Network Working Group John D. Ramsdell INTERNET DRAFT The MITRE Corporation Document Expires: March 2003 September 2002 Subscription Data Format (DRAFT) Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Please send comments to the authors or to the impp@iastate.edu discus- sion list. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This memo specifies the CPIM Subscription Data Format (SDF) as a common subscription data format for CPIM-compliant IM/Presence protocols. Table of Contents 1. Introduction ...................................................... 2 1.1 Terminology and Conventions ...................................... 2 2. The SUBSCRIBE Operation ........................................... 3 Ramsdell Informational [Page 1] INTERNET DRAFT Subscription Data Format (DRAFT) September 2002 3. The 'application/cpim-subscription' Content Type .................. 3 4. Examples .......................................................... 4 5. Subscribe DTD ..................................................... 5 6. Security Considerations ........................................... 5 7. Acknowledgments ................................................... 6 8. References ........................................................ 6 9. Author's Address .................................................. 7 10. Full Copyright Statement ......................................... 7 1. Introduction The Common Profile for Instant Messaging (CPIM) specifications define a set of common operations and various formats to achieve interoperability between different Instant Messaging and Presence protocols that meet RFC 2779 [RFC2779]. The CPIM core specification [CPIM] defines a set of common operations and their parameters to be supported by interworking Presence and IM protocols in order to allow straightforward gatewaying between them. The CPIM Message Format [CPIM-MSG] defines a common for- mat for instant messages, which enables secure end-to-end IM exchange through the gateways. The CPIM Presence Information Data Format [CPIM- PIDF] defines a common presence data format for CPIM-compliant presence. This memo further defines the CPIM Subscription Data Format (SDF) as a common subscription data format for CPIM-compliant presence protocols. The significance of the common subscription format primarily resides in the fact that it provides a PRESENCE SERVICE means of identifying and authenticating the SUBSCRIBER that is requesting presence service using digital signatures. The use of both digital signatures and the Sub- scription Data Format provides a protocol with a strong mechanism to meet the requirement for authentication stated in [RFC2779, Section 5.1.12]. Without such a common subscription data format, the signed content of a subscription request that traverses a gateway would not be able to be validated. 1.1 Terminology and Conventions This memo makes use of the vocabulary defined in the IMPP Model document [RFC2778]. Terms such as CLOSED, INSTANT MESSAGE, OPEN, PRESENCE SER- VICE, PRESENTITY, WATCHER, and WATCHER USER AGENT in the memo are used in the same meaning as defined therein. The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be inter- preted as described in RFC 2119 [RFC2119]. Ramsdell Informational [Page 2] INTERNET DRAFT Subscription Data Format (DRAFT) September 2002 2. The SUBSCRIBE Operation The SUBSCRIBE operation is used to request that a service deliver PRES- ENCE INFORMATION as specified in [CPIM]. As a side effect of a success- ful SUBSCRIBE request, a PRESENCE SERVICE MUST initiate a NOTIFY request that delivers the current PRESENCE INFORMATION contained by the PRESEN- TITY targeted by the SUBSCRIBE request, except when the operation can- cels a SUBSCRIPTION. A successful response to a SUBSCRIBE operation MUST include the duration of the SUBSCRIPTION granted by the service. As long as the SUBSCRIPTION has not lapsed, when the PRESENCE INFORMATION changes, the PRESENCE SER- VICE MUST initiate a NOTIFY request that delivers the new PRESENCE INFORMATION to the SUBSCRIBER. The triple consisting of a token, and the names of a WATCHER, and a PRE- SENTITY uniquely identify a SUBSCRIPTION. If the SUBSCRIBE request specifies a non-zero subscription duration, it must contain a SUBSCRIP- TION token. A SUBSCRIPTION can be canceled with a SUBSCRIBE request that specifies the SUBSCRIPTION's token and a duration of zero seconds. PRESENCE INFORMATION can always be fetched by issuing a SUBSCRIBE request with a zero duration and no token. 