Network Working Group G. Camarillo Request for Comments: 5367 Ericsson Updates: 3265 A.B. Roach Category: Standards Track Tekelec O. Levin Microsoft Corporation October 2008
Subscriptions to Request-Contained Resource Lists in the Session Initiation Protocol (SIP)
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document specifies a way to create subscription to a list of resources in SIP. This is achieved by including the list of resources in the body of a SUBSCRIBE request. Instead of having a subscriber send a SUBSCRIBE request for each resource individually, the subscriber defines the resource list, subscribes to it, and gets notifications about changes in the resources' states using a single SUBSCRIBE dialog.
Table of Contents
1. Introduction ....................................................2 2. Terminology .....................................................2 3. User Agent Client Procedures ....................................2 3.1. Response Handling ..........................................2 3.2. Subsequent SUBSCRIBE Requests ..............................3 4. URI-List Document Format ........................................3 5. Resource List Server Behavior ...................................4 5.1. Subsequent SUBSCRIBE Requests ..............................4 6. Providing a URI to Manipulate a Resource List ...................4 7. Example .........................................................5 8. Security Considerations .........................................6 9. IANA Considerations .............................................6 9.1. List-Management Purpose Parameter Value ....................6 9.2. recipient-list-subscribe Option-Tag ........................7 10. Acknowledgments ................................................7 11. Normative References ...........................................7
[RFC4662] specifies how to establish subscriptions to a homogeneous resource list in SIP (which is specified in [RFC3261]) and defines the procedures for getting notifications about changes in the state of the associated resources. Yet, list creation is outside the scope of [RFC4662].
This document specifies a way to create a list with a set of resources and subscribe to it using a single SIP request. This is achieved by including the list of resources (as defined in [RFC5363]) in the body of the SUBSCRIBE request.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
A UAC (User Agent Client) that wants to create a resource list and subscribe to it using the mechanism described in this document constructs a SUBSCRIBE request with at least one body, whose disposition is type "recipient-list" as defined in [RFC5363], that contains the URI list. Additionally, the UAC MUST include the 'recipient-list-subscribe' option-tag (which is registered with the IANA in Section 9) in a Require header field. The UAC MUST build the rest of the SUBSCRIBE request following the rules in [RFC3265].
The UAC MUST support the "rlmi+xml" format defined in [RFC4662] and signal this by including "rlmi+xml" in the Accept header. The UAC MAY support additional formats and include them in the Accept header field of the SUBSCRIBE request.
The status code in the response to the SUBSCRIBE request does not provide any information about whether or not the resource list server was able to successfully subscribe to the URIs in the URI list. The UAC obtains this information in the notifications sent by the server.
The previous sections have specified how to include a URI list in an initial SUBSCRIBE request to a resource list server in order to subscribe to the state of a set of resources. Once the subscription has been created and a dialog between the UAC and the resource list server has been established, the UAC can send subsequent SUBSCRIBE requests to, for example, extend the duration of the subscription.
At this point, there are no semantics associated with resource-list bodies in subsequent SUBSCRIBE requests (although future extensions can define them). Therefore, UACs SHOULD NOT include resource-list bodies in subsequent SUBSCRIBE requests to a resource list server.
Note that a difference between an initial SUBSCRIBE request and subsequent ones is that while the initial request is sent to the public URI of the resource list, subsequent ones are sent to the URI provided by the server when the dialog is established. Therefore, from the UAC's point of view, the resource identified by the former URI supports recipient-list bodies, while the resource identified by the latter does not support them.
[RFC5363] mandates that each URI-list services specification, such as the subscription service defined here, specifies the default format for the recipient-list bodies used within the particular service.
The default format for the recipient-list bodies for the subscription service defined in this document is the resource list format defined in [RFC4826]. UAs (User Agents) generating recipient-list bodies MUST support this format and MAY support other formats. Resource list servers able to handle recipient-list bodies MUST support this format and MAY support other formats.
The Extensible Markup Language (XML) Configuration Access Protocol (XCAP) resource list document provides features, such as hierarchical lists and the ability to include entries by reference relative to the XCAP root URI, that are not needed by the subscription service defined here, which only needs to transfer a flat list of URIs between a UA and the resource list server. Therefore, when using the default resource list document, UAs SHOULD use flat lists (i.e., no hierarchical lists) and SHOULD NOT use <entry-ref> elements. A resource list server receiving a URI list with more information than what has just been described MAY discard all the extra information.
