Internet DRAFT - draft-schulzrinne-sipping-id-relationships

draft-schulzrinne-sipping-id-relationships






SIPPING Working Group                                     H. Schulzrinne
Internet-Draft                                       Columbia University
Expires: January 10, 2006                                        E. Shim
                                                               Panasonic
                                                            July 9, 2005


   Recommended Relationships between Different Types of Identifiers.
           draft-schulzrinne-sipping-id-relationships-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 10, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   Evolution of communications technologies brought us various types of
   identifiers or addresses that identify persons such as SIP URIs,
   email addresses, and telephone numbers.  Proper relationships among
   different type of identifiers can enable various services, which,
   otherwise, are difficult to realize.  This memo provides guidelines
   for managing relationships between SIP URIs other personal
   identifiers.



Schulzrinne & Shim      Expires January 10, 2006                [Page 1]

Internet-Draft              ID Relationships                   July 2005


1.  Introduction

   In the absence of widely-deployed public directories, users often
   have only partial information about the various communication URI
   schemes for people they are trying to reach.  They might have an old
   business card or RFC, typically containing a phone number or email
   address, but may need to contact the individual by some other means,
   such as via SIP or XMPP.  Usage of newer protocols is facilitated if
   a communicating party is likely to be able to obtain such addresses.

   A number of communications-related URIs, such as for email [4] [5],
   SIP [1] and XMPP [6] use the basic 'user@host' form.  Particularly
   since implementations often allow usage of such identifiers without
   prefixing it with the URI scheme, non-technical users expect these
   identifiers to work across different means of communication and, in
   particular, expect that they reach the same person if they do work.

   In some cases, if a SIP or other presence-related address such as an
   xmpp URI is known, one can try to subscribe to that address, with the
   presence object possibly returning the email address.  However, this
   is not likely to work consistently, particularly since revealing
   presence information requires more trust than simply revealing one's
   email address.

   Thus, given the limitations of electronic means of relating different
   communications-related URI schemes for individuals and services,
   users are likely to guess.  Communication is facilitated and
   communication failures are prevented if identifiers are constructed
   in a predictable and consistent manner.

   This document makes two core recommendations:

   (1) Individuals should be able to choose user identifiers across URI
   schemes that are the same.

   (2) Assignment policies within a domain should not assign the same
   user part in different URI schemes to different individuals.

2.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119
   [2].







Schulzrinne & Shim      Expires January 10, 2006                [Page 2]

Internet-Draft              ID Relationships                   July 2005


   SIP URI: Uniform Resource Indicators identifyng communication
      resources for SIP as defined in Section 19, RFC  3261 [1].

      Its general form is:

      sip:user:password@host:port;uri-parameters?headers.

   SIPS URI: Same as SIP URI except that the SIP protocol runs on top of
      the Transport Layer Security (TLS) protocol [3].  It is also
      defined in Section 19, RFC  3261 [1].  Its general form is the
      same as the SIP URI except that it starts with 'sips:' rather than
      'sip:'.

   SIP address: A SIP URI or SIPS URI.

   telephone number: A string of decimal digits that uniquely indicates
      the network termination point.  The string contains the
      information necessary to route the call to this point.  There are
      two categories of telephone numbers: public telephone numbers and
      private telephone numbers.  This definition is from RFC 3966 [7]
      which derived the definition from [11].

   tel URI: A resource identifier from a telephone number as defined in
      RFC 3966[7].

   email address: A character string that identifies a user to whom mail
      will be sent or a location into which mail will be deposited.  The
      standard email address naming convention is defined to be
      "user@host".  A more rigorous definition can be found in RFC2821
      [4] and RFC2822 [5].


3.  Recommended Practices

3.1  A SIP address and an email address with the same user and domain
     parts

   A SIP address MUST NOT have the same user and domain parts as an
   email address unless both refer to the same person or service.

   Therefore, a SIP address and an email address with the same user and
   domain parts MUST refer to the same person or service.  For example,
   the following SIP address and email address

      sip:bob@example.com:5060;transport=udp

      (mailto:)bob@example.com




Schulzrinne & Shim      Expires January 10, 2006                [Page 3]

Internet-Draft              ID Relationships                   July 2005


   MUST refer to the same person.

3.2  Two SIP addresses with the same user and domain parts

   Any two SIP addresses MUST NOT have the same user and domain parts
   unless both refer to the same person or service.

   For example, the following SIP addresses

      sip:bob@example.com:5060;transport=udp

      sips:bob@example.com;transport=tcp

   MUST refer to the same person or service even though they are not
   equivalent according to the SIP specification [1] .

3.3  A SIP address and its email-equivalent

   All SIP addresses SHOULD have a working email-equivalent as long as
   the SIP addresses are referring to people.

   For example, for the following SIP address

      sip:bob@example.com:6000;transport=tcp

   a working email-equivalent SHOULD exist, such as

      (mailto:)bob_the_builder@example.net.

   The above example illustrates that the working email-equivalent does
   not have to have the same user and domain parts as the SIP address.
   How to find the email-equivalent for a given SIP address is out of
   scope.

   If a SIP address refers to a telephone (number), it MAY not have an
   email-equivalent.

3.4  A tel URI and its email-equivalent

   A tel URI MAY not have an email-equivalent.

3.5  An email address and its SIP-equivalent

   Some email addresses may not have SIP equivalents, e.g., because the
   domains don't support SIP services.






