draft-ietf-ecrit-psap-callback-13.txt   rfc7090.txt 
ECRIT H. Schulzrinne Internet Engineering Task Force (IETF) H. Schulzrinne
Internet-Draft Columbia University Request for Comments: 7090 Columbia University
Intended status: Standards Track H. Tschofenig Category: Standards Track H. Tschofenig
Expires: April 17, 2014 Nokia Solutions and Networks ISSN: 2070-1721
C. Holmberg C. Holmberg
Ericsson Ericsson
M. Patel M. Patel
InterDigital Communications Huawei Technologies (UK) Co., Ltd.
October 14, 2013 April 2014
Public Safety Answering Point (PSAP) Callback Public Safety Answering Point (PSAP) Callback
draft-ietf-ecrit-psap-callback-13.txt
Abstract Abstract
After an emergency call is completed (either prematurely terminated After an emergency call is completed (terminated either prematurely
by the emergency caller or normally by the call taker) it is possible by the emergency caller or normally by the call taker), the call
that the call taker feels the need for further communication. For taker may feel the need for further communication. For example, the
example, the call may have been dropped by accident without the call call may have been dropped by accident without the call taker having
taker having sufficient information about the current situation of a sufficient information about the current state of an accident victim.
wounded person. A call taker may trigger a callback towards the A call taker may trigger a callback to the emergency caller using the
emergency caller using the contact information provided with the contact information provided with the initial emergency call. This
initial emergency call. This callback could, under certain callback could, under certain circumstances, be treated like any
circumstances, be treated like any other call and as a consequence it other call and, as a consequence, it may get blocked by authorization
may get blocked by authorization policies or may get forwarded to an policies or may get forwarded to an answering machine.
answering machine.
The IETF emergency services architecture specification already offers The IETF emergency services architecture specification already offers
a solution approach for allowing PSAP callbacks to bypass a solution approach for allowing Public Safety Answering Point (PSAP)
authorization policies to reach the caller without unnecessary callbacks to bypass authorization policies in order to reach the
delays. Unfortunately, the specified mechanism only supports limited caller without unnecessary delays. Unfortunately, the specified
scenarios. This document discusses shortcomings of the current mechanism only supports limited scenarios. This document discusses
mechanisms and illustrates additional scenarios where better-than- shortcomings of the current mechanisms and illustrates additional
normal call treatment behavior would be desirable. A solution based scenarios where better-than-normal call treatment behavior would be
on a new header field value, called "psap-callback", for the SIP desirable. We describe a solution based on a new header field value
Priority header field is specified to accomplish the PSAP callback for the SIP Priority header field, called "psap-callback", to mark
marking. PSAP callbacks.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on April 17, 2014. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7090.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology .....................................................5
3. Callback Scenarios . . . . . . . . . . . . . . . . . . . . . 4 3. Callback Scenarios ..............................................5
3.1. Routing Asymmetry . . . . . . . . . . . . . . . . . . . . 5 3.1. Routing Asymmetry ..........................................5
3.2. Multi-Stage Routing . . . . . . . . . . . . . . . . . . . 5 3.2. Multi-Stage Routing ........................................7
3.3. Call Forwarding . . . . . . . . . . . . . . . . . . . . . 6 3.3. Call Forwarding ............................................8
3.4. Network-based Service URN Resolution . . . . . . . . . . 8 3.4. Network-Based Service URN Resolution ......................10
3.5. PSTN Interworking . . . . . . . . . . . . . . . . . . . . 9 3.5. PSTN Interworking .........................................11
4. SIP PSAP Callback Indicator . . . . . . . . . . . . . . . . . 10 4. SIP PSAP Callback Indicator ....................................12
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.1. General ...................................................12
4.2. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.2. Usage .....................................................12
4.3. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3. Syntax ....................................................12
4.3.1. General . . . . . . . . . . . . . . . . . . . . . . . 10 4.3.1. General ............................................12
4.3.2. ABNF . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3.2. ABNF ...............................................12
5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. Security Considerations ........................................12
5.1. Security Threat . . . . . . . . . . . . . . . . . . . . . 10 5.1. Security Threat ...........................................12
