DRINKS M. Marrache Internet-Draft Jerusalem College of Technology Intended status: Standards Track D. Schwartz Expires: April 19, 2013 XConnect S. Ali NeuStar October 16, 2012 Session Peering Provisioning (SPP) Protocol over REST draft-marrache-drinks-spp-protocol-rest-00 Abstract The Session Peering Provisioning Framework (SPPF) is an XML framework that exists to enable the provisioning of session establishment data into Session Data Registries or SIP Service Provider data stores. This SPP Protocol implementation follows the REST style widely used today in ditributed systems. The benefits include scalibility of the interactions between the involved components, ... This document describes the specification for performing SPPF operations over REST/ HTTP. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 19, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Marrache, et al. Expires April 19, 2013 [Page 1] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. REST Principles and Protocol Layering . . . . . . . . . . . . 6 4. HTTP(s) Features . . . . . . . . . . . . . . . . . . . . . . . 7 5. Authentication and Session Management . . . . . . . . . . . . 8 6. Language Identification . . . . . . . . . . . . . . . . . . . 9 7. URI Structure . . . . . . . . . . . . . . . . . . . . . . . . 10 7.1. Destination Group . . . . . . . . . . . . . . . . . . . . 10 7.2. Telephone Number . . . . . . . . . . . . . . . . . . . . 10 7.3. Telephone Number Prefix . . . . . . . . . . . . . . . . . 10 7.4. Telephone Number Range . . . . . . . . . . . . . . . . . 10 7.5. Routing Number . . . . . . . . . . . . . . . . . . . . . 11 7.6. URI Public Identifier . . . . . . . . . . . . . . . . . . 11 7.7. Sed Group . . . . . . . . . . . . . . . . . . . . . . . . 11 7.8. Sed Record . . . . . . . . . . . . . . . . . . . . . . . 11 7.9. Sed Group Offer . . . . . . . . . . . . . . . . . . . . . 12 7.10. Server Status . . . . . . . . . . . . . . . . . . . . . . 12 8. Operation Request and Response Structures . . . . . . . . . . 13 8.1. Add Operation Structure . . . . . . . . . . . . . . . . . 13 8.1.1. Add Request . . . . . . . . . . . . . . . . . . . . . 13 8.1.2. Add Response . . . . . . . . . . . . . . . . . . . . . 14 8.2. Delete Operation Structure . . . . . . . . . . . . . . . 14 8.2.1. Delete Request . . . . . . . . . . . . . . . . . . . . 15 8.2.2. Delete Response . . . . . . . . . . . . . . . . . . . 16 8.3. Accept Operation Structure . . . . . . . . . . . . . . . 16 8.3.1. Accept Request Structure . . . . . . . . . . . . . . . 17 8.3.2. Accept Response . . . . . . . . . . . . . . . . . . . 17 8.4. Reject Operation Structure . . . . . . . . . . . . . . . 18 8.4.1. Reject Request . . . . . . . . . . . . . . . . . . . . 18 8.4.2. Reject Response . . . . . . . . . . . . . . . . . . . 19 8.5. Get Operation Structure . . . . . . . . . . . . . . . . . 20 8.5.1. Get Request . . . . . . . . . . . . . . . . . . . . . 20 8.5.2. Get Response . . . . . . . . . . . . . . . . . . . . . 20 8.6. Get SED Group Offers Operation Structure . . . . . . . . 21 8.6.1. Get SED Group Offers Request . . . . . . . . . . . . . 21 8.6.2. Get SED Group Offers Response . . . . . . . . . . . . 21 8.7. Get Server Details Operation Structure . . . . . . . . . 21 8.7.1. Get Server Details Request . . . . . . . . . . . . . . 21 Marrache, et al. Expires April 19, 2013 [Page 2] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 8.7.2. Get Server Details Response . . . . . . . . . . . . . 22 9. Response Codes and Messages . . . . . . . . . . . . . . . . . 23 10. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 24 11. RESTful SPP Protocol WADL Definition . . . . . . . . . . . . . 25 12. SPP RESTful Protocol Examples . . . . . . . . . . . . . . . . 38 12.1. Add Destination Group . . . . . . . . . . . . . . . . . . 38 12.2. Add SED Records . . . . . . . . . . . . . . . . . . . . . 39 12.3. Add SED Records -- URIType . . . . . . . . . . . . . . . 40 12.4. Add SED Group . . . . . . . . . . . . . . . . . . . . . . 41 12.5. Add Public Identity -- Successful COR claim . . . . . . . 42 12.6. Add LRN . . . . . . . . . . . . . . . . . . . . . . . . . 42 12.7. Add TN Range . . . . . . . . . . . . . . . . . . . . . . 43 12.8. Add TN Prefix . . . . . . . . . . . . . . . . . . . . . . 43 12.9. Enable Peering -- SED Group Offer . . . . . . . . . . . . 43 12.10. Enable Peering -- SED Group Offer Accept . . . . . . . . 44 12.11. Add Egress Route . . . . . . . . . . . . . . . . . . . . 44 12.12. Remove Peering -- SED Group Offer Reject . . . . . . . . 45 12.13. Get Destination Group . . . . . . . . . . . . . . . . . . 45 12.14. Get Public Identity . . . . . . . . . . . . . . . . . . . 46 12.15. Get SED Group Request . . . . . . . . . . . . . . . . . . 46 12.16. Get SED Group Offers Request . . . . . . . . . . . . . . 46 12.17. Get Egress Route . . . . . . . . . . . . . . . . . . . . 47 12.18. Delete Destination Group . . . . . . . . . . . . . . . . 47 12.19. Delete Public Identity . . . . . . . . . . . . . . . . . 47 12.20. Delete SED Group Request . . . . . . . . . . . . . . . . 48 12.21. Delete SED Group Offers Request . . . . . . . . . . . . . 48 12.22. Delete Egress Route . . . . . . . . . . . . . . . . . . . 49 13. Security Considerations . . . . . . . . . . . . . . . . . . . 50 13.1. Integrity, Privacy, and Authentication . . . . . . . . . 50 13.2. Vulnerabilities . . . . . . . . . . . . . . . . . . . . . 50 13.3. Deployment Environment Specifics . . . . . . . . . . . . 50 14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 52 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 53 16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 54 16.1. Normative References . . . . . . . . . . . . . . . . . . 