Internet DRAFT - draft-boulton-dispatch-conference-control-package

draft-boulton-dispatch-conference-control-package






DISPATCH Working Group                                        C. Boulton
Internet-Draft                                           NS-Technologies
Intended status: Standards Track                               M. Barnes
Expires: January 16, 2014                                        Polycom
                                                           July 15, 2013


An XCON Client Conference Control Package for the Media Control Channel
                               Framework
          draft-boulton-dispatch-conference-control-package-01

Abstract

   The Centralized Conferencing (XCON) framework defines a model whereby
   client initiated interactions are required for creation, deletion,
   manipulation and querying the state of a of conference.  This
   document defines a Media Control Channel Package for XCON
   conferencing client initiated Conference Control.  The Package is
   based on the Media Control Channel Framework, which is also used for
   media server control, thus optimizing the implementation for some
   entities participating in an XCON system.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 16, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents



Boulton & Barnes        Expires January 16, 2014                [Page 1]

Internet-Draft         Conference Control Package              July 2013


   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Conventions  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   4.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  4
   5.  Control Package Detail . . . . . . . . . . . . . . . . . . . .  6
     5.1.  Control Package Name . . . . . . . . . . . . . . . . . . .  6
     5.2.  Framework Message Usage  . . . . . . . . . . . . . . . . .  6
     5.3.  Common XML Support . . . . . . . . . . . . . . . . . . . .  6
     5.4.  Control Message Bodies . . . . . . . . . . . . . . . . . .  6
     5.5.  REPORT Message Bodies  . . . . . . . . . . . . . . . . . .  7
     5.6.  Examples . . . . . . . . . . . . . . . . . . . . . . . . .  7
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
     6.1.  Control Package Registration . . . . . . . . . . . . . . .  7
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . .  9
   9.  Change History . . . . . . . . . . . . . . . . . . . . . . . .  9
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 10
     10.2. Informative References . . . . . . . . . . . . . . . . . . 10
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10






















Boulton & Barnes        Expires January 16, 2014                [Page 2]

Internet-Draft         Conference Control Package              July 2013


1.  Introduction

   The Conference Control Manipulation Protocol (CCMP) [RFC6503]
   provides a standards based mechanism to enable third party conference
   clients participating to interoperate with conference servers and
   manipulate conference parameters using HTTP as a transport.  A Data
   Model [RFC6501] provides the data associated with a conference
   instance that is the target for the CCMP protocol operations.

   A Control Channel Framework [RFC6230] has been created based on the
   Session Initiation protocol (SIP).  It uses SIP to setup, maintain
   and terminate a reliable control channel for the purpose of
   exchanging control based interactions.  While the control of media
   was the original problem domain for which this framework was
   developed, the Control Framework provides an extension template for
   creating extensions that specify the semantic detail associated with
   the control channel operations.  The extension documents are known as
   Control Packages and an example is the 'Basic Mixer Control Package'
   [RFC6505].

   This document will specify a Control Package for XCON conference
   control using the SIP Control Framework.  The target for these
   operations is the same data, associated with conference instances per
   the data model, as CCMP.  It should be noted that this mechanism is a
   complementary approach to CCMP [RFC6503].  In fact this specification
   simply provides a different transport mechanism.  While the use of
   HTTP as a transport for CCMP is ideal for certain network deployments
   (for example Service Orientated Architectures), it is important to
   offer an alternative access method for clients with non SOA based
   technologies.

   The Media Control Channel Framework provides the ideal mechanism for
   reliably exchanging control messages between a conferencing client
   and conference server.  It provides inherent properties such as:

   o  Reliable delivery of control messages.
   o  Lightweight Protocol Data Units (PDU).
   o  Linked asynchronous transactional mechanism.
   o  Asynchronous event mechanism.

   The SIP Control Framework uses SIP as its overlying rendezvous
   mechanism.  This provides all the inherent benefits like:

   o  SIP Service Location - Use SIP Proxies or Back-to-Back User Agents
      for discovering Control Servers.
   o  SIP Security Mechanisms - Leverage established security mechanisms
      such as Transport Layer Security (TLS) and Client Authentication.




Boulton & Barnes        Expires January 16, 2014                [Page 3]

Internet-Draft         Conference Control Package              July 2013


   o  Connection Maintenance - The ability to re-negotiate a connection,
      ensure it is active, audit parameters, and so forth.
   o  Agnostic - Allows for ease of extension.

