SIPPINGNetwork Working Group G. CamarilloInternet-DraftRequest for Comments: 5366 EricssonIntended status:Category: Standards Track A. JohnstonExpires: May 16, 2008AvayaNovember 13, 2007October 2008 Conference Establishment Using Request-Contained Lists in the Session Initiation Protocol (SIP)draft-ietf-sip-uri-list-conferencing-02.txtStatus ofthisThis MemoBy submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents ofThis document specifies an Internet standards track protocol for the InternetEngineering Task Force (IETF), its areas,community, andits working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents validrequests discussion and suggestions fora maximumimprovements. Please refer to the current edition ofsix monthsthe "Internet Official Protocol Standards" (STD 1) for the standardization state andmay be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The liststatus ofcurrent Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The listthis protocol. Distribution ofInternet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 16, 2008. Copyright Notice Copyright (C) The IETF Trust (2007).this memo is unlimited. Abstract This document describes how to create a conference using SIP URI-list services. In particular, it describes a mechanism that allows auser agent clientUser Agent Client to provide a conference server with the initial list of participants using an INVITE-containedURI-list.URI list. Table of Contents 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3....................................................2 2. Terminology. . . . . . . . . . . . . . . . . . . . . . . . . 3.....................................................2 3. User Agent Client Procedures. . . . . . . . . . . . . . . . . 3....................................2 3.1. Response Handling. . . . . . . . . . . . . . . . . . . . 4..........................................2 3.2. Re-INVITE Request Generation. . . . . . . . . . . . . . . 4...............................3 4. URI-List Document Format. . . . . . . . . . . . . . . . . . . 4........................................3 5. Conference Server Procedures. . . . . . . . . . . . . . . . . 6....................................5 5.1. Re-INVITE Request Handling. . . . . . . . . . . . . . . . 7.................................6 6. Example. . . . . . . . . . . . . . . . . . . . . . . . . . . 7.........................................................6 7. Security Considerations. . . . . . . . . . . . . . . . . . . 11........................................10 8. IANA Considerations. . . . . . . . . . . . . . . . . . . . . 11............................................10 9.Acknowledges . . . . . . . . . . . . . . . . . . . . . . . . . 12Acknowledgments ................................................11 10. References. . . . . . . . . . . . . . . . . . . . . . . . . . 12....................................................11 10.1. Normative References. . . . . . . . . . . . . . . . . . . 12.....................................11 10.2. Informative References. . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 14...................................12 1. Introduction Section 5.4 of [RFC4579] describes how to create a conference usingad-hocad hoc SIP [RFC3261] methods. The client sends an INVITE request to a conference factory URI and receives the actual conference URI, which contains the "isfocus" feature tag, in the Contact header field of a response--- typically a 200 (OK) response. Once the UAC (User Agent Client) obtains the conference URI, it can add participants to the newly created conference in several ways, which are described in [RFC4579]. Some environments have tough requirements regarding conference establishment time. They require the UAC to be able to request the creation of anad-hocad hoc conference and to provide the conference server with the initial set of participants in a single operation. This document describes how to meet this requirement using the mechanism to transportURI-listsURI lists in SIP messages described in[I-D.ietf-sipping-uri-services].[RFC5363]. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. User Agent Client Procedures A UAC that wants to include the set of initial participants in its initial INVITE request to create anad-hoc conference,ad hoc conference adds a body whose disposition type is 'recipient-list', as defined in[I-D.ietf-sipping-uri-services],[RFC5363], with aURI-listURI list that contains the participants that the UAC wants the conference server to invite. Additionally, the UAC MUST include the 'recipient-list-invite'option-tag, whichoption-tag (which is registered with the IANA in Section88) in a Require header field. The UAC sends this INVITE request to the conference factory URI. The INVITE transaction is also part of an offer/answer exchange that will establish a session between the UAC and the conference server, as specified in [RFC4579]. Therefore, the INVITE request may need to carry a multipart body: a session description and a URI list. 3.1. Response Handling The status code in the response to the INVITE request does not provide any information about whether or not the conference server was able to bring the users in theURI-listURI list into the conference. That is, a 200 (OK) response means that the conference was created successfully, that the UAC that generated the INVITE request is in the conference, and that the server understood theURI-list.URI list. If the UAC wishes to obtain information about the status of other users in theconferenceconference, it SHOULD use general conference mechanisms, such as the conference package, which is defined in [RFC4575]. 3.2. Re-INVITE Request Generation The previous sections have specified how to include aURI-listURI list in an initial INVITE request to a conference server. Once the INVITE- initiated dialog between the UAC and the conference server has been established, the UAC can send subsequent INVITE requests (typically referred to as re-INVITE requests) to the conference server to, for example, modify the characteristics of the media exchanged with the server. At this point, there are no semantics associated withresource-list'recipient- list' bodies in re-INVITE requests (although future extensions may define them). Therefore, UACs SHOULD NOT includeresource-list'recipient-list' bodies in re-INVITE requests sent to a conference server. Note that a difference between an initial INVITE request and are- INVITEre-INVITE request is that while the initial INVITE request is sent to the conference factory URI, the re-INVITE request is sent to the URI provided by the server in a Contact header field when the dialog was established. Therefore, from the UAC's point of view, the resource identified by the former URI supports 'recipient- list'bodiesbodies, while the resource identified by the latter does not support them. 4. URI-List Document Format As described in[I-D.ietf-sipping-uri-services],[RFC5363], specifications of individual URI-list services, like the conferencing service described here, need to specify a default format for 'recipient-list' bodies used within the particular service. The default format for 'recipient-list' bodies for conferencing UAs (User Agents) is the XML resource list format (which is specified in [RFC4826]) extended with theXML"Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in ResourceLists (which is specified in [I-D.ietf-sipping-capacity-attribute]).Lists" [RFC5364]. Consequently, conferencing UACs generating'recipient-list''recipient- list' bodies MUST support both of these formats and MAY support other formats. Conferencing servers able to handle 'recipient-list' bodies MUST support both of these formats and MAY support other formats. As described inthe XML"Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in ResourceLists (which is specified in [I-D.ietf-sipping-capacity-attribute]),Lists" [RFC5364], each URI can be tagged with a 'copyControl' attribute set to either "to", "cc", or "bcc", indicating the role in which the recipient will get the INVITE request. Additionally, URIs can be tagged with the 'anonymize' attribute to preventthatthe conference serverdisclosesfrom disclosing the target URI in aURI-list.URI list. In addition,the XML"Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in ResourceLists (which is specified in [I-D.ietf-sipping-capacity-attribute])Lists" [RFC5364] defines a'recipient-list- history''recipient-list-history' body that contains the list of recipients. The default format for 'recipient-list-history' bodies for conferencing UAs is also the XML resource list document format specified in [RFC4826] extended withthe XML"Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in ResourceLists specified in [I-D.ietf-sipping-capacity-attribute].Lists" [RFC5364]. Consequently, conferencing UACs able to generate 'recipient-list-history' bodies MUST support these formats and MAY support others. Conferencing UAs able to understand 'recipient-list-history' MUST support these formats and MAY support others. Conferencing servers able to handle 'recipient-list-history'list- history' bodies MUST support these formats and MAY support others. Nevertheless, the XML resource list document specified in [RFC4826] provides features, such as hierarchical lists and the ability to include