5.2. Security Requirements . . . . . . . . . . . . . . . . . . 11 5.2. Security Requirements .....................................13
5.3. Security Solution . . . . . . . . . . . . . . . . . . . . 11 5.3. Security Solution .........................................13
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 6. IANA Considerations ............................................15
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 7. Acknowledgements ...............................................16
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 8. References .....................................................16
8.1. Normative References . . . . . . . . . . . . . . . . . . 14 8.1. Normative References ......................................16
8.2. Informative References . . . . . . . . . . . . . . . . . 14 8.2. Informative References ....................................17
1. Introduction 1. Introduction
Summoning police, the fire department or an ambulance in emergencies Summoning police, the fire department, or an ambulance in emergencies
is one of the fundamental and most-valued functions of the telephone. is one of the fundamental and most valuable functions of the
As telephone functionality moves from circuit-switched telephony to telephone. As telephone functionality moves from circuit-switched
Internet telephony, its users rightfully expect that this core telephony to Internet telephony, its users rightfully expect that
functionality will continue to work at least as well as it has for this core functionality will continue to work at least as well as it
the legacy technology. New devices and services are being made has for the legacy technology. New devices and services are being
available that could be used to make a request for help, which are made available that could be used to make a request for help and that
not traditional telephones, and users are increasingly expecting them are not traditional telephones. Users are increasingly expecting
to be used to place emergency calls. them to be used to place emergency calls.
An overview of the protocol interactions for emergency calling using An overview of the protocol interactions for emergency calling using
the IETF emergency services architecture are described in [RFC6443] the IETF emergency services architecture is described in [RFC6443],
and [RFC6881] specifies the technical details. As part of the and [RFC6881] specifies the technical details. As part of the
emergency call setup procedure two important identifiers are conveyed emergency call setup procedure, two important identifiers are
to the PSAP call taker's user agent, namely the Address-Of-Record conveyed to the PSAP call taker's user agent, namely the address-of-
(AOR), and, if available, the Globally Routable User Agent (UA) URIs record (AOR), and if available, the Globally Routable User Agent (UA)
(GRUU). RFC 3261 [RFC3261] defines the AOR as: URIs (GRUUs). RFC 3261 [RFC3261] defines the AOR as:
"An address-of-record (AOR) is a SIP or SIPS URI that points to a An address-of-record (AOR) is a SIP or SIPS URI that points to a
domain with a location service that can map the URI to another URI domain with a location service that can map the URI to another URI
where the user might be available. Typically, the location where the user might be available. Typically, the location
service is populated through registrations. An AOR is frequently service is populated through registrations. An AOR is frequently
thought of as the "public address" of the user." thought of as the "public address" of the user.
In SIP systems a single user can have a number of user agents In SIP systems, a single user can have a number of user agents
(handsets, softphones, voicemail accounts, etc.) which are all (handsets, softphones, voicemail accounts, etc.) that are all
referenced by the same AOR. There are a number of cases in which it referenced by the same AOR. There are a number of cases in which it
is desirable to have an identifier which addresses a single user is desirable to have an identifier that addresses a single user agent
agent rather than the group of user agents indicated by an AOR. The rather than the group of user agents indicated by an AOR. The GRUU
GRUU is such a unique user-agent identifier, which is still globally is such a unique user-agent identifier, and it is also globally
routable. RFC 5627 [RFC5627] specifies how to obtain and use GRUUs. routable. [RFC5627] specifies how to obtain and use GRUUs.
[RFC6881] also makes use of the GRUU for emergency calls. [RFC6881] also makes use of the GRUU for emergency calls.
Regulatory requirements demand that the emergency call setup Regulatory requirements demand that the emergency call setup
procedure itself provides enough information to allow the call taker procedure itself provides enough information to allow the call taker
to initiate a callback to the emergency caller. This is desirable in to initiate a callback to the emergency caller. This is desirable in
those cases where the call got dropped prematurely or when further those cases where the call is dropped prematurely or when further
communication need arises. The AOR and the GRUU serve this purpose. communication needs arise. The AOR and the GRUU serve this purpose.
