GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc5628

Network Working Group P. Kyzivat Request for Comments: 5628 Cisco Systems, Inc. Category: Standards Track October 2009

             Registration Event Package Extension for
                 Session Initiation Protocol (SIP)
             Globally Routable User Agent URIs (GRUUs)

Abstract

 RFC 3680 defines a Session Initiation Protocol (SIP) event package
 for registration state.  This package allows a watcher to learn about
 information stored by a SIP registrar, including its registered
 contact.
 However, the registered contact is frequently unreachable and thus
 not useful for watchers.  The Globally Routable User Agent URI
 (GRUU), defined in RFC 5627, is a URI that is capable of reaching a
 particular contact.  However this URI is not included in the document
 format defined in RFC 3680.  This specification defines an extension
 to the registration event package to include GRUUs assigned by the
 registrar.

Status of This Memo

 This document specifies an Internet standards track protocol for the
 Internet community, and requests discussion and suggestions for
 improvements.  Please refer to the current edition of the "Internet
 Official Protocol Standards" (STD 1) for the standardization state
 and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

 Copyright (c) 2009 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (http://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.  Code Components extracted from this document must
 include Simplified BSD License text as described in Section 4.e of
 the Trust Legal Provisions and are provided without warranty as
 described in the BSD License.

Kyzivat Standards Track [Page 1] RFC 5628 Reg Event GRUU Extension October 2009

 This document may contain material from IETF Documents or IETF
 Contributions published or made publicly available before November
 10, 2008.  The person(s) controlling the copyright in some of this
 material may not have granted the IETF Trust the right to allow
 modifications of such material outside the IETF Standards Process.
 Without obtaining an adequate license from the person(s) controlling
 the copyright in such materials, this document may not be modified
 outside the IETF Standards Process, and derivative works of it may
 not be created outside the IETF Standards Process, except to format
 it for publication as an RFC or to translate it into languages other
 than English.

Table of Contents

 1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
 2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
 3.  Description  . . . . . . . . . . . . . . . . . . . . . . . . .  4
 4.  Notifier Processing of SUBSCRIBE Requests  . . . . . . . . . .  4
 5.  Notifier Generation of NOTIFY Requests . . . . . . . . . . . .  4
 6.  Subscriber Processing of NOTIFY Requests . . . . . . . . . . .  5
   6.1.  Managing Temporary GRUU Lifetime . . . . . . . . . . . . .  5
 7.  Sample reginfo Document  . . . . . . . . . . . . . . . . . . .  7
 8.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
   8.1.  Example: Welcome Notice  . . . . . . . . . . . . . . . . .  8
   8.2.  Example: Implicit Registration . . . . . . . . . . . . . .  8
 9.  XML Schema Definition  . . . . . . . . . . . . . . . . . . . . 11
 10. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 12
   10.1. URN Sub-Namespace Registration . . . . . . . . . . . . . . 12
   10.2. XML Schema Registration  . . . . . . . . . . . . . . . . . 13
 11. Security Considerations  . . . . . . . . . . . . . . . . . . . 13
 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
   13.1. Normative References . . . . . . . . . . . . . . . . . . . 14
   13.2. Informative References . . . . . . . . . . . . . . . . . . 14

Kyzivat Standards Track [Page 2] RFC 5628 Reg Event GRUU Extension October 2009

1. Introduction

 RFC 3680 [2] defines a Session Initiation Protocol (SIP) [5] event
 package for registration state.  This package allows a watcher to
 learn about information stored by a SIP registrar, including the
 registered contacts.
 However, a registered contact is frequently unreachable from hosts
 outside of the domain of the User Agent (UA).  It is commonly a
 private address, or, when it is a public address, access to it may be
 blocked by firewalls.
 The Globally Routable User Agent URI (GRUU), defined in RFC 5627 [3],
 is a URI that reaches a particular UA instance, but is reachable by
 any host on the Internet.  GRUUs assigned by the registrar represent
 additional registration state.  However, GRUUs assigned by the
 registrar are not included in the notifications provided by RFC 3680.
 For many applications of the registration event package, a GRUU is
 needed, and not the registered contact.
 For example, the Welcome Notices example in [2] will only operate
 correctly if the contact address in the registration event
 notification is reachable by the sender of the welcome notice.  When
 the registering device is using the GRUU extension, it is likely that
 the registered contact address will not be globally addressable, and
 a GRUU should be used as the target address for the MESSAGE.
 Another case where this feature may be helpful is within the Third
 Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS).
 IMS employs a technique where a REGISTER of a contact address to one
 Address of Record (AOR) causes the implicit registration of the same
 contact to other associated AORs.  If GRUUs are requested and
 obtained as part of the registration request, then additional GRUUs
 will also be needed for the implicit registrations.  While assigning
 the additional GRUUs is straightforward, informing the registering UA
 of them is not.  In IMS, UAs typically subscribe to the registration
 event, and subscriptions to the registration event for an AOR result
 in notifications, each containing the registration state of all the
 associated AORs.  The proposed extension provides a way to easily
 deliver the GRUUs for the associated AORs.
 As specified in RFC 5627 [3], temporary GRUUs are invalidated when
 contact address bindings for the corresponding AOR and instance ID
 are not refreshed, or when a registration to the AOR and instance ID
 is performed with a new Call-ID.  A UA cannot always determine with
 certainty which temporary GRUUs are valid based solely on the
 response to the REGISTER requests it has issued, or from

