion of the framework.  Other existing protocols are more
202	   appropriate for transport of the profile contents (to and from the
203	   user agent) and are suggested in this document.  The discovery step
204	   is simply a specified order and application of existing protocols.
205	   SIP is only needed for the enrollment and change notification
206	   functionality of the profile delivery framework.  In many SIP
207	   environments (e.g.  carrier/subscriber and multi-site enterprise)
208	   firewall, NAT and IP addressing issues make it difficult to get
209	   messages between the profile delivery server and the user agent
210	   requiring the profiles.

212	   With SIP the users and devices already are assigned globally routable
213	   addresses.  In addition the firewall and NAT problems are already
214	   presumably solved in the environments in which SIP user agents are to
215	   be used.  Therefore SIP is the best solution for allowing the user
216	   agent to enroll with the profile delivery server which may require
217	   traversal of multiple firewalls and NATs.  For the same reason the
218	   notification of profile changes is best solved by SIP.

220	   It is assumed that the content delivery server will be either in the
221	   public network or accessible through a DMZ.  The user agents
222	   requiring profiles may be behind firewalls and NATs and many
223	   protocols, such as HTTP, may be used for profile content retrieval
224	   without special consideration in the firewalls and NATs.

226	   A conscious separation of user, device and local network profiles is
227	   made in this document.  This is useful to provide features such as
228	   hoteling as well as securing or restricting user agent functionality.
229	   By maintaining this separation, a user may walk up to someone else's
230	   user agent and direct that user agent to get their profile data.  In
231	   doing so the user agent can replace the previous user's profile data
232	   while still keeping the devices profile data that may be necessary
233	   for core functionality and communication described in this document.
234	   The local network profiles are relevant to a visiting device which
235	   gets plugged in to a foreign network.  The concept of the local
236	   network providing profile data is useful to provide hoteling
237	   (described above) as well as local policy data that may constrain the
238	   user or device behavior relative to the local network.  For example
239	   media types and codecs may be constrained to reflect the networks
240	   capabilities.

242	3.  Profile Change Event Notification Package

244	   This section defines a new SIP event package [RFC3265].  The purpose
245	   of this event package is to send to subscribers notification of
246	   content changes to the profile(s) of interest and to provide the
247	   location of the profile(s) via content indirection
248	   [I-D.ietf-sip-content-indirect-mech] or directly in the body of the
249	   NOTIFY.  Frequently the profiles delivered to the user agent are much
250	   larger (e.g.  several KB or even several MB) than the MTU of the
251	   network.  These larger profiles will cause larger than normal SIP
252	   messages and consequently higher impact on the SIP servers and
253	   infrastructure.  To avoid the higher impact and load on the SIP
254	   infrastructure, content indirection SHOULD be used if the profile is
255	   large enough to cause packet fragmentation over the transport
256	   protocol.  The user agent SHOULD specify the profile delivery means
257	   and format via the MIME type in the Accepts header.

259	   The MIME types or formats of profile to be delivered via this
260	   framework are to be defined in other documents.  These profile MIME
261	   types specified in the Accepts header along with the profile types
262	   specified in the Event header parameter "profile-name" MAY be used to
263	   specify which profiles get delivered either directly or indirectly in
264	   the NOTIFY requests.  When content indirection is not used, it is
265	   more important to specify the minimum set of profiles, as the entire
266	   content for all of the profiles is included in the NOTIFY request.

268	3.1  Event Package Name

270	   The name of this package is "sip-profile".  This value appears in the
271	   Event header field present in SUBSCRIBE and NOTIFY requests for this
272	   package as defined in [RFC3265].

274	3.2  Event Package Parameters

276	   This package defines the following new parameters for the event
277	   header: profile-name, vendor, model, version, effective-by.  The
278	   effective-by parameter is for use in NOTIFY requests only.  The
279	   others are for use in the SUBSCRIBE request, but may be used in
280	   NOTIFY requests as well.

282	   The profile-name parameter is used to indicate the token name of the
283	   profile type the user agent wishes to obtain URIs for or to
284	   explicitly specify the URI to which it is to be notified of change.
285	   Using a token in this parameter allows the URL semantics for
286	   retrieving the profiles to be opaque to the subscribing user agent.
287	   All it needs to know is the token value for this parameter.  However
288	   in some cases the user agent may know the URI of the profile and only
289	   wishes to know about changes to the profile.  The user agent MAY
290	   supply the URI for the profile as the value of the profile-name
291	   parameter.  This document defines three type categories of profiles
292	   and their token names.  The contents or format of the profiles is
293	   outside the scope of this document.  The three types of profiles
294	   define here are "user", "device" and "local".  Specifying device type
295	   profile(s) indicates the desire for the profile(s) (URIs when content
296	   indirection is used) and change notification of all profiles that are
297	   specific to the device or user agent.  Specifying user type
298	   profile(s) indicates the desire for the profiles(s) or URI(s) and
299	   change notification of all profile(s) that are specific to the user.
300	   Specifying local type profiles indicates the desire for profile(s) or
301	   URI(s) specific to the local network.  The user, device or local
302	   network is identified in the URI of the SUBSCRIBE request.  The
303	   Accept header of the SUBSCRIBE request MUST include the MIME types
304	   for all profile content types that the subscribing user agent wishes
305	   to retrieve profiles or receive change notifications.