entries by reference relative to theXCAPXML Configuration Access Protocol (XCAP) root URI, that are not needed by the conferencing service defined in this document, which only needs to transfer a flat list of URIs between a UA (User Agent) and the conference server. Therefore, when using the default resource list document, conferencing UAs SHOULD use flat lists (i.e., no hierarchical lists) and SHOULD NOT use <entry-ref> elements. A conference factory application receiving aURI-listURI list with more information than what has just been described MAY discard all the extra information. Figure 1 shows an example of a flat list that follows the XML resource list document (specified in [RFC4826]) extended withthe XML"Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in ResourceLists (specified in [I-D.ietf-sipping-capacity-attribute]).Lists" [RFC5364]. <?xml version="1.0" encoding="UTF-8"?> <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists" xmlns:cp="urn:ietf:params:xml:ns:copycontrol"> <list> <entry uri="sip:bill@example.com" cp:copyControl="to" /> <entry uri="sip:joe@example.org" cp:copyControl="cc" /> <entry uri="sip:ted@example.net" cp:copyControl="bcc" /> </list> </resource-lists> Figure 1:URI-ListURI list 5. Conference Server Procedures Conference servers that are able to receive and process INVITE requests with a 'recipient-list' body SHOULD include a 'recipient- list-invite' option-tag in a Supported header field when responding to OPTIONS requests. On reception of an INVITE request containing a 'recipient-list' body as described in Section 3, a conference server MUST follow the rules described in [RFC4579] to createad-hocad hoc conferences. Once thead-hocad hoc conference is created, the conference server SHOULD attempt to add the participants in theURI-listURI list to the conference as if their addition had been requested using any of the methods described in [RFC4579]. The INVITE transaction is also part of an offer/answer exchange that will establish a session between the UAC and the conference server, as specified in [RFC4579]. Therefore, the INVITE request may carry a multipart body: a session description and a URI list. Once the conference server has created thead-hocad hoc conference and has attempted to add the initial set of participants, the conference server behaves as a regular conference server and MUST follow the rules in [RFC4579]. The incoming INVITE request will contain a URI-list body or reference (as specified in[I-D.ietf-sipping-uri-services])[RFC5363]) with the actual list of recipients. If thisURI-listURI list includes resources tagged with the 'copyControl' attribute set to a value of "to" or "cc", the conference server SHOULD include aURI-listURI list in each of the outgoing INVITE requests. This list SHOULD be formatted according to the XML format for representing resource lists (specified in [RFC4826]) and the copyControl extension specified in[I-D.ietf-sipping-capacity-attribute].[RFC5364]. The URI-list service MUST follow the procedures specified in[I-D.ietf-sipping-capacity-attribute][RFC5364] with respect to the handling of the 'anonymize','count''count', and 'copyControl' attributes. If the conference server includes aURI-listURI list in an outgoing INVITE request, it MUST include a Content-Disposition header field (which is specified in [RFC2183]) with the value set to 'recipient-list- history' and a 'handling' parameter (as specified in [RFC3204]) set to "optional". 5.1. Re-INVITE Request Handling At this point, there are no semantics associated withresource-list'recipient- list' bodies in re-INVITE requests (although future extensions may define them). Therefore, a conference server receiving a re-INVITE request with aresource-list'recipient-list' body and, consequently, a'recipient-list- invite''recipient-list-invite' option-tag, following standard SIP procedures, rejects it with a 420 (Bad Extension), which carries an Unsupported header field listing the 'recipient-list-invite'option-tag.option- tag. This is because the resource identified by the conference URI does not actually support this extension. On the other hand, the resource identified by the conference factory URI does support this extension and, consequently, would include the 'recipient- list-invite' option-tag in, for example, responses to OPTIONS requests. 