SIPREC L. Portman, Ed. Internet-Draft NICE Systems Intended status: Informational H. Lum Expires: July 21, 2011 Genesys, Alcatel-Lucent A. Johnston Avaya A. Hutton Siemens Enterprise Communications January 17, 2011 The SIP-based Media Recording Protocol (SIPREC) draft-portman-siprec-protocol-02 Abstract SIPREC Session Recording Protocol is used for establishing recording session and reporting of the metadata of the communication session. This document specifies the SIPREC Protocol (SIPREC). SIPREC is used between Session Recording Client (SRC) and Session Recording Server (SRS). Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 21, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Portman, et al. Expires July 21, 2011 [Page 1] Internet-Draft SIPREC Protocol January 2011 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Overview of operations . . . . . . . . . . . . . . . . . . . . 5 4.1. Delivering recorded media . . . . . . . . . . . . . . . . 5 4.2. Delivering recording metadata . . . . . . . . . . . . . . 7 5. SIP Extensions . . . . . . . . . . . . . . . . . . . . . . . . 9 5.1. Callee Capabilities Extensions for SIP Recording . . . . . 9 5.1.1. src Feature Tag . . . . . . . . . . . . . . . . . . . 10 5.1.2. srs Feature Tag . . . . . . . . . . . . . . . . . . . 10 5.2. SDP handling . . . . . . . . . . . . . . . . . . . . . . . 10 5.3. Metadata . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.3.1. Delivering Metadata as a stream of events . . . . . . 14 5.3.1.1. Example - indication for which the SRS is willing to receive INFO Package . . . . . . . . . 14 5.4. Recording Pause and Resume . . . . . . . . . . . . . . . . 16 6. Transport . . . . . . . . . . . . . . . . . . . . . . . . . . 16 7. Failover and Recovery . . . . . . . . . . . . . . . . . . . . 16 8. Error Handling . . . . . . . . . . . . . . . . . . . . . . . . 16 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 9.1. New Content-Disposition Parameter Registrations . . . . . 16 9.2. MIME Type . . . . . . . . . . . . . . . . . . . . . . . . 17 9.3. Info Package . . . . . . . . . . . . . . . . . . . . . . . 17 10. Security Considerations . . . . . . . . . . . . . . . . . . . 17 10.1. Authentication and Authorization . . . . . . . . . . . . . 17 10.2. Privacy of metadata . . . . . . . . . . . . . . . . . . . 18 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 11.1. Normative References . . . . . . . . . . . . . . . . . . . 18 11.2. Informative References . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 Portman, et al. Expires July 21, 2011 [Page 2] Internet-Draft SIPREC Protocol January 2011 1. Introduction Communication session recording requires establishment of a recording session (RS) between a session recording client (SRC) and session recording server (SRS). The overall architecture for media recording is described in the architecture draft [I-D.ietf-siprec-architecture] The SIPREC Requirements [I-D.ietf-siprec-req] list a set of requirements that need to be met by session recording protocols. SIP is chosen to be the protocol to establish the recording session to deliver recorded media to the session recording server. Additional SIP extensions are specified in this document to meet some of the requirements outlined in the requirements draft. In order to describe the recorded media and the communication sessions involved, a metadata model is described in [I-D.ram-siprec-metadata] to deliver additional information shared between SRC and SRS. 2. Definitions The core SIPREC definitions are taken from the requirements document [I-D.ietf-siprec-req]. Session Recording Server (SRS) A Session Recording Server (SRS) is a SIP User Agent (UA) that is a specialized media server or collector that acts as the sink of the recorded media. An SRS is a logical function that typically archives media for extended durations of time and provides interfaces for search and retrieval of the archived media. An SRS is typically implemented as a multi-port device that is capable of receiving media from several sources simultaneously. An SRS is typically also the sink of the recorded session metadata. Session Recording Client (SRC) A Session Recording Client (SRC) is a SIP User Agent (UA) that acts as the source of the recorded media, sending it to the SRS. An SRC is a logical function. Its capabilities may be implemented across