The communication attempt by the PSAP call taker back to the The communication attempt by the PSAP call taker back to the
emergency caller is called 'PSAP callback'. emergency caller is called a "PSAP callback".
A PSAP callback may, however, be blocked by user configured A PSAP callback may, however, be blocked by user-configured
authorization policies or may be forwarded to an answering machine authorization policies or may be forwarded to an answering machine
since SIP entities (SIP proxies as well as the SIP user equipment since SIP entities (SIP proxies as well as the SIP user equipment
itself) cannot differentiate the PSAP callback from any other SIP itself) cannot differentiate the PSAP callback from any other SIP
call. "Call barring", "do not disturb", or "call diversion"(aka call call. "Call barring", "do not disturb", or "call diversion" (also
forwarding) are features that prevent delivery of a call. It is called call forwarding) are features that prevent delivery of a call.
important to note that these features may be implemented by SIP It is important to note that these features may be implemented by SIP
intermediaries as well as by the user agent. intermediaries as well as by the user agent.
Among the emergency services community there is the desire to offer Among the emergency services community, there is a desire to treat
PSAP callbacks a treatment such that chances are increased that it PSAP callbacks in such a way that the chances of reaching the
reaches the emergency caller. At the same time a design must deal emergency caller are increased. At the same time, any solution must
with the negative side-effects of allowing certain calls to bypass minimize the chance that other calls bypass call forwarding or other
call forwarding or other authorization policies. Ideally, the PSAP authorization policies. Ideally, the PSAP callback has to relate to
callback has to relate to an earlier emergency call that was made an earlier emergency call that was made "not too long ago". An exact
"not too long ago". An exact time interval is difficult to define in time interval is difficult to define in a global IETF standard due to
a global IETF standard due to the variety of national regulatory the variety of national regulatory requirements, but [RFC6881]
requirements but [RFC6881] suggests 30 minutes. suggests 30 minutes.
To nevertheless meet the needs from the emergency services community Nevertheless, to meet the needs from the emergency services
a basic mechanism for preferential treatment of PSAP callbacks was community, a basic mechanism for preferential treatment of PSAP
defined in Section 13 of [RFC6443]. The specification says: callbacks was defined in Section 13 of [RFC6443]. The specification
says:
"A UA may be able to determine a PSAP callback by examining the A UA may be able to determine a PSAP callback by examining the
domain of incoming calls after placing an emergency call and domain of incoming calls after placing an emergency call and
comparing that to the domain of the answering PSAP from the comparing that to the domain of the answering PSAP from the
emergency call. Any call from the same domain and directed to the emergency call. Any call from the same domain and directed to the
supplied Contact header or AOR after an emergency call should be supplied Contact header or AOR after an emergency call should be
accepted as a callback from the PSAP if it occurs within a accepted as a callback from the PSAP if it occurs within a
reasonable time after an emergency call was placed." reasonable time after an emergency call was placed.
This approach mimics a stateful packet filtering firewall and is This approach mimics a stateful packet-filtering firewall and is
indeed helpful in a number of cases. It is also relatively simple to indeed helpful in a number of cases. It is also relatively simple to
implement even though it requires call state to be maintained by the implement even though it requires call state to be maintained by the
user agent as well as by SIP intermediaries. Unfortunately, the user agent as well as by SIP intermediaries. Unfortunately, the
solution does not work in all deployment scenarios. In Section 3 we solution does not work in all deployment scenarios. In Section 3 we
describe cases where the currently standardized approach is describe cases where the currently standardized approach is
insufficient. insufficient.
2. Terminology 2. Terminology
Emergency services related terminology is borrowed from [RFC5012]. Emergency-services-related terminology is borrowed from [RFC5012].
