draft-ietf-ecrit-lost-sync-17.txt   draft-ietf-ecrit-lost-sync-18.txt 
ECRIT H. Schulzrinne ECRIT H. Schulzrinne
Internet-Draft Columbia University Internet-Draft Columbia University
Intended status: Experimental H. Tschofenig Intended status: Experimental H. Tschofenig
Expires: September 12, 2012 Nokia Siemens Networks Expires: January 11, 2013 Nokia Siemens Networks
March 11, 2012 July 10, 2012
Synchronizing Location-to-Service Translation (LoST) Protocol based Synchronizing Location-to-Service Translation (LoST) Protocol based
Service Boundaries and Mapping Elements Service Boundaries and Mapping Elements
draft-ietf-ecrit-lost-sync-17.txt draft-ietf-ecrit-lost-sync-18.txt
Abstract Abstract
The Location-to-Service Translation (LoST) protocol is an XML-based The Location-to-Service Translation (LoST) protocol is an XML-based
protocol for mapping service identifiers and geodetic or civic protocol for mapping service identifiers and geodetic or civic
location information to service URIs and service boundaries. In location information to service URIs and service boundaries. In
particular, it can be used to determine the location-appropriate particular, it can be used to determine the location-appropriate
Public Safety Answering Point (PSAP) for emergency services. Public Safety Answering Point (PSAP) for emergency services.
The main data structure, the <mapping> element, used for The <mapping> element is used to encapsulate information about
encapsulating information about service boundaries is defined in the service boundaries is defined in the LoST protocol specification and
LoST protocol specification and circumscribes the region within which circumscribes the region within which all locations map to the same
all locations map to the same service Uniform Resource Identifier service Uniform Resource Identifier (URI) or set of URIs for a given
(URI) or set of URIs for a given service. service.
This document defines an XML protocol to exchange these mappings This document defines an XML protocol to exchange these mappings
between two nodes. This mechanism is designed for the exchange of between two nodes. This mechanism is designed for the exchange of
authoritative <mapping> elements between two entities. Exchanging authoritative <mapping> elements between two entities. Exchanging
cached <mapping> elements, i.e. non-authoritative elements, is cached <mapping> elements, i.e. non-authoritative elements, is
possible but not envisioned. In any case, this document can also be possible but not envisioned. In any case, this document can also be
used without the LoST protocol even though the format of the used without the LoST protocol even though the format of the
<mapping> element is re-used from the LoST specification. <mapping> element is re-used from the LoST specification.
Status of this Memo Status of this Memo
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 12, 2012. This Internet-Draft will expire on January 11, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 10 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Querying for Mappings with a <getMappingsRequest> / 3. A Motivating Example . . . . . . . . . . . . . . . . . . . . . 6
<getMappingsResponse> Exchange . . . . . . . . . . . . . . . . 11 4. Querying for Mappings with a <getMappingsRequest> /
3.1. Behavior of the LoST Sync Destination . . . . . . . . . . 11 <getMappingsResponse> Exchange . . . . . . . . . . . . . . . . 12
3.2. Behavior of the LoST Sync Source . . . . . . . . . . . . . 11 4.1. Behavior of the LoST Sync Destination . . . . . . . . . . 12
3.3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.2. Behavior of the LoST Sync Source . . . . . . . . . . . . . 12
4. Pushing Mappings via <pushMappings> and 4.3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 13
<pushMappingsResponse> . . . . . . . . . . . . . . . . . . . . 14 5. Pushing Mappings via <pushMappings> and
4.1. Behavior of the LoST Sync Source . . . . . . . . . . . . . 14 <pushMappingsResponse> . . . . . . . . . . . . . . . . . . . . 15
4.2. Behavior of the LoST Sync Destination . . . . . . . . . . 14 5.1. Behavior of the LoST Sync Source . . . . . . . . . . . . . 15
4.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.2. Behavior of the LoST Sync Destination . . . . . . . . . . 15
5. Transport . . . . . . . . . . . . . . . . . . . . . . . . . . 19 5.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . 16
6. RelaxNG . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 6. Transport . . . . . . . . . . . . . . . . . . . . . . . . . . 20
7. Operational Considerations . . . . . . . . . . . . . . . . . . 22 7. RelaxNG . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
8. Security Considerations . . . . . . . . . . . . . . . . . . . 23 8. Operational Considerations . . . . . . . . . . . . . . . . . . 23
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24
9.1. Content-type registration for 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