one or more physical devices. In practice, an SRC could be a personal device (such as a SIP phone), a SIP Media Gateway (MG), a Session Border Controller (SBC) or a SIP Media Server (MS) integrated with an Application Server (AS). This specification defines the term SRC such that all such SIP entities can be generically addressed under one definition. The SRC itself or another entity working on its behalf (such as a SIP Application Server) may act as the source of the recording metadata. Portman, et al. Expires July 21, 2011 [Page 3] Internet-Draft SIPREC Protocol January 2011 Communication Session (CS) A session created between two or more SIP User Agents (UAs) that is the target for recording. Recording Session (RS) The SIP session created between an SRC and SRS for the purpose of recording a Communication Session. Figure 1 pictorially represents the relationship between a Recording Session and Communication Session. +-------------+ +-----------+ | | Communication Session | | | A |<------------------------------------>| B | | | | | +-------------+ +-----------+ .................................................................. . Session . . Recording . . Client . .................................................................. | | Recording | Session | v +------------+ | Session | | Recording | | Server | +------------+ Figure 1: Relationship between CS, SRC, SRS, and RS Metadata Information that describes recorded media and the CS to which they relate. Pause during a Communication Session: The action of temporarily discontinuing the transmission and collection of RS media. Resume during a Communication Session: The action of recommencing the transmission and collection of RS media. Portman, et al. Expires July 21, 2011 [Page 4] Internet-Draft SIPREC Protocol January 2011 3. Scope The scope of the SIPREC protocol includes the establishment of the recording sessions and the reporting of the metadata, and extensions to the communication sessions. The following items, which is not an exhaustive list, do not represent the SIPREC protcol itself and are considered out of the scope of the SIPREC protcol: o Recording policies that determine whether the CS should be recorded o Retention policies that determine how long a recording is stored o Searching and accessing the recorded media and metadata o Delivering recording session metadata through non-SIP mechanism 4. Overview of operations This section is informative and provides a description of SIPREC operations. As mentioned in the architecture document [I-D.ietf-siprec-architecture], there are a couple of types of call flows based on the location of the Session Recording Client. The following sample call flows provide a quick overview of the operations between the SRC and the SRS. 4.1. Delivering recorded media When the SRC is deployed as a B2BUA, the SRC can route call requests from UA(A) to UA(B). As a SIP B2BUA, the SRC has access to the SDP and therefore can manipulate the media path between the user agents. When the SRC is aware that it should be recording the conversation, the SRC may bridge the media between UA(A) and UA(B). The SRC then establishes the Recording Session with the SRS and sends replicated media towards the SRS. An endpoint can act as the SRC, and in this case may establish the Recording Session to the SRS. Since the endpoint has access to the media in the communication session, the endpoint can send replicated media towards the SRS. The following basic call flow shows the SRC establishing a recording session towards the SRS. The call flow is essentially identical when Portman, et al. Expires July 21, 2011 [Page 5] Internet-Draft SIPREC Protocol January 2011 the SRC is a B2BUA or as the endpoint itself. UA A B2BUA UA B SRS | (SRC) | | |(1)CS INVITE | | | |------------->| | | | |(2)CS INVITE | | | |---------------------->| | | | (3)OK | | | |<----------------------| | | (4)OK | | | |<-------------| | | | |(5)RS INVITE (CallId + Participants) with SDP | | |--------------------------------------------->| | | | (6)OK with SDP | | |<---------------------------------------------| |(7)CS RTP | | | |=============>|======================>| | |<=============|<======================| | | |(8)RS RTP | | | |=============================================>| | |=============================================>| |(9)CS BYE | | | |------------->| | | | |(10)CS BYE | | | |---------------------->| | | |(11)RS BYE | | | |--------------------------------------------->| | | | | Figure 2: Basic Recording Call flow A conference focus may also act as an SRC since it has access to all the media from each conference participant. In this example, a user agent may REFER the conference focus to the SRS, and the SRC may choose to mix media streams from all participants as a single media stream towards the SRS. In order to tell the conference focus to start a recording session to the SRS, the user agent can include the srs feature tag in the Refer-To header as per [RFC4508]. Portman, et al. Expires July 21, 2011 [Page 6] Internet-Draft SIPREC Protocol January 2011 UA A Focus UA B SRS | (SRC) | | | | | | | (already in a conference) | | |<==================>|<==================>| | |(1)REFER sip:Conf-ID Refer-To:;srs | | |------------------->| | |(2)202 Accepted | | |<-------------------| | | (3)NOTIFY (Trying)| | |<-------------------| | |(4)200 OK | | |------------------->| | | |(5)INVITE Contact:Conf-ID;isfocus | | |--------------------------------------->| | | (6)200 OK | | |<---------------------------------------| | | (7)RTP (mixed or unmixed) | | |=======================================>| | (8)NOTIFY (OK) | | |<-------------------| | |(9)200 OK | | |------------------->| | Figure 3: Recording call flow - SRC as a conference focus 4.2. Delivering recording metadata Certain metadata, such as the attributes of the recorded media stream, are already included in the SDP of the recording session. This information is reused as part of the metadata. The SRC may update or add additional metadata about recorded media streams in requests such as INVITE, reINVITE, and UPDATE in the Recording Session. The rest of the metadata will be delivered as content. Metadata can also be represented as a stream of events. There are 4 ways to transport metadata events as outlined in the architecture document: SIP INVITE Content: for a simple call recording use case where no mid-dialog events are required to be delivered after the RS is established, the SIP INVITE may include content for all the metadata needed for the call. SIP INFO Package: metadata can be provided as an INFO package [I-D.ietf-sipcore-info-events] and sent as mid-dialog messages within the recording session. Portman, et al. Expires July 21, 2011 [Page 7] Internet-Draft SIPREC Protocol January 2011 UA A UA B SRS (SRC) | | |(1)CS INVITE | | |---------------------->| | | (2)OK | | |<----------------------| | |(3)RS INVITE (SDP) | | |--------------------------------------------->| | | (4)OK with SDP | |----------------------------------------------| |(5)CS RTP | | |======================>| | |<======================| | |(6)RS RTP | | |=============================================>| |=============================================>| |(7)RS INFO (metadata) | | |--------------------------------------------->| |(8)CS BYE | | |---------------------->| | |(9)RS BYE | | |--------------------------------------------->| | | | Figure 4: Delivering metadata via SIP INFO [OPEN ISSUE: is Event Package desired?] Event Package: Metadata can also be conveyed from the SRC to the SRS using the SIP event notification mechanism [RFC3265]. Using a subscription allows the SRC to deliver metadata to the SRS when the lifecycles of the CS and RS are different. This also allows the SRC to deliver session metadata and recorded media separately, for example, an SRS that reports metadata for multiple recording sessions as a single subscription. Non-SIP transport: In some cases session metadata can be conveyed through non-SIP mechanism such as HTTP or JTAPI. These non-SIP mechanisms are considered out of the scope of the SIPREC protocol, however, it is envisioned that a link with a URI can be provided in the recording session INVITE message so that the SRS can access the session metadata via the URI provided that the SRS supports the type of URI. Portman, et al. Expires July 21, 2011 [Page 8] Internet-Draft SIPREC Protocol January 2011 5. SIP Extensions The following sections describe SIP extensions for the recording protocol. The From header must contain the identity of the SRC. Participants information is not recorded in the From or To header; they are included in the metadata information. Note that a recording session does not have to have live within the scope of a single communication session. As outline in REQ-005 of [I-D.ietf-siprec-req], the recording session can be established in the absence of a communication session. In this case, the SRC must offer an SDP with zero m= lines. Recorded media from multiple communication sessions may be handled in a single recording session. The SRC provides a reference of each recorded media stream to the metadata described in the next section. The SRC must be able to accept re-INVITE from SRS with the updated SDP as part of the session timer mechanism. 