Kyzivat Standards Track [Page 3] RFC 5628 Reg Event GRUU Extension October 2009

 notifications according to RFC 3680 [2].  The extension defined in
 this document provides sufficient information for a UA to determine
 which temporary GRUUs are valid.
 The registration event package has provisions for including extension
 elements within the <contact> element.  This document defines new
 elements that may be used in that context to deliver the public and
 temporary GRUUs corresponding to the contact.

2. Terminology

 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
 document are to be interpreted as described in RFC 2119. [1]

3. Description

 Two new elements (<pub-gruu> and <temp-gruu>) are defined, each of
 which contains a GRUU.  The <temp-gruu> element also identifies the
 oldest temporary GRUU that is currently valid.
 These optional elements may be included within the body of a NOTIFY
 for the registration event package when GRUUs are associated with the
 contact.  The contact URI and the GRUUs are then all available to the
 watcher.

4. Notifier Processing of SUBSCRIBE Requests

 Unchanged from RFC 3680 [2].

5. Notifier Generation of NOTIFY Requests

 A notifier for the registration event package [2] SHOULD include the
 <pub-gruu> element when a contact has an instance ID and a public
 GRUU is associated with the combination of the AOR and the instance
 ID.  When present, the <pub-gruu> element MUST be positioned as a
 child of the <contact> element.
 A notifier for the registration event package [2] MAY include the
 <temp-gruu> element when a contact has an instance ID and a temporary
 GRUU is associated with the combination of the AOR and the instance
 ID.  This element SHOULD be included if the subscriber is also
 authorized to register to the AOR.  This element SHOULD NOT be
 included if the subscriber is not authorized to register to the AOR,
 unless there is an explicitly configured policy directing that it be
 included.  When present, the <temp-gruu> element MUST be positioned
 as a child of the <contact> element.

Kyzivat Standards Track [Page 4] RFC 5628 Reg Event GRUU Extension October 2009

 Note that it is possible for multiple registered contacts to share
 the same instance ID.  In such a case, each <contact> element will
 have child <pub-gruu> and <temp-gruu> elements, which are identical
 to the corresponding child elements in those other <contact> elements
 that share the same instance ID.  Since a particular contact cannot
 be associated with more than one instance ID, a <contact> element
 will never have more than one <pub-gruu> and one <temp-gruu> child
 element.
 If the notifier includes the <pub-gruu> element, it MUST populate the
 element with the public GRUU that is associated with the instance ID
 and AOR of the registered contact.
 If the notifier includes the <temp-gruu> element, it MUST populate
 the element with the most recently assigned temporary GRUU that is
 associated with the instance ID and AOR of the registered contact.
 It MUST also populate the element with a "cseq" attribute
 corresponding to the first (oldest) currently active temporary GRUU
 that is associated with the instance ID and AOR of the registered
 contact.  The value of the "cseq" attribute is set to the value of
 the CSeq header field of the REGISTER request that caused that first
 temporary GRUU to be assigned.

6. Subscriber Processing of NOTIFY Requests

 When a subscriber receives a registration event notification with a
 <contact> containing a <pub-gruu>, it MAY associate the public GRUU
 with the corresponding AOR and instance ID.  Any previously received
 public GRUU for the same AOR and instance ID MUST be discarded.  (It
 will no longer function.)
 When a subscriber receives a registration event notification with a
 <contact> containing a <temp-gruu>, it MAY associate the temporary
 GRUU, together with the "callid" and "cseq" attributes, with the
 corresponding AOR and instance ID.
 Subscribers that are unaware of this extension will, as required by
 [2], ignore the <pub-gruu> and <temp-gruu> elements.