This includes terminology like emergency caller, user equipment, call This includes terminology like emergency caller, user equipment, call
taker, Emergency Service Routing Proxy (ESRP), and Public Safety taker, Emergency Service Routing Proxy (ESRP), and Public Safety
Answering Point (PSAP). Answering Point (PSAP).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3. Callback Scenarios 3. Callback Scenarios
This section illustrates a number of scenarios where the currently This section illustrates a number of scenarios where the currently
specified solution, as specified in [RFC6881], for preferential specified solution, as described in [RFC6881], for preferential
treatment of callbacks fails. As explained in Section 1 a SIP entity treatment of callbacks fails. As explained in Section 1, a SIP
examines an incoming PSAP callback by comparing the domain of the entity examines an incoming PSAP callback by comparing the domain of
PSAP with the destination domain of the outbound emergency call the PSAP with the destination domain of the outbound emergency call
placed earlier. placed earlier.
3.1. Routing Asymmetry 3.1. Routing Asymmetry
In some deployment environments it is common to have incoming and In some deployment environments, it is common to have incoming and
outgoing SIP messaging routed through different SIP entities. Figure outgoing SIP messaging routed through different SIP entities.
1 shows this graphically whereby a VoIP provider uses different SIP Figure 1 shows this graphically whereby a Voice over IP (VoIP)
proxies for inbound and for outbound call handling. Unless the two provider uses different SIP proxies for inbound and for outbound call
devices are synchronized, the callback hitting the inbound proxy handling. Unless the two devices are synchronized, the callback
would get treated like any other call since the emergency call reaching the inbound proxy would get treated like any other call
established state information at the outbound proxy only. since the emergency call established state information at the
outbound proxy only.
,-------. ,-------.
,' `. ,' `.
,-------. / Emergency \ ,-------. / Emergency \
,' `. | Services | ,' `. | Services |
/ VoIP \ I | Network | / VoIP \ I | Network |
| Provider | n | | | Provider | n | |
| | t | | | | t | |
| | e | | | | e | |
| +-------+ | r | | | +-------+ | r | |
+--+---|Inbound|<--+-----m | | +--+---|Inbound|<--+-----m | |
| | |Proxy | | e | +------+ | | | |Proxy | | e | +------+ |
| | +-------+ | d | |PSAP | | | | +-------+ | d | |PSAP | |
| | | i | +--+---+ | | | | i | +--+---+ |
+----+ | | | a-+ | | | +----+ | | | a-+ | | |
| UA |<---+ | | t | | | | | UA |<---+ | | t | | | |
| |----+ | | e | | | | | |----+ | | e | | | |
+----+ | | | | | | | +----+ | | | | | | |
| | | P | | | | | | | P | | | |
| | | r | | | | | | | r | | | |
| | +--------+ | o | | | | | | +--------+ | o | | | |
+--+-->|Outbound|--+---->v | | +--+---+ | +--+-->|Outbound|--+---->v | | +--+---+ |
| |Proxy | | i | | +-+ESRP | | | |Proxy | | i | | +-+ESRP | |
| +--------+ | d | | | +------+ | | +--------+ | d | | | +------+ |
| | e || | | | | e | | | |
| | r |+-+ | | | r +----+-+ |
\ / | | \ / | |
`. ,' \ / `. ,' \ /
'-------' `. ,' '-------' `. ,'
'-------' '-------'
Figure 1: Example for Routing Asymmetry. Figure 1: Example for Routing Asymmetry
3.2. Multi-Stage Routing 3.2. Multi-Stage Routing
Consider the following emergency call routing scenario shown in
Figure 2 where routing towards the PSAP occurs in several stages. In Consider the emergency call routing scenario shown in Figure 2 where
this scenario we consider a SIP UA that uses the Location-to-Service routing towards the PSAP occurs in several stages. In this scenario,
Translation Protocol (LoST) [RFC5222] to learn the next hop we consider a SIP UA that uses the Location-to-Service Translation
destination, namely esrp@example.net, to get the call closer to the (LoST) Protocol [RFC5222] to learn the next-hop destination, namely
PSAP. This call is then sent to the proxy of the user's VoIP esrp@example.net, to get the call closer to the PSAP. This call is
provider (example.org). The user's VoIP provider receives the then sent to the proxy of the user's VoIP provider (example.org).
emergency call and creates state based on the destination domain, The user's VoIP provider receives the emergency call and creates a
namely example.net. It then routes it to the indicated ESRP. When state based on the destination domain, namely example.net. It then
the ESRP receives it it needs to decide what the next hop is to get routes the call to the indicated ESRP. When the ESRP receives the
to the final PSAP. In our example the next hop is the PSAP with the call, it needs to decide what the next hop is to get to the final
URI psap@example.com. PSAP. In our example, the next hop is the PSAP with the URI
psap@example.com.