6. Example Figure 2 shows an example of operation. A UAC sends an INVITE request (F1) that contains an SDP body and aURI-listURI list to the conference server. The conference server answers with a 200 (OK) response and generates an INVITE request to each of the UASs(USer(User Agent Servers)identifiesidentified by the URIs included in theURI-list.URI list. The conference server includes SDP and a manipulatedURI-listURI list in each of the outgoing INVITE requests. +--------+ +---------+ +--------+ +--------+ +--------+ |SIP UAC | | confer. | |SIP UAS | |SIP UAS | |SIP UAS | | | | server | | 1 | | 2 | | n | +--------+ +---------+ +--------+ +--------+ +--------+ | | | | | |F1.F1 INVITE | | | | | ---------------->| | | | |F2.F2 200 OK | | | | |<---------------- |F3.F3 INVITE | | | | | ------------->| | | | |F4.F4 INVITE | | | | | ------------------------>| | | |F5.F5 INVITE | | | | | ----------------------------------->| | |F6.F6 200 OK | | | | |<------------- | | | | |F7.F7 200 OK | | | | |<------------------------ | | | |F8.F8 200 OK | | | | |<----------------------------------- | | | | | | | | | | | | | | | | Figure 2: Example of operation Figure 3 shows an example of the INVITE request F1, which carries a multipart/mixed body composed of two other bodies: an application/sdp body that describes the session and an application/resource-lists+xml body that contains the list of target URIs. INVITE sip:conf-fact@example.com SIP/2.0 Via: SIP/2.0/TCP atlanta.example.com ;branch=z9hG4bKhjhs8ass83 Max-Forwards: 70 To: "Conf Factory" <sip:conf-fact@example.com> From: Alice <sip:alice@example.com>;tag=32331 Call-ID: d432fa84b4c76e66710 CSeq: 1 INVITE Contact: <sip:alice@atlanta.example.com> Allow: INVITE, ACK, CANCEL, BYE, REFER Allow-Events: dialog Accept: application/sdp, message/sipfrag Require: recipient-list-invite Content-Type: multipart/mixed;boundary="boundary1" Content-Length: 690 --boundary1 Content-Type: application/sdp v=0 o=alice 2890844526 2890842807 IN IP4 atlanta.example.com s=- c=IN IP4 192.0.2.1 t=0 0 m=audio 20000 RTP/AVP 0 a=rtpmap:0 PCMU/8000 m=video 20002 RTP/AVP 31 a=rtpmap:31 H261/90000 --boundary1 Content-Type: application/resource-lists+xml Content-Disposition: recipient-list <?xml version="1.0" encoding="UTF-8"?> <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists" xmlns:cp="urn:ietf:params:xml:ns:copyControl"> <list> <entry uri="sip:bill@example.com" cp:copyControl="to" /> <entry uri="sip:randy@example.net" cp:copyControl="to" cp:anonymize="true"/> <entry uri="sip:eddy@example.com" cp:copyControl="to" cp:anonymize="true"/> <entry uri="sip:joe@example.org" cp:copyControl="cc" /> <entry uri="sip:carol@example.net" cp:copyControl="cc" cp:anonymize="true"/> <entry uri="sip:ted@example.net" cp:copyControl="bcc" /> <entry uri="sip:andy@example.com" cp:copyControl="bcc" /> </list> </resource-lists> --boundary1-- Figure 3: INVITE request received at the conference server The INVITE requests F3, F4, and F5 are similar in nature. All those INVITE requests contain a multipart/mixed bodywhichthat is composed of two other bodies: an application/sdp body describing the session and an application/resource-lists+xml containing the list of recipients. The application/resource-lists+xml bodies are not equal to the application/resource-lists+xml included in the received INVITE request F1, because the conference server has anonymized those URIs tagged with the 'anonymize' attribute and has removed those URIs tagged with a "bcc" 'copyControl' attribute. Figure 4 shows an example of the message F3. INVITE sip:bill@example.com SIP/2.0 Via: SIP/2.0/TCP conference.example.com ;branch=z9hG4bKhjhs8as454 Max-Forwards: 70 To: <sip:bill@example.com> From: Conference Server <sip:conf34@example.com>;tag=234332 Call-ID: 389sn189dasdf CSeq: 1 INVITE Contact: <sip:conf34@conference.example.com>;isfocus Allow: INVITE, ACK, CANCEL, BYE, REFER Allow-Events: dialog, conference Accept: application/sdp, message/sipfragRequire: recipient-list-inviteContent-Type: multipart/mixed;boundary="boundary1" Content-Length: 690 --boundary1 Content-Type: application/sdp v=0 o=conf 2890844343 2890844343 IN IP4 conference.example.com s=- c=IN IP4 192.0.2.5 t=0 0 m=audio 40000 RTP/AVP 0 a=rtpmap:0 PCMU/8000 m=video 40002 RTP/AVP 31 a=rtpmap:31 H261/90000 --boundary1 Content-Type: application/resource-lists+xml Content-Disposition: recipient-list-history; handling=optional <?xml version="1.0" encoding="UTF-8"?