Network Working Group T. Wugofski Internet-Draft Openwave Systems, Inc. Expires: March 15, 2004 September 15, 2003 MMS URI Schemes draft-wugofski-mms-uri-scheme-00 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 15, 2004. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This memo specifies URI (Universal Resource Identifier) schemes used in Multimedia Messaging, as specified by the 3GPP. The "mmsto" URI scheme is used to designate the MMS address of an individual or service. In its simplest form, an "mmsto" URI contains either an E.164 phone number or an Internet mail address. For greater functionality, because interaction with some resources may require message headers or message bodies to be specified as well as the MMS address, the "mmsto" URI scheme may optionally include MMS header fields and the message body. The "mms" URI scheme is used to designate an MMS message and the Wugofski Expires March 15, 2004 [Page 1] Internet-Draft MMS URI Schemes September 2003 sending of that message from the message originator. Wugofski Expires March 15, 2004 [Page 2] Internet-Draft MMS URI Schemes September 2003 1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Wugofski Expires March 15, 2004 [Page 3] Internet-Draft MMS URI Schemes September 2003 2. Introduction 2.1 3GPP Multimedia Messaging Service The 3GPP MMS TS 23.140 technical specification was produced by the 3rd Generation Partnership Project (3GPP). The 3GPP MMS TS 23.140 technical specification [3GPP23140] defines what the 3GPP refers to as the stage 2 and stage 3 description of the non-realtime Multimedia Messaging Service (MMS). Stage 2 identifies the functional capabilities and information flows needed to support the service described in stage 1 [3GPP22140]. As MMS user agents and MMS messaging transports are becoming a standard component of mobile terminals, there is an increasing need for other Internet enabled components on the mobile terminal to leverage these capabilities 2.2 Universal Resource Identifiers One of the core specifications for identifying resources on the Internet is [RFC2396], specifying the syntax and semantics of a Universal Resource Identifier (URI). The most important notion of URIs are "schemes", which define a framework within which resources can be identified (and possibly accessed). URIs enable users to identify resources, and are used for very diverse schemes such as access protocols (HTTP, FTP), broadcast media (TV channels [RFC2838]), messaging (email [RFC2368]), or even telephone numbers (voice [RFC2806]). URIs are often confused with Universal Resource Names (URNs) and Uniform Resource Locators (URLs). For the purpose of this memo, only the term URI will be used, referring to the most fundamental concept. The World Wide Web Consortium (W3C) has issued a note [W3C-URI] discussing the topic of URIs, URNs, and URLs in detail. 2.3 The Need for MMS URIs One important reason for universal access of the Web is the ability to access all information through unique interfaces -- making it easy and convenient to provide information as well as to consume it. One aspect of this integration is the support of user agents (in the case of the Web, commonly referred to as browsers) for multiple content formats (such as HTML, GIF, JPEG) and access schemes (such as HTTP, HTTP-S, FTP). The "mailto" URI scheme has proven to be very useful and popular Wugofski Expires March 15, 2004 [Page 4] Internet-Draft MMS URI Schemes September 2003 because most user agents support it by providing an email composition facility when the user activates (e.g., clicks on) the URI. In a similar manner, the "mmsto" URI scheme refers to the composition of an MMS message, and as such, should be supported by user agents with an MMS message composition facility. This is particularly useful on mobile phones where MMS applications are more predominant than email applications. In addition, mobile phones also use messaging as a means of service delivery. In this case, the "mms" URI scheme is used to represent an MMS message on the MM1 interface, as defined by [3GPP22140]. Accordingly, the "mms" URI scheme should be supported by user agents by sending an MMS message without user composition. The goal of this memo is to specify the "mmsto" and "mms" URI schemes so that user agents (such as Web browsers, MMS clients, and email clients) could start to support it. As with the "mailto" URI scheme, because interaction with some resources may require message headers or message bodies to be specified as well as the MMS address, both the "mmsto" and "mms" URI schemes may optionally include MMS header fields and the message body. Wugofski Expires March 15, 2004 [Page 5] Internet-Draft MMS URI Schemes September 2003 3. The mmsto URI Scheme Syntax definitions are given using the Augmented BNF for Syntax Specifications [RFC2234]. 