When a callback is sent from psap@example.com towards the emergency When a callback is sent from psap@example.com towards the emergency
caller the call will get normal treatment by the proxy of the VoIP caller, the call will get normal treatment by the proxy of the VoIP
provider since the domain of the PSAP does not match the stored state provider since the domain of the PSAP does not match the stored state
information. information.
,-----------. ,-----------.
+----+ ,' `. +----+ ,' `.
| UA |--- esrp@example.net / Emergency \ | UA |--- esrp@example.net / Emergency \
+----+ \ | Services | +----+ \ | Services |
\ ,-------. | Network | \ ,-------. | Network |
,' `. | | ,' `. | |
/ VoIP \ | +------+ | / VoIP \ | +------+ |
skipping to change at page 6, line 45 skipping to change at page 7, line 48
| | | | | | | |
| | | | | | | |
| | +--+---+ | | | +--+---+ |
+------------+-----+ ESRP | | +------------+-----+ ESRP | |
| +------+ | | +------+ |
| | | |
\ / \ /
`. ,' `. ,'
'----------' '----------'
Figure 2: Example for Multi-Stage Routing. Figure 2: Example for Multi-Stage Routing
3.3. Call Forwarding 3.3. Call Forwarding
Imagine the following case where an emergency call enters an Imagine the following case where an emergency call enters an
emergency network (state.example) via an ESRP but then gets forwarded emergency network (state.example) via an ESRP, but then it gets
to a different emergency services network (in our example to forwarded to a different emergency services network (in our example,
example.net, example.org or example.com). The same considerations to example.net, example.org, or example.com). The same
apply when the police, fire and ambulance networks are part of the considerations apply when the police, fire and, ambulance networks
state.example sub-domains (e.g., police.state.example). are part of the state.example subdomains (e.g.,
police.state.example).
Similar to the previous scenario the problem here is with the wrong Similar to the previous scenario, the wrong state information is
state information being established during the emergency call setup being set up during the emergency call setup procedure. A callback
procedure. A callback would originate in the example.net, would originate in the example.net, example.org, or example.com
example.org or example.com domains whereas the emergency caller's SIP domains whereas the emergency caller's SIP UA or the VoIP outbound
UA or the VoIP outbound proxy has stored state.example. proxy has stored state.example.
,-------. ,-------.
,' `. ,' `.
/ Emergency \ / Emergency \
| Services | | Services |
| Network | | Network |
|(state.example)| |(state.example)|
| | | |
| | | |
| +------+ | | +------+ |
| |PSAP +--+ | | |PSAP +--+ |
| +--+---+ | | | +--+---+ | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| +--+---+ | | | +--+---+ | |
------------------+---+ESRP | | | ------------------+---+ESRP | | |
esrp-a@state.org | +------+ | | esrp-a@state.org | +------+ | |
| | | | | |
| Call Fwd | | | Call Fwd | |
| +-+-+---+ | | +-+-+---+ |
\ | | | / \ | | | /
`. | | | ,' `. | | | ,'
'-|-|-|-' ,-------. '-|-|-|-' ,-------.
Police | | | Fire ,' `. Police | | | Fire ,' `.