   Not only is the Media Control Channel Framework an ideal mechanism
   for controlling conference instances by participating clients, it
   also provides the property of re-use by conferencing systems of
   functionality implemented for controlling Media Servers etc.  This
   includes re-using the SIP stack for control channel setup as well as
   the Control Channel Framework stack for receiving/sending the PDUs
   for multiple control packages in a conference system.


2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].


3.  Terminology

   This document reuses the terminology defined and used in the
   framework and data model for centralized conferencing [RFC5239],
   [RFC6501] and [RFC6503] .


4.  Overview

   The use of the Media Control Channel Framework offers an ideal
   mechanism for creating, deleting and manipulating XCON conference
   instances by participating clients.  As the Control Channel Framework
   is a generic mechanism, this section provides non-normative detail
   showing how the Control Channel Framework can be applied to this
   particular use-case.

   In [RFC6230], two distinct roles are defined - A Control Client and a
   Control Server.  Such roles are interchangeable between entities
   within a session depending on package requirements.  A simple diagram
   is illustrated in Figure 1











Boulton & Barnes        Expires January 16, 2014                [Page 4]

Internet-Draft         Conference Control Package              July 2013


          +--------------SIP Traffic--------------+
          |                                       |
          v                                       v
       +-----+                                 +--+--+
       | SIP |                                 | SIP |
       |Stack|                                 |Stack|
   +---+-----+---+                         +---+-----+---+
   |   Control   |                         |   Control   |
   |   Client    |<----Control Channel---->|   Server    |
   +-------------+                         +-------------+




                       Figure 1: Basic Architecture

   The XCON Conference Control package will cast a participating
   compliant XCON conferencing client that wishes to control a
   conference instance as a Control Client as defined in the SIP Control
   Framework.  The conferencing client will have permission to generate
   and issue commands in CONTROL messages as defined in Section 5.2 of
   this document.  It will also have the ability to receive responses to
   Conference Package CONTROL requests that are contained in either
   appropriate responses or subsequent REPORT messages, also specified
   in Section 5.2.  The previous diagram can be updated as illustrated
   in Figure 2.


          +--------------SIP Traffic--------------+
          |                                       |
          v                                       v
       +-----+                                 +--+--+
       | SIP |                                 | SIP |
       |Stack|                                 |Stack|
   +---+-----+---+                         +---+-----+---+
   |   XCON      |                         |   XCON      |
   |Conferencing |                         | Conference  |
   |   Client    |<----Control Channel---->|   Server    |
   +-------------+                         +-------------+



                 Figure 2: Conference Control Architecture

   The specific format of the conference control messages and responses
   are defined in Section 5.4 and Section 5.5.  They content of the
   control messages and responses is in the format specified in CCMP
   [RFC6503].  This allows a conferencing client to manage the same data



Boulton & Barnes        Expires January 16, 2014                [Page 5]

Internet-Draft         Conference Control Package              July 2013


   and message format independent of whether CCMP or the Control
   Framework messages are used to transport the information.


5.  Control Package Detail

   The Media Control Channel Framework defines rules that Control
   Package extensions must provide mandatory information as described in
   section 10 of [RFC6230].  This section fulfils the obligation.

5.1.  Control Package Name

   The SIP Control Framework requires a Control Package definition to
   specify and register a unique package name.  The name and version of
   this Control Package is "xcon-conf-control/1.0".

5.2.  Framework Message Usage

   The Conference Control package uses the XML schema defined in CCMP
   [RFC6503].  To maintain the consistency with the design of the XML
   schema, the SIP Control Framework messages will be applied in a
   similar manner.  The CONTROL message will be used to contain requests
   that enable conference manipulation - as specified in Section 5.4 and
   can only be sent from the conferencing client to a conference server.
   Responses, as specified in Section 5.5, can only be sent from the
   conference server to the conferencing client that initiated the
   request.  Depending on the time it takes to process the request (as
   specified in [RFC6230]), responses can either be contained in a
   Control Framework 200 response or subsequent REPORT method.

5.3.  Common XML Support

   The Control Framework requires a Control Package definition to
   specify if the attributes for media dialog or conference references
   are required.