307	      The user, device or local token in the profile-name parameter may
308	      represent a class or set of profiles as opposed to a single
309	      profile.  As standards are defined for specific profile contents
310	      related to the user device or local network, it may be desirable
311	      to define additional tokens for the profile-name header.  This is
312	      to allow a user agent to subscribe to that specific profile as
313	      opposed to the entire class or set of user or device profiles.

315	   The rational for the separation of user, device and local network
316	   type profiles is provided in Section 2.3.  It should be noted that
317	   any of the types may indicate that zero or more profiles or URIs are
318	   provided in the NOTIFY request.  As discussed, a default user may be
319	   assigned to a device.  In this scenario the profile delivery server
320	   may provide the URI(s) in the NOTIFY request for the default user
321	   when subscribing to the device profile type.  Effectively the device
322	   profile type becomes a superset of the user profile type
323	   subscription.  That is the list of profile URIs (or MIME parts if
324	   multiple profiles are provided directly in the NOTIFY) provided when
325	   requesting profile type "device" includes the profiles provided when
326	   subscribing for profile type "user" for the default user of that
327	   device.  The user type is still useful in this scenario to allow the
328	   user agent to obtain profile data or URIs for a user other than the
329	   default user.  This provides the ability to support a hoteling
330	   function where a user may "login" to any user agent and have it use a
331	   user's profile(s).

333	   The data provided in the three types of profiles may overlap.  As an
334	   example the codecs that a user prefers to use, the codecs that the
335	   device supports (and the enterprise wishes to use), the codecs that
336	   the local network can support (and the management wishes to allow)
337	   all may overlap in how they are specified in the three corresponding
338	   profiles.  Typically these should be applied in the order of the
339	   least to most constraint (i.e.  user, device then local network).
340	   However this policy of merging the constraints across the multiple
341	   profile types can only unambiguously be defined along with the
342	   profile format and syntax.  This is out of scope for this document.

344	   The "vendor", "model" and "version" parameter values are tokens
345	   specified by the vendor of the user agent.  These parameters are
346	   useful to the profile delivery server to affect the profiles
347	   provided.  In some scenarios it is desirable to provide different
348	   profiles based upon these parameters.  For example feature parameter
349	   X in a profile may work differently on two versions of user agent.
350	   This gives the profile deliver server the ability to compensate for
351	   or take advantage of the differences.

353	   The "network-user" parameter is used when subscribing for local
354	   network profiles.  If the value of the profile-name parameter is not
355	   "local", the "network-user" parameter has no defined meaning.  If the
356	   user has special privileges beyond that of an anonymous user in the
357	   local network, the "network-user" parameter identifies the user to
358	   the local network.  The value of this parameter is the user's address
359	   of record.  The SUBSCRIBE server may authenticate the subscriber to
360	   verify this AOR.

362	   The "effective-by" parameter in the Event header of the NOTIFY
363	   specifies the maximum number of seconds before the user agent MUST
364	   make the new profile effective.  A value of 0 (zero) indicates that
365	   the user agent MUST make the profiles effective immediately (despite
366	   possible service interruptions).  This gives the profile delivery
367	   server the power to control when the profile is effective.  This may
368	   be important to resolve an emergency problem or disable a user agent
369	   immediately.

371	   SUBSCRIBE request example:
372	   Event: sip-profile;profile-name=device;
373	               vendor=acme;model=Z100;version=1.2.3

375	   Event: sip-profile;profile-name=
376	      "http://example.com/services/user-profiles/users/freds.xml";
377	               vendor=premier;model=trs8000;version=5.5

379	   NOTIFY request examples:
380	   Event:sip-profile;effective-by=0
381	   Event:sip-profile;effective-by=3600

383	3.3  SUBSCRIBE Bodies

385	   This package defines no new use of the SUBSCRIBE request body.

387	3.4  Subscription Duration

389	   As the presence (or lack of) a device or user agent it not very time
390	   critical to the functionality of the profile delivery server, it is
391	   recommended that default subscription duration be 86400 seconds (one
392	   day).

394	3.5  NOTIFY Bodies

396	   The size of profile content is likely to be hundreds to several
397	   thousand bytes in size.  Frequently even with very modest sized SDP
398	   bodies, SIP messages get fragmented causing problems for many user
399	   agents.  For this reason the profile delivery server MUST use content
400	   indirection [I-D.ietf-sip-content-indirect-mech] in the NOTIFY body
401	   for providing the profiles if the Accept header of the SUBSCRIBE
402	   included the MIME type: message/external-body indicating support for
403	   content indirection.