6.1. Managing Temporary GRUU Lifetime

 Section 4.2 of RFC 5627 [3] gives guidance for developers of UAs on
 how to ensure that only valid temporary GRUUs are retained and used
 by the UA.  A UA cannot always determine with certainty which
 temporary GRUUs are valid based solely on the information contained
 in responses to the REGISTER requests it has issued or from the
 information contained in notifications that conform solely to RFC
 3680 [2].  The extension defined in this document provides sufficient

Kyzivat Standards Track [Page 5] RFC 5628 Reg Event GRUU Extension October 2009

 added information for a UA to determine which temporary GRUUs are
 valid.  The extension to RFC 3680 defined in this document provides
 added information to help with that process.  The following are steps
 that the UA MAY take to ensure it only retains valid GRUUs:
 o  The UA should subscribe to the registration event package for the
    AOR it is registering.
 o  When a UA receives a 2xx response to a REGISTER request, it may
    extract and retain temporary GRUUs from the response for future
    use, as long as they remain valid.  Appropriate GRUUs to retain
    are those corresponding to the contact address and instance ID it
    has registered.  (Typically, the UA will register only one contact
    address, and so receive at most one temporary GRUU.)
 o  The UA may add the temporary GRUU to the set of valid temporary
    GRUUs associated with the AOR.  (Note, in this case AOR is the
    To-address of the REGISTER request.)  To aid in tracking validity,
    the UA should also associate a "callid" attribute and "cseq"
    attribute with the temporary GRUU, with values obtained
    respectively from the Call-ID and CSeq values of the REGISTER
    response containing the temporary GRUU.
 o  If the UA receives a registration event notification with an AOR
    (that it supports) and a <contact>, for a contact address and
    instance ID (that it has registered and that contains a <temp-
    gruu>), it may update its set of valid temporary GRUUs associated
    with the AOR, as follows:
  • It may add the temporary GRUU to the set. To aid in tracking

validity, the UA should associate the "callid" and "cseq"

       attributes of the <contact> with the GRUU in the set.
  • It should remove any temporary GRUUs with a "callid" attribute

value different from that in the value of the "callid"

       attribute of the <contact>, or with a "cseq" attribute with
       value less than the value of the "first-cseq" attribute of the
       <temp-gruu>.
 o  If the UA receives a registration event notification with an AOR
    that it supports, and there are no <contact> entries for its
    instance ID, then it should discard all the temporary GRUUs it has
    saved for that AOR.

Kyzivat Standards Track [Page 6] RFC 5628 Reg Event GRUU Extension October 2009

7. Sample reginfo Document

    Note: This example and others in the following section are
    indented for readability by the addition of a fixed amount of
    whitespace to the beginning of each line.  This whitespace is not
    part of the example.  The conventions of [7] are used to describe
    representation of long message lines.
 The following is an example registration information document that
 includes the new element:
   <?xml version="1.0"?>
       <reginfo xmlns="urn:ietf:params:xml:ns:reginfo"
           xmlns:gr="urn:ietf:params:xml:ns:gruuinfo"
           version="0" state="full">
         <registration aor="sip:user@example.com" id="as9"
              state="active">
           <contact id="76" state="active" event="registered"
              duration-registered="36001" expires="3599"
              callid="1j9FpLxk3uxtm8tn@192.0.2.1" cseq="54321"
              q="0.8">
                <uri>sip:user@192.0.2.1</uri>
   <allOneLine>
                <unknown-param name="+sip.instance">
   "&lt;urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6&gt;"
   </unknown-param>
   </allOneLine>
   <allOneLine>
                <gr:pub-gruu uri="sip:user@example.com
   ;gr=hha9s8d-999a"/>
   </allOneLine>
   <allOneLine>
                <gr:temp-gruu uri="sip:8ffkas08af7fasklzi9@example.com
   ;gr" first-cseq="54301"/>
   </allOneLine>
           </contact>
         </registration>
       </reginfo>

8. Examples

 Note: In the following examples, the SIP messages have been
 simplified, removing headers that are not pertinent to the example.
 When the value of the Content-Length header field is "...", this
 means that the value should be the computed length of the body.

