Network Working Group P. Kyzivat Request for Comments: 5628 Cisco Systems, Inc. Category: Standards Track October 2009
Registration Event Package Extension for Session Initiation Protocol (SIP) Globally Routable User Agent URIs (GRUUs)
Abstract
RFC 3680 defines a Session Initiation Protocol (SIP) event package for registration state. This package allows a watcher to learn about information stored by a SIP registrar, including its registered contact.
However, the registered contact is frequently unreachable and thus not useful for watchers. The Globally Routable User Agent URI (GRUU), defined in RFC 5627, is a URI that is capable of reaching a particular contact. However this URI is not included in the document format defined in RFC 3680. This specification defines an extension to the registration event package to include GRUUs assigned by the registrar.
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License.
Kyzivat Standards Track [Page 1]
RFC 5628 Reg Event GRUU Extension October 2009
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
RFC 3680 [2] defines a Session Initiation Protocol (SIP) [5] event package for registration state. This package allows a watcher to learn about information stored by a SIP registrar, including the registered contacts.
However, a registered contact is frequently unreachable from hosts outside of the domain of the User Agent (UA). It is commonly a private address, or, when it is a public address, access to it may be blocked by firewalls.
The Globally Routable User Agent URI (GRUU), defined in RFC 5627 [3], is a URI that reaches a particular UA instance, but is reachable by any host on the Internet. GRUUs assigned by the registrar represent additional registration state. However, GRUUs assigned by the registrar are not included in the notifications provided by RFC 3680. For many applications of the registration event package, a GRUU is needed, and not the registered contact.
For example, the Welcome Notices example in [2] will only operate correctly if the contact address in the registration event notification is reachable by the sender of the welcome notice. When the registering device is using the GRUU extension, it is likely that the registered contact address will not be globally addressable, and a GRUU should be used as the target address for the MESSAGE.
Another case where this feature may be helpful is within the Third Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS). IMS employs a technique where a REGISTER of a contact address to one Address of Record (AOR) causes the implicit registration of the same contact to other associated AORs. If GRUUs are requested and obtained as part of the registration request, then additional GRUUs will also be needed for the implicit registrations. While assigning the additional GRUUs is straightforward, informing the registering UA of them is not. In IMS, UAs typically subscribe to the registration event, and subscriptions to the registration event for an AOR result in notifications, each containing the registration state of all the associated AORs. The proposed extension provides a way to easily deliver the GRUUs for the associated AORs.
As specified in RFC 5627 [3], temporary GRUUs are invalidated when contact address bindings for the corresponding AOR and instance ID are not refreshed, or when a registration to the AOR and instance ID is performed with a new Call-ID. A UA cannot always determine with certainty which temporary GRUUs are valid based solely on the response to the REGISTER requests it has issued, or from
Kyzivat Standards Track [Page 3]
RFC 5628 Reg Event GRUU Extension October 2009
notifications according to RFC 3680 [2]. The extension defined in this document provides sufficient information for a UA to determine which temporary GRUUs are valid.
The registration event package has provisions for including extension elements within the <contact> element. This document defines new elements that may be used in that context to deliver the public and temporary GRUUs corresponding to the contact.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. [1]
Two new elements (<pub-gruu> and <temp-gruu>) are defined, each of which contains a GRUU. The <temp-gruu> element also identifies the oldest temporary GRUU that is currently valid.
These optional elements may be included within the body of a NOTIFY for the registration event package when GRUUs are associated with the contact. The contact URI and the GRUUs are then all available to the watcher.
A notifier for the registration event package [2] SHOULD include the <pub-gruu> element when a contact has an instance ID and a public GRUU is associated with the combination of the AOR and the instance ID. When present, the <pub-gruu> element MUST be positioned as a child of the <contact> element.
A notifier for the registration event package [2] MAY include the <temp-gruu> element when a contact has an instance ID and a temporary GRUU is associated with the combination of the AOR and the instance ID. This element SHOULD be included if the subscriber is also authorized to register to the AOR. This element SHOULD NOT be included if the subscriber is not authorized to register to the AOR, unless there is an explicitly configured policy directing that it be included. When present, the <temp-gruu> element MUST be positioned as a child of the <contact> element.