405	   When delivering profiles via content indirection the profile delivery
406	   server MUST include the Content-ID defined in
407	   [I-D.ietf-sip-content-indirect-mech] for each profile URL.  This is
408	   to avoid unnecessary download of the profiles.  Some user agents are
409	   not able to make a profile effective without rebooting or restarting.
410	   Rebooting is probably something to be avoided on a user agent
411	   performing services such as telephony.  In this way the Content-ID
412	   allows the user agent to avoid unnecessary interruption of service as
413	   well.  The Content-Type MUST be specified for each URI.

415	      Initially it is expected that most user agent implementers will
416	      use a proprietary content type for the profiles retrieved from the
417	      URIs(s).  It is hoped that over time a standard content type will
418	      be specified that will be adopted by implementers of user agents.
419	      One direction that appears to be promising for this content is to
420	      use XML with name spaces [??] to segment the data into sets that
421	      the user agent implementer may choose to support based upon
422	      desired feature set.  The specification of the content is out of
423	      the scope of this document.

425	   Likewise the URL scheme used in the content indirection is outside
426	   the scope of this document.  This document is agnostic to the URL
427	   schemes as the profile content may dictate what is required.  It is
428	   expected that TFTP [RFC3617], FTP [??], HTTP [RFC2616], HTTPS
429	   [RFC2818], LDAP [RFC3377], XCAP [I-D.rosenberg-simple-xcap] and other
430	   URL schemes are supported by this package and framework.

432	3.6  Notifier processing of SUBSCRIBE requests

434	   The general rules for processing SUBSCRIBE requests [RFC3265] apply
435	   to this package.  If content indirection is used for delivering the
436	   profiles, the notifier does not need to authenticate the subscription
437	   as the profile content is not transported in the SUBSCRIBE or NOTIFY
438	   transaction messages.  With content indirection only URLs are
439	   transported in the NOTIFY request which may be secured using the
440	   techniques in Section 6.  If content indirection is not used, SIPS
441	   and SIP authentication SHOULD be used.

443	   The behavior of the profile delivery server is left to the
444	   implementer.  The profile delivery server may be as simple as a SIP
445	   SUBSCRIBE UAS and NOTIFY UAC front end to a simple HTTP server
446	   delivering static files that are hand edited.  At the other extreme
447	   the profile delivery server can be part of a configuration management
448	   system that integrates with a corporate directory and IT system or
449	   carrier OSS, where the profiles are automatically generated.  The
450	   design of this framework intentionally provides the flexibility of
451	   implementation from simple/cheap to complex/expensive.

453	   If the user or device is not known to the profile delivery server,
454	   the implementer MAY accept the subscription or reject it.  It is
455	   recommended that the implementer accept the subscription.  It is
456	   useful for the profile delivery server to maintain the subscription
457	   as an administrator may add the user or device to the system,
458	   defining the profile contents.  This allows the profile delivery
459	   server to immediately send a NOTIFY request with the profile URIs.
460	   If the profile delivery server does not accept the subscription from
461	   an unknown user or device, the administer or user must manually
462	   provoke the user agent to reSUBSCRIBE.  This may be difficult if the
463	   user agent and administrator are at different sites.

465	3.7  Notifier generation of NOTIFY requests

467	   As in [RFC3265], the profile delivery server MUST always send a
468	   NOTIFY request upon accepting a subscription.  If the device or user
469	   is unknown to the profile delivery server and it chooses to accept
470	   the subscription, the implementer has two choices.  A NOTIFY MAY be
471	   sent with no body or content indirection containing the profile
472	   URI(s).  Alternatively a NOTIFY MAY be sent with URI(s) pointing to a
473	   default data set.  Typically this data set allows for only limited
474	   functionality of the user agent (e.g.  a phone user agent with data
475	   to call help desk and emergency services.).  This is an
476	   implementation and business policy decision.

478	   A user or device known and fully provisioned on the profile delivery
479	   server SHOULD send a NOTIFY with profile data or content indirection
480	   containing URIs for all of the profiles associated with the user or
481	   device (i.e.  whichever specified in the profile-name parameter).
482	   The device may be associated with a default user.  The URI(s) for
483	   this default user profiles MAY be included with the URI(s) of the
484	   device if the profile type specified is device.

486	   A user agent can provide Hoteling by collecting a user�s AOR and
487	   credentials needed to SUBSCRIBE and retrieve the user profiles from
488	   the URI(s).  Hoteling functionality is achieved by subscribing to the
489	   AOR and specifying the "user" profile type.  This same mechanism can
490	   be used to secure a user agent, requiring a user to login to enable
491	   functionality beyond the default user�s restricted functionality.