5.1. Callee Capabilities Extensions for SIP Recording This section discusses how the callee capabilities defined in [RFC3840] can be extended for SIP call recording. SIP Callee Capabilities defines feature tags which are used to represent characteristics and capabilities of a UA. From RFC 3840: "Capability and characteristic information about a UA is carried as parameters of the Contact header field. These parameters can be used within REGISTER requests and responses, OPTIONS responses, and requests and responses that create dialogs (such as INVITE)." Note that feature tags are also used in dialog modifying requests and responses such as re-INVITE and responses to a re-INVITE, and UPDATE. The 'isfocus' feature tag, defined in [RFC4579] is similar semantically to this case: it indicates that the UA is acting as a SIP conference focus, and is performing a specific action (mixing) on the resulting media stream. This information is available from OPTIONS queries, dialog package notifications, and the SIP registration event package. We propose the definition of two new feature tags: 'src' and 'srs'. Portman, et al. Expires July 21, 2011 [Page 9] Internet-Draft SIPREC Protocol January 2011 5.1.1. src Feature Tag The 'src' feature tag is used in Contact URIs by the Session Recording Client (SRC) related to recording sessions. A Session Recording Server uses the presence of this feature tag in dialog creating and modifying requests and responses to confirm that the dialog being created is for the purpose of a Recording Session. In addition, a registrar could discover that a UA is an SRC based on the presence of this feature tag in a registration. Other SIP Recording extensions and behaviors can be triggered by the presence of this feature tag. Note that we could use a single feature tag, such as 'recording' used by either an SRC or SRS to identify that the session is a recording session. However, due to the differences in functionality and behavior between an SRC and SRS, using only one feature tag for both is not ideal. For instance, if a routing mistake resulted in a request from a SRC being routed back to another SRC, if only one feature tag were defined, they would not know right away about the error and could become confused. With separate feature tags, they would realize the error immediately and terminate the session. Also, call logs would clearly show the routing error. 5.1.2. srs Feature Tag The 'srs' feature tag is used in Contact URIs by the Session Recording Server (SRS) related to recording sessions. A Session Recording Client uses the presence of this feature tag in dialog creating and modifying requests and responses to confirm that the dialog being created is for the purpose of a Recording Session (REQ-30). In addition, a registrar could discover that a UA is an SRS based on the presence of this feature tag in a registration. Other SIP Recording extensions and behaviors can be triggered by the presence of this feature tag. To ensure a recording session is redirected to an SRS, an SRC can utilize the SIP Caller Preferences extensions, defined in [RFC3841]. The presence of a Accept-Contact: *;sip.srs allows a UA to request that the INVITE be routed to an SRS. Note that to be completely sure, the SRC would need to include a Require: prefs header field field in the request. 