'application/lostsync+xml' . . . . . . . . . . . . . . . . 24 10.1. Media Type Registration . . . . . . . . . . . . . . . . . 25
9.2. LoST Sync Relax NG Schema Registration . . . . . . . . . . 25 10.2. LoST Sync Relax NG Schema Registration . . . . . . . . . . 26
9.3. LoST Synchronization Namespace Registration . . . . . . . 26 10.3. LoST Synchronization Namespace Registration . . . . . . . 27
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29
11.1. Normative References . . . . . . . . . . . . . . . . . . . 28 12.1. Normative References . . . . . . . . . . . . . . . . . . . 29
11.2. Informative References . . . . . . . . . . . . . . . . . . 28 12.2. Informative References . . . . . . . . . . . . . . . . . . 29
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction 1. Introduction
The LoST (Location-to-Service Translation) protocol [RFC5222] maps Since the early days of emergency services there has been a desire to
service identifiers and geodetic or civic location information to route emergency calls to Public Safety Answering Points (PSAPs) that
service URIs. The main data structure, the <mapping> element, used are nearest to the location of the emergency caller. For this
for encapsulating information about service boundaries is defined in purpose each PSAP discloses one or multiple service boundaries so
the LoST protocol specification and circumscribes the region within that this information can be used to select the appropriate PSAP and
which all locations map to the same service Uniform Resource to route the call to it. RFC 5222 [RFC5222] defines this data
Identifier (URI) or set of URIs for a given service. structure in the following way:
This mechanism is designed for the exchange of authoritative A service boundary circumscribes the region within which all
<mapping> elements between two entities (the LoST Sync source and the locations map to the same service Uniform Resource Identifier
LoST Sync destination). (URI) or set of URIs for a given service. A service boundary may
consist of several non-contiguous geometric shapes.
RFC 5222 [RFC5222] not only defines the term but it also specifies
the data structure itself: the <mapping> element.
This document re-uses this existing data structure and defines an
XML-based protocol to exchange authoritative service boundaries
between two entities (the LoST Sync source and the LoST Sync
destination). This protocol can be used with and without the actual
LoST protocol.
The rest of the document is structured as follows: Section 3 starts
with an example usage of the LoST protocol. In Section 4, Section 5,
Section 6, and Section 7 we describe the protocol semantics,
transport considerations and the schema. Finally, we conclude with
operational and security considerations in Section 8, and in
Section 9.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
This document reuses terminology introduced by the mapping
architecture document [RFC5582], such as 'coverage region', 'forest
guide', 'mapping', 'authoritative mapping server', and 'ESRP'.
Throughout this document we use the term LoST Sync source and LoST
Sync destination to denote the protocol end points of the exchange.
The protocol is referred as LoST Sync within the text.
3. A Motivating Example
The LoST Sync mechanism can, for example, be used in the LoST The LoST Sync mechanism can, for example, be used in the LoST
architecture, as specified in the [RFC5582]. There, LoST servers act architecture, as specified in the [RFC5582]. There, LoST servers act
in different roles that cooperate to provide an ubiquitous, globally in different roles that cooperate to provide an ubiquitous, globally
scalable and resilient mapping service. In the LoST mapping scalable and resilient mapping service. In the LoST mapping
architecture, LoST servers can peer, i.e., have an on-going data architecture, LoST servers can peer, i.e., have an on-going data
exchange relationship. Peering relationships are set up manually, exchange relationship. Peering relationships are set up manually,
based on local policies. A LoST server may peer with any number of based on local policies. A LoST server may peer with any number of
other LoST servers. Forest guides peer with other forest guides; other LoST servers. Forest guides peer with other forest guides;
authoritative mapping servers peer with forest guides and other authoritative mapping servers peer with forest guides and other
skipping to change at page 8, line 46 skipping to change at page 10, line 46
| | | |
| | | |
Figure 5: Querying for Mappings with a <getMappingsRequest> Message Figure 5: Querying for Mappings with a <getMappingsRequest> Message
Note that in the exchange illustrated in Figure 5 Node B is issuing Note that in the exchange illustrated in Figure 5 Node B is issuing
the first request and plays the role of the HTTPS client and Node A the first request and plays the role of the HTTPS client and Node A
plays the role of the HTTPS server. plays the role of the HTTPS server.