493	   The profile delivery server MAY specify when the new profiles MUST be
494	   made effective by the user agent.  By default the user agent makes
495	   the profiles effective as soon as it thinks that it is non-obtrusive.
496	   Profile changes SHOULD effect behavior all new sessions which are
497	   created after the notification, but may not be able to effect
498	   existing sessions.  However the profile delivery server MAY specify a
499	   maximum time in seconds (zero or more), in the effective-by event
500	   header parameter, by which the user agent MUST make the new profiles
501	   effective for all sessions.

503	3.8  Subscriber processing of NOTIFY requests

505	   The user agent subscribing to this event package MUST adhere to the
506	   NOTIFY request processing behavior specified in [RFC3265].  The user
507	   agent MUST make the profiles effective as specified in the NOTIFY
508	   request (see Section 3.7).  The user agent SHOULD use one of the
509	   techniques specified in [RFC3265] to securely retrieve the profiles.

511	3.9  Handling of forked requests

513	   This event package allows the creation of only one dialog as a result
514	   of an initial SUBSCRIBE request.  The techniques to achieve this are
515	   described in section 4.4.9 of [RFC3265].

517	3.10  Rate of notifications

519	   It is anticipated that the rate of change for user and device
520	   profiles will be very infrequent (i.e.  days or weeks apart).  For
521	   this reason no throttling or minimum period between NOTIFY requests
522	   is specified for this package.

524	3.11  State Agents

526	   State agents are not applicable to this event package.

528	3.12  Examples

530	   SUBSCRIBE sip:00df1e004cd0@example.com SIP/2.0
531	   Event: sip-profile;profile-name=device;vendor=acme;
532	                            model=Z100;version=1.2.3
533	   From: sip:00df1e004cd0@acme.com;tag=1234
534	   To: sip:00df1e004cd0@acme.com;tag=abcd
535	   Call-ID: 3573853342923422@10.1.1.44
536	   CSeq: 2131 SUBSCRIBE
537	   Contact: sip:00df1e004cd0@10.1.1.44
538	   Content-Length: 0

540	   NOTIFY sip:00df1e004cd0@10.1.1.44 SIP/2.0
541	   Event: sip-profile;effective-by=3600
542	   From: sip:00df1e004cd0@acme.com;tag=abcd
543	   To: sip:00df1e004cd0@acme.com;tag=1234
544	   Call-ID: 3573853342923422@10.1.1.44
545	   CSeq: 321 NOTIFY
546	   MIME-Version: 1.0
547	   Content-Type: multipart/mixed; boundary=boundary42
548	   Content-Length: ...

550	   --boundary42
551	   Content-Type: message/external-body;
552	       access-type="URL";
553	       expiration="Mon, 24 June 2002 09:00:00 GMT";
554	           URL="http://www.example.com/devices/fsmith";
555	           size=2222

557	   Content-Type: application/z100-user-profile
558	   Content-ID: <69ADF2E92@example.com>

560	   --boundary42
561	   Content-Type: message/external-body;
562	       access-type="URL";
563	       expiration="Mon, 24 June 2002 09:00:00 GMT";
564	           URL="http://www.example.com/devices/ff00000036c5";
565	           size=1234

567	   Content-Type: application/z100-device-profile
568	   Content-ID: <39EHF78SA@example.com>
569	   --boundary42--

571	3.13  Use of URIs to Retrieve State

573	   The profile type specified determines what goes in the user part of
574	   the SUBSRIBE URI.  If the profile type requested is "device", the
575	   user part of the URI is an identity that MUST be unique across all
576	   user agents from all implementers.  This identity must be static over
577	   time so that the profile delivery server can keep a specific device
578	   and its identity associated with its profiles.  For Ethernet hardware
579	   type user agents supporting only a single user at a time this is most
580	   easily accomplished using its MAC address.  Software based user
581	   agents running on general purpose hardware may also be able to use
582	   the MAC address for identity.  However in situations where multiple
583	   instances of user agents are running on the same hardware it may be
584	   necessary to use another scheme, such as using a unique serial number
585	   for each software user agent instance.
586	      For example a device having a MAC address of 00df1e004cd0 might
587	      subscribe to the device profile URI:
588	      sip:00df1e004cd0@sipuaconfig.example.com.  When subscribing to a
589	      user profile for user Fred S.  the user agent would subscribe to
590	      the URI: sip:freds@sipuaconfig.example.com

592	   If the profile type requested is "user", the URI in the SUBSCRIBE
593	   request is the address of record for the user.  This allows the user
594	   to specify (e.g.  login) to the user agent by simply entering their
595	   known identity.

597	   If the profile type specified in the profile-name parameter is
598	   "local", the URI in the SUBSCRIBE request has the user ID: anonymous.
599	   The host part of the URI is the local network name.  This typically
600	   is discovered as part of the DHCP request/response or provisioned as
601	   part of the static IP configuration for the device.  When subscribing
602	   to the local network profile type the device should provide the
603	   user's address of record in the "network-user" parameter, if the AOR
604	   is known to the device.  Example URI: sip:ananymous@example.com

606	4.  Profile Delivery Framework Details

608	   The following describes how different functional steps of the profile
609	   delivery framework work.  Also described here is how the event
610	   package defined in this document provides the enrollment and
611	   notification functions within the framework.