   This package requires that the XML Schema in Section 16.1 of
   [RFC6230] MUST NOT be supported for media dialogs and conferences.
   But rather this package SHOULD use the XML schema as defined in
   [RFC6503], which is the same schema used for CCMP.

5.4.  Control Message Bodies

   A valid CONTROL body message MUST conform to the XML schema defined
   in [RFC6503] for the conference control.  To be precise, the CONTROL
   message body MUST comply only to the 'ccmp-request-type' complexType.





Boulton & Barnes        Expires January 16, 2014                [Page 6]

Internet-Draft         Conference Control Package              July 2013


5.5.  REPORT Message Bodies

   A valid CONTROL body message MUST conform to the XML schema defined
   in [RFC6503].  To be precise, the REPORT message body MUST comply
   only to the 'ccmp-response-type' complexType.

5.6.  Examples

   TODO


6.  IANA Considerations

6.1.  Control Package Registration

   This section registers a new Media Control Channel Framework package,
   per the instructions in Section 12.1 of [RFC6230].

   To: ietf-sip-control@iana.org Subject: Registration of new Media
   Control Channel Framework package Package Name: xcon-conf-control/1.0
   [NOTE TO IANA/RFC-EDITOR: Please replace XXXX with the RFC number for
   this specification.]  Published Specification(s): RFCXXXX Person &
   email address to contact for further information: IETF, DISPATCH
   working group, (dispatch@ietf.org), Mary Barnes
   (mary.ietf.barnes@gmail.com).


7.  Security Considerations

   As this Control Package processes XML markup, implementations MUST
   address the security considerations of [RFC3203].

   As a Control Package of the Media Control Channel Framework,
   security, confidentiality, and integrity of messages transported over
   the Control Channel MUST be addressed as described in Section 12 of
   the Media Control Channel Framework [RFC6230], including transport-
   level protection, Control Channel policy management, and session
   establishment.

   The Framework for Centralized Conferencing [RFC5239] specifies that
   the protocols used for manipulation and retrieval of confidential
   information MUST support a confidentiality and integrity mechanism.
   The XCON Data model [RFC6501] describes the requirements for ensuring
   the conference data is secured by the conference server (section 8).
   To support the confidentiality and integrity requirements, all
   conference control information included in the package defined in
   this document MUST have transport level protection; see [RFC6230],
   section 12.2 for further details on this topic.  Adequate transport



Boulton & Barnes        Expires January 16, 2014                [Page 7]

Internet-Draft         Conference Control Package              July 2013


   protection and authentication are critical, especially when the
   implementation is deployed in open networks.  If the implementation
   fails to correctly address these issues, it risks exposure to
   malicious attacks, including (but not limited to):

      Denial of Service: An attacker could insert a request message into
      the transport stream causing specific conferences on the
      conference server to be deleted.  For example, a confRequest
      message with an operation of "delete" with a "<confObjID>" of
      "xcon:XXXX@example.com", where the value of "XXXX" could be
      guessed or discovered by registering for the 'conference'
      [RFC4575].  Likewise, an attacker could impersonate the conference
      server and insert error responses into the transport stream
      thereby denying the conferencing client access to package
      capabilities.
      Resource Exhaustion: An attacker could insert into the Control
      Channel new request messages such as a confRequest message with an
      operation of "create" causing large numbers of conference
      resources to be allocated.  At some point, this will exhaust the
      number of conference resources that the conference server is able
      to allocate.

   The Media Control Channel Framework permits additional policy
   management (beyond that specified for the Media Control Channel
   Framework), including resource access and Control Channel usage, to
   be specified at the Control Package level.  (See Section 12.3 of
   [RFC6230].)

   Since creation of conference instances is associated with resources
   on the conference server, the security policy for this Control
   Package needs to address how such conference instances are securely
   managed across more than one Control Channel.  Such a security policy
   is only useful for secure, confidential, and integrity-protected
   channels.  The identity of Control Channels is determined by the
   channel identifier, i.e., the value of the 'cfw-id' attribute in the
   SDP and Dialog-ID header in the channel protocol per [RFC6230].
   Channels are the same if they have the same identifier; otherwise,
   they are different.  This Control Package imposes the following
   additional security policies:

      Responses: The conference server MUST only send a response to a
      conference control request using the same Control Channel as the
      one used to send the request.
      Notifications: The conference server MUST only send notification
      events for conference instances using the same Control Channel as
      it received the request creating the conference instance.