The <pushMappingsRequest> exchange allows a LoST Sync source to push The <pushMappingsRequest> exchange allows a LoST Sync source to push
mappings to LoST Sync destination. The assumption is being made that mappings to LoST Sync destination. In this example we assume that
Node A and B have previously been configured in a way that they push Node A has been configured maintain state about the mappings it had
mappings in such a fashion and that Node A maintains state about the pushed to Node B.
mappings have to be pushed to Node B. No subscribe mechanism is
defined in this document that would allow Node B to tell Node A about No publish/subscribe mechanism is defined in this document that would
what mappings it is interested nor a mechanism for learning to which allow Node B to tell Node A about what mappings it is interested in
entities mappings have to be pushed. nor a mechanism for learning to which entities mappings have to be
pushed.
+---------+ +---------+ +---------+ +---------+
| Node A | | Node B | | Node A | | Node B |
| acting | | acting | | acting | | acting |
| as | | as | | as | | as |
| LoST | | LoST | | LoST | | LoST |
| Sync | | Sync | | Sync | | Sync |
| Source | | Dest. | | Source | | Dest. |
+---------+ +---------+ +---------+ +---------+
| | | |
skipping to change at page 9, line 28 skipping to change at page 11, line 29
|----------------------------->| |----------------------------->|
| | | |
| <pushMappingsResponse> | | <pushMappingsResponse> |
|<-----------------------------| |<-----------------------------|
| | | |
| | | |
| | | |
Figure 6: Pushing Mappings with a <pushMappingsRequest> Message Figure 6: Pushing Mappings with a <pushMappingsRequest> Message
Note that in the exchange illustrated in Figure 6 Node A issuing the Node A issuing the first request in Figure 6 plays the role of the
first request and plays the role of the HTTPS client and Node B plays HTTPS client and Node B plays the role of the HTTPS server.
the role of the HTTPS server.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
This document reuses terminology introduced by the mapping
architecture document [RFC5582], such as 'coverage region', 'forest
guide', 'mapping', 'authoritative mapping server', etc..
Throughout this document we use the term LoST Sync source and LoST
Sync destination to denote the protocol end points of the exchange.
The protocol is referred as LoST Sync within the text.
3. Querying for Mappings with a <getMappingsRequest> / 4. Querying for Mappings with a <getMappingsRequest> /
<getMappingsResponse> Exchange <getMappingsResponse> Exchange
3.1. Behavior of the LoST Sync Destination 4.1. Behavior of the LoST Sync Destination
A LoST Sync destination has two ways to retrieve mapping elements A LoST Sync destination has two ways to retrieve mapping elements
from a LoST Sync source. from a LoST Sync source.
1. A mechanisms that is suitable when no mappings are available on 1. A mechanisms that is suitable when no mappings are available on
the LoST Sync destination is to submit an empty the LoST Sync destination is to submit an empty
<getMappingsRequest> message, as shown in Figure 7. The intent <getMappingsRequest> message, as shown in Figure 7. The intent
by the LoST Sync destination thereby is to retrieve all mappings by the LoST Sync destination thereby is to retrieve all mappings
from the LoST Sync source. Note that the request does not from the LoST Sync source. Note that the request does not
propagate further to other nodes. propagate further to other nodes.
skipping to change at page 11, line 34 skipping to change at page 12, line 34
of this document. The <getMappingsRequest> message with one or of this document. The <getMappingsRequest> message with one or
multiple <exists> child element(s) allows to reduce the number of multiple <exists> child element(s) allows to reduce the number of
returned mappings to those that have been updated and also to returned mappings to those that have been updated and also to
those that are missing. those that are missing.
In response to the <getMappingsRequest> message the LoST Sync In response to the <getMappingsRequest> message the LoST Sync
destination waits for the <getMappingsResponse> message. In case of destination waits for the <getMappingsResponse> message. In case of
a successful response the LoST Sync destination stores the received a successful response the LoST Sync destination stores the received
mappings and determines which mappings to update. mappings and determines which mappings to update.
3.2. Behavior of the LoST Sync Source 4.2. Behavior of the LoST Sync Source
When a LoST Sync source receives an empty <getMappingsRequest> When a LoST Sync source receives an empty <getMappingsRequest>
message then all locally available mappings MUST be returned. message then all locally available mappings MUST be returned.
When a LoST Sync source receives a <getMappingsRequest> message with When a LoST Sync source receives a <getMappingsRequest> message with
one or multiple <exists> child element(s) then it MUST consult with one or multiple <exists> child element(s) then it MUST consult with
the local mapping database to determine whether any of the mappings the local mapping database to determine whether any of the mappings
of the client is stale and whether there are mappings locally that of the client is stale and whether there are mappings locally that
the client does not yet have. The former can be determined by the client does not yet have. The former can be determined by
finding mappings corresponding to the 'source' and 'sourceID' finding mappings corresponding to the 'source' and 'sourceID'
attribut where a mapping with a more recent lastUpdated date exists. attribut where a mapping with a more recent lastUpdated date exists.