613	4.1  Discovery of Subscription URI

615	   The discovery function is needed to bootstrap user agents to the
616	   point of knowing where to enroll with the profile delivery server.
617	   Section 3.13 describes how to form the URI used to send the SUBSCRIBE
618	   request for enrollment.  However the bootstrapping problem for the
619	   user agent (out of the box) is what to use for the host and port in
620	   the URI.  Due to the wide variation of environments in which the
621	   enrolling user agent may reside (e.g.  behind residential router,
622	   enterprise LAN, ISP, dialup modem) and the limited control that the
623	   administrator of the profile delivery server (e.g.  enterprise,
624	   service provider) may have over that environment, no single discovery
625	   mechanism works everywhere.  Therefore a number of mechanisms SHOULD
626	   be tried in the specified order: SIP DHCP option [RFC3361], SIP DNS
627	   SRV [RFC3263], DNS A record and manual.

629	   1.  The first discovery mechanism that SHOULD be tried is to
630	       construct the SUBSCRIBE URI as described in Section 3.13 using
631	       the host and port of out bound proxy discovered by the SIP DHCP
632	       option as described in [RFC3361].  If the SIP DHCP option is not
633	       provided in the DHCP response, no SIP response or a SIP failure
634	       response other than for authorization is received for the
635	       SUBSCRIBE request to the sip-profile event, the next discovery
636	       mechanism SHOULD be tried.
637	   2.  The local IP network domain for the user agent, either configured
638	       or discovered via DHCP, should be used with the technique in
639	       [RFC3263] to obtain a host and port to use in the SUBSCRIBE URI.
640	       If no SIP response or a SIP failure response other than for
641	       authorization is received for the SUBSCRIBE request to the
642	       sip-profile event, the next discovery mechanism SHOULD be tried.
643	   3.  The fully qualified host name constructed using the host name
644	       "sipuaconfig" and concatenated with the local IP network domain
645	       should be tried next using the technique in [RFC3263] to obtain a
646	       host and port to use in the SUBSCRIBE URI.  If no SIP response or
647	       a SIP failure response other than for authorization is received
648	       for the SUBSCRIBE request to the sip-profile event, the next
649	       discovery mechanism SHOULD be tried.
650	   4.  If all other discovery techniques fail, the user agent MUST
651	       provide a manual means for the user to enter the host and port
652	       used to construct the SUBSCRIBE URI.

654	   Once a user agent has successfully discovered, enrolled, received a
655	   NOTIFY response with profile data or URI(s), the user agent SHOULD
656	   cache the SUBCRIBE URI to avoid having to rediscover the profile
657	   delivery server again in the future.  The user agent SHOULD NOT cache
658	   the SUBSCRIBE URI until it receives a NOTIFY with profile data or
659	   URI(s).  The reason for this is that a profile delivery server may
660	   send 202 responses to SUBSCRIBE requests and NOTIFY responses to
661	   unknown user agent (see Section 3.6) with no URIs.  Until the profile
662	   delivery server has sent a NOTIFY request with profile data or
663	   URI(s), it has not agreed to provide profiles.

665	      To illustrate why the user agent should not cache the SUBSCRIBE
666	      URI until profile URI(s) are provided in the NOTIFY, consider the
667	      following example:  a user agent running on a laptop plugged into
668	      a visited LAN in which a foreign profile delivery server is
669	      discovered.  The profile delivery server never provides profile
670	      URIs in the NOTIFY request as it is not provisioned to accept the
671	      user agent.  The user then takes the laptop to their enterprise
672	      LAN.  If the user agent cached the SUBSCRIBE URI from the visited
673	      LAN (which did not provide profiles), when subsequently placed in
674	      the enterprise LAN which is provisioned to provide profiles to the
675	      user agent, the user agent would not attempt to discover the
676	      profile delivery server.

678	4.2  Enrollment with Profile Server

680	   Enrollment is accomplished by subscribing to the event package
681	   described in Section 3.  The enrollment process is useful to the
682	   profile delivery server as it makes the server aware of user agent to
683	   which it may delivery profiles (those user agents the profile
684	   delivery server is provisioned to provide profiles to; those present
685	   that the server may be provide profiles in the future; and those that
686	   the server can automatically provide default profiles).  It is an
687	   implementation choice and business policy as to whether the profile
688	   delivery server provides profiles to user agents that it is not
689	   provisioned to do so.  However the profile server SHOULD accept (with
690	   2xx response) SUBSCRIBE requests from any user agent.

