IPTEL WG R. Mahy, Ed. Internet-Draft Plantronics Expires: April 26, 2007 October 23, 2006 The Calling Party's Category tel URI Parameter draft-mahy-iptel-cpc-05.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 26, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document specifies a new parameter for the tel URI that represents the Calling Party's Category, a parameter used in SS7 ISUP and other telephony signaling protocols. 1. Introduction SS7 ISUP [3] defines a Calling Party's Category (CPC) parameter that characterizes the station used to originate a call and carries other important state that can describe the originating party. When Mahy Expires April 26, 2007 [Page 1] Internet-Draft CPC tel URI October 2006 telephone numbers are contained in URIs, such as the tel URI [1], it may be desirable to communicate any CPC associated with that telephone number or, in the context of a call, the party calling from it. Note that in some networks (including North America), the Originating Line Information (OLI) parameter is used to carry this information in ANSI ISUP [8] rather than the CPC parameter. Legacy multifrequency (MF) signaling networks carry this information in the ANI II Digits [12]. The tel URI parameter specified in this document is designed to carry data from these sources as well. 2. Parameter Definition The Calling Party's Category is represented as a tel URI parameter. The ABNF [2] syntax is as follows. The 'par' production is defined in RFC3966 [1]. The "/=" syntax indicates an extension of the production on the left-hand side: par /= cpc cpc = cpc-tag "=" cpc-value cpc-tag = "cpc" cpc-value = "ordinary" / "prison" / "police" / "test" "operator" / "payphone" / "unknown" / "hospital" / "cellular" / "cellular-roaming" / genvalue genvalue = 1*(alphanum / "-" / "." ) The semantics of these Calling Party's Category values are described below: ordinary: The caller has been identified, and has no special features. test: This is a test call that has been originated as part of a maintenance procedure. operator: The call was generated by an operator position. payphone: The calling station is a payphone. prison: The calling station is in a prison. hotel: The calling station is in a hotel or motel. hospital: The calling station is in a medical facility. police: The calling station is associated with a branch of law enforcement. cellular: The calling station is a radio-telephone operating in its home network. cellular-roaming: The calling station is a radio-telephone roaming in another network Mahy Expires April 26, 2007 [Page 2] Internet-Draft CPC tel URI October 2006 unknown: The CPC could not be ascertained. An example of the syntax of the CPC parameter (in a small fragment of a SIP [7] message) is given below: INVITE sip:bob@biloxi.example.com SIP/2.0 To: "Bob" From: ;tag=1928301774 3. Usage The CPC is generally useful only when describing the originator of a telephone call. Therefore, when this parameter is used in an application such as SIP, it is recommended that the parameter be applied to URIs that characterize the originator of a call (such as a SIP URI or tel URI in the From header field of a SIP message). Note that many Calling Party's Category values from the PSTN were intentionally excluded from the cpc parameter as they are either meaningless outside of the PSTN or can be represented using another existing concept. For example, the language of an operator can be expressed more richly using the Accept-Language header in SIP than in the cpc parameter. Similarly the priority of a call is a characteristic of the call and not the calling party. It is anticipated that this URI parameter will be used primarily by gateways that interwork ISUP or ANI II networks with SIP networks. Various SIP network intermediaries might consult the CPC as they make routing decisions, although no specific behavior is prescribed in this document. While no specific mapping of the various ISUP parameters that contain CPC data is offered in this document, creating such a mapping would be trivial. While the CPC could be conveyed using the ISUP tunnelling mechanism described in RFC 3372 [9], this technique is widely regarded by the implementation community as overkill for the problem of conveying CPC information. For example, the CPC parameter provides a convenient way for SIP intermediaries to make routing decisions based on the CPC without having to implement an ISUP parser. The CPC paremeter provides a simple, convenient form of CPC interoperability between ISUP and ANI II, which is otherwise poorly addressed in RFC 3372. Indeed when a SIP intermediary makes routing decisions for a call where both the originating and the terminating gateways natively use ANI II, the ISUP tunnelling approach is especially unattractive, requiring each of the three devices to perform a translation into an otherwise unneeded