54 16.2. Informative References . . . . . . . . . . . . . . . . . 54 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 55 Marrache, et al. Expires April 19, 2013 [Page 3] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 1. Introduction TBD Marrache, et al. Expires April 19, 2013 [Page 4] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Marrache, et al. Expires April 19, 2013 [Page 5] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 3. REST Principles and Protocol Layering +-------------+ (1) | Transport |Example: | Protocol | TCP, TLS, BEEP, etc. +-------------+ | V +-------------+ | HTTP | | Message | +-------------+ (2) | +-----------------------+ | | V V +----------------+ +----------------+ | HTTP Requests | | HTTP Responses | | (with params) | | (with params) | +----------------+ +----------------+ Uses | Uses | V V +-------------+ +-------------+ (3) | SPPF | | SPPF | | XML Types | | XML Types | +-------------+ +-------------+ Figure 1: Layering and Technical Structure of the SPP Protocol with REST/HTTP The operations supported by the RESTful SPP Protocol are normatively defined later in this document. Each operation is performed using an HTTP request and an HTTP response. Each such request and response message may contain a single object that wraps the SPPF XML data types that comprise the inputs and the outputs, respectively, of the operation. SPPF is a request/reply framework that allows a client application to submit provisioning data and query requests to a server. The SPPF data structures are designed to be protocol agnostic. Concerns regarding encryption, non-repudiation, and authentication are beyond the scope of this document. For more details, please refer to the "Transport Protocol Requirements" section in the framework document. Marrache, et al. Expires April 19, 2013 [Page 6] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 4. HTTP(s) Features HTTP(s) is the transport mechanism used by RESTful systems. HTTP 1.1 includes the "persistent connection" feature, which allows multiple HTTP request/response pairs to be transported across a single HTTP connection. This is an important performance optimization feature, particularly when the connections is an HTTPS connection where the relatively time consuming SSL handshake has occurred. Persistent connections SHOULD be used for the SPPF HTTP connections. HTTP 1.1 [RFC2616] or higher SHOULD be used. Marrache, et al. Expires April 19, 2013 [Page 7] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 5. Authentication and Session Management To achieve integrity and privacy, conforming SPP Protocol Clients and Servers MUST support HTTP over TLS [RFC5246] as the secure transport mechanism. This combination of HTTP and TLS is referred to as HTTPS. And to accomplish authentication, conforming SPPF Clients and Servers MUST use HTTP Digest Authentication as defined in [RFC2617]. As a result, the communication session is established through the initial HTTP connection setup, the digest authentication, and the TLS handshake. When the HTTP connection is broken down, the communication session ends. Marrache, et al. Expires April 19, 2013 [Page 8] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 6. Language Identification TBD Marrache, et al. Expires April 19, 2013 [Page 9] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 7. URI Structure In the context of this RESTful SPP Protocol implementation, the different domain elements defined in [I-D.draft-ietf-drinks-spp-framework] are called resources. Each resource is identified by a Uniform Resource Identifier that follows a well defined structure. Each SPPF domain element is identified by some of its attributes. Only these attributes that compose the key must be present in the URI identifying the resource. These attributes are represented in the URI as path parameters. 7.1. Destination Group As mentioned in the framework document, a destination group is uniquely identified by the following attributes: the registrant and the destination group's name. Therefore, a destination group resource is identified by the URI: BASE_URL/DestGroup/rant/{rant}/name/{name} 7.2. Telephone Number As mentioned in the framework document, a telephone number is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the telephone number. Therefore, a telephone number resource is identified by the URI: BASE_URL/TN/rant/{rant}/dgName/{dgName}/tn/{tn} 7.3. Telephone Number Prefix As mentioned in the framework document, a telephone number prefix is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the telephone number prefix. Therefore, a telephone number prefix resource is identified by the URI: BASE_URL/TNP/rant/{rant}/dgName/{dgName}/prefix/{prefix} 7.4. Telephone Number Range As mentioned in the framework document, a telephone number range is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, the telephone that starts the range and the one that ends the range. Therefore, a Marrache, et al. Expires April 19, 2013 [Page 10] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 telephone number range resource is identified by the URI: BASE_URL/TNR/rant/{rant}/dgName/{dgName}/startTn/{startTn}/endTn/ {endTn} 7.5. Routing Number As mentioned in the framework document, a routing number is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the routing number. Therefore, a routing number resource is identified by the URI: BASE_URL/RN/rant/{rant}/dgName/{dgName}/rn/{rn} 7.6. URI Public Identifier As mentioned in the framework document, a public identifier URI is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the URI. Therefore, a public identifier URI resource is identified by the URI: BASE_URL/URIPubId/rant/{rant}/dgName/{dgName}/uri/{uri} 