Kyzivat Standards Track [Page 7] RFC 5628 Reg Event GRUU Extension October 2009

8.1. Example: Welcome Notice

 Consider the Welcome Notices example in [2].  When the application
 server receives a notification of a new registration containing the
 reginfo shown in Section 7, it should address messages using the
 contained public GRUU as follows:
    MESSAGE sip:user@example.com;gr=hha9s8d-999a SIP/2.0
    To: <sip:user@example.com>
    From: "SIPland Notifier" <sip:notifier@example.com>;tag=7xy8
    Content-Type: text/plain
    Content-Length: ...
    Welcome to SIPland!
    Blah, blah, blah.

8.2. Example: Implicit Registration

 In a 3GPP IMS setting, a UA may send a single register message,
 requesting assignment of GRUUs, as follows:
    REGISTER sip:example.net SIP/2.0
    From: <sip:user_aor_1@example.net>;tag=5ab4
    To: <sip:user_aor_1@example.net>
    Call-ID: faif9a@ua.example.com
    CSeq: 23001 REGISTER
    Contact: <sip:ua.example.com>
      ;expires=3600
      ;+sip.instance="<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
    Supported: path, gruu
    Content-Length: 0
 The response reports success of the registration and returns the
 GRUUs assigned for the combination of AOR, instance ID, and Contact.
 It also indicates (via the P-Associated-URI header [6]) that there
 are two other associated AORs that may have been implicitly
 registered using the same contact.  Each of those implicitly
 registered AORs will have unique GRUUs assigned.  The REGISTER
 response will not include those GRUUs; it will only include the GRUUs
 for the AOR and instance ID explicitly included in the registration.
    SIP/2.0 200 OK
    From: <sip:user_aor_1@example.net>;tag=5ab4
    To: <sip:user_aor_1@example.net>;tag=373392
    Call-ID: faif9a@ua.example.com
    CSeq: 23001 REGISTER
    Path: <sip:proxy.example.net;lr>
    Service-Route: <sip:proxy.example.net;lr>

Kyzivat Standards Track [Page 8] RFC 5628 Reg Event GRUU Extension October 2009

    Contact: <sip:ua.example.com>
      ;expires=3600
      ;+sip.instance="<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
      ;pub-gruu="sip:user_aor_1@example.net;gr=hha9s8d-999a"
      ;temp-gruu="sip:8ffkas08af7fasklzi9@example.net;gr"
    P-Associated-URI: <sip:user_aor_2@example.net>,
      <sip:+358504821437@example.net;user=phone>
    Content-Length: 0
 The UA then subscribes to the registration event package as follows:
    SUBSCRIBE sip:user_aor_1@example.net SIP/2.0
    From: <sip:user_aor_1@example.net>;tag=27182
    To: <sip:user_aor_1@example.net>
    Call-ID: gbjg0b@ua.example.com
    CSeq: 45001 SUBSCRIBE
    Route: <sip:proxy.example.net;lr>
    Event: reg
    Expires: 3600
    Accept: application/reginfo+xml
    Contact: <sip:user_aor_1@example.net;gr=hha9s8d-999a>
    Content-Length: 0
 (The successful response to the subscription is not shown.)  Once the
 subscription is established, an initial notification is sent giving
 registration status.  In IMS deployments, the response includes, in
 addition to the status for the requested URI, the status for the
 other associated URIs.
   NOTIFY sip:user_aor_1@example.net;gr=hha9s8d-999a SIP/2.0
   From: <sip:user_aor_1@example.net>;tag=27182
   To: <sip:user_aor_1@example.net>;tag=262281
   Call-ID: gbjg0b@ua.example.com
   CSeq: 633 NOTIFY
   Subscription-State: active;expires=3600
   Event: reg
   Content-Type: application/reginfo+xml
   Contact: <sip:registrar.example.net>
   Content-Length: ...
   <?xml version="1.0"?>
       <reginfo xmlns="urn:ietf:params:xml:ns:reginfo"
           xmlns:gr="urn:ietf:params:xml:ns:gruuinfo"
           version="1" state="full">
         <registration aor="sip:user_aor_1@example.net" id="a7"
              state="active">
           <contact id="92" state="active" event="registered"
              duration-registered="1" expires="3599"