Boulton & Barnes        Expires January 16, 2014                [Page 8]

Internet-Draft         Conference Control Package              July 2013


      Rejection: The conference server SHOULD reject requests to
      manipulate an existing conference on the conference server if the
      channel is not the same as the one used when the mixer was
      created.  The conference server rejects a request by sending a
      Control Framework 403 response (see Sections 7.4 and 12.3 of
      [RFC6230]).  For example, if a channel with identifier 'cfw1234'
      has been used to send a request to create a particular conference
      instance and the conference server receives on channel 'cfw98969'
      a request to "delete" this particular conference instance, then
      the conference server sends a Control Framework 403 response.

   There can be valid reasons why an implementation does not reject an
   manipulation request on a different channel from the one that created
   the mixer.  For example, a system administrator might require a
   separate channel to delete conferences consuming excessive system
   resources.  However, the full implications need to be understood by
   the implementation and carefully weighed before accepting these
   reasons as valid.  If the reasons are not valid in their particular
   circumstances, the conference server rejects such requests.

   There can also be valid reasons for 'channel handover' including high
   availability support or when one conference server needs to take over
   management of conference instances after the conference server that
   created them has failed.  This could be achieved by the Control
   Channels using the same channel identifier, one after another.  For
   example, assume a channel is created with the identifier 'cfw1234',
   and the channel is used to create conference instances on the
   conference server.  This channel (and associated SIP dialog) then
   terminates due to a failure on the conference server.  As permitted
   by the Control Framework, the channel identifier 'cfw1234' could then
   be reused so that another channel is created with the same identifier
   'cfw1234', allowing it to 'take over' management of the conference
   instances on the conference server.  Again, the implementation needs
   to understand the full implications and carefully weigh them before
   accepting these reasons as valid.  If the reasons are not valid for
   their particular circumstances, the conference server uses the
   appropriate SIP mechanisms to prevent session establishment when the
   same channel identifier is used in setting up another Control Channel
   (see Section 4 of [RFC6230]).


8.  Acknowledgments


9.  Change History

   Note to RFC Editor: Please delete this section prior to publication.




Boulton & Barnes        Expires January 16, 2014                [Page 9]

Internet-Draft         Conference Control Package              July 2013


   Changes between 00 and 01:

   1.  Updating terminology to be consistent with RFC 6503 - i.e.,
       conferencing client and conference server.
   2.  Updates to security section to be consistent with requirements
       for a control package per RFC6230.
   3.  Minor editorial changes.


10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3203]  T'Joens, Y., Hublet, C., and P. De Schrijver, "DHCP
              reconfigure extension", RFC 3203, December 2001.

   [RFC4575]  Rosenberg, J., Schulzrinne, H., and O. Levin, "A Session
              Initiation Protocol (SIP) Event Package for Conference
              State", RFC 4575, August 2006.

   [RFC6230]  Boulton, C., Melanchuk, T., and S. McGlashan, "Media
              Control Channel Framework", RFC 6230, May 2011.

   [RFC6501]  Novo, O., Camarillo, G., Morgan, D., and J. Urpalainen,
              "Conference Information Data Model for Centralized
              Conferencing (XCON)", RFC 6501, March 2012.

   [RFC6505]  McGlashan, S., Melanchuk, T., and C. Boulton, "A Mixer
              Control Package for the Media Control Channel Framework",
              RFC 6505, March 2012.

   [RFC6503]  Barnes, M., Boulton, C., Romano, S., and H. Schulzrinne,
              "Centralized Conferencing Manipulation Protocol",
              RFC 6503, March 2012.

10.2.  Informative References

   [RFC5239]  Barnes, M., Boulton, C., and O. Levin, "A Framework for
              Centralized Conferencing", RFC 5239, June 2008.









Boulton & Barnes        Expires January 16, 2014               [Page 10]

Internet-Draft         Conference Control Package              July 2013


Authors' Addresses

   Chris Boulton
   NS-Technologies

   Email: chris@ns-technologies.com


   Mary Barnes
   Polycom
   TX

   Email: mary.ietf.barnes@gmail.com






































Boulton & Barnes        Expires January 16, 2014               [Page 11]