7.7. Sed Group As mentioned in the framework document, a Sed Group URI is uniquely identified by the following attributes: the registrant and the Sed Group's name. Therefore, a Sed Group resource is identified by the URI: BASE_URL/SedGroup/rant/{rant}/name/{name} 7.8. Sed Record As mentioned in the framework document, a Sed Record is uniquely identified by the following attributes: the registrant and the Sed Record's name. Therefore, a Sed Record resource is identified by the URI: BASE_URL/SedRecord/rant/{rant}/name/{name} Note that there is no need to use one URI per type of Sed Record since their keys all use the same attributes. This is necessary for Public Identifiers since the subtypes don't all use the same key structure. Marrache, et al. Expires April 19, 2013 [Page 11] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 7.9. Sed Group Offer As mentioned in the framework document, a Sed Group Offer is uniquely identified by the following attributes: the offering registrant, the offered Sed Group's name and the registrant to which the Sed Group is offered. Therefore, a Sed Group Offer resource is identified by the URI: BASE_URL/SedGrpOffr/rant/{rant}/sedGrpNam/{sedGrpNam}/offrTo/{offrTo} 7.10. Server Status The Server Status may be considered as a unique resource identified by the following URI: BASE_URL/ServerStatus This resource contains information about the server as described later. Marrache, et al. Expires April 19, 2013 [Page 12] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 8. Operation Request and Response Structures An SPPF client interacts with an SPPF server by using one of the supported transport mechanisms to send one or more requests to the server and receive corresponding replies from the server. The basic set of operations that an SPPF client can submit to an SPPF server and the semantics of those operations are defined in the "Framework Operations" section of the framework document. The following sub- sections describe how these operations should be performed in the context of a RESTful SPP Protocol implementation. 8.1. Add Operation Structure In order to add (or modify) an object to (present in) the registry, an authorized entity sends an add/modify request to the registry. This request consists of an HTTP request on the URI that identifies the resource to add/modify, using the PUT HTTP method. The object to add/modify is carried in the HTTP request's body, encoded as XML. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses. Refer to the "RESTful SPP Protocol Examples" section of this document for an example of Add operation on each type of SPPF object. 8.1.1. Add Request The format of an HTTP request used to add (or modify) a domain element to (present in) the registry is as follows: PUT BASE_URL/${ResourceURI}[?clientTransId=${ClientTransId}] HTTP/1.1 ..... [minorVer: ${MinorVersion}] Content-Type: application/xml ..... The data elements within the HTTP Add/Modify request are described as follows: o clientTransId: Zero or one client-generated transaction ID that, within the context of the SPPF client, identifies this request. This value can be used at the discretion of the SPPF client to Marrache, et al. Expires April 19, 2013 [Page 13] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 track, log or correlate requests and their responses. SPPF server MUST echo back this value to the client in the corresponding response to the incoming request. SPPF server will not check this value for uniqueness. o minorVer: Zero or one minor version identifier, indicating the minor version of the SPPF API that the client is attempting to use. This is used in conjunction with the major version identifier in the XML namespace to identify the version of SPPF that the client is using. If the element is not present, the server assumes that the client is using the latest minor version supported by the SPPF server for the given major version. The versions supported by a given SPPF server can be retrieved by the client using the SPPF server menu operation described later in the document. 8.1.2. Add Response The format of an HTTP response to a add/modify request is as follows: HTTP/1.1 ${Status Code} .... [clientTransId: ${Client Trans. Id}] serverTransId: ${Server Trans. Id}] Content-Length: 0 The data elements within the HTTP Add/Modify response are described as follows: o clientTransId: Zero or one client transaction ID. This value is simply an echo of the client transaction ID that SPPF client passed into the SPPF update request. When included in the request, the SPPF server MUST return it in the corresponding response message. o serverTransId: Exactly one server transaction ID that identifies this request for tracking purposes. This value MUST be unique for a given SPPF server. 8.2. Delete Operation Structure In order to remove an object from the registry, an authorized entity sends a delete request to the registry. This request consists of an HTTP request on the URI that identifies the resource to delete, using the DELETE HTTP method. The body of the HTTP request is empty, the Marrache, et al. Expires April 19, 2013 [Page 14] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 object (or resource) to delete is uniquely identified by the URI included in the request. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses. Refer to the "RESTful SPP Protocol Examples" section of this document for an example of Delete operation on each type of SPPF object. 