Kyzivat Standards Track [Page 4]
RFC 5628 Reg Event GRUU Extension October 2009
Note that it is possible for multiple registered contacts to share the same instance ID. In such a case, each <contact> element will have child <pub-gruu> and <temp-gruu> elements, which are identical to the corresponding child elements in those other <contact> elements that share the same instance ID. Since a particular contact cannot be associated with more than one instance ID, a <contact> element will never have more than one <pub-gruu> and one <temp-gruu> child element.
If the notifier includes the <pub-gruu> element, it MUST populate the element with the public GRUU that is associated with the instance ID and AOR of the registered contact.
If the notifier includes the <temp-gruu> element, it MUST populate the element with the most recently assigned temporary GRUU that is associated with the instance ID and AOR of the registered contact. It MUST also populate the element with a "cseq" attribute corresponding to the first (oldest) currently active temporary GRUU that is associated with the instance ID and AOR of the registered contact. The value of the "cseq" attribute is set to the value of the CSeq header field of the REGISTER request that caused that first temporary GRUU to be assigned.
When a subscriber receives a registration event notification with a <contact> containing a <pub-gruu>, it MAY associate the public GRUU with the corresponding AOR and instance ID. Any previously received public GRUU for the same AOR and instance ID MUST be discarded. (It will no longer function.)
When a subscriber receives a registration event notification with a <contact> containing a <temp-gruu>, it MAY associate the temporary GRUU, together with the "callid" and "cseq" attributes, with the corresponding AOR and instance ID.
Subscribers that are unaware of this extension will, as required by [2], ignore the <pub-gruu> and <temp-gruu> elements.
Section 4.2 of RFC 5627 [3] gives guidance for developers of UAs on how to ensure that only valid temporary GRUUs are retained and used by the UA. A UA cannot always determine with certainty which temporary GRUUs are valid based solely on the information contained in responses to the REGISTER requests it has issued or from the information contained in notifications that conform solely to RFC 3680 [2]. The extension defined in this document provides sufficient
Kyzivat Standards Track [Page 5]
RFC 5628 Reg Event GRUU Extension October 2009
added information for a UA to determine which temporary GRUUs are valid. The extension to RFC 3680 defined in this document provides added information to help with that process. The following are steps that the UA MAY take to ensure it only retains valid GRUUs:
o The UA should subscribe to the registration event package for the AOR it is registering.
o When a UA receives a 2xx response to a REGISTER request, it may extract and retain temporary GRUUs from the response for future use, as long as they remain valid. Appropriate GRUUs to retain are those corresponding to the contact address and instance ID it has registered. (Typically, the UA will register only one contact address, and so receive at most one temporary GRUU.)
o The UA may add the temporary GRUU to the set of valid temporary GRUUs associated with the AOR. (Note, in this case AOR is the To-address of the REGISTER request.) To aid in tracking validity, the UA should also associate a "callid" attribute and "cseq" attribute with the temporary GRUU, with values obtained respectively from the Call-ID and CSeq values of the REGISTER response containing the temporary GRUU.
o If the UA receives a registration event notification with an AOR (that it supports) and a <contact>, for a contact address and instance ID (that it has registered and that contains a <temp- gruu>), it may update its set of valid temporary GRUUs associated with the AOR, as follows:
* It may add the temporary GRUU to the set. To aid in tracking validity, the UA should associate the "callid" and "cseq" attributes of the <contact> with the GRUU in the set.
* It should remove any temporary GRUUs with a "callid" attribute value different from that in the value of the "callid" attribute of the <contact>, or with a "cseq" attribute with value less than the value of the "first-cseq" attribute of the <temp-gruu>.
o If the UA receives a registration event notification with an AOR that it supports, and there are no <contact> entries for its instance ID, then it should discard all the temporary GRUUs it has saved for that AOR.
Note: This example and others in the following section are indented for readability by the addition of a fixed amount of whitespace to the beginning of each line. This whitespace is not part of the example. The conventions of [7] are used to describe representation of long message lines.