692	4.3  Notification of Profile Changes

694	   The NOTIFY request in the sip-profile event package serves two
695	   purposes.  First it provides the user agent with a means to obtain
696	   the profile data or URI(s) for desired profiles without requiring the
697	   end user to manually enter them.  It also provides the means for the
698	   profile delivery server to notify the user agent that the content of
699	   the profiles have changed and should be made effective.

701	4.4  Retrieval of Profile Data

703	   The user agent retrieves its needed profile(s) via the URI(s)
704	   provided in the NOTIFY request as specified in Section 3.5.  The
705	   profile delivery server SHOULD secure the content of the profiles
706	   using one of the techniques described in Section 6.  The user agent
707	   SHOULD make the new profiles effective in the timeframe described in
708	   Section 3.2.

710	   The contents of the profiles SHOULD be cached by the user agent.
711	   This it to avoid the situation where the content delivery server is
712	   not available, leaving the user agent non-functional.

714	4.5  Upload of Profile Changes

716	   The user agent or other service MAY push changes up to the profile
717	   delivery server using the technique appropriate to the profile's URL
718	   scheme (e.g.  HTTP PUT method, FTP put command).  The technique for
719	   pushing incremental or atomic changes MUST be described by the
720	   specific profile data framework.

722	5.  IANA Considerations

724	   There are several IANA considerations associated with this
725	   specification.

727	5.1  SIP Event Package

729	   This specification registers a new event package as defined in
730	   [RFC3265].  The following information required for this registration:
731	      Package Name: sip-profile
732	      Package or Template-Package: This is a package
733	      Published Document: RFC XXXX (Note to RFC Editor: Please fill in
734	      XXXX with the RFC number of this specification).
735	      Person to Contact: Daniel Petrie dpetrie@pingtel.com
736	      New event header parameters: profile-name, vendor, model, version,
737	      effective-by

739	6.  Security Considerations

741	   Profiles may contain sensitive data such as user credentials.  The
742	   protection of this data depends upon how the data is delivered.  If
743	   the data is delivered in the NOTIFY body, SIP authentication MUST be
744	   used for SUBSCRIPTION and SIPS and/or S/MIME MAY be use to encrypt
745	   the data.  If the data is provided via content indirection, SIP
746	   authentication is not necessary for the SUBSCRIBE request.  With
747	   content indirection the data is protected via the authentication,
748	   authorization and encryption mechanisms provided by the profile URL
749	   scheme.  Use of the URL scheme security mechanisms via content
750	   indirection simplifies the security solution as the SIP event package
751	   does not need to authenticate, authorize or protect the contents of
752	   the SIP messages.  Effectively the profile delivery server will
753	   provide profile URI(s) to anyone.  The URLs themselves are protected
754	   via authentication, authorization and snooping (e.g.  via HTTPS).

756	6.1  Symmetric Encryption of Profile Data

758	   If the URL scheme used for content indirection does not provide
759	   authentication, authorization or encryption, a technique to provide
760	   this is to encrypt the profiles on the content delivery server using
761	   a symmetric encryption algorithm using a shared key.  The encrypted
762	   profiles are delivered by the content delivery server via the URIs
763	   provided in the NOTIFY requests.  Using this technique the profile
764	   delivery server does not need to provide authentication or
765	   authorization for the retrieval as the profiles are obscured.  The
766	   user agent must obtain the username and password from the user or
767	   other out of band means to generate the key and decrypt the profiles.

769	7.  Differences from Simple XCAP Package

771	   The author of this document had an action item from the July 2003
772	   IETF SIPPING WG meeting to consider resolving the differences of the
773	   sip-profile and simple XCAP package [I-D.ietf-simple-xcap-package].
774	   It is the author's opinion that XCAP [I-D.rosenberg-simple-xcap] can
775	   be supported by the framework and event package defined in this
776	   document and that this package provides a superset of the
777	   functionality in the XCAP package.  The following lists the
778	   differences between the event packaged defined in this document vs.
779	   the one defined in [I-D.ietf-simple-xcap-package].

781	   The simple XCAP package requires that the relative path be known and
782	   specified by the user agent when subscribing for change notification.
783	   The event package in this document requires a token or complete URI
784	   be known and specified when subscribing.  The advantage of the token
785	   is that bootstrapping is easier and well defined.  It also leaves the
786	   freedom of specifying and changing the entire path of the profile URL
787	   up to the profile delivery server.

789	   The event package defined in this document allows multiple URIs to be
790	   provided in the NOTIFY request body as a result of a single token
791	   specified in the SUBSCRIBE event parameter: profile-name.  This
792	   allows the profile delivery server to provide sets of profiles that
793	   the user agent may not have enough information to specify in the
794	   SUBSCRIBE URI (e.g.  at boot strapping time the user agent may not
795	   know the user's identity, but the profile delivery server may know
796	   the default user for the device's identity) or the doc-component of
797	   the simple XCAP package.