8.2.1. Delete Request The format of an HTTP request used to delete a SPPF object from the registry is as follows: DELETE BASE_URL/${ResourceURI}[?clientTransId=${ClientTransId}] HTTP/1.1 ..... [minorVer: ${Minor Version}] Content-Length: 0 The data elements within the HTTP Delete request are described as follows: o clientTransId: Zero or one client-generated transaction ID that, within the context of the SPPF client, identifies this request. This value can be used at the discretion of the SPPF client to track, log or correlate requests and their responses. SPPF server MUST echo back this value to the client in the corresponding response to the incoming request. SPPF server will not check this value for uniqueness. o minorVer: Zero or one minor version identifier, indicating the minor version of the SPPF API that the client is attempting to use. This is used in conjunction with the major version identifier in the XML namespace to identify the version of SPPF that the client is using. If the element is not present, the server assumes that the client is using the latest minor version supported by the SPPF server for the given major version. The versions supported by a given SPPF server can be retrieved by the client using the SPPF server menu operation described later in the document. Marrache, et al. Expires April 19, 2013 [Page 15] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 8.2.2. Delete Response The format of an HTTP response to a delete request is as follows: HTTP/1.1 ${Status Code} .... [clientTransId: ${Client Trans. Id}] serverTransId: ${Server Trans. Id}] Content-Length: 0 The data elements within the HTTP Delete response are described as follows: o clientTransId: Zero or one client transaction ID. This value is simply an echo of the client transaction ID that SPPF client passed into the SPPF update request. When included in the request, the SPPF server MUST return it in the corresponding response message. o serverTransId: Exactly one server transaction ID that identifies this request for tracking purposes. This value MUST be unique for a given SPPF server. 8.3. Accept Operation Structure In SPPF, a SED Group Offer can be accepted or rejected by, or on behalf of, the registrant to whom the SED Group has been offered (refer "Framework Data Model Objects" section of the framework document for a description of the SED Group Offer object). The Accept operation is used to accept such SED Group Offers by, or on behalf of, the Registrant. This request consists of an HTTP request on the URI that identifies the Sed Group Offer to accept, using the POST HTTP method. The body of the HTTP request is empty, the Sed Grp Offer (resource) to accept is uniquely identified by the URI included in the request. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses. Refer to the "RESTful SPP Protocol Examples" section of this document for an example of Accept operation on a SED Group Offer. Marrache, et al. Expires April 19, 2013 [Page 16] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 8.3.1. Accept Request Structure The format of an HTTP request used to Accept a SED Group Offer is as follows: POST BASE_URL/${SedGrpOffrURI}[?clientTransId=${ClientTransId}] HTTP/1.1 ..... [minorVer: ${Minor Version}] Action: Accept Content-Length: 0 The data elements within the HTTP Accept request are described as follows: o clientTransId: Zero or one client-generated transaction ID that, within the context of the SPPF client, identifies this request. This value can be used at the discretion of the SPPF client to track, log or correlate requests and their responses. SPPF server MUST echo back this value to the client in the corresponding response to the incoming request. SPPF server will not check this value for uniqueness. o minorVer: Zero or one minor version identifier, indicating the minor version of the SPPF API that the client is attempting to use. This is used in conjunction with the major version identifier in the XML namespace to identify the version of SPPF that the client is using. If the element is not present, the server assumes that the client is using the latest minor version supported by the SPPF server for the given major version. The versions supported by a given SPPF server can be retrieved by the client using the SPPF server menu operation described later in the document. 8.3.2. Accept Response The format of an HTTP response to an Accept request is as follows: HTTP/1.1 ${Status Code} .... [clientTransId: ${Client Trans. Id}] serverTransId: ${Server Trans. Id}] Content-Length: 0 Marrache, et al. Expires April 19, 2013 [Page 17] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 The data elements within the HTTP Accept response are described as follows: o clientTransId: Zero or one client transaction ID. This value is simply an echo of the client transaction ID that SPPF client passed into the SPPF update request. When included in the request, the SPPF server MUST return it in the corresponding response message. o serverTransId: Exactly one server transaction ID that identifies this request for tracking purposes. This value MUST be unique for a given SPPF server. 8.4. Reject Operation Structure In SPPF, SED Group Offer can be accepted or rejected by, or on behalf of, the registrant to whom the SED Group has been offered (refer "Framework Data Model Objects" section of the framework document for a description of the SED Group Offer object). The Reject operation is used to reject such SED Group Offers by, or on behalf of, the Registrant. This request consists of an HTTP request on the URI that identifies the Sed Group Offer to reject, using the POST HTTP method. The body of the HTTP request is empty, the Sed Grp Offer (resource) to delete is uniquely identified by the URI included in the request. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses. Refer to the "RESTful SPP Protocol Examples" section of this document for an example of Reject operation on a SED Group Offer. 