The following is an example registration information document that includes the new element:
Consider the Welcome Notices example in [2]. When the application server receives a notification of a new registration containing the reginfo shown in Section 7, it should address messages using the contained public GRUU as follows:
The response reports success of the registration and returns the GRUUs assigned for the combination of AOR, instance ID, and Contact. It also indicates (via the P-Associated-URI header [6]) that there are two other associated AORs that may have been implicitly registered using the same contact. Each of those implicitly registered AORs will have unique GRUUs assigned. The REGISTER response will not include those GRUUs; it will only include the GRUUs for the AOR and instance ID explicitly included in the registration.
SIP/2.0 200 OK From: <sip:user_aor_1@example.net>;tag=5ab4 To: <sip:user_aor_1@example.net>;tag=373392 Call-ID: faif9a@ua.example.com CSeq: 23001 REGISTER Path: <sip:proxy.example.net;lr> Service-Route: <sip:proxy.example.net;lr>
(The successful response to the subscription is not shown.) Once the subscription is established, an initial notification is sent giving registration status. In IMS deployments, the response includes, in addition to the status for the requested URI, the status for the other associated URIs.
The status indicates that the associated URIs all have the same contact registered. It also includes the unique GRUUs that have been assigned to each. The UA may then retain those GRUUs for use when establishing dialogs using the corresponding AORs.
The <pub-gruu> and <temp-gruu> elements are defined within a new XML namespace URI. This namespace is "urn:ietf:params:xml:ns:gruuinfo". The schema for these elements is:
Security considerations for the registration event package are discussed in RFC 3680 [2], and those considerations apply here.
If a contact address obtained via subscription to the registration event package is not reachable by the subscriber, then its disclosure may arguably be considered a minimal security risk. In that case, the inclusion of a GRUU may be considered to increase the risk by providing a reachable address. On the other hand, requests addressed to a GRUU are always first processed by the servicing proxy before they reach the intended User Agent. The proxy may control access as desired, just as it may for the AOR. For instance, the proxy servicing a GRUU may accept requests from senders whose identity appears on a white list, and reject other requests. In this respect, disclosing a GRUU presents no more risk than disclosing the AOR.
Temporary GRUUs have an additional security consideration. The intent of the temporary GRUU is to provide a contact address that cannot be correlated to the identity of the calling party. The recipient of a call using a temporary GRUU may guess the identity of the calling party and then attempt to obtain the temporary GRUUs assigned to that caller to confirm the conjecture. Two possible approaches to obtaining the temporary GRUUs are:
o Send a REGISTER request to a conjectured caller.
o Send a SUBSCRIBE request for the registration event package to the conjectured caller.
Typically, REGISTER is restricted to devices or users that are authorized to originate and receive calls with the AOR. Anonymity among users of the same AOR is hard to achieve and typically unnecessary. It is recommended (see Section 5) that the authorization policy for the registration event package permit only those subscribers who are authorized to register to the AOR to receive temporary GRUUs. With this policy, the confidentiality of
Kyzivat Standards Track [Page 13]
RFC 5628 Reg Event GRUU Extension October 2009
the temporary GRUU will be the same with and without the registration event package. User Agents that use a temporary GRUU should note that confidentiality does not extend to parties that are permitted to register to the AOR or to obtain the temporary GRUU when subscribing to the registration event package.
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[2] Rosenberg, J., "A Session Initiation Protocol (SIP) Event Package for Registrations", RFC 3680, March 2004.
[3] Rosenberg, J., "Obtaining and Using Globally Routable User Agent (UA) URIs (GRUU) in the Session Initiation Protocol (SIP)", RFC 5627, October 2009.
[4] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.
[5] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[6] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd-Generation Partnership Project (3GPP)", RFC 3455, January 2003.
[7] Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and H. Schulzrinne, "Session Initiation Protocol (SIP) Torture Test Messages", RFC 4475, May 2006.
Kyzivat Standards Track [Page 14]
RFC 5628 Reg Event GRUU Extension October 2009
Author's Address
Paul H. Kyzivat Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA 01719 USA