Processing a <getMappingsRequest> message MAY lead to a successful Processing a <getMappingsRequest> message MAY lead to a successful
response in the form of a <getMappingsResponse> or an <errors> response in the form of a <getMappingsResponse> or an <errors>
message. Only the <badRequest>, <forbidden>, <internalError>, message. Only the <badRequest>, <forbidden>, <internalError>,
<serverTimeout> errors, defined in [RFC5222], are utilized by this <serverTimeout> errors, defined in [RFC5222], are utilized by this
specification. Neither the <redirect> nor the <warnings> messages specification. Neither the <redirect> nor the <warnings> messages
are reused by this message. are reused by this message.
3.3. Examples 4.3. Examples
The first example shows an empty <getMappingsRequest> message that The first example shows an empty <getMappingsRequest> message that
would retrieve all locally stored mappings at the LoST Sync source. would retrieve all locally stored mappings at the LoST Sync source.
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<getMappingsRequest xmlns="urn:ietf:params:xml:ns:lostsync1"/> <getMappingsRequest xmlns="urn:ietf:params:xml:ns:lostsync1"/>
Figure 7: Example of empty <getMappingsRequest> message Figure 7: Example of empty <getMappingsRequest> message
A further example request is shown in Figure 8 and the corresponding A further example request is shown in Figure 8 and the corresponding
skipping to change at page 14, line 5 skipping to change at page 15, line 5
</serviceBoundary> </serviceBoundary>
<uri>sip:nypd@example.com</uri> <uri>sip:nypd@example.com</uri>
<uri>xmpp:nypd@example.com</uri> <uri>xmpp:nypd@example.com</uri>
<serviceNumber>911</serviceNumber> <serviceNumber>911</serviceNumber>
</mapping> </mapping>
</sync:getMappingsResponse> </sync:getMappingsResponse>
Figure 9: Example <getMappingsResponse> Message Figure 9: Example <getMappingsResponse> Message
4. Pushing Mappings via <pushMappings> and <pushMappingsResponse> 5. Pushing Mappings via <pushMappings> and <pushMappingsResponse>
4.1. Behavior of the LoST Sync Source 5.1. Behavior of the LoST Sync Source
When a LoST Sync source obtains new information that is of interest When a LoST Sync source obtains new information that is of interest
to its peers, it may push the new mappings to its peers. to its peers, it may push the new mappings to its peers.
Configuration settings at both peers decide whether this Configuration settings at both peers decide whether this
functionality is used and what mappings are pushed to which other functionality is used and what mappings are pushed to which other
peers. New mappings may arrive through various means, such as a peers. New mappings may arrive through various means, such as a
manual addition to the local mapping database, or through the manual addition to the local mapping database, or through the
interaction with other entities. Deleting mappings may also trigger interaction with other entities. Deleting mappings may also trigger
a protocol interaction. a protocol interaction.
The LoST Sync source SHOULD keep track to which LoST Sync destination The LoST Sync source SHOULD keep track of which LoST Sync destination
it has pushed mapping elements. If it does not keep state it has pushed mapping elements. If it does not keep state
information then it always has to push the complete data set. As information then it always has to push the complete data set. As
discussed in Section 5.1 of [RFC5222], mapping elements are discussed in Section 5.1 of [RFC5222], mapping elements are
identified by the 'source', 'sourceID' and 'lastUpdated' attributes. identified by the 'source', 'sourceID' and 'lastUpdated' attributes.
A mapping is considered the same if these three attributes match. It A mapping is considered the same if these three attributes match.
is RECOMMENDED not to push the same information to the same peer more
than once.
A <pushMappings> request sent by a LoST Sync source MUST containing A <pushMappings> request sent by a LoST Sync source MUST containing
one or more <mapping> elements. one or more <mapping> elements.