8.4.1. Reject Request The format of an HTTP request used to Reject a SED Group Offer is as follows: POST BASE_URL/${SedGrpOffrURI}[?clientTransId=${ClientTransId}] HTTP/1.1 ..... [minorVer: ${Minor Version}] Action: Reject Content-Length: 0 The data elements within the HTTP Reject request are described as follows: Marrache, et al. Expires April 19, 2013 [Page 18] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 o clientTransId: Zero or one client-generated transaction ID that, within the context of the SPPF client, identifies this request. This value can be used at the discretion of the SPPF client to track, log or correlate requests and their responses. SPPF server MUST echo back this value to the client in the corresponding response to the incoming request. SPPF server will not check this value for uniqueness. o minorVer: Zero or one minor version identifier, indicating the minor version of the SPPF API that the client is attempting to use. This is used in conjunction with the major version identifier in the XML namespace to identify the version of SPPF that the client is using. If the element is not present, the server assumes that the client is using the latest minor version supported by the SPPF server for the given major version. The versions supported by a given SPPF server can be retrieved by the client using the SPPF server menu operation described later in the document. 8.4.2. Reject Response The format of an HTTP response to a Reject request is as follows: HTTP/1.1 ${Status Code} .... [clientTransId: ${Client Trans. Id}] serverTransId: ${Server Trans. Id}] Content-Length: 0 The data elements within the HTTP Reject response are described as follows: o clientTransId: Zero or one client transaction ID. This value is simply an echo of the client transaction ID that SPPF client passed into the SPPF update request. When included in the request, the SPPF server MUST return it in the corresponding response message. o serverTransId: Exactly one server transaction ID that identifies this request for tracking purposes. This value MUST be unique for a given SPPF server. Marrache, et al. Expires April 19, 2013 [Page 19] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 8.5. Get Operation Structure In order to query the details of an object from the Registry, an authorized entity sends a get request to the registry. This request consists of an HTTP request on the URI that identifies the queried resource, using the GET HTTP method. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. Moreover, if the queried object is found in the registry, the HTTP response's body contains the XML representation of the result object. The following sub-sections describe the expected format of the HTTP requests and responses. Refer to the "RESTful SPP Protocol Examples" section of this document for an example of Get operation on each type of SPPF object. 8.5.1. Get Request The format of an HTTP request to a Get request is as follows: GET BASE_URL/${Resource URI} HTTP/1.1 ..... [minorVer: ${Minor Version}] Content-Length: 0 The data elements within the HTTP Get request are described as follows: o minorVer: Zero or one minor version identifier, indicating the minor version of the SPPF API that the client is attempting to use. This is used in conjunction with the major version identifier in the XML namespace to identify the version of SPPF that the client is using. If the element is not present, the server assumes that the client is using the latest minor version supported by the SPPF server for the given major version. The versions supported by a given SPPF server can be retrieved by the client using the SPPF server menu operation described later in the document. 8.5.2. Get Response The format of an HTTP response to a Get request is as follows: Marrache, et al. Expires April 19, 2013 [Page 20] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 HTTP/1.1 ${Status Code} .... Content-Length: 8.6. Get SED Group Offers Operation Structure In addition to the ability to query the details of one or more SED Group offers using a SED Group Offer key in a Get request, this operation also provides an additional, more flexible, structure to query for SED Group Offer objects. 8.6.1. Get SED Group Offers Request Using the details passed into this structure, the server will attempt to find SED Group Offer objects that satisfy all the criteria passed into the request. If no criteria is passed in then the server will return the list of SED Group Offer objects that belongs to the registrant. If there are no matching SED Group Offers found then an empty result set will be returned. TBD 8.6.2. Get SED Group Offers Response TBD 8.7. Get Server Details Operation Structure In order to query certain details of the SPPF server, like the SPPF server's status and the major/minor version supported by the server, the Server Details operation structure SHOULD be used. 8.7.1. Get Server Details Request The format of an HTTP request corresponding to a Get Server Status request is as follows: GET BASE_URL/ServerStatus HTTP/1.1 ..... [minorVer: ${Minor Version}] Marrache, et al. Expires April 19, 2013 [Page 21] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Content-Length: 0 The data elements within the HTTP Get Server Status request are described as follows: o minorVer: Zero or one minor version identifier, indicating the minor version of the SPP RESTful Protocol API that the client is attempting to use. This is used in conjunction with the major version identifier in the XML namespace to identify the version of SPP RESTful Protocol that the client is using. If the element is not present, the server assumes that the client is using the latest minor version of SPP RESTful Protocol supported by the SPPF server for the given major version. The versions of SPP RESTful Protocol supported by a given SPPF server can be retrieved by the client using this same HTTP Get Server Status request without passing in the minorVer element. 