5.2. SDP handling SRC can include one or more media streams to the SRS. The SRS must respond with the same number of media descriptors in the SDP body of the 200 OK. Portman, et al. Expires July 21, 2011 [Page 10] Internet-Draft SIPREC Protocol January 2011 The SRC should use a=sendonly attribute as the SRC does not expect to receive media from the SRS. As SRS only receives RTP streams from SRS, the 200 OK response will normally contain SDP with a=recvonly attribute. Since the SRC may send recorded media of different participants (or even mixed streams) to the SRS, the SDP must provide a label on each media stream in order to identify the recorded stream with the rest of the metadata. The a=label attribute [RFC4574] will be used to identify each recorded media stream, and the label name will be used as the reference for the metadata. Note that a participant may have multiple streams (audio and video) and each stream is labeled separately. v=0 o=SRS 0 0 IN IP4 172.22.3.8 s=SRS c=IN IP4 172.22.3.8 t=0 0 m=audio 12241 RTP/AVP 0 4 8 a=sendonly a=label:1 m=audio 12242 RTP/AVP 98 a=rtpmap:98 H264/90000 a=fmtp:98 ... a=sendonly a=label:2 m=audio 12243 RTP/AVP 0 4 8 a=sendonly a=label:3 m=audio 12244 RTP/AVP 98 a=rtpmap:98 H264/90000 a=fmtp:98 ... a=sendonly a=label:4 Figure 6: Sample SDP with audio and video streams To remove a recorded media stream from the recording session, send a reINVITE and set the port to zero in the m= line. To add a recorded media stream, send a reINVITE and add a new m= line. The SRS may respond with a=inactive attribute as part of the SDP in the 200 OK response when the SRS is not ready to receive recorded Portman, et al. Expires July 21, 2011 [Page 11] Internet-Draft SIPREC Protocol January 2011 media. The SRS can send re-INVITE to update the SDP with a=recvonly when it is ready to receive media. The following sequence diagram shows an example of SRS responds with SDP that contain a=inactive, and then later update media information update with re-INVITE. SRC SRS | | |(1) INVITE (no offer) | |---------------------------------------------------->| | (2)200 OK with SDP inactive | |<----------------------------------------------------| |(3) ACK with SDP inactive | |---------------------------------------------------->| | ... | | (4) re-INVITE with SDP recvonly | |<----------------------------------------------------| |(5)200 OK with SDP sendonly | |---------------------------------------------------->| | (6) ACK with SDP | |<----------------------------------------------------| |(7) RTP | |====================================================>| | ... | |(8) BYE | |---------------------------------------------------->| | (9) OK | |<----------------------------------------------------| Figure 7: SRS to offer with a=inactive 5.3. Metadata The format of the full metadata will be described as part of the mechanism in [I-D.ram-siprec-metadata]. As mentioned in the previous section, the SDP of the recording session is the metadata for all recorded media streams. The label attribute contains a reference to the rest of the metadata information. For all basic metadata information such as communication session, participants, call identifiers and direction, they can be included in the initial INVITE request sent by the SRC. Metadata can be included as content in the INVITE request. A new "disposition-type" of Portman, et al. Expires July 21, 2011 [Page 12] Internet-Draft SIPREC Protocol January 2011 Content-Disposition is defined for this purpose and the value is "recording-session". There is a single payload type "application/ rs-metadata" defined for recording metadata. The following SIP example for RS establishment between SRC and SRS with metadata as content. INVITE sip:97753210@10.240.3.10:5060 SIP/2.0 From: ;tag=35e195d2-947d-4585-946f-098392474 To: Call-ID: d253c800-b0d1ea39-4a7dd-3f0e20a@10.226.240.3 CSeq: 101 INVITE Date: Thu, 26 Nov 2009 02:38:49 GMT Supported: timer Supported: replaces User-Agent: B2BUA Max-Forwards: 70 Allow: INVITE,OPTIONS,INFO,BYE,CANCEL,ACK,PRACK,UPDATE, REFER,SUBSCRIBE,NOTIFY,PUBLISH Allow-Events: presence,kpml Min-SE: 90 Contact: ;isfocus;src Via: SIP/2.0/TCP 10.226.240.3:5060;branch=z9hG4bKdf6b622b648d9 Session-Expires: 1800 Content-Type: multipart/mixed;boundary=foobar Content-Length: [length] --foobar Content-Type: application/sdp v=0 o=SRS 0 0 IN IP4 10.226.240.3 c=IN IP4 10.226.240.3 t=0 0 m=audio 12241 RTP/AVP 0 4 8 a=sendonly a=label:1 --foobar Content-Type: application/rs-metadata Content-Disposition: recording-session [metadata content] Figure 8: Sample INVITE request for the recording session Portman, et al. Expires July 21, 2011 [Page 13] Internet-Draft SIPREC Protocol January 2011 5.3.1. Delivering Metadata as a stream of events Recording metadata can delivered as a stream of events. For