To delete a mapping, the content of the mapping is left empty, i.e. To delete a mapping, the content of the mapping is left empty, i.e.
the <mapping> element only contains the 'source', 'sourceID', the <mapping> element only contains the 'source', 'sourceID',
'lastUpdated', and 'expires" attribute. Figure 10 shows an example 'lastUpdated', and 'expires" attribute. Figure 10 shows an example
request where the mapping with the source="nj.us.example", request where the mapping with the source="nj.us.example",
sourceId="123", lastUpdated="2008-11-01T01:00:00Z", expires="2008-11- sourceId="123", lastUpdated="2008-11-01T01:00:00Z", expires="2008-11-
01T01:00:00Z" is requested to be deleted. Note that the 'expires' 01T01:00:00Z" is requested to be deleted. Note that the 'expires'
attribute is required per schema definition but will be ignored in attribute is required per schema definition but will be ignored in
processing the request on the receiving side. A sync source may want processing the request on the receiving side. A sync source may want
to delete the mapping from its internal mapping database, but has to to delete the mapping from its internal mapping database, but has to
remember which peers it has distributed this update to unless it has remember which peers it has distributed this update to unless it has
other ways to ensure that databases do not get out of sync. other ways to ensure that databases do not get out of sync.
4.2. Behavior of the LoST Sync Destination 5.2. Behavior of the LoST Sync Destination
When a LoST Sync destination receives a <pushMappingsRequest> message When a LoST Sync destination receives a <pushMappingsRequest> message
then the cache with the existing mappings is inspected to determine then the cache with the existing mappings is inspected to determine
whether the received mapping should lead to an update of an already whether the received mapping should lead to an update of an already
existing mapping, should create a new mapping in the cache, or should existing mapping, should create a new mapping in the cache, or should
be discarded. be discarded.
A newly received mapping MUST update an existing one having the same If a newly received mapping has a more recent time in its
'source' and 'sourceId' and a more recent time in 'lastUpdated'. 'lastUpdated' attribute, it MUST update an existing mapping that has
matching 'source' and 'sourceID' attributes.
If the received mapping does not match with any existing mapping If the received mapping does not match with any existing mapping
based on the 'source' and 'sourceId' then it MUST be added to the based on the 'source' and 'sourceId' then it MUST be added to the
local cache as an independent mapping. local cache as an independent mapping.
If a <pushMappingsRequest> message with an empty <mapping> element is If a <pushMappingsRequest> message with an empty <mapping> element is
received then a corresponding mapping has to be determined based on received then a corresponding mapping has to be determined based on
the 'source', and the 'sourceID'. the 'source', and the 'sourceID'.
If no mapping can be identified then an <errors> response MUST be If no mapping can be identified then an <errors> response MUST be
skipping to change at page 15, line 35 skipping to change at page 16, line 33
used. The <redirect> and <warnings> messages are not used for this used. The <redirect> and <warnings> messages are not used for this
query/response. query/response.
If the set of nodes that are synchronizing their data does not form a If the set of nodes that are synchronizing their data does not form a
tree, it is possible that the same information arrives through tree, it is possible that the same information arrives through
several other nodes. This is unavoidable, but generally only imposes several other nodes. This is unavoidable, but generally only imposes
a modest overhead. (It would be possible to create a spanning tree a modest overhead. (It would be possible to create a spanning tree
in the same fashion as IP multicast, but the complexity does not seem in the same fashion as IP multicast, but the complexity does not seem
warranted, given the relatively low volume of data.) warranted, given the relatively low volume of data.)
4.3. Example 5.3. Example
An example is shown in Figure 10. Image a LoST node that obtained An example is shown in Figure 10. Imagine a LoST node that obtained
two new mappings identified as follows: two new mappings identified as follows:
o o
source="authoritative.example" source="authoritative.example"
sourceId="7e3f40b098c711dbb6060800200c9a66" sourceId="7e3f40b098c711dbb6060800200c9a66"
lastUpdated="2008-11-26T01:00:00Z" lastUpdated="2008-11-26T01:00:00Z"
o o
skipping to change at page 19, line 5 skipping to change at page 20, line 5
<mapping source="nj.us.example" <mapping source="nj.us.example"
sourceId="123" sourceId="123"
lastUpdated="2008-11-01T01:00:00Z" lastUpdated="2008-11-01T01:00:00Z"
expires="2008-11-01T01:00:00Z"/> expires="2008-11-01T01:00:00Z"/>
</sync:notDeleted> </sync:notDeleted>
</errors> </errors>
Figure 12: Example <errors> Message Figure 12: Example <errors> Message
5. Transport 6. Transport
LoST Sync needs an underlying protocol transport mechanism to carry LoST Sync needs an underlying protocol transport mechanism to carry
requests and responses. This document uses HTTPS as a transport to requests and responses. This document uses HTTPS as a transport to
exchange XML documents. No fallback to HTTP is provided. exchange XML documents. No fallback to HTTP is provided.