8.7.2. Get Server Details Response The format of an HTTP response to a Get Server Status request is as follows: HTTP/1.1 ${Status Code} .... Content-Length: The data elements within the HTTP Get Server Status response are described as follows: o svcMenu: Exactly one element of type SvcMenuType which in turn contains the elements to return the server status and major/ minor version of the RESTful SPP Protocol supported by the SPPF server (refer framework document for definition of SvcMenuType). Marrache, et al. Expires April 19, 2013 [Page 22] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 9. Response Codes and Messages TBD Marrache, et al. Expires April 19, 2013 [Page 23] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 10. Protocol Operations Refer the "Framework Operations" section of the framework document for a description of all SPPF operations, and any necessary semantics that MUST be adhered to in order to conform with the SPPF specification. Marrache, et al. Expires April 19, 2013 [Page 24] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 11. RESTful SPP Protocol WADL Definition The RESTful SPP Protocol WADL is defined below. Note: The following WADL has been formatted (e.g., tabs, spaces) to meet I-D requirements. Marrache, et al. Expires April 19, 2013 [Page 25] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 26] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 27] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 28] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 29] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 31] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 32] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 33] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 34] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 35] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Marrache, et al. Expires April 19, 2013 [Page 36] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Figure 2: WADL Marrache, et al. Expires April 19, 2013 [Page 37] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 12. SPP RESTful Protocol Examples This section shows examples of HTTP message exchange between two SIP Service Providers (SSP) and a registry. The messages in this section are HTTP requests/responses that may include XML content representing the SPPF objects defined in the framework document. This section relies on the XML data structures defined in the base SPPF specification [I-D.draft-ietf-drinks-spp-framework]. So refer to that document to understand XML object types embedded in these example messages. In this sample use case scenario, SSP1 and SSP2 provision resource data in the registry and use SPPF constructs to selectively share the SED groups. In the figure below, SSP2 has two ingress SBE instances that are associated with the public identities that SSP2 has the retail relationship with. Also, the two SBE instances for SSP1 are used to show how to use SPPF to associate route preferences for the destination ingress routes and exercise greater control on outbound traffic to the peer's ingress SBEs. ---------------+ +------------------ | | +------+ +------+ | sbe1 | | sbe2 | +------+ +------+ SSP1 | | SSP2 +------+ +------+ | sbe3 | | sbe4 | +------+ +------+ iana-en:111 | | iana-en:222 ---------------+ +------------------ | | | | | SPPF +------------------+ SPPF | +------->| Registry |<--------+ +------------------+ 12.1. Add Destination Group SSP2 adds a destination group to the registry for use later. The SSP2 SPPF client sets a unique transaction identifier 'txn_1479' for tracking purposes. The name of the destination group is set to DEST_GRP_SSP2_1 Marrache, et al. Expires April 19, 2013 [Page 38] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 PUT /DestGroup/rant/iana-en:222/dgName/DEST_GRP_SSP2_1 \ ?clientTransId=txn_1479 HTTP/1.1 ........... Content-Type: application/xml Content-Length: 117 iana-en:222 iana-en:223 DEST_GRP_SSP2_1 The registry processes the request and return a favorable response confirming successful creation of the named destination group. Also, besides returning a unique server transaction identifier, Registry also returns the matching client transaction identifier from the request message back to the SPPF client. HTTP/1.1 200 OK ........... clientTransId: txn_1479 serverTransId: tx_12345 Content-Length: 0 12.2. Add SED Records SSP2 adds SED records in the form of ingress routes to the registry. Marrache, et al. Expires April 19, 2013 [Page 39] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 PUT /SedRec/rant/iana-en:222/name/SED_SSP2_SBE2 \ ?clientTransId=txn_1479 HTTP/1.1 ............. Content-Type: application/xml Content-Length: 298 iana-en:222 iana-en:223 SED_SSP2_SBE2 true 10 u E2U+sip ^(.*)$ sip:\1@sbe2.ssp2.example.com The registry returns a success response. HTTP/1.1 200 OK ............. clientTransId: txn_1479 serverTransId: tx_12345 Content-Length: 0 12.3. Add SED Records -- URIType SSP2 adds another SED record to the registry and makes use of URIType Marrache, et al. Expires April 19, 2013 [Page 40] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 PUT /SedRec/rant/iana-en:222/name/SED_SSP2_SBE4 \ ?clientTransId=txn_1479 HTTP/1.1 ............ Content-Type: application/xml Content-Length: 204 iana-en:222 iana-en:223 SED_SSP2_SBE4 true ^(.*)$ sip:\1;npdi@sbe4.ssp2.example.com The registry returns a success response. HTTP/1.1 200 OK ............ clientTransId: txn_1479 serverTransId: tx_12345 Content-Length: 0 12.4. Add SED Group SSP2 creates the grouping of SED records (e.g. ingress routes) and chooses higher precedence for SED_SSP2_SBE2 by setting a lower number for the "priority" attribute, a protocol agnostic precedence indicator. PUT /SedGroup/rant/iana-en:222/name/SED_SSP2_SBE4 \ ?clientTransId=txn_1479 HTTP/1.1 ............ Content-Type: application/xml Content-Length: To confirm successful processing of this request, registry returns a well-known result code '1000' to the SSP2 client. Marrache, et al. Expires April 19, 2013 [Page 41] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 HTTP/1.1 200 OK ............ clientTransId: txn_1479 serverTransId: tx_12345 Content-Length: 0 12.5. Add Public Identity -- Successful COR claim SSP2 activates a TN public identity by associating it with a valid destination group. Further, SSP2 puts forth a claim that it is the carrier-of-record for the TN. TBD Assuming that the registry has access to TN authority data and it performs the required checks to verify that SSP2 is in fact the service provider of record for the given TN, the request is processed successfully. In the response message, the registry sets the value of to "true" in order to confirm SSP2 claim as the carrier of record and the reflects the time when the carrier of record claim is processed. TBD 12.6. Add LRN If another entity that SSP2 shares session establishment information (e.g. routes) with has access to Number Portability data, it may choose to perform route lookups by routing number. Therefore, SSP2 associates a routing number to a destination group in order to facilitate ingress route discovery. TBD Registry completes the request successfully and returns a favorable response to the SPPF client. Marrache, et al. Expires April 19, 2013 [Page 42] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 TBD 12.7. Add TN Range Next, SSP2 activates a block of ten thousand TNs and associate it to a destination group. TBD Registry completes the request successfully and returns a favorable response. TBD 12.8. Add TN Prefix Next, SSP2 activates a block of ten thousand TNs using the TNPType structure and identifying a TN prefix. TBD Registry completes the request successfully and returns a favorable response. TBD 12.9. Enable Peering -- SED Group Offer In order for SSP1 to complete session establishment for a destination TN where the target subscriber has a retail relationship with SSP2, it first requires an asynchronous bi-directional handshake to show mutual consent. To start the process, SSP2 initiates the peering handshake by offering SSP1 access to its SED group. Marrache, et al. Expires April 19, 2013 [Page 43] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 TBD Registry completes the request successfully and confirms that the SSP1 will now have the opportunity to weigh in on the offer and either accept or reject it. The registry may employ out-of-band notification mechanisms for quicker updates to SSP1 so they can act faster, though this topic is beyond the scope of this document. TBD 12.10. Enable Peering -- SED Group Offer Accept SSP1 responds to the offer from SSP2 and agrees to have visibility to SSP2 session establishment information (e.g. ingress routes). TBD Registry confirms that the request has been processed successfully. From this point forward, if SSP1 looks up a public identity through the query resolution server, where the public identity is part of the destination group by way of "SED_GRP_SSP2_1" session establishment data association, SSP2 ingress SBE information will be shared with SSP1. TBD 12.11. Add Egress Route SSP1 wants to prioritize all outbound traffic to the ingress route associated with the "SED_GRP_SSP2_1" SED Group record, through "sbe1.ssp1.example.com". TBD Since peering has already been established, the request to add the Marrache, et al. Expires April 19, 2013 [Page 44] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 egress route has been successfully completed. TBD 12.12. Remove Peering -- SED Group Offer Reject SSP1 had earlier accepted to have visibility to SSP2 session establishment data. SSP1 now decides to no longer maintain this visibility and hence rejects the SED Group Offer. TBD Registry confirms that the request has been processed successfully. From this point forward, if SSP1 looks up a public identity through the query resolution server, where the public identity is part of the destination group by way of "SED_GRP_SSP2_1" session establishment data association, SSP2 ingress SBE information will NOT be shared with SSP1 and hence SSP2 ingress SBE will NOT be returned in the query response. TBD 12.13. Get Destination Group SSP2 uses the 'spppGetRequest' operation to tally the last provisioned record for destination group DEST_GRP_SSP2_1. TBD Registry completes the request successfully and returns a favorable response. TBD Marrache, et al. Expires April 19, 2013 [Page 45] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 12.14. Get Public Identity SSP2 obtains the last provisioned record associated with a given TN. TBD Registry completes the request successfully and returns a favorable response. TBD 12.15. Get SED Group Request SSP2 obtains the last provisioned record for the SED group SED_GRP_SSP2_1. TBD Registry completes the request successfully and returns a favorable response. TBD 12.16. Get SED Group Offers Request SSP2 fetches the last provisioned SED group offer to the SSP1. TBD Registry processes the request successfully and returns a favorable response. Marrache, et al. Expires April 19, 2013 [Page 46] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 TBD 12.17. Get Egress Route SSP1 wants