this case, the metadata events is reported as SIP INFO messages within the recording session. INFO Package is chosen as the mechanism because the metadata events does not always have to be associated with changes to the recorded media that requires the use of a reINVITE. For example, when a new participant is joined to a recorded conference and the SRS is receiving the recorded media as a mixed audio stream, then there is no need to send a reINVITE update the recorded media; an INFO message with the necessary metadata to describe the new participant is sufficient information for the SRS. The Info Package name is "recording-session". This name is used in both the Info-Package header as well as the Recv-Info header fields. The SRS must set the Recv-Info header to indicate that it is willing to receive INFO requests for Info Package recording-session. The SRC is not required to set the Recv-Info header since it does not expect to receive any Info Package from the SRS. There is only a single payload type "application/rs-metadata" defined for the Info Package. Similar to the metadata format for INVITE requests, the metadata format is defined in [I-D.ram-siprec-metadata]. This Info Package does not impose any rate limit or throttling mechansim for the stream of metadata events. A recording session is not expect to emit a high rate of metadata events, however, there are scenarios where there can be short bursts metadata events generated. For example, when a scheduled conference is being recorded, there can be a burst of participants joining the conference at the scheduled time and hence a burst of metadata update to the communication session. 5.3.1.1. Example - indication for which the SRS is willing to receive INFO Package The SRC initiates a recording session and indicates that it is the SRC. Portman, et al. Expires July 21, 2011 [Page 14] Internet-Draft SIPREC Protocol January 2011 INVITE sip:srs@example.com SIP/2.0 Via: SIP/2.0/TCP src12.example.com;branch=z9hG4bKdf6b622b648d9 From: ;tag=35e195d2 To: Call-ID: d253c800-b0d1ea39-4a7dd-3f0e20a@10.226.240.3 CSeq: 101 INVITE Contact: ;src Content-Type: multipart/mixed;boundary=foobar Content-Length: ... ... The SRS sends a 200 OK response and indicate that it is willing to receive metadata Info Package SIP/2.0 200 OK Via: SIP/2.0/TCP src12.example.com;branch=z9hG4bKdf6b622b648d9 From: ;tag=35e195d2 To: ;tag=12345678 Call-ID: d253c800-b0d1ea39-4a7dd-3f0e20a@10.226.240.3 CSeq: 101 INVITE Contact: ;srs Recv-Info: recording-session Content-Type: application/sdp Content-Length: ... ... After the recording session is established, the SRC sends an INFO request to the SRS to indicate participant changes to the communication session. INFO sip:srs07.example.com SIP/2.0 Via: SIP/2.0/TCP src12.example.com;branch=z9hG4bKdf6b622abcd From: ;tag=35e195d2 To: ;tag=12345678 Call-ID: d253c800-b0d1ea39-4a7dd-3f0e20a@10.226.240.3 CSeq: 102 INFO Contact: ;src Info-Package: recording-session Content-Type: application/rs-metadata Content-Disposition: Info-Package Content-Length: ... Portman, et al. Expires July 21, 2011 [Page 15] Internet-Draft SIPREC Protocol January 2011 [metadata content] 5.4. Recording Pause and Resume To temporarily discontinue streaming and collection of recorded media from the SRC to the SRS, the SRC must send a reINVITE and set a=inactive for each recorded media stream to be paused. To resume streaming and collection of recorded media, the SRC must send a reINVITE and set a=sendonly for each recorded media stream to resume. Note that when a media stream in the CS is muted/unmuted, this information may conveyed in the metadata by the SRC. The SRC should not modify the recorded media stream with a=inactive for mute since this operation is reserved for pausing the RS media. 6. Transport TBD 7. Failover and Recovery TBD 8. Error Handling For handling errors with session establishment of the recording session, error handling of a standard SIP dialog applies. For handling errors with the metadata content such as syntactic or semantic errors, it is possible to introduce another Info content as a response to each metadata content sent by the SRS in order to allow the SRS to posivitively or negatively acknowledge each metadata content. [TBD - need to sync with metadata draft] 9. IANA Considerations 9.1. New Content-Disposition Parameter Registrations This document registers a new "disposition-type" value in Content- Disposition header: recording-session. Portman, et al. Expires July 21, 2011 [Page 16] Internet-Draft SIPREC Protocol January 2011 recording-session the body describes the metadata information about the recording session 9.2. MIME Type This document registers the application/rs-metadata MIME media type in order to describe the recording session metadata. This media type is defined by the following information: Media type name: application Media subtype name: rs-metadata Required parameters: none Options parameters: none 9.3. Info Package This document registers a new INFO package for transpoting recording session metadata. Info Package Name: recording-session Reference: [RFCXXXX] 10. Security Considerations The recording session is fundamentally a standard SIP dialog [RFC3261], therefore, the recording session can reuse any of the existing SIP security mechanism available for securing the recorded media as well as metadata. 10.1. Authentication and Authorization The recording session reuses the SIP mechanism to challenge requests that is based on HTTP authentication. The mechanism relies on 401 and 407 SIP responses as well as other SIP header fields for carrying challenges and credentials. The SRS may have its own set of recording policies to authorize recording requests from the SRC. The use of recording policies is outside the scope of the SIPREC protocol. Portman, et al. Expires July 21, 2011 [Page 17] Internet-Draft SIPREC Protocol January 2011 10.2. Privacy of metadata Since metadata is transported as content in SIP messages such as INVITE and INFO Packages, the requests can be routed through SIP proxies between the SRC and SRS. If the metadata content is considered private, then the SRC and SRS will need to use end-to-end encryption such as S/MIME in addition to hop-by-hop security (SIP/ TLS) to prevent access by proxies or B2BUAs. 11. References 11.1. Normative References [I-D.ietf-siprec-req] Rehor, K., Portman, L., Hutton, A., and R. Jain, "Requirements for SIP-based Media Recording (SIPREC)", draft-ietf-siprec-req-06 (work in progress), December 2010. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, May 2000. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC3265] Roach, A., "Session Initiation Protocol (SIP)-Specific Event Notification", RFC 3265, June 2002. [RFC3840] Rosenberg, J., Schulzrinne, H., and P. Kyzivat, "Indicating User Agent Capabilities in the Session Initiation Protocol (SIP)", RFC 3840, August 2004. [RFC3841] Rosenberg, J., Schulzrinne, H., and P. Kyzivat, "Caller Preferences for the Session Initiation Protocol (SIP)", RFC 3841, August 2004. [RFC4574] Levin, O. and G. Camarillo, "The Session Description Protocol (SDP) Label Attribute", RFC 4574, August 2006. Portman, et al. Expires July 21, 2011 [Page 18] Internet-Draft SIPREC Protocol January 2011 11.2. Informative References [I-D.ietf-sipcore-info-events] Holmberg, C., Burger, E., and H. Kaplan, "Session Initiation Protocol (SIP) INFO Method and Package Framework", draft-ietf-sipcore-info-events-10 (work in progress), October 2010. [I-D.ietf-siprec-architecture] Hutton, A., Portman, L., Jain, R., and K. Rehor, "An Architecture for Media Recording using the Session Initiation Protocol", draft-ietf-siprec-architecture-01 (work in progress), October 2010. [I-D.ram-siprec-metadata] R, R., R, P., and P. Kyzivat, "Session Initiation Protocol (SIP) Recording Metadata", draft-ram-siprec-metadata-02 (work in progress), December 2010. [RFC4508] Levin, O. and A. Johnston, "Conveying Feature Tags with the Session Initiation Protocol (SIP) REFER Method", RFC 4508, May 2006. [RFC4579] Johnston, A. and O. Levin, "Session Initiation Protocol (SIP) Call Control - Conferencing for User Agents", BCP 119, RFC 4579, August 2006. Authors' Addresses Leon Portman (editor) NICE Systems 8 Hapnina Ra'anana 43017 Israel Email: leon.portman@nice.com Henry Lum Genesys, Alcatel-Lucent 1380 Rodick Road, Suite 200 Markham, Ontario L3R4G5 Canada Email: henry.lum@genesyslab.com Portman, et al. Expires July 21, 2011 [Page 19] Internet-Draft SIPREC Protocol January 2011 Alan Johnston Avaya St. Louis, MO 63124 Email: alan.b.johnston@gmail.com Andrew Hutton Siemens Enterprise Communications Email: andrew.hutton@siemens-enterprise.com Portman, et al. Expires July 21, 2011 [Page 20]