Internet DRAFT - draft-hilt-sipping-policy-package

draft-hilt-sipping-policy-package







SIPPING Working Group                                            V. Hilt
Internet-Draft                             Bell Labs/Lucent Technologies
Expires: September 6, 2006                                  G. Camarillo
                                                                Ericsson
                                                           March 5, 2006


 A Session Initiation Protocol (SIP) Event Package for Session-Specific
                           Session Policies.
                  draft-hilt-sipping-policy-package-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 6, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This specification defines a Session Initiation Protocol (SIP) event
   package for session-specific session policies.  This event package
   enables users to subscribe to the policies for a SIP session and to
   receive notifications if the policies change.  The package is part of
   the Framework for SIP Session Policies.




Hilt & Camarillo        Expires September 6, 2006               [Page 1]

Internet-Draft        Session Policy Event Package            March 2006


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Event Package Formal Definition  . . . . . . . . . . . . . . .  4
     3.1.  Event Package Name . . . . . . . . . . . . . . . . . . . .  4
     3.2.  Event Package Parameters . . . . . . . . . . . . . . . . .  4
     3.3.  SUBSCRIBE Bodies . . . . . . . . . . . . . . . . . . . . .  4
     3.4.  Subscription Duration  . . . . . . . . . . . . . . . . . .  5
     3.5.  NOTIFY Bodies  . . . . . . . . . . . . . . . . . . . . . .  6
     3.6.  Subscriber generation of SUBSCRIBE requests  . . . . . . .  6
     3.7.  Notifier processing of SUBSCRIBE requests  . . . . . . . .  7
     3.8.  Notifier generation of NOTIFY requests . . . . . . . . . .  8
     3.9.  Subscriber processing of NOTIFY requests . . . . . . . . .  8
     3.10. Handling of forked requests  . . . . . . . . . . . . . . .  9
     3.11. Rate of notifications  . . . . . . . . . . . . . . . . . .  9
     3.12. State Agents . . . . . . . . . . . . . . . . . . . . . . .  9
     3.13. Examples . . . . . . . . . . . . . . . . . . . . . . . . .  9
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
     5.1.  Event Package Name . . . . . . . . . . . . . . . . . . . . 10
     5.2.  Content-Disposition Types  . . . . . . . . . . . . . . . . 10
   Appendix A.  Acknowledgements  . . . . . . . . . . . . . . . . . . 11
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     6.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     6.2.  Informative References . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
   Intellectual Property and Copyright Statements . . . . . . . . . . 14























Hilt & Camarillo        Expires September 6, 2006               [Page 2]

Internet-Draft        Session Policy Event Package            March 2006


1.  Introduction

   The Framework for Session Initiation Protocol (SIP) [8] Session
   Policies [10] defines a protocol framework for the exchange of
   session policy information between a network domain and a user agent.
   This framework introduces two types of session policies: session-
   specific policies and session-independent policies.  Session-specific
   policies are policies for one specific session.  They are created
   based on the session description of a session.  Naturally, a user
   agent needs to request session-specific policies on a session-by-
   session basis at the time a session is created and the session
   description is known.  Session-independent policies on the other hand
   are policies that are created independent of a session and generally
   apply to SIP sessions.  Since these policies are not based on a
   specific session description, they can be created and conveyed to the
   user agent at any time.  User agents receive session-independent
   policies as part of their configuration information [6].

   This specification defines a SIP event package [7] that enables user
   agents to subscribe to session-specific policies.  Session policies
   can change while they are in effect.  These changes can result, for
   example, from changes in network conditions, the use of services, or
   simply because a provider wants to revoke rights or grant additional
   rights to a customer.

   Setting up session-specific policies involves the following steps
   (see [10]):

   1.  A user agent submits a session description to the policy server
       and asks whether a session using this session description is
       permissible.  This request covers all aspects of the included
       session description.  For example, if the session description
       contains a media line for video, the user agent implicitly asks
       for permission to use video.
   2.  The policy server creates a policy decision for this particular
       session and returns the decision to the user agent.  Possible
       policy decisions are to (1) deny the session, (2) propose changes
       to the session description with which the session is acceptable,
       or (3) accept the session as it was proposed.  An example for a
       policy decision is to disallow the use of video but agree to all
       other aspects of the proposed session.
   3.  The policy server can update the policy decision at any time.  A
       policy decision update can, for example, propose additional
       changes to the session description (e.g. change the allowed
       codecs) or deny a previously accepted session (e.g. disallow the
       continuation of a session).