3.1 Applicability The "mmsto" URI scheme is intended for addressing an MMS message to certain recipients. The functionality is quite similar to that of the "mailto" URL scheme [RFC2368], that can be used with a comma-separated list of email addresses. In both cases, additional message parameters (such as the subject and message body) can be provided. How the MMS message is composed and subsequently sent to the MMS Relay/Server is outside the scope of this memo. MMS messages can be sent over the GSM air interface, by using a modem and a suitable protocol, or by accessing services over other protocols, such as a Web service for sending MMS messages. 3.2 Formal Definition The "mmsto" URI is case-insensitive. The syntax of an "mmsto" URI is formally described as follows, where the base syntax is taken from [RFC2396]: mmsto-uri = mmsto-scheme ":" scheme-specific-part mmsto-scheme = "mmsto" scheme-specific-part = [ to ] [ headers ] to = 1*( mms-recipient ) headers = "?" header *( "&" header ) header = hname "=" hvalue hname = *urlc hvalue = *urlc The "mms-recipient" is defined by the MM1 interface as specified in [3GPP23140]. A valid MMS recipient address can be either an E.164 (MSISDN) or RFC822 address [RFC2822]. The "hname" and "hvalue" are encodings of an MMS informational element name and value, unless a mapping already exists to RFC2822 Wugofski Expires March 15, 2004 [Page 6] Internet-Draft MMS URI Schemes September 2003 [RFC2822], as specified in [3GPP23140]. 3.3 The MMS Recipient The requirements for the MMS recipient address are defined by the MM1 interface as specified in [3GPP23140]. A valid MMS recipient address can be a user address or a short code. A user address is either a E.164 (MSISDN) or RFC822 address. mms-recipient = plmn-addr / rfc822-addr / asc-addr ["," mms-recipient] plmn-addr = gstn-phone ["/TYPE=PLMN"] rfc822-addr = mailbox ["/TYPE=rfc822"] asc-addr = *urlc The "gstn-phone" is as specified in [RFC3601], allowing global as well as local telephone numbers. The "mailbox" is as specified in [RFC2822]. This means that it consists of zero or more comma-separated mail addresses, possibly including "phrase" and "comment" components. The "asc-addr" is a alphanumeric short code that is interpreted by the MMS infrastructure as specified in [3GPP23140]. All URI reserved characters in "to" must be encoded: in particular parentheses, commas, and the percent sign ("%"), which commonly occur in "mailbox" syntax. 3.4 The MMS Headers MMS messages may contain a variety of headers as specified in [3GPP23140]. The "hvalue" and "hvalue" are encodings of MMS information element name and values, where the information element name has been hyphenated. In addition to the "body" hname, the following headers SHOULD be supported: Message-class = "Message-Class" "=" ( Class-identifier | quoted-string ) Class-identifier = "Personal" | "Advertisement" | "Informational" | "Auto" Wugofski Expires March 15, 2004 [Page 7] Internet-Draft MMS URI Schemes September 2003 Expiry-value = "Expiry" "=" ( HTTP-date | delta-seconds ) Delivery-report = "Delivery-Report" "=" ( "Yes" | "No" ) Priority = "Priority" "=" ( "Low" | "Normal" | "High" ) Sender-visibility = "Sender-Visibility" "=" ( "Hide" | "Show" ) Read-reply = "Read-Reply" "=" ( "Yes" | "No" ) To-header = "to" "=" 1*( mms-recipient ) Cc-header = "cc" "=" 1*( mms-recipient ) Subject-header = "subject" "=" unstructured All URI reserved characters MUST be encoded. 8-bit characters in mailto URLs are forbidden. MIME encoded words (as defined in [RFC2047]) are permitted in header values, but not for any part of a "body" hname. Within "mmsto" URIs, the characters "?", "=", "&" are reserved. Because the "&" (ampersand) character is reserved in HTML, any "mmsto" URI that contains an ampersand must be spelled differently in HTML than in other contexts. An "mmsto" URI that appears in an HTML document must use & instead of "&". Also note that it is legal to specify both "to" and an "hname" whose value is "to". That is, mmsto:addr1%2C%20addr2 is equivalent to mmsto:?to=addr1%2C%20addr2 is equivalent to mmsto:addr1?to=addr2 8-bit characters in "mmsto" URLs are forbidden. MIME encoded words (as defined in [RFC2047] ) are permitted in header values, but not for any part of a "body" hname. 3.5 Parsing the mmsto URI An "mmsto" URI identifies an "internet resource" corresponding to the MMS mailbox specified in the address. When additional headers are Wugofski Expires March 15, 2004 [Page 8] Internet-Draft MMS URI Schemes September 2003 supplied, the resource designated is the same address, but with an additional profile for accessing the resource. In current practice, resolving URIs and URLs such as those in the "http" scheme causes an immediate interaction between user agents and a host running an interactive server. In contrast, the "mmsto" URI has similar semantics as the "mailto" URL -- resolving the "mmsto" URI does not cause an immediate interaction. Rather, the user agent creates a message to the designated address with the various header fields set as default. The user can edit the message, send this message unedited, or choose not to send the message. The following list describes the steps for processing an "mmsto" URI: 1. The user agent MUST extract the plmn-addr, rfc822-addr, or short code of each "mms-recipient". The user agent SHOULD ignore recipients with invalid syntax. 2. The user agent MUST extract each header ("hname" and "hvalue" pair) in order. 3. The user agent SHOULD NOT create the message if any of the headers are considered dangerous. The user agent MAY also choose to create a message with only a subset of the headers given in the URI. Only the headers specified in this memo are considered safe. The creator of an "mmsto" URI cannot expect the resolver of a URI to understand more than the "subject" and "body" headers. Clients that resolve "mmsto" URIs into multimedia messages MUST be able to correctly create MMS-compliant messages using the "subject" and "body" headers. 4. The user agent MUST provide some means of message composition, either by implementing this itself, or accessing a service or application providing message composition. Wugofski Expires March 15, 2004 [Page 9] Internet-Draft MMS URI Schemes September 2003 4. The mms URI Scheme Syntax definitions are given using the Augmented BNF for Syntax Specifications [RFC2234]. 4.1 Applicability The "mms" URI scheme is intended for addressing an MMS message to certain recipients. The functionality is quite similar to that of the "mmsto" URI with one significant exception. Unlike the "mmsto" URI scheme, resolving an "mms" URI causes an immediate attempt to interact with a host running an interactive server -- much like the "http" scheme. 4.2 Formal Definition The "mms" URI is case-insensitive. The syntax of an "mms" URI is formally described as follows, where the base syntax is taken [RFC2396]: mms-uri = mms-scheme ":" scheme-specific-part mms-scheme = "mms" As with the "mmsto" URI scheme, the "mms" URI scheme supports the inclusion of headers. The following headers SHOULD be supported: Expiry-value = "Expiry" "=" ( HTTP-date | delta-seconds ) To-header = "to" "=" 1*( mms-recipient ) Subject-header = "subject" "=" unstructured The "mms" URI scheme supports fewer headers than the "mmsto" URI scheme because the user may not be able to view the result of resolving the "mms" URI before the message is sent, and thus the "mms" URI scheme is more amenable to abuse. In all other respects, the "mms" URI formal definition is the same as the "mmsto" formal definition defined above. 4.3 Parsing the mms URI An "mms" URI identifies an "internet resource" corresponding to the MMS mailbox specified in the address. When additional headers are supplied, the resource designated is the same address, but with an additional profile for accessing the resource. Wugofski Expires March 15, 2004 [Page 10] Internet-Draft MMS URI Schemes September 2003 Resolving an "mms" URI causes an immediate interaction between the user agent and a host running an interactive server -- much like the "http" scheme. The user agent creates and attempts to send a message to the designated address. The following list describes the steps for processing an "mms" URI: 1. The user agent MUST extract the plmn-addr, rfc822-addr, or short code of each "mms-recipient". The user agent SHOULD ignore recipients with invalid syntax 2. The user agent MUST extract each header ("hname" and "hvalue" pair) in order. 3. The user agent SHOULD NOT create the message if any of the headers are considered dangerous. The user agent MAY also choose to create a message with only a subset of the headers given in the URI. Only the headers specified in this memo are considered safe. The creator of an "mmsto" URI cannot expect the resolver of a URI to understand more than the "subject" and "body" headers. Clients that resolve "mmsto" URIs into multimedia messages MUST be able to correctly create MMS-compliant messages using the "subject" and "body" headers. 4. The user agent MUST attempt to send the message. 5. If the message cannot be sent, the user agent SHOULD provide a mechanism for the user to resend the message. Additionally, the user agent MAY provide some means of message composition, either by implementing this itself, or accessing a service or application providing message composition. Wugofski Expires March 15, 2004 [Page 11] Internet-Draft MMS URI Schemes September 2003 5. Security Considerations The "mmsto" and "mms" URI schemes can be used to send a multimedia message from one user to another, and thus can introduce many security concerns. MMS messages can be logged at the originating site, the recipient site, and intermediary sites along the delivery path. If the messages are not encoded, they can also be read at any of those sites. An "mmsto" URI provides a template for a message that can be sent by a user agent. The contents of that template may be opaque or difficult to read by the user at the time of specifying the URI. Thus, a user agent should never send a message based on an "mmsto" URI without first showing the user the full message that will be sent (including all headers that were specified by the "mmsto" URI), fully decoded, and asking the user for approval to send the message. The user agent should also make it clear that the user is about to send an MMS message, since the user may not be aware that this is the result of a "mmsto" URL. The "mms" URI scheme provides a similiar capability for creating and sending opaque MMS messages. Since the "mms" URI scheme requires an immediate attempt to send the message to the recipient, the user is not normally given the opportunity to review the message. However, if any of the headers in an MMS message based on the "mms" URI scheme are deemed unsafe, the user must be made aware of this and be able to review prior to sending the message. The user agent should also make it clear that the user is about to send an MMS message, since the user may not be aware that this is the result of a "mms" URL. This is especially true when sending an MMS message generates a charging event (i.e., the user is going to have to pay for it). An MMS user agent should provide mechanisms that allow complete disclosure to the user of what is or will be sent; it should disclose not only the message destination, but also any headers. Unrecognized headers, or headers with values inconsistent with those the MMS client would normally send should be especially suspect, especially in the case of messages based on the "mms" URI scheme. MIME headers (MIME- Version, Content-*) are most likely inappropriate, as are those relating to routing (From, Bcc, etc.) Note that some headers are inherently unsafe to include in a message generated from a URI. For example, headers such as "From:", "Bcc:", and so on, should never be interpreted from a URI. In general, the fewer headers interpreted from the URI, the less likely it is that a sending agent will create an unsafe message. Wugofski Expires March 15, 2004 [Page 12] Internet-Draft MMS URI Schemes September 2003 6. IANA Considerations There are no IANA considerations. Wugofski Expires March 15, 2004 [Page 13] Internet-Draft MMS URI Schemes September 2003 References [3GPP22140] 3GPP, "Multimedia Messaging Service; Stage 1", 3GPP 22.140-610, March 2003. [3GPP23140] 3GPP, "Multimedia Messaging Service; Stage 2", 3GPP 23.140-610, March 2003. [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [RFC2368] Hoffman, P., Masinter, L. and J. Zawinski, "The mailto URL scheme", RFC 2368, July 1998. [RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998. [RFC2806] Vaha-Sipila, A., "URLs for Telephone Calls", RFC 2806, April 2000. [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April 2001. [RFC2838] Zigmond, D. and M. Vickers, "Uniform Resource Identifiers for Television Broadcasts", RFC 2838, May 2000. [RFC3601] Allocchio, C., "Text String Notation for Dial Sequences and Global Switched Telephone Network (GSTN) / E.164 Addresses", RFC 3601, September 2003. [W3C-URI] W3C/IETF URI Planning Interest Group, "URIs, URLs, and URNs: Clarifications and Recommendations 1.0", W3C Note 21, September 2001. Wugofski Expires March 15, 2004 [Page 14] Internet-Draft MMS URI Schemes September 2003 Author's Address Ted Wugofski Openwave Systems, Inc. 1400 Seaport Boulevard Redwood City, CA 94063 US Phone: +1 817 737 4533 EMail: ted.wugofski@openwave.com URI: http://www.openwave.com/ Wugofski Expires March 15, 2004 [Page 15] Internet-Draft MMS URI Schemes September 2003 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION Wugofski Expires March 15, 2004 [Page 16] Internet-Draft MMS URI Schemes September 2003 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Wugofski Expires March 15, 2004 [Page 17]