799	   All other functional differences between
800	   draft-ietf-sipping-config-framework-00 and
801	   draft-ietf-simple-xcap-package-00 are believed to be resolved in this
802	   version of this document.

804	8.  Open Issues

806	9.  Change History

808	   Many thanks to those who contributed and commented on the many
809	   iterations of this document.  Detailed input was provided by Jonathan
810	   Rosenberg from Dynamicsoft, Henning Schulzrinne from Columbia U.,
811	   Cullen Jennings from Cisco, Rohan Mahy from Cisco, Rich Schaaf from
812	   Pingtel, Volker Hilt from Bell Labs.

814	9.1  Changes from draft-ietf-sipping-config-framework-02.txt

816	   Added the concept of the local network as a source of profile data.
817	   There are now three separate logical sources for profile data: user,
818	   device and local network.  Each of these requires a separate
819	   subscription to obtain.

821	9.2  Changes from draft-ietf-sipping-config-framework-01.txt

823	   Changed the name of the profile-type event parameter to profile-name.
824	   Also allow the profile-name parameter to be either a token or an
825	   explicit URI.

827	   Allow content indirection to be optional.  Clarified the use of the
828	   Accept header to indicate how the profile is to be delivered.

830	   Added some content to the Iana section.

832	9.3  Changes from draft-ietf-sipping-config-framework-00.txt

834	   This version of the document was entirely restructured and re-written
835	   from the previous version as it had been micro edited too much.

837	   All of the aspects of defining the event package are now organized in
838	   one section and is believed to be complete and up to date with
839	   [RFC3265].

841	   The URI used to subscribe to the event package is now either the user
842	   or device address or record.

844	   The user agent information (vendor, model, MAC and serial number) are
845	   now provided as event header parameters.

847	   Added a mechanism to force profile changes to be make effective by
848	   the user agent in a specified maximum period of time.

850	   Changed the name of the event package from sip-config to sip-profile

852	   Three high level securityapproaches are now specified.

854	9.4  Changes from draft-petrie-sipping-config-framework-00.txt

856	   Changed name to reflect SIPPING work group item
857	   Synchronized with changes to SIP DHCP [RFC3361], SIP [RFC3261] and
858	   [RFC3263], SIP Events [RFC3265] and content indirection
859	   [I-D.ietf-sip-content-indirect-mech]

861	   Moved the device identity parameters from the From field parameters
862	   to User-Agent header parameters.

864	   Many thanks to Rich Schaaf of Pingtel, Cullen Jennings of Cisco and
865	   Adam Roach of Dyamicsoft for the great comments and input.

867	9.5  Changes from draft-petrie-sip-config-framework-01.txt

869	   Changed the name as this belongs in the SIPPING work group.

871	   Minor edits

873	9.6  Changes from draft-petrie-sip-config-framework-00.txt

875	   Split the enrollment into a single SUBSCRIBE dialog for each profile.
876	   The 00 draft sent a single SUBSCRIBE listing all of the desired.
877	   These have been split so that each enrollment can be routed
878	   differently.  As there is a concept of device specific and user
879	   specific profiles, these may also be managed on separate servers.
880	   For instance in a roaming situation the device might get its profile
881	   data from a local server which knows the LAN specific profile data.
882	   At the same time the user specific profiles might come from the
883	   user's home environment profile delivery server.

885	   Removed the Config-Expires header as it is largely superfluous with
886	   the SUBSCRIBE Expires header.

888	   Eliminated some of the complexity in the discovery mechanism.

890	   Suggest caching information discovered about a profile delivery
891	   server to avoid an avalanche problem when a whole building full of
892	   devices powers up.

894	   Added the User-Profile From header field parameter so that the device
895	   can request a user specific profile for a user that is different from
896	   the device's default user.

898	10  References

900	   [I-D.ietf-simple-xcap-package]
901	              Rosenberg, J., "A Session Initiation Protocol (SIP) Event
902	              Package for Modification Events  for the Extensible Markup
903	              Language (XML) Configuration Access Protocol (XCAP)
904	              Managed Documents", draft-ietf-simple-xcap-package-01
905	              (work in progress), February 2004.

907	   [I-D.ietf-sip-content-indirect-mech]
908	              Olson, S., "A Mechanism for Content Indirection in Session
909	              Initiation Protocol (SIP)  Messages",
910	              draft-ietf-sip-content-indirect-mech-03 (work in
911	              progress), June 2003.

913	   [I-D.ietf-sipping-ua-prof-framewk-reqs]
914	              Petrie, D. and C. Jennings, "Requirements for SIP User
915	              Agent Profile Delivery Framework",
916	              draft-ietf-sipping-ua-prof-framewk-reqs-00 (work in
917	              progress), March 2003.

919	   [I-D.rosenberg-simple-xcap]
920	              Rosenberg, J., "The Extensible Markup Language (XML)
921	              Configuration Access Protocol (XCAP)",
922	              draft-rosenberg-simple-xcap-00 (work in progress), May
923	              2003.

925	   [I-D.sinnreich-sipdev-req]
926	              Butcher, I., Lass, S., Petrie, D., Sinnreich, H. and C.
927	              Stredicke, "SIP Telephony Device Requirements,
928	              Configuration and Data", draft-sinnreich-sipdev-req-03
929	              (work in progress), February 2004.

931	   [RFC0822]  Crocker, D., "Standard for the format of ARPA Internet
932	              text messages", STD 11, RFC 822, August 1982.

934	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
935	              Requirement Levels", BCP 14, RFC 2119, March 1997.

937	   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol", RFC
938	              2131, March 1997.

940	   [RFC2132]  Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
941	              Extensions", RFC 2132, March 1997.

943	   [RFC2246]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
944	              RFC 2246, January 1999.

946	   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
947	              Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext
948	              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

950	   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
951	              Leach, P., Luotonen, A. and L. Stewart, "HTTP
952	              Authentication: Basic and Digest Access Authentication",
953	              RFC 2617, June 1999.

955	   [RFC2818]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

957	   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
958	              A., Peterson, J., Sparks, R., Handley, M. and E. Schooler,
959	              "SIP: Session Initiation Protocol", RFC 3261, June 2002.

961	   [RFC3263]  Rosenberg, J. and H. Schulzrinne, "Session Initiation
962	              Protocol (SIP): Locating SIP Servers", RFC 3263, June
963	              2002.

965	   [RFC3265]  Roach, A., "Session Initiation Protocol (SIP)-Specific
966	              Event Notification", RFC 3265, June 2002.

968	   [RFC3361]  Schulzrinne, H., "Dynamic Host Configuration Protocol
969	              (DHCP-for-IPv4) Option for Session Initiation Protocol
970	              (SIP) Servers", RFC 3361, August 2002.

972	   [RFC3377]  Hodges, J. and R. Morgan, "Lightweight Directory Access
973	              Protocol (v3): Technical Specification", RFC 3377,
974	              September 2002.

976	   [RFC3617]  Lear, E., "Uniform Resource Identifier (URI) Scheme and
977	              Applicability Statement for the Trivial File Transfer
978	              Protocol (TFTP)", RFC 3617, October 2003.

980	Author's Address

982	   Daniel Petrie
983	   Pingtel Corp.
984	   400 W. Cummings Park
985	   Suite 2200
986	   Woburn, MA  01801
987	   US

989	   Phone: "Dan Petrie (+1 781 938 5306)"<sip:dpetrie@pingtel.com>
990	   EMail: dpetrie@pingtel.com
991	   URI:   http://www.pingtel.com/

993	Appendix A.  Acknowledgments
994	Intellectual Property Statement

996	   The IETF takes no position regarding the validity or scope of any
997	   intellectual property or other rights that might be claimed to
998	   pertain to the implementation or use of the technology described in
999	   this document or the extent to which any license under such rights
1000	   might or might not be available; neither does it represent that it
1001	   has made any effort to identify any such rights.  Information on the
1002	   IETF's procedures with respect to rights in standards-track and
1003	   standards-related documentation can be found in BCP-11.  Copies of
1004	   claims of rights made available for publication and any assurances of
1005	   licenses to be made available, or the result of an attempt made to
1006	   obtain a general license or permission for the use of such
1007	   proprietary rights by implementors or users of this specification can
1008	   be obtained from the IETF Secretariat.

1010	   The IETF invites any interested party to bring to its attention any
1011	   copyrights, patents or patent applications, or other proprietary
1012	   rights which may cover technology that may be required to practice
1013	   this standard.  Please address the information to the IETF Executive
1014	   Director.

1016	   The IETF has been notified of intellectual property rights claimed in
1017	   regard to some or all of the specification contained in this
1018	   document.  For more information consult the online list of claimed
1019	   rights.

1021	Full Copyright Statement

1023	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

1025	   This document and translations of it may be copied and furnished to
1026	   others, and derivative works that comment on or otherwise explain it
1027	   or assist in its implementation may be prepared, copied, published
1028	   and distributed, in whole or in part, without restriction of any
1029	   kind, provided that the above copyright notice and this paragraph are
1030	   included on all such copies and derivative works.  However, this
1031	   document itself may not be modified in any way, such as by removing
1032	   the copyright notice or references to the Internet Society or other
1033	   Internet organizations, except as needed for the purpose of
1034	   developing Internet standards in which case the procedures for
1035	   copyrights defined in the Internet Standards process must be
1036	   followed, or as required to translate it into languages other than
1037	   English.

1039	   The limited permissions granted above are perpetual and will not be
1040	   revoked by the Internet Society or its successors or assignees.

1042	   This document and the information contained herein is provided on an
1043	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
1044	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
1045	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
1046	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
1047	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

1049	Acknowledgment

1051	   Funding for the RFC Editor function is currently provided by the
1052	   Internet Society.