PSTN protocol. If the CPC parameter is not present, consumers of the CPC should Mahy Expires April 26, 2007 [Page 3] Internet-Draft CPC tel URI October 2006 treat the URI as if it specified a CPC of "ordinary". At most, one instance of the CPC can be associated with a particular URI. 4. Security Considerations There are three potential risks specific to the information provided by the Calling Party's Category: leakage of potentially private information, the threat of tampering with the CPC to add false CPC values, and the threat of tampering with the CPC to remove actual CPC values. The information contained in the CPC parameter may be of a private nature, and it may not be appropriate for this value to be revealed to the destination user (typically it would not be so revealed in the PSTN). However, the calling party's category is often discoverable or easily guessable from the calling party's phone number. For that reason it is unlikely that this information is significantly more privacy sensitive than the telephone number itself. The same techniques used to provide complete or partial telephone number privacy in SIP are appropriate to apply to the CPC parameter as well. For more information about privacy issues in SIP see RFC3323 [5]. The mechanism described in RFC 3325 [6] may also be relevant for maintaining partial privacy or the CPC within a trusted administrative domain or federation of domains as described in RFC 3324 [10]. Making a call with a falsified CPC (ex: hospital, police, or operator) could allow the caller to gain access to resources or information not otherwise available. Likewise removing an "undesirable" CPC value (ex: prison or hotel) could allow the caller to bypass various restrictions in the telephone network. For that reason, agents which expect CPC values SHOULD take care to insure the integrity and authenticity of the CPC parameter. The RECOMMENDED mechanism to protect the entire calling party address along with the CPC parameter is the SIP Identity [4] mechanism. Alternatively, agents within an adminstrative domain or federation of domains MAY use the mechanism described in RFC 3325 [6] to place the CPC parameter in a P-Asserted-Identity header field. The SIP Identity mechanism provides a signature over the URI in the From header field of a SIP request. It can sign a tel URI alone or a tel URI embedded in a SIP or SIPS URI, but it provides stronger protection against tampering when the tel URI is embedded in a SIP or SIPS URI. Because there is no direct correlation between a tel URI and an Internet domain, the receiver can use a list of domains from which it will trust CPC information, or a list of root certificates Mahy Expires April 26, 2007 [Page 4] Internet-Draft CPC tel URI October 2006 which are associated with trusting CPC information. Otherwise, this mechanism adds no new security considerations to those discussed in [1]. 5. IANA Considerations This document extends the registry of tel URI parameters defined in [11] with one new parameter described below. Parameter Name: cpc Predefined Values: Yes Reference: This document 6. Contributors and Acknowledgments The original version of this document was written by Jon Peterson. Thanks to Takuya Sawada for a detailed review. 7. References 7.1 Normative References [1] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004. [2] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005. [3] International Telecommunications Union, "Recommendation Q.763: Signalling System No. 7: ISDN user part formats and codes", December 1999, . [4] Peterson, J. and C. Jennings, "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)", RFC 4474, August 2006. [5] Peterson, J., "A Privacy Mechanism for the Session Initiation Protocol (SIP)", RFC 3323, November 2002. [6] Jennings, C., Peterson, J., and M. Watson, "Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks", RFC 3325, November 2002. Mahy Expires April 26, 2007 [Page 5] Internet-Draft CPC tel URI October 2006 7.2 Informational References [7] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [8] American National Standards Institute, "ANSI T1.113-2000, Signaling System No. 7, ISDN User Part", 2000, . [9] Vemuri, A. and J. Peterson, "Session Initiation Protocol for Telephones (SIP-T): Context and Architectures", BCP 63, RFC 3372, September 2002. [10] Watson, M., "Short Term Requirements for Network Asserted Identity", RFC 3324, November 2002. [11] Gurbani, V. and C. Jennings, "The Internet Assigned Number Authority (IANA) tel Uniform Resource Identifier (URI) Parameter Registry", draft-jennings-iptel-tel-reg-01 (work in progress), December 2005. URIs [12] Author's Address Rohan Mahy (editor) Plantronics Email: rohan@ekabal.com Mahy Expires April 26, 2007 [Page 6] Internet-Draft CPC tel URI October 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Mahy Expires April 26, 2007 [Page 7]