> <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists" xmlns:cp="urn:ietf:params:xml:ns:copycontrol"> <list> <entry uri="sip:bill@example.com" cp:copyControl="to" /> <entry uri="sip:anonymous@anonymous.invalid" cp:copyControl="to" cp:count="2"/> <entry uri="sip:joe@example.org" cp:copyControl="cc" /> <entry uri="sip:anonymous@anonymous.invalid" cp:copyControl="cc" cp:count="1"/> </list> </resource-lists> --boundary1-- Figure 4: INVITE request sent by the conference server 7. Security Considerations This document discusses setup of SIP conferences using a request- containedURI-list.URI list. Both conferencing andURI-listsURI-list services have specific securityrequirementsrequirements, whichwill beare summarized here. Conferences generally have authorization rules about who can or cannot join a conference, what type of media can or cannot be used, etc. This information is used by the focus to admit or deny participation in a conference. It is RECOMMENDED that these types of authorization rules be used to provide security for a SIP conference. For this authorization information to be used, the focus needs to be able to authenticate potential participants. Normal SIPmechanismsmechanisms, including Digest authentication andcertificatescertificates, can be used. Theseconference specificconference-specific security requirements are discussed further in the requirements and frameworkdocuments.documents -- [RFC4245] and [RFC4353]. For conference creation using a list, there are some additional security considerations.The Framework"Framework and Security Considerations forSIPSession Initiation Protocol (SIP) URI-ListServices (which is documented in [I-D.ietf-sipping-uri-services])Services" [RFC5363] discusses issues related to SIPURI- listURI-list services. Given that a conference server sending INVITE requests to a set of users acts asana URI-list service, implementations of conference servers that handle lists MUST follow the security-related rules in[I-D.ietf-sipping-uri-services].[RFC5363]. These rules include opt-in lists and mandatory authentication and authorization ofclients, and opt-in lists.clients. 8. IANA Considerations This document defines the 'recipient-list-invite' SIP option-tag. Itshould behas been registered in the Option Tags subregistry under the SIP parameter registry. The following is the descriptionto beused in theregistration.registration: +------------------------+------------------------------+-----------+ | Name | Description | Reference | +------------------------+------------------------------+-----------+ | recipient-list-invite | The body contains a list of |[RFCXXXX][RFC5366] | | | URIs that indicates the | | | | recipients of the SIP INVITE | | | | request | | +------------------------+------------------------------+-----------+ Table 1: Registration of the 'recipient-list-invite'Option-Tagoption-tag in SIPNote to IANA and the RFC editor: replace RFCXXXX above with the RFC number of this specification.9.AcknowledgesAcknowledgments Cullen Jennings, Hisham Khartabil, Jonathan Rosenberg, and Keith Drage provided useful comments on this document. Miguel Garcia- Martin assembled the dependencies to the 'copyControl' attribute extension. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2183] Troost, R., Dorner, S., and K. Moore, Ed., "Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field", RFC 2183, August 1997. [RFC3204] Zimmerer, E., Peterson, J., Vemuri, A., Ong, L., Audet, F., Watson, M., and M. Zonoun, "MIME media types for ISUP and QSIG Objects", RFC 3204, December 2001. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC4579] Johnston, A. and O. Levin, "Session Initiation Protocol (SIP) Call Control - Conferencing for User Agents", BCP 119, RFC 4579, August 2006. [RFC4826] Rosenberg, J., "Extensible Markup Language (XML) Formats for Representing Resource Lists", RFC 4826, May 2007.[I-D.ietf-sipping-uri-services][RFC5363] Camarillo, G. and A. Roach, "Framework and Security Considerations for Session Initiation Protocol (SIP)Uniform Resource Identifier (URI)-ListURI- List Services",draft-ietf-sipping-uri-services-06 (work in progress), September 2006. [I-D.ietf-sipping-capacity-attribute]RFC 5363, October 2008. [RFC5364] Garcia-Martin, M. and G. Camarillo, "Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists",draft-ietf-sipping-capacity-attribute-04 (work in progress), March 2007.RFC 5364, October 2008. 10.2. Informative References [RFC4245] Levin, O. and R. Even, "High-Level Requirements for Tightly Coupled SIP Conferencing", RFC 4245, November 2005. [RFC4353] Rosenberg, J., "A Framework for Conferencing with the Session Initiation Protocol (SIP)", RFC 4353, February 2006. [RFC4575] Rosenberg, J., Schulzrinne, H., and O. Levin, Ed., "A Session Initiation Protocol (SIP) Event Package for Conference State", RFC 4575, August 2006. Authors' Addresses Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas 02420 FinlandEmail:EMail: Gonzalo.Camarillo@ericsson.com Alan Johnston Avaya St. Louis, MO 63124 USAEmail:EMail: alan@sipstation.com Full Copyright Statement Copyright (C) The IETF Trust(2007).(2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).