Hilt & Camarillo        Expires September 6, 2006               [Page 3]

Internet-Draft        Session Policy Event Package            March 2006


   4.  The user agent applies the policy decision to the session it is
       establishing or managing.

   The session-specific policy event package defined in this document
   enables a user agent to subscribe to session-specific policies based
   on this model.  In this event package, the resource the subscriber is
   subscribing to is created at the time the subscription is
   established.  The notifier takes information from the SUBSCRIBE
   request and generates the resource the subscription is for.  This is
   different from other event packages, in which subscriptions are for
   an existing resource.


2.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
   RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
   described in BCP 14, RFC 2119 [1] and indicate requirement levels for
   compliant implementations.


3.  Event Package Formal Definition

   This document provides the details for defining a SIP event package
   as required by RFC 3265 [7].

3.1.  Event Package Name

   The name of the event package defined in this specification is
   "session-spec-policy".

3.2.  Event Package Parameters

   This package does not define any event package parameters.

3.3.  SUBSCRIBE Bodies

   A SUBSCRIBE for the session-specific policy package SHOULD contain a
   body that consists of a session description.  The purpose of this
   body is to enable the notifier to generate the policy decision the
   subscriber is interested in.  In this event packet, the Request-URI,
   the event package name and event parameters are not sufficient for
   this purpose.  With the session description in the SUBSCRIBE body,
   the notifier can generate the requested policy decision and create
   policy events for this resource.

   All subscribers and notifiers MUST support the "application/sdp"



Hilt & Camarillo        Expires September 6, 2006               [Page 4]

Internet-Draft        Session Policy Event Package            March 2006


   format as described in [4].  The "application/sdp" format is the
   default format for session descriptions in this event package.
   Subscribers and notifiers MAY negotiate the use of other formats
   capable of representing a session description.

   Subscriptions to the session-specific policy package are typically
   created in conjunction with an SDP offer/answer exchange [11] during
   the establishment of a session as described in [10].  If used with an
   offer/answer exchange, the subscriber SHOULD insert the local session
   description in the SUBSCRIBE body.  The local session description is
   the one that was created by the subscriber (i.e. the offer if the
   subscriber has initiated the offer/answer exchange).  A body that
   contains the local session description offer MUST have a Content-
   Disposition [9] disposition-type of "session-policy" and a Content-
   Disposition parameter "description=local", a new value and a new
   parameter defined in this document.

   The subscriber MAY choose to also include the remote session
   description in the SUBSCRIBE body.  The remote session description is
   the one the subscriber has received (i.e. the answer if the
   subscriber has initiated the offer/answer exchange).  In some
   scenarios, the remote session description is not available to the
   subscriber at the time the subscription to session-specific policies
   is created.  In this case, the initial SUBSCRIBE message SHOULD only
   contain the local session description.  When the remote description
   becomes available, the subscriber SHOULD refresh the subscription by
   sending another SUBSCRIBE request, which then contains the local and
   the remote session description.

   All subscribers and notifiers SHOULD support the MIME type
   "multipart/mixed" [3].  This is needed to include the local and the
   remote session description in the SUBSCRIBE body.  The body that
   contains the remote session description MUST have the Content-
   Disposition disposition-type of "session-policy" and a Content-
   Disposition parameter of "description=remote", a new value and a new
   parameter defined in this document.

3.4.  Subscription Duration

   A subscription to the session-specific policy package is usually
   established at the beginning of a session and terminated when the
   corresponding session ends (it may, of course, be terminated
   earlier).  A typical duration of a phone call is a few minutes.

   Since the duration of a subscription to the session-specific policy
   package is closely related to the lifetime of the corresponding
   session, the value for the duration of a subscription is largely
   irrelevant.  However, it SHOULD be longer than the typical duration



Hilt & Camarillo        Expires September 6, 2006               [Page 5]

Internet-Draft        Session Policy Event Package            March 2006


   of a session.  The default subscription duration for this event
   package is set to two hours.