Kyzivat Standards Track [Page 9] RFC 5628 Reg Event GRUU Extension October 2009

              callid="faif9a@ua.example.com" cseq="23001">
                <uri>
                   sip:ua.example.com
                </uri>
   <allOneLine>
                <unknown-param name="+sip.instance">
   "&lt;urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6&gt;"
   </unknown-param>
   </allOneLine>
   <allOneLine>
                <gr:pub-gruu uri="sip:user_aor_1@example.net
   ;gr=hha9s8d-999a"/>
   </allOneLine>
   <allOneLine>
                <gr:temp-gruu uri="sip:8ffkas08af7fasklzi9@example.net
   ;gr" first-cseq="54301"/>
   </allOneLine>
           </contact>
         </registration>
         <registration aor="sip:user_aor_2@example.net" id="a8"
              state="active">
           <contact id="93" state="active" event="created"
              duration-registered="1" expires="3599"
              callid="faif9a@ua.example.com" cseq="23001">
                <uri>
                   sip:ua.example.com
                </uri>
   <allOneLine>
                <unknown-param name="+sip.instance">
   "&lt;urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6&gt;"
   </unknown-param>
   </allOneLine>
   <allOneLine>
                <gr:pub-gruu uri="sip:user_aor_2@example.net
   ;gr=hha9s8d-999b"/>
   </allOneLine>
   <allOneLine>
                <gr:temp-gruu uri="sip:07hcovy36vp6vngvbia@example.net
   ;gr" first-cseq="54301"/>
   </allOneLine>
           </contact>
         </registration>
         <registration
              aor="sip:+358504821437@example.net;user=phone"
              id="a9"
              state="active">
           <contact id="94" state="active" event="created"
              duration-registered="1" expires="3599"

Kyzivat Standards Track [Page 10] RFC 5628 Reg Event GRUU Extension October 2009

              callid="faif9a@ua.example.com" cseq="23001">
                <uri>
                   sip:ua.example.com
                </uri>
   <allOneLine>
                <unknown-param name="+sip.instance">
   "&lt;urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6&gt;"
   </unknown-param>
   </allOneLine>
   <allOneLine>
                <gr:pub-gruu uri="sip:+358504821437@example.net
   ;user=phone;gr=hha9s8d-999c"/>
   </allOneLine>
   <allOneLine>
                <gr:temp-gruu uri="sip:h99egjbv17fe8ibvlka@example.net
   ;gr" first-cseq="54301"/>
   </allOneLine>
           </contact>
         </registration>
       </reginfo>
 The status indicates that the associated URIs all have the same
 contact registered.  It also includes the unique GRUUs that have been
 assigned to each.  The UA may then retain those GRUUs for use when
 establishing dialogs using the corresponding AORs.

9. XML Schema Definition

 The <pub-gruu> and <temp-gruu> elements are defined within a new XML
 namespace URI.  This namespace is "urn:ietf:params:xml:ns:gruuinfo".
 The schema for these elements is:
 <?xml version="1.0" encoding="UTF-8"?>
   <xs:schema targetNamespace="urn:ietf:params:xml:ns:gruuinfo"
     elementFormDefault="qualified"
     attributeFormDefault="unqualified"
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:tns="urn:ietf:params:xml:ns:gruuinfo">
     <xs:complexType name="pubGruu">
       <xs:attribute name="uri" type="xs:anyURI"
                     use="required"/>
     </xs:complexType>
     <xs:complexType name="tempGruu">
       <xs:complexContent>
         <xs:extension base="tns:pubGruu">
           <xs:attribute name="first-cseq"
                         type="xs:unsignedLong"
                         use="required"/>

Kyzivat Standards Track [Page 11] RFC 5628 Reg Event GRUU Extension October 2009

         </xs:extension>
       </xs:complexContent>
     </xs:complexType>
     <xs:element name="pub-gruu" type="tns:pubGruu"/>
     <xs:element name="temp-gruu" type="tns:tempGruu"/>
   </xs:schema>

10. IANA Considerations

 There are two IANA considerations associated with this specification.