Camarillo Standards Track [Page 3]
RFC 5367 SUBSCRIBE-Contained Lists October 2008
Figure 1 shows an example of a flat list that follows the resource list document.
Resource list servers that are able to receive and process SUBSCRIBE requests with a recipient-list body SHOULD include a 'recipient-list- subscribe' option-tag in a Supported header field when responding to OPTIONS requests.
On reception of a SUBSCRIBE request with a URI list, a resource list server that chooses to accept the "rlmi+xml" format MUST comply with [RFC4662] for creating the subscription and reporting the changes in the resources within the created dialog.
At this point, there are no semantics associated with resource-list bodies in subsequent SUBSCRIBE requests (although future extensions may define them). Therefore, a resource list server receiving a subsequent SUBSCRIBE request with a resource-list body, following standard SIP procedures, rejects it with a 415 (Unsupported Media Type) response.
A UAC can manipulate a resource list at a resource list server. The resource list server MAY provide a URI to manipulate the resource list associated with a subscription using the Call-Info header field in the NOTIFY request that establishes the subscription. The "purpose" parameter of the Call-Info header field MUST have a value of 'list-management', which we register with the IANA in Section 9. The following is an example of such a header field.
The lifetime of a resource list to be manipulated by the URI provided by the server is bundled to the lifetime of the subscription. That is, the resource list SHOULD be destroyed when the subscription expires or is otherwise terminated.
Section 7.1 of [RFC3265] does not list the Call-Info header field in the table of header fields that NOTIFY requests can carry. This document updates that table so that the Call-Info header field can be optionally included in NOTIFY requests.
The Security Considerations section of [RFC4662] discusses security issues related to resource list servers. Resource list servers accepting request-contained URI lists MUST also follow the security guidelines given in [RFC4662].
"Framework and Security Considerations for Session Initiation Protocol (SIP) URI-List Services" [RFC5363] discusses issues related to SIP URI-list services. Given that a resource list server sending SUBSCRIBE requests to a set of users acts as a URI-list service, implementations of resource list servers that handle request- contained URI lists MUST follow the security-related rules in [RFC5363]. These rules include opt-in lists and mandatory authentication and authorization of clients.
The following sections describe the IANA registration of the 'list- management' value for the "purpose" parameter of the Call-Info header field and the 'recipient-list-subscribe' SIP option-tag.
This document defines the 'list-management' value for the "purpose" parameter of the Call-Info header field. A reference to this RFC (in double brackets) has been added to the existing "purpose" Call-Info parameter entry in the SIP Parameters registry, which currently looks as follows:
Predefined Header Field Parameter Name Values Reference ---------------------------- --------------- --------- --------- Call-Info purpose Yes [RFC3261]
This document defines the SIP option tag "recipient-list-subscribe".
The following row has been added to the "Option Tags" section of the SIP Parameter Registry:
+--------------------------+----------------------------+-----------+ | Name | Description | Reference | +--------------------------+----------------------------+-----------+ | recipient-list-subscribe | This option tag is used to | [RFC5367] | | | ensure that a server can | | | | process the recipient-list | | | | body used in a SUBSCRIBE | | | | request. | | +-------------------------------------------------------+-----------+
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[RFC4662] Roach, A.B., Campbell, B., and J. Rosenberg, "A Session Initiation Protocol (SIP) Event Notification Extension for Resource Lists", RFC 4662, August 2006.
[RFC4826] Rosenberg, J., "Extensible Markup Language (XML) Formats for Representing Resource Lists", RFC 4826, May 2007.
[RFC5363] Camarillo, G. and A.B. Roach, "Framework and Security Considerations for Session Initiation Protocol (SIP) URI- List Services", RFC 5363, October 2008.
Camarillo Standards Track [Page 7]
RFC 5367 SUBSCRIBE-Contained Lists October 2008
Authors' Addresses
Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas 02420 Finland
EMail: Gonzalo.Camarillo@ericsson.com
Adam Roach Tekelec 17210 Campbell Rd Ste 250 Dallas, TX 75252 USA
EMail: Adam.Roach@tekelec.com
Orit Levin Microsoft Corporation One Microsoft Way Redmond, WA 98052
EMail: oritl@microsoft.com
Camarillo Standards Track [Page 8]
RFC 5367 SUBSCRIBE-Contained Lists October 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.