3.5.  NOTIFY Bodies

   In this event package, the body of the notification contains the
   policy decision requested by the subscriber.  All subscribers and
   notifiers MUST support the "application/SDP" format [4] as a format
   for NOTIFY bodies.

   The SUBSCRIBE request MAY contain an Accept header field.  If no such
   header field is present, it has a default value of "application/sdp".
   If the header field is present, it MUST include "application/sdp",
   and MAY include any other types capable of representing session-
   specific policy decisions.  As defined RFC 3265 [7], the body of
   notifications MUST be in one of the formats defined in the Accept
   header of the SUBSCRIBE request or in the default format.

   If the notifier uses the same format in NOTIFY bodies that was used
   by the subscriber in the SUBSCRIBE body (e.g. "application/SDP"), the
   notifier can expect that the subscriber supports all format
   extensions it has used in the SUBSCRIBE body.  However, the notifier
   cannot assume that the subscriber supports any other extension beyond
   that.  If the notifier uses other extensions, it cannot count on the
   fact that they will be understood by the subscriber.

   If the SUBSCRIBE request did contain the local session description of
   the subscriber and the subscription was accepted, then the NOTIFY
   body MUST contain a policy decision for this session description.
   This decision MUST have a disposition-type of "session-policy" and a
   parameter "description=local".

   If the SUBSCRIBE request of an accepted subscription contained the
   local and the remote session description, then the NOTIFY body MUST
   contain two policy decisions, one for the local and one for the
   remote session description.  The decision for the local description
   MUST have a disposition-type of "session-policy" with a parameter
   "description=local", the decision for remote description MUST have a
   disposition-type of "session-policy" with a parameter
   "description=remote".

3.6.  Subscriber generation of SUBSCRIBE requests

   The subscriber follows the general rules for generating SUBSCRIBE
   requests defined in [7].  The subscriber SHOULD include the session
   description in the SUBSCRIBE body that most accurately reflects the
   session for which it seeks to receive session-specific policies.  It
   SHOULD use the most recent session description if multiple versions



Hilt & Camarillo        Expires September 6, 2006               [Page 6]

Internet-Draft        Session Policy Event Package            March 2006


   are available.

   A user agent can, of course, change the session description of an
   ongoing session.  A change in the session description often affects
   the policy decisions that are created for this session.  A subscriber
   SHOULD therefore refresh the subscription to session-specific
   policies every time the session description of the associated session
   changes.  It does so by sending a SUBSCRIBE request, which contains
   the updated session description.

   Session policies can contain sensitive information.  Moreover, policy
   decisions can significantly impact the functionality and behavior of
   a user agent.  A user agent should therefore verify the identity of a
   policy server and make sure that policies have not been altered in
   transit.  All implementations of this package MUST support TLS [2]
   and the SIPS URI scheme.  A subscriber SHOULD use SIPS URIs, if
   possible, when subscribing to session-specific policy events so that
   policies are transmitted over TLS.  Subscribers MAY perform server
   authentication, for example, via TLS or another transport mechanism.

3.7.  Notifier processing of SUBSCRIBE requests

   All subscriptions to session-specific policies SHOULD be
   authenticated and authorized before approval.  The notifier SHOULD
   authenticate the subscriber using any of the techniques available
   through SIP, including digest, S/MIME, TLS or other transport
   specific mechanisms.  Administrators SHOULD use an SIPS URI as a
   policy server URI.

   The authorization policy is at the discretion of the administrator.
   It is RECOMMENDED that all users are allowed to subscribe to the
   session-specific policies of their sessions.  A subscription to this
   event package will typically be established by a device that needs to
   know about the policies for its sessions.  However, subscriptions may
   also be established by applications and automata (e.g. a conference
   server).  In those cases, an authorization policy will typically be
   provided for these applications.

   Responding timely to a SUBSCRIBE requests is crucial for this event
   package.  A notifier must minimize the time needed for processing
   SUBSCRIBE requests and generating the initial NOTIFY.  This includes
   minimizing the time needed to generate an initial policy decision.  A
   short response time is in particular important for this event package
   since it minimizes the delay for fetching policies during an INVITE
   transaction and therefore reduces call setup time.  In addition,
   subscriptions to session-specific policies can be established while
   the subscriber is in an INVITE transaction at a point where it has
   received the 200 OK but before sending the ACK.  Delaying the



Hilt & Camarillo        Expires September 6, 2006               [Page 7]

Internet-Draft        Session Policy Event Package            March 2006


   creation of the initial NOTIFY would delay the transmission of the
   ACK (a more detailed discussion of this scenario can be found in
   [10]).

3.8.  Notifier generation of NOTIFY requests

   A notifier sends a notification in response to SUBSCRIBE requests as
   defined in RFC 3265 [7].  In addition, a notifier MAY send a
   notification at any time during the subscription.  Typically, it will
   send one every time the policy decision this subscription is for has
   changed.  When and why a policy decision changes is entirely at the
   discretion of the administrator.  A change in the policy decision may
   be triggered, for example, by a change in the network status, a
   change in the services used or simply by an update of the service
   level agreement with the customer.

   The policy decision document in a NOTIFY body MUST represent a
   complete policy decision.  Notifications that contain the deltas to
   previous policy decisions or partial policy decisions are not
   supported in this event package.

   The policy decision to reject a session is expressed by returning an
   empty NOTIFY body.  The notifier MAY terminate the subscription after
   sending such a notification if it can be expected that this decision
   will not change in the foreseeable future.  The notifier SHOULD keep
   the subscription up, if it expects that the session can be admitted
   at a later point in time.  A session is admitted by returning a
   policy decision document that requires some or no changes to the
   session.  If the format "application/sdp" is used, a session is
   admitted by returning an unmodified session description.  To admit a
   session with changes required, the notifier returns a session
   description that contains all necessary changes.  For example, to
   disallow video, the notifier returns a session description in which
   all media lines for video have been removed.  When making changes,
   the notifier SHOULD NOT use any session description format extensions
   that were not previously used by the subscriber in the original
   session description.

3.9.  Subscriber processing of NOTIFY requests

   A subscriber SHOULD apply the policy decision received to the session
   associated with this subscription.  If the body of a notification
   contains a policy decision in the "application/sdp" format, the
   subscriber SHOULD replace the current session description(s) (i.e.
   the ones submitted in the SUBSCRIBER request) with the ones received
   in the notification.  The subscriber MAY silently ignore extensions
   to the policy decision format it does not support.




Hilt & Camarillo        Expires September 6, 2006               [Page 8]

Internet-Draft        Session Policy Event Package            March 2006


   If the subscriber receives a notification with an empty body, the
   session has been rejected.  The subscriber SHOULD NOT attempt to
   establish this session.  However, the subscriber MAY keep up the
   subscription to session-specific policy events for this session since
   the policy decision may change.

   A subscriber may receive an update to a policy decision for a session
   that is already established.  The subscriber SHOULD apply the new
   policy decision to this session.  It may need to generate a re-INVITE
   or UPDATE request for the session or it may need to terminate this
   session.

3.10.  Handling of forked requests

   This event package allows the creation of only one dialog as a result
   of an initial SUBSCRIBE request.  The techniques to achieve this
   behavior are described in [7].

3.11.  Rate of notifications

   It is anticipated that the rate of policy changes will be very low.
   In any case, notifications SHOULD NOT be generated at a rate of more
   than once every five seconds.

3.12.  State Agents

   State agents play no role in this package.

3.13.  Examples

   TBD.


4.  Security Considerations

   Authentication and authorization is important for both, the
   subscriber and the notifier.

   A subscriber transmits information about the sessions it wants to
   establish to the policy server.  This data may contain sensitive
   information that needs to be protected.  In addition, a subscriber
   applies the policies it receives from the policy server to its
   sessions.  These policies can have a significant impact on the
   functionality and the behavior of a device.  A subscriber should
   therefore verify the identity of a policy server and make sure that
   policies have not been altered in transit.

   The policy decisions generated by the notifier may also reveal



Hilt & Camarillo        Expires September 6, 2006               [Page 9]

Internet-Draft        Session Policy Event Package            March 2006


   sensitive information about a user and about the network provider.  A
   notifier therefore needs to ensure that only authorized users can
   subscribe to session-specific policies.