10.1. URN Sub-Namespace Registration

 This section registers a new XML namespace, per the guidelines in
 [4].
 URI: The URI for this namespace is urn:ietf:params:xml:ns:gruuinfo
 Registrant Contact: IETF, SIPPING working group, <sipping@ietf.org>,
 Paul Kyzivat <pkyzivat@cisco.com>
 XML:
       BEGIN
       <?xml version="1.0"?>
       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
                 "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
       <head>
         <meta http-equiv="content-type"
            content="text/html;charset=iso-8859-1"/>
         <title>Reg Information GRUU Extension Namespace</title>
       </head>
       <body>
          <h1>Namespace for Reg Information GRUU Extension</h1>
          <h2>urn:ietf:params:xml:ns:gruuinfo</h2>
          <p>See <a href="http://www.rfc-editor.org/rfc/rfc5628.txt">
             RFC5628</a>.</p>
        </body>
       </html>
       END

Kyzivat Standards Track [Page 12] RFC 5628 Reg Event GRUU Extension October 2009

10.2. XML Schema Registration

 This section registers an XML schema per the procedures in [4].
 URI: urn:ietf:params:xml:schema:gruuinfo.
 Registrant Contact: IETF, SIPPING working group, <sipping@ietf.org>,
 Paul Kyzivat <pkyzivat@cisco.com>
 The XML for this schema can be found in Section 9.

11. Security Considerations

 Security considerations for the registration event package are
 discussed in RFC 3680 [2], and those considerations apply here.
 If a contact address obtained via subscription to the registration
 event package is not reachable by the subscriber, then its disclosure
 may arguably be considered a minimal security risk.  In that case,
 the inclusion of a GRUU may be considered to increase the risk by
 providing a reachable address.  On the other hand, requests addressed
 to a GRUU are always first processed by the servicing proxy before
 they reach the intended User Agent.  The proxy may control access as
 desired, just as it may for the AOR.  For instance, the proxy
 servicing a GRUU may accept requests from senders whose identity
 appears on a white list, and reject other requests.  In this respect,
 disclosing a GRUU presents no more risk than disclosing the AOR.
 Temporary GRUUs have an additional security consideration.  The
 intent of the temporary GRUU is to provide a contact address that
 cannot be correlated to the identity of the calling party.  The
 recipient of a call using a temporary GRUU may guess the identity of
 the calling party and then attempt to obtain the temporary GRUUs
 assigned to that caller to confirm the conjecture.  Two possible
 approaches to obtaining the temporary GRUUs are:
 o  Send a REGISTER request to a conjectured caller.
 o  Send a SUBSCRIBE request for the registration event package to the
    conjectured caller.
 Typically, REGISTER is restricted to devices or users that are
 authorized to originate and receive calls with the AOR.  Anonymity
 among users of the same AOR is hard to achieve and typically
 unnecessary.  It is recommended (see Section 5) that the
 authorization policy for the registration event package permit only
 those subscribers who are authorized to register to the AOR to
 receive temporary GRUUs.  With this policy, the confidentiality of

Kyzivat Standards Track [Page 13] RFC 5628 Reg Event GRUU Extension October 2009

 the temporary GRUU will be the same with and without the registration
 event package.  User Agents that use a temporary GRUU should note
 that confidentiality does not extend to parties that are permitted to
 register to the AOR or to obtain the temporary GRUU when subscribing
 to the registration event package.

12. Acknowledgements

 The author would like to thank Jonathan Rosenberg for help with this
 document, and Jari Urpalainen for assistance with the XML.

13. References

13.1. Normative References

 [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
      Levels", BCP 14, RFC 2119, March 1997.
 [2]  Rosenberg, J., "A Session Initiation Protocol (SIP) Event
      Package for Registrations", RFC 3680, March 2004.
 [3]  Rosenberg, J., "Obtaining and Using Globally Routable User Agent
      (UA) URIs (GRUU) in the Session Initiation Protocol (SIP)", RFC
      5627, October 2009.
 [4]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
      January 2004.

13.2. Informative References

 [5]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
      Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
      Session Initiation Protocol", RFC 3261, June 2002.
 [6]  Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header
      (P-Header) Extensions to the Session Initiation Protocol (SIP)
      for the 3rd-Generation Partnership Project (3GPP)", RFC 3455,
      January 2003.
 [7]  Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and H.
      Schulzrinne, "Session Initiation Protocol (SIP) Torture Test
      Messages", RFC 4475, May 2006.

Kyzivat Standards Track [Page 14] RFC 5628 Reg Event GRUU Extension October 2009

Author's Address

 Paul H. Kyzivat
 Cisco Systems, Inc.
 1414 Massachusetts Avenue
 Boxborough, MA  01719
 USA
 EMail: pkyzivat@cisco.com

Kyzivat Standards Track [Page 15]

/data/webs/external/dokuwiki/data/pages/rfc/rfc5628.txt · Last modified: 2009/10/22 02:30 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki