appsawg L. Goix
Internet-Draft Telecom Italia
Intended status: Experimental K. Li
Expires: November 07, 2013 Huawei Technologies
May 06, 2013
ENUM Service Registration for acct URI
draft-goix-appsawg-enum-acct-uri-02
Abstract
This document registers a Telephone Number Mapping (ENUM) service for
'acct:' URIs (Uniform Resource Identifiers).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 07, 2013.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
Goix & Li Expires November 07, 2013 [Page 1]
Internet-Draft Enum Service ACCT URI Registration May 2013
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.1. Routing of mobile social communications . . . . . . . . . 3
3.2. Reverse phone lookup . . . . . . . . . . . . . . . . . . 3
4. IANA Registration . . . . . . . . . . . . . . . . . . . . . . 4
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6. DNS Considerations . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
ENUM (E.164 Number Mapping, [RFC6116]) is a system that uses DNS
(Domain Name Service, [RFC1034]) to translate telephone numbers, such
as '+44 1632 960123', into URIs (Uniform Resource Identifiers,
[RFC3986]), such as 'acct:user@example.com'. ENUM exists primarily
to facilitate the interconnection of systems that rely on telephone
numbers with those that use URIs to identify resources.
[I-D.ietf-appsawg-webfinger] is proposing a generic mechanism to
discover information about resources, including those identified
through an account based on the 'acct:' URI scheme.
[I-D.ietf-appsawg-acct-uri] defines the 'acct' URI scheme as a way to
identify a user's account at a service provider.
This document registers an enumservice for advertising acct URI
information associated with an E.164 number.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Use cases
Goix & Li Expires November 07, 2013 [Page 2]
Internet-Draft Enum Service ACCT URI Registration May 2013
3.1. Routing of mobile social communications
The Open Mobile Alliance (OMA) develops mobile service enabler
specifications, which support the creation of interoperable end-to-
end mobile services independent of the underlying wireless platforms,
such as GSM (Global System for Mobile communications), UMTS
(Universal Mobile Telecommunications System) and CDMA2000 mobile
networks. The OMA Social Network Web (SNeW) Enabler Release
[OMA-SNeW-ER] has introduced a number of Social Networking
functionalities to mobile subscribers identified by their MSISDN
(Mobile Subscriber Integrated Services Digital Network number, a
number uniquely identifying a subscription in a GSM or a UMTS mobile
network), amongst which is the ability to follow each other's social
activities across service providers.
Such functionality requires the global resolution of the MSISDN to
the corresponding account and provider, in an analogous way as MMS
routing, to identify the target endpoint for the related messages.
Although alternatives solutions exist (e.g. based on mobile network
operations and/or proprietary lookup techniques), ENUM provides a
globally accessible mechanism for enabling resolution from network
entities on behalf of an endpoint, or from an endpoint itself.
For example, a user of a service provider could request to follow the
social activities of user '+44 1632 960123', triggering a network
entity to perform an ENUM query, eventually followed by a Webfinger
query, to route this request to the appropriate target provider and
endpoint.
A similar mechanism can apply to other types of social networking-
related messages or other communications targeted to a mobile
subscriber.
3.2. Reverse phone lookup
Yet in another example, an address book endpoint could issue an ENUM
query looking for a user's account to discover additional personal
information about that user given his phone number, such as avatar
and full name.
Similarly, an endpoint could trigger this resolution process during
inbound and/or outbound calls to discover additional personal
information about the remote party.
Goix & Li Expires November 07, 2013 [Page 3]
Internet-Draft Enum Service ACCT URI Registration May 2013
The provision of an ENUM record to map a phone number into an account
may be useful for businesses or professional workers to identify
themselves publicly (in a similar way as vCard enum records), or be
used in conjunction with privacy policies to provide a more
controlled view on some personal details.
4. IANA Registration
As defined in [RFC6117], the following is a template covering
information needed for the registration of the enumservice specified
in this document:
Application-Based, Common
acct
acct
This enumservice indicates that the resource
can be addressed by the associated URI enabling the
use of
to discover additional information.
For DNS considerations in avoiding loops when
searching for "acct" NAPTRs,
see ,
Section 6.
For security considerations,
see ,
Section 7.
COMMON
Laurent-Walter Goix
Telecom Italia
mailto:laurentwalter.goix@telecomitalia.it
Goix & Li Expires November 07, 2013 [Page 4]
Internet-Draft Enum Service ACCT URI Registration May 2013
2013-05-06
[Note for RFC-Editor: Please replace any instance of rfcTHIS with the
RFC number of this document before publication]
5. Examples
The following is an example of the use of the enumservice registered
by this document in a NAPTR resource record for phone number +44 1632
960123.
$ORIGIN 3.2.1.0.6.9.2.3.6.1.4.4.e164.arpa.
IN NAPTR 10 100 "u" "E2U+acct" "!^.*$!acct:441632960123@foo.com!" .
IN NAPTR 10 101 "u" "E2U+acct" "!^.*$!acct:john.doe@example.com!" .
Note that in the first record, the revealed information is limited to
the domain of the service provider serving that user a the userpart
of the acct URI simply replicates the phone number.
6. DNS Considerations
There may not be any "E2U+acct" NAPTRs returned in response to the
original ENUM query on the requested telephone number, but other
terminal ENUM NAPTRs that include tel: URLs [RFC3966] (e.g.,
"voice:tel" or "pstn:tel" or "SMS:tel" or "MMS:tel" - see [RFC6118])
may be present.