When using HTTP-over-TLS [RFC2818], LoST Sync messages use the POST When using HTTP-over-TLS [RFC2818], LoST Sync messages use the POST
method. Request MUST use the Cache-Control response directive "no- method. Request MUST use the Cache-Control response directive "no-
cache". cache".
All LoST Sync responses, including those indicating a LoST warning or All LoST Sync responses, including those indicating a LoST warning or
error, are carried in 2xx responses, typically 200 (OK). 3xx, 4xx and error, are carried in 2xx responses, typically 200 (OK). 3xx, 4xx and
5xx HTTP response codes indicates that the request itself failed or 5xx HTTP response codes indicates that the request itself failed or
was redirected; these responses do not contain any LoST Sync XML was redirected; these responses do not contain any LoST Sync XML
elements. elements.
6. RelaxNG 7. RelaxNG
Note: In order to avoid copying pattern definitions from the LoST Note: In order to avoid copying pattern definitions from the LoST
Relax NG schema [RFC5222] to this document we include it as Relax NG schema [RFC5222] to this document we include it as
"lost.rng" (XML syntax) in the Relax NG schema below. "lost.rng" (XML syntax) in the Relax NG schema below.
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<grammar ns="urn:ietf:params:xml:ns:lostsync1" <grammar ns="urn:ietf:params:xml:ns:lostsync1"
xmlns="http://relaxng.org/ns/structure/1.0" xmlns="http://relaxng.org/ns/structure/1.0"
xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0"
skipping to change at page 22, line 5 skipping to change at page 23, line 5
<define name="notDeleted"> <define name="notDeleted">
<element name="notDeleted"> <element name="notDeleted">
<ref name="basicException"/> <ref name="basicException"/>
<oneOrMore> <oneOrMore>
<ref name="mapping"/> <ref name="mapping"/>
</oneOrMore> </oneOrMore>
</element> </element>
</define> </define>
</grammar> </grammar>
7. Operational Considerations 8. Operational Considerations
When different LoST servers use the mechanism described in this When different LoST servers use the mechanism described in this
document to synchronize their mapping data then it is important to document to synchronize their mapping data then it is important to
ensure that loops are avoided. The example shown in Figure 13 with ensure that loops are avoided. The example shown in Figure 13 with
three LoST servers A, B and C (each of them acts as a sync source and three LoST servers A, B and C (each of them acts as a sync source and
a sync destination) illustrates the challenge in more detail. A and a sync destination) illustrates the challenge in more detail. A and
B synchronize data between each other; the same is true for A and C, B synchronize data between each other; the same is true for A and C,
and B and C, respectively. and B and C, respectively.
A -------- B A -------- B
skipping to change at page 22, line 48 skipping to change at page 23, line 48
authorized for, authoritative mapping server MUST sign mappings they authorized for, authoritative mapping server MUST sign mappings they
distribute using an XML digital signature distribute using an XML digital signature
[W3C.REC-xmldsig-core-20020212]. A recipient MUST verify that the [W3C.REC-xmldsig-core-20020212]. A recipient MUST verify that the
signing entity is indeed authorized to speak for that region. In signing entity is indeed authorized to speak for that region. In
many cases, this will require an out-of-band agreement to be in place many cases, this will require an out-of-band agreement to be in place
to agree on specific entities to take on this role. Determining who to agree on specific entities to take on this role. Determining who
can speak for a particular region is inherently difficult unless can speak for a particular region is inherently difficult unless
there is a small set of authorizing entities that participants in the there is a small set of authorizing entities that participants in the
mapping architecture can trust. Receiving systems should be mapping architecture can trust. Receiving systems should be
particularly suspicious if an existing coverage region is replaced by particularly suspicious if an existing coverage region is replaced by
a new one that contains a different value in the <uri> element. With a new one that contains a different value in the <uri> element. When
digitially singed mappings mappings cannot be modified by mappings are digitially signed, they cannot be modified by
intermediate LoST servers. intermediate LoST servers.
8. Security Considerations 9. Security Considerations
This document defines a protocol for exchange of mapping information This document defines a protocol for exchange of authoritative
between two entities. Hence, the protocol operations described in mapping information between two entities. Hence, the protocol
this document require authentication of neighboring nodes. operations described in this document require authentication of
neighboring nodes.
The LoST Sync client and servers MUST implement TLS and use TLS. The LoST Sync client and servers MUST implement TLS and use TLS.