3. The 'application/cpim-subscription' Content Type This memo defines a new content type, "application/cpim-subscription", to encode subscription request specific data. The content is an XML document that validates using the Subscribe DTD (Document Type Defini- tion), which is presented in the section with the same name. The root element of a subscription document is 'Subscribe'. It contains in order, a 'From' element, a 'To' element, a 'DateTime' element, an optional 'Token' element, and finally, a 'Duration' element. The 'From' element contains a PRES URI of the WATCHER requesting the SUBSCRIPTION. The syntax of a PRES URI is defined in [CPIM]. The 'To' element contains a PRES URI of the PRESENTITY which is the target of the SUBSCRIPTION. The 'DateTime' element contains the time at which the request was made. It uses the timestamp syntax defined in [TIMESTAMP]. The 'Token' element, when present, is an opaque sequence of eighty or less characters. When combined with the names of a WATCHER, and a PRE- SENTITY, it uniquely identifies a SUBSCRIPTION. The 'Duration' element is a time duration in seconds expressed as a non-negative integer that does not exceed 2147483647. Ramsdell Informational [Page 3] INTERNET DRAFT Subscription Data Format (DRAFT) September 2002 4. Examples A request for a SUBSCRIPTION that lasts an hour might look like: pres:deb@host.org pres:dave@host.org 2002-04-04T13:40:00-08:00 99 3600 The SUBSCRIPTION can be extended for thirty minutes with: pres:deb@host.org pres:dave@host.org 2002-04-04T14:20:00-08:00 99 1800 Even while the SUBSCRIPTION is being held, presence information can be fetched with: pres:deb@host.org pres:dave@host.org 2002-04-04T14:30:00-08:00 0 The SUBSCRIPTION can be canceled with: Ramsdell Informational [Page 4] INTERNET DRAFT Subscription Data Format (DRAFT) September 2002 pres:deb@host.org pres:dave@host.org 2002-04-04T14:40:00-08:00 99 0 5. Subscribe DTD 6. Security Considerations The CPIM Subscription Data Format (SDF) provides a PRESENCE SERVICE means of identifying and authenticating the SUBSCRIBER that is request- ing presence service using digital signatures. The use of both digital signatures and the Subscription Data Format provides a protocol with a strong mechanism to meet the requirement for authentication stated in [RFC2779, Section 5.1.12]. Failure to provide some mechanism to authen- ticate subscription requests makes a PRESENCE SERVICE vulnerable to being spoofed by a SUBSCRIBER. Ramsdell Informational [Page 5] INTERNET DRAFT Subscription Data Format (DRAFT) September 2002 A PRESENCE SERVICE MAY make access control decisions based on the pres- ence URI in the 'From' element of a subscription request, and the exis- tence of a valid signature. To ensure that the 'From' element identi- fies the signer, a signed request SHOULD include a certificate that binds it to the presence URI in the 'From' element. For example, when using X.509 Version 3 Certificates [X.509V3], the presence URI in the 'From' element SHOULD be one of the certificate's Subject Alternative Names. 7. Acknowledgments Some introductory text was taken from [CPIM-PIDF]. 8. References [CPIM-MSGFMT] D. Atkins and G. Klyne, "Common Presence and Instant Messaging Mes- sage Format", draft-ietf-impp-cpim-msgfmt-06.txt, Work in Progress. [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement Lev- els", RFC 2119, BCP 14, March 1997. [ABNF] D. Crocker, and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [CPIM] D. Crocker et al., "A Common Profile for Instant Messaging (CPIM)", draft-ietf-impp-cpim-03.txt, Work in Progress. [RFC2779] M. Day, S. Aggarwal, G. Mohr, and J. Vincent, "Instant Messaging / Presence Protocol Requirements", RFC 2779, February 2000. [RFC2778] M. Day, J. Rosenberg, H. Sugano, "A Model for Presence and Instant Messaging", RFC 2778, February 2000. [X.509V3] R. Housley, W. Polk, W. Ford, and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Pro- file", RFC 3280, April 2002. [TIMESTAMPS] G. Klyne, and C. Newman, "Date and Time on the Internet: Timestamps", draft-ietf-impp-datetime-05.txt Work in Progress. Ramsdell Informational [Page 6] INTERNET DRAFT Subscription Data Format (DRAFT) September 2002 [CPIM-PIDF] H. Sugano, S. Fujimoto, G. Klyne, A. Bateman, and W. Carr, "CPIM Presence Information Data Format", draft-ietf-impp-cpim-pidf-05.txt, Work in Progress. 9. Author's Address John D. Ramsdell Mail Stop K329 202 Burlington Road Bedford, MA 01730-1420 ramsdell@mitre.org 10. Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to oth- ers, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and dis- tributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or ref- erences to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT- NESS FOR A PARTICULAR PURPOSE. Ramsdell Informational [Page 7]