The application that made that ENUM query may choose to re-submit
ENUM queries for any E.164 numbers included in those returned
terminal NAPTRs. Doing so may cause a query loop (e.g., the ENUM
records returned from subsequent queries may refer to the telephone
number already considered). If applications choose to perform
subsequent ENUM queries using telephone numbers retrieved from
earlier queries, these applications MUST be aware of the potential
for query loops, and MUST be prepared to abort the set of queries if
such a loop is detected.
Goix & Li Expires November 07, 2013 [Page 5]
Internet-Draft Enum Service ACCT URI Registration May 2013
This is a similar issue to the referential loop issue caused by
processing non-terminal NAPTR queries, as mentioned in section 5.2.1
of [RFC6116], and a similar technique to mitigate this issue can be
used; an application searching for records with "acct" Enumservice
may consider that submitting a chain of more that 5 ENUM queries
without finding such a record indicates that a referential loop has
been entered, and the chain of queries SHOULD be abandoned.
7. Security Considerations
DNS, as used by ENUM, is a global, distributed database. Should
implementers of this specification use e164.arpa or any other
publicly available domain as the tree for maintaining PSTN
enumservice data, this information would be visible to anyone
anonymously.
As noted earlier, carriers, service providers, and other users may
choose not to publish such information in the public e164.arpa tree.
They may instead simply publish this in an internal ENUM
infrastructure that is only able to be queried by trusted elements of
their network, thus limiting threats.
Per se, this enumservice does not introduce specific security
considerations beyond [RFC6116], section 7. However, it has to be
acknowledged that the proposed enumservice could lead to the
discovery or disclosure of Personally Identifiable Information (PII)
when used in combination with the WebFinger protocol. Please see
[I-D.ietf-appsawg-webfinger] , section 8 for additional information
regarding WebFinger security.
Linking telephone numbers to Personally Identifiable Information
(PII) is a very sensitive topic, because it provides a "reverse
lookup" from the phone number to its owner. Publication of such PII
is covered by data-protection law in many legislations. In most
cases, the explicit consent of the affected individual is required.
Users MUST therefore carefully consider the information provided in
the resource identified by the ENUM record as well as in the record
itself. Considerations SHOULD include serving information only to
entities of the user's choice and/or limiting the comprehension of
the information provided based on the identity of the requestor.
Goix & Li Expires November 07, 2013 [Page 6]
Internet-Draft Enum Service ACCT URI Registration May 2013
It is important to remind that the ENUM record itself does not need
to contain any personal information but only contains a pointer to an
account identifier. This identifier may be queried through the
Webfinger protocol to discover pointers to personal information (e.g.
social network information) and an authorisation mechanism may be in
place in that context with any level of granularity although it is
out of scope of this document.
Technically, ENUM records themselves could contain pointers to the
same endpoints discoverable through Webfinger. However the
visibility of ENUM records cannot be controlled based on the
requesting entity. In that context the simple mapping of the phone
number to the account identifier, notwithstanding the disclosure of
the association itself, still enables the reuse of more advanced
access policies.
8. IANA Considerations
This document requests the IANA registration of the enumservice with
Type "acct" according to the definitions in this document, [RFC6116]
and [RFC6117].
Details of the registration are given in Section 4.
9. Acknowledgements
The authors would like to thank Gonzalo Salgueiro, Paul Jones,
Lawrence Conroy, Enrico Marocco, Bert Greevenbosch and Bernie
Hoeneisen for their valuable feedback to improve this document.
10. References
10.1. Normative References
[I-D.ietf-appsawg-acct-uri]
Saint-Andre, P., "The 'acct' URI Scheme", draft-ietf-
appsawg-acct-uri-04 (work in progress), May 2013.
[I-D.ietf-appsawg-webfinger]
Jones, P., Salgueiro, G., and J. Smarr, "WebFinger",
draft-ietf-appsawg-webfinger-13 (work in progress), April
2013.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Goix & Li Expires November 07, 2013 [Page 7]
Internet-Draft Enum Service ACCT URI Registration May 2013
[RFC2617] Franks, J., Hallam-Baker, P.M., Hostetler, J.L., Lawrence,
S.D., Leach, P.J., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC
3966, December 2004.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005.
[RFC6116] Bradner, S., Conroy, L., and K. Fujiwara, "The E.164 to
Uniform Resource Identifiers (URI) Dynamic Delegation
Discovery System (DDDS) Application (ENUM)", RFC 6116,
March 2011.
[RFC6117] Hoeneisen, B., Mayrhofer, A., and J. Livingood, "IANA
Registration of Enumservices: Guide, Template, and IANA
Considerations", RFC 6117, March 2011.
[RFC6118] Hoeneisen, B. and A. Mayrhofer, "Update of Legacy IANA
Registrations of Enumservices", RFC 6118, March 2011.
10.2. Informative References
[OMA-SNeW-ER]
Open Mobile Alliance, "Social Network Web Enabler", OMA-
ER-SNeW-V1_0 20130408-D, Apr 2013.
Authors' Addresses
Laurent-Walter Goix
Telecom Italia
P.za Einaudi, 8
Milano 20124
Italy
Email: laurentwalter.goix@telecomitalia.it
Goix & Li Expires November 07, 2013 [Page 8]
Internet-Draft Enum Service ACCT URI Registration May 2013
Kepeng Li
Huawei Technologies
Huawei Base, Bantian, Longgang District
Shenzhen 518129
P. R. China
Phone: +86-755-28971807
Email: likepeng@huawei.com
Goix & Li Expires November 07, 2013 [Page 9]