   A session description may contain sensitive information the
   subscriber does not want to share with the notifier.  For example, it
   may contain keys for media encryption.  The subscriber needs to
   ensure that the session description it sends to the notifier in a
   SUBSCRIBE body only contains information it is actually willing to
   disclose to the notifier.

      ISSUE: more details on possible threads and protection mechanisms
      need to be worked out.


5.  IANA Considerations

5.1.  Event Package Name

   This specification registers an event package, based on the
   registration procedures defined in RFC 3265 [2].  The following is
   the information required for such a registration:

   Package Name: session-spec-policy

   Package or Template-Package: This is a package.

   Published Document: RFC XXXX (Note to RFC Editor: Please fill in XXXX
   with the RFC number of this specification).

   Person to Contact: Volker Hilt, volkerh@bell-labs.com.

5.2.  Content-Disposition Types

   This document defines a new MIME Content-Disposition disposition-type
   value and a new parameter.

   The value "session-policy" indicates that the MIME body describes a
   session policy.

   An optional parameter "description" is defined for the disposition-
   type "session-policy".  This parameter may have the following values:

   o  The value "description=local" indicates that the MIME body
      contains the local session description of a user agent in an
      offer/answer exchange [11].  If the user agent has initiated the
      offer/answer exchange by sending an offer, then the local
      description is the offer.  If the user agent has received an offer



Hilt & Camarillo        Expires September 6, 2006              [Page 10]

Internet-Draft        Session Policy Event Package            March 2006


      and responds to it, then the local description is the answer.
   o  The value "description=remote" indicates that the MIME body
      contains the remote session description of a user agent in an
      offer/answer exchange [11].  If the user agent has initiated the
      offer/answer exchange, then the remote description is the answer
      it has received back.  If the user agent responds to an offer,
      then the remote description is the offer.

   If the parameter "description" is missing, the default value of
   "description=local" applies.


Appendix A.  Acknowledgements

   Many thanks to Jonathan Rosenberg for the discussions and the
   suggestions for this draft.


6.  References

6.1.  Normative References

   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [2]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
        RFC 2246, January 1999.

   [3]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
        Extensions (MIME) Part Two: Media Types", RFC 2046,
        November 1996.

   [4]  Handley, M. and V. Jacobson, "SDP: Session Description
        Protocol", RFC 2327, April 1998.

   [5]  Hilt, V., Camarillo, G., and J. Rosenberg, "A User Agent Profile
        Data Set for Media Policy",
        draft-hilt-sipping-media-policy-dataset-01 (work in progress),
        March 2006.

   [6]  Petrie, D., "A Framework for Session Initiation Protocol User
        Agent Profile Delivery", draft-ietf-sipping-config-framework-07
        (work in progress), July 2005.

   [7]  Roach, A., "Session Initiation Protocol (SIP)-Specific Event
        Notification", RFC 3265, June 2002.

   [8]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,



Hilt & Camarillo        Expires September 6, 2006              [Page 11]

Internet-Draft        Session Policy Event Package            March 2006


        Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
        Session Initiation Protocol", RFC 3261, June 2002.

   [9]  Troost, R., Dorner, S., and K. Moore, "Communicating
        Presentation Information in Internet Messages: The Content-
        Disposition Header Field", RFC 2183, August 1997.

6.2.  Informative References

   [10]  Hilt, V., Camarillo, G., and J. Rosenberg, "A Framework for
         Session Initiation Protocol (SIP) Session Policies",
         draft-hilt-sipping-session-policy-framework-01 (work in
         progress), March 2006.

   [11]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
         Session Description Protocol (SDP)", RFC 3264, June 2002.



































Hilt & Camarillo        Expires September 6, 2006              [Page 12]

Internet-Draft        Session Policy Event Package            March 2006


Authors' Addresses

   Volker Hilt
   Bell Labs/Lucent Technologies
   101 Crawfords Corner Rd
   Holmdel, NJ  07733
   USA

   Email: volkerh@bell-labs.com


   Gonzalo Camarillo
   Ericsson
   Hirsalantie 11
   Jorvas  02420
   Finland

   Email: Gonzalo.Camarillo@ericsson.com

































Hilt & Camarillo        Expires September 6, 2006              [Page 13]

Internet-Draft        Session Policy Event Package            March 2006


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Hilt & Camarillo        Expires September 6, 2006              [Page 14]