Which version(s) ought to be implemented will vary over time, and Which version(s) ought to be implemented will vary over time, and
depend on the widespread deployment and known security depend on the widespread deployment and known security
vulnerabilities at the time of implementation. At the time of this vulnerabilities at the time of implementation. At the time of this
writing, TLS version 1.2 [RFC5246] is the most recent version, but writing, TLS version 1.2 [RFC5246] is the most recent version, but
has very limited actual deployment, and might not be readily has very limited actual deployment, and might not be readily
available in implementation toolkits. TLS version 1.0 [RFC2246] is available in implementation toolkits. TLS version 1.0 [RFC2246] is
the most widely deployed version, and will give the broadest the most widely deployed version, and will give the broadest
interoperability. interoperability.
Mutual authentication between the LoST Sync source and the LoST Sync
destination is not necessarily required in all deployments unless an
emergency service authority wants to enforce access control prior to
the distribution of their mapping elements. This may, for example,
be the case when certain emergency services network internal mappings
are not meant for public distribution.
An additional threat is caused by compromised or misconfigured LoST An additional threat is caused by compromised or misconfigured LoST
servers. A denial of service could be the consequence of an injected servers. A denial of service could be the consequence of an injected
mapping. If the mapping data contains an URL that does not exist mapping. If the mapping data contains an URL that does not exist
then emergency services for the indicated area are not reachable. If then emergency services for the indicated area are not reachable. If
all mapping data contains URLs that point to a single PSAP (rather all mapping data contains URLs that point to a single PSAP (rather
than a large number of PSAPs) then this PSAP is likely to experience than a large number of PSAPs) then this PSAP is likely to experience
overload conditions. If the mapping data contains a URL that points overload conditions. If the mapping data contains a URL that points
to a server controlled by the adversary itself then it might to a server controlled by the adversary itself then it might
impersonate PSAPs. impersonate PSAPs.
Section 7 discusses this security threat and mandates signed Section 8 discusses this security threat and mandates signed
mappings. For unusal changes to the mapping database approval by a mappings. For unusal changes to the mapping database approval by a
system administrator of the emergency services infrastructure (or a system administrator of the emergency services infrastructure (or a
similar expert) may be required before any mappings are installed. similar expert) may be required before any mappings are installed.
9. IANA Considerations 10. IANA Considerations
9.1. Content-type registration for 'application/lostsync+xml' 10.1. Media Type Registration
This specification requests the registration of a new MIME type This specification requests the registration of a new media type
according to the procedures of RFC 4288 [RFC4288] and guidelines in according to the procedures of RFC 4288 [RFC4288] and guidelines in
RFC 3023 [RFC3023]. RFC 3023 [RFC3023].
Type name: application Type name: application
Subtype name: lostsync+xml Subtype name: lostsync+xml
Required parameters: none Required parameters: none
Optional parameters: charset Optional parameters: charset
Indicates the character encoding of enclosed XML. Same as charset parameter of application/xml as specified in RFC
3023 [RFC3023].
Encoding considerations: Identical to those of "application/xml" as Encoding considerations: Identical to those of "application/xml" as
described in [RFC3023], Section 3.2. described in [RFC3023], Section 3.2.
Security considerations: This content type is designed to carry LoST Security considerations: This content type is designed to carry LoST
Synchronization protocol payloads and the security considerations Synchronization protocol payloads and the security considerations
section of RFCXXXX is applicable. In addition, as this media type section of RFCXXXX is applicable. In addition, as this media type
uses the "+xml" convention, it shares the same security uses the "+xml" convention, it shares the same security
considerations as described in [RFC3023], Section 10. [NOTE TO considerations as described in [RFC3023], Section 10. [NOTE TO
IANA/RFC-EDITOR: Please replace XXXX with the RFC number of this IANA/RFC-EDITOR: Please replace XXXX with the RFC number of this
skipping to change at page 25, line 31 skipping to change at page 26, line 31
Change controller: Change controller:
This specification is a work item of the IETF ECRIT working group, This specification is a work item of the IETF ECRIT working group,
with mailing list address <ecrit@ietf.org>. with mailing list address <ecrit@ietf.org>.