Schulzrinne & Shim      Expires January 10, 2006                [Page 4]

Internet-Draft              ID Relationships                   July 2005


3.6  Email user names and SIP user parts

   Providers of SIP services SHOULD allow all valid email user names as
   SIP address user parts.

3.7  A telephone number and its SIP-equivalent

   Telephone numbers are mapped to SIP URIs without visual separators
   (hyphen, etc.), as partially described in the tel URI RFC [7] and the
   SIP RFC [1].  The parameter 'user' with its value 'phone' SHOULD be
   included in the SIP URIs.

   For example, the following public telephone number

      +1-212-555-1234

   is mapped to the following SIP URI

      sip:+12125551234;user=phone.


4.  Use Cases

   Below are just two example use cases showing the benefits that can be
   accrued by the recommended relationships in the above.

4.1  Leaving voicemails using emails in P2P IP telephony systems

   Let say there are two identifiers, a SIP URI sip:bob@example.com and
   an email address bob@example.com.  Imagine that there is no voicemail
   server associated with sip:bob@example.com and the human user owning
   the SIP URI could not take a call when another user called at the
   URI.  It would be very useful if the caller can leave a voicemail by
   email.  This scenario is particularly useful when SIP UAs are
   operating in a peer-to-peer fashion.  Peer-to-peer networks for SIP-
   based communications were discussed recently in several drafts
   [8][9][10] .  If the email address bob@example.com is assigned to the
   same person owning sip:bob@example.com by a global rule, it is
   straightforward to which email address the voicemail should be
   emailed.  Instead, if the email address bob@example.com happens to be
   assigned to a different person, the caller will end up leaving the
   voicemail to a wrong person.

4.2  Common authentication for IP telephony and email systems

   An organization, in their deployment of a SIP-based IP telephony
   system, set a policy that the SIP URI and the email address with the
   same user information and the host information components, i.e.



Schulzrinne & Shim      Expires January 10, 2006                [Page 5]

Internet-Draft              ID Relationships                   July 2005


   identical except the protocol component should be assigned only to
   the same user and let the users use their email system usernames and
   passwords for authentication with the IP telephony system, reducing
   the administration overhead and increasing the convenience of users
   at the same time.

5.  Security Considerations

   One could argue that making identifiers the same across communication
   means is likely to increase undesirable communication, such as spam.
   However, communication identifiers are often short and easily
   guessable, so that those intent on sending spam can exhaustively
   search the namespace until a working address has been found.
   Similarly, a single instance of an address "leaked" on a web page is
   often sufficient to introduce the address into the pool of spam-
   receiving addresses.  Thus, the protection of address hiding appears
   to be limited, but the negative impact on desirable communication is
   clear.  It is not the role of this document to force users to make
   such a trade-off between the possible benefits of address hiding and
   easier reachability, but rather to facilitate such choice.

   This document therefore does not require that users choose the same
   'user' part, but suggests that providers of such services make it
   easy for users to choose such a convention.

   Preventing two users to share the same identifiers across URIs
   increases security, as it makes it less likely that a user sends
   confidential information to the wrong destination, in the mistaken
   belief that they are owned by the same person.

6.  Acknowledgments

   Arjun Roychowdhury's comments are appreciated.

7.  References

7.1  Normative References

   [1]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
        Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
        Session Initiation Protocol", RFC 3261, June 2002.

   [2]  Bradner, S., "Key words for use in RFCs to Indicate Requirements
        Levels", RFC 2119, March 1997.

   [3]  Alen, C. and T. Dierks, "The TLS Protocol Version 1.0",
        RFC 2246, January 1999.




Schulzrinne & Shim      Expires January 10, 2006                [Page 6]

Internet-Draft              ID Relationships                   July 2005


   [4]  Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
        April 2001.

   [5]  Resnick, P., "Internet Message Format", RFC 2822, April 2001.

   [6]  Saint-Andre, Ed., P., "Extensible Messaging and Presence
        Protocol (XMPP): Core", RFC 3920, October 2004.

   [7]  Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966,
        December 2004.

7.2  Informative References

   [8]   Johnston, A., "SIP, P2P, and Internet Communications",
         draft-johnston-sipping-p2p-ipcom-01 (work in progress),
         March 2005.

   [9]   Bryan, D. and C. Jennings, "A P2P Approach to SIP
         Registration", draft-bryan-sipping-p2p-00 (work in progress),
         January 2005.

   [10]  Philip, P. and B. Poustchi, "Industrial-Strength P2P SIP",
         draft-matthews-sipping-p2p-industrial-strength-00 (work in
         progress), February 2005.

   [11]  ITU-T, "The International Public Telecommunication Number
         Plan", Recommendation E.164, May 1997.


Authors' Addresses

   Henning Schulzrinne
   Department of Computer Science
   Columbia University
   1214 Amsterdam Avenue
   New York, NY  10027
   USA

   Email: schulzrinne@cs.columbia.edu












Schulzrinne & Shim      Expires January 10, 2006                [Page 7]

Internet-Draft              ID Relationships                   July 2005


   Eunsoo Shim
   Panasonic Digital Networking Laboratory
   Two Research Way, 3rd Floor
   Princeton, NJ  08540
   USA

   Email: eunsoo@research.panasonic.com












































Schulzrinne & Shim      Expires January 10, 2006                [Page 8]

Internet-Draft              ID Relationships                   July 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Schulzrinne & Shim      Expires January 10, 2006                [Page 9]