to verify the last provisioned record for the egress route called EGR_RTE_01. TBD Registry completes the request successfully and returns a favorable response. TBD 12.18. Delete Destination Group SSP2 initiates a request to delete the destination group DEST_GRP_SSP2_1. TBD Registry completes the request successfully and returns a favorable response. TBD 12.19. Delete Public Identity SSP2 chooses to de-activate the TN and remove it from the registry. TBD Marrache, et al. Expires April 19, 2013 [Page 47] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Registry completes the request successfully and returns a favorable response. TBD 12.20. Delete SED Group Request SSP2 removes the SED group called SED_GRP_SSP2_1. TBD Registry completes the request successfully and returns a favorable response. TBD 12.21. Delete SED Group Offers Request SSP2 no longer wants to share SED group SED_GRP_SSP2_1 with SSP1. TBD Registry completes the request successfully and returns a favorable response. Restoring this resource sharing will require a new SED group offer from SSP2 to SSP1 followed by a successful SED group accept request from SSP1. TBD Marrache, et al. Expires April 19, 2013 [Page 48] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 12.22. Delete Egress Route SSP1 decides to remove the egress route with the label EGR_RTE_01. TBD Registry completes the request successfully and returns a favorable response. TBD Marrache, et al. Expires April 19, 2013 [Page 49] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 13. Security Considerations RESTful SPP Protocol is used to query and update session peering data and addresses, so the ability to access this protocol should be limited to users and systems that are authorized to query and update this data. Because this data is sent in both directions, it may not be sufficient for just the client or user to be authenticated with the server. The identity of the server should also be authenticated by the client, which is often accomplished using the TLS certificate exchange and validation described in [RFC2818]. SPP Protocol messages may include sensitive information, routing data, lists of resolvable addresses, etc. So when used in a production setting and across non-secure networks, SPP Protocol should only be used over communications channels that provide strong encryption for data privacy. 13.1. Integrity, Privacy, and Authentication TBD 13.2. Vulnerabilities The above protocols may have various vulnerabilities, and these may be inherited by the RESTful SPP Protocol. REST SPP Protocol itself may have vulnerabilities because an authorization model is not explicitly specified in the current specification. Sections 5 and 10.1 describe requirements for HTTPS support using TLS. Non-anonymous TLS servers can optionally request a certificate from a TLS client; that option is not a requirement for this protocol. This presents a denial of service risk in which unauthenticated clients can consume server CPU resources by creating TLS sessions. The risk is increased if the server supports client- initiated renegotiation. This risk can be mitigated by disabling client-initiated renegotiation on the server and by ensuring that other means (such as firewall access control lists) are used to restrict unauthenticated client access to servers. In conjunction with the above, it is important that REST SPP Protocol implementations implement an authorization model that considers the source of each query or update request and determines whether it is reasonable to authorize that source to perform that specific query or update. 13.3. Deployment Environment Specifics Some deployments of REST SPP Protocol could choose to use transports without encryption. This presents vulnerabilities but could be Marrache, et al. Expires April 19, 2013 [Page 50] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 selected for deployments involving closed networks or debugging scenarios. However, the vulnerabilities of such a deployment could be a lack of integrity and privacy of the data transported in this type of deployment. Marrache, et al. Expires April 19, 2013 [Page 51] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 14. IANA Considerations This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in [RFC3688]. URN assignments requested are: urn:ietf:params:xml:ns:sppf:rest:1 Marrache, et al. Expires April 19, 2013 [Page 52] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 15. Acknowledgements TBD Marrache, et al. Expires April 19, 2013 [Page 53] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 16. References 16.1. Normative References [I-D.draft-ietf-drinks-spp-framework] Cartwright, K., Bhatia, V., Ali, S., and D. Schwartz, "Session Peering Provisioning Framework", draft-ietf-drinks-spp-framework-02 (work in progress), July 2012. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. 16.2. Informative References [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, October 2008. [W3C.REC-xml-20081126] Sperberg-McQueen, C., Yergeau, F., Bray, T., Maler, E., and J. Paoli, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", World Wide Web Consortium Recommendation REC- xml-20081126, November 2008, . Marrache, et al. Expires April 19, 2013 [Page 54] Internet-Draft draft-marrache-drinks-spp-protocol-rest October 2012 Authors' Addresses Mickael Marrache Jerusalem College of Technology Havaad Haleumi St. 21 Jerusalem, 91160 Israel Email: mickaelmarrache@gmail.com David Schwartz XConnect 316 Regents Park Road London, N3 2XJ United Kingdom Email: dschwartz@xconnect.net Syed Wasim Ali NeuStar 46000 Center Oak Plaza Sterling, VA 20166 USA Email: syed.ali@neustar.biz Marrache, et al. Expires April 19, 2013 [Page 55]