Change controller: Change controller:
The IESG <iesg@ietf.org> The IESG <iesg@ietf.org>
9.2. LoST Sync Relax NG Schema Registration 10.2. LoST Sync Relax NG Schema Registration
Please register the schema defined in this document under the XML
schema registry at
http://www.iana.org/assignments/xml-registry/schema.html
URI: urn:ietf:params:xml:schema:lostsync1 URI: urn:ietf:params:xml:schema:lostsync1
Registrant Contact: IETF ECRIT Working Group, Hannes Tschofenig Registrant Contact: IETF ECRIT Working Group, Hannes Tschofenig
(Hannes.Tschofenig@gmx.net). (Hannes.Tschofenig@gmx.net).
Relax NG Schema: The Relax NG schema to be registered is contained Relax NG Schema: The Relax NG schema to be registered is contained
in Section 6. in Section 7.
9.3. LoST Synchronization Namespace Registration 10.3. LoST Synchronization Namespace Registration
Please register the namespace defined in this document under the XML
namespace registry at
http://www.iana.org/assignments/xml-registry/ns.html
URI: urn:ietf:params:xml:ns:lostsync1 URI: urn:ietf:params:xml:ns:lostsync1
Registrant Contact: IETF ECRIT Working Group, Hannes Tschofenig Registrant Contact: IETF ECRIT Working Group, Hannes Tschofenig
(Hannes.Tschofenig@gmx.net). (Hannes.Tschofenig@gmx.net).
XML: XML:
BEGIN BEGIN
<?xml version="1.0"?> <?xml version="1.0"?>
skipping to change at page 27, line 5 skipping to change at page 28, line 5
<h1>Namespace for LoST server synchronization</h1> <h1>Namespace for LoST server synchronization</h1>
<h2>urn:ietf:params:xml:ns:lostsync1</h2> <h2>urn:ietf:params:xml:ns:lostsync1</h2>
<p>See <a href="[URL of published RFC]">RFCXXXX <p>See <a href="[URL of published RFC]">RFCXXXX
[NOTE TO IANA/RFC-EDITOR: [NOTE TO IANA/RFC-EDITOR:
Please replace XXXX with the RFC number of this Please replace XXXX with the RFC number of this
specification.]</a>.</p> specification.]</a>.</p>
</body> </body>
</html> </html>
END END
10. Acknowledgments 11. Acknowledgments
Robins George, Cullen Jennings, Karl Heinz Wolf, Richard Barnes, Robins George, Cullen Jennings, Karl Heinz Wolf, Richard Barnes,
Mayutan Arumaithurai, Alexander Mayrhofer, and Andrew Newton provided Mayutan Arumaithurai, Alexander Mayrhofer, and Andrew Newton provided
helpful input. Jari Urpalainen assisted with the Relax NG schema. helpful input. Jari Urpalainen assisted with the Relax NG schema.
We would also like to thank our document shepherd Roger Marshall for We would also like to thank our document shepherd Roger Marshall for
his help with the document. his help with the document.
We would like to particularly thank Andrew Newton for his timely and We would like to particularly thank Andrew Newton for his timely and
valuable review of the XML-related content. valuable review of the XML-related content.
We would like to thank Robert Sparks for his AD review feedback, We would like to thank Robert Sparks, Barry Leiba, Stephen Farrell,
Bjoern Hoehrmann for his media type review, and Julian Reschke and Brian Haberman, Pete Resnick, and Sean Turner for their AD reviews.
Martin Duerst for their applications area reviews. We would also like to thank Bjoern Hoehrmann for his media type
review, Julian Reschke and Martin Duerst for their applications area
reviews, and Wassim Haddad for his Gen-ART review.
11. References 12. References
11.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999. RFC 2246, January 1999.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
skipping to change at page 28, line 45 skipping to change at page 29, line 45
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[W3C.REC-xmldsig-core-20020212] [W3C.REC-xmldsig-core-20020212]
Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T.
Roessler, "XML-Signature Syntax and Processing", World Roessler, "XML-Signature Syntax and Processing", World
Wide Web Consortium Second Edition REC-xmldsig-core- Wide Web Consortium Second Edition REC-xmldsig-core-
20020212, June 2008. 20020212, June 2008.
11.2. Informative References 12.2. Informative References
[RFC5582] Schulzrinne, H., "Location-to-URL Mapping Architecture and [RFC5582] Schulzrinne, H., "Location-to-URL Mapping Architecture and
Framework", RFC 5582, September 2009. Framework", RFC 5582, September 2009.
Authors' Addresses Authors' Addresses
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
Department of Computer Science Department of Computer Science
450 Computer Science Building 450 Computer Science Building
 End of changes. 41 change blocks. 
107 lines changed or deleted 144 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/