+------------+ | +----+ / Emergency \ +------------+ | +----+ / Emergency \
,-------. | | | | Services | ,-------. | | | | Services |
,' `. | | | | Network | ,' `. | | | | Network |
/ Emergency \ | Ambulance | | (Fire) | / Emergency \ | Ambulance | | (Fire) |
| Services | | | | | | | Services | | | | | |
| Network | | +----+ | | +------+ | | Network | | +----+ | | +------+ |
| (Police) | | ,-------. | +----+---+PSAP | | | (Police) | | ,-------. | +----+---+PSAP | |
| | | ,' `. | | +------+ | | | | ,' `. | | +------+ |
| +------+ | | / Emergency \ | | | | +------+ | | / Emergency \ | | |
| |PSAP +----+--+ | Services | | | example.com , | |PSAP +----+--+ | Services | | | example.com ,
| +------+ | | Network | | `~~~~~~~~~~~~~~~ | +------+ | | Network | | `~~~~~~~~~~~~~~~
| | | (Ambulance) | | | | | (Ambulance) | |
| example.net , | | | | example.net , | | |
`~~~~~~~~~~~~~~~ | +------+ | | `~~~~~~~~~~~~~~~ | +------+ | |
| |PSAP +----+ + | |PSAP +----+ +
| +------+ | | +------+ |
| | | |
| example.org , | example.org ,
`~~~~~~~~~~~~~~~ `~~~~~~~~~~~~~~~
Figure 3: Example for Call Forwarding. Figure 3: Example for Call Forwarding
3.4. Network-based Service URN Resolution 3.4. Network-Based Service URN Resolution
The IETF emergency services architecture also considers cases where The IETF emergency services architecture also considers cases where
the resolution from the Service URN to the PSAP URI does not only the resolution from the Service URN to the PSAP URI does not only
happen at the SIP UA itself but at intermediate SIP entities, such as happen at the SIP UA itself but at intermediate SIP entities, such as
the user's VoIP provider. the user's VoIP provider.
Figure 4 shows this message exchange of the outgoing emergency call Figure 4 shows this message exchange of the outgoing emergency call
and the incoming PSAP graphically. While the state information and the incoming PSAP graphically. While the state information
stored at the VoIP provider is correct the state allocated at the SIP stored at the VoIP provider is correct, the state allocated at the
UA is not. SIP UA is not.
,-------.
,' `.
/ Emergency \
| Services |
| Network |
| example.com |
| |
| +------+ | Invite to police@example.com
| |PSAP +<---+------------------------+
| | +----+--------------------+ ^
| +------+ |Invite from | |
| ,police@example.com | |
`~~~~~~~~~~~~~~~ | |
v |
+--------+ Query with location +--+---+-+
| | + urn:service:sos | VoIP |
| LoST |<-----------------------|Service |
| Server | police@example.com |Provider|
| |----------------------->| |
+--------+ +--------+
| ^
Invite| | Invite
from| | to
police@example.com| | urn:service:sos
V |
+-------+ ,-------.
| SIP | ,' `.
| UA | / Emergency \
| Alice | | Services |
+-------+ | Network |
| example.com |
| |
| +------+ | INVITE to police@example.com
| |PSAP +<---+------------------------+
| | +----+--------------------+ ^
| +------+ |INVITE from | |
| ,police@example.com | |
`~~~~~~~~~~~~~~~ | |
v |
+--------+ Query with location +--+---+-+
| | + urn:service:sos | VoIP |
| LoST |<-----------------------|Service |
| Server | police@example.com |Provider|
| |----------------------->| |
+--------+ +--------+
| ^
INVITE| | INVITE
from| | to
police@example.com| | urn:service:sos
V |
+-------+
| SIP |
| UA |
| Alice |
+-------+
Figure 4: Example for Network-based Service URN Resolution. Figure 4: Example for Network-Based Service URN Resolution
3.5. PSTN Interworking 3.5. PSTN Interworking
In case an emergency call enters the PSTN, as shown in Figure 5, In case an emergency call enters the Public Switched Telephone
there is no guarantee that the callback some time later leaves the Network (PSTN), as shown in Figure 5, there is no guarantee that the
same PSTN/VoIP gateway or that the same end point identifier is used callback sometime later leaves the same PSTN/VoIP gateway or that the
in the forward as well as in the backward direction making it same endpoint identifier is used in the forward as well as in the
difficult to reliably detect PSAP callbacks. backward direction making it difficult to reliably detect PSAP
callbacks.
+-----------+ +-----------+
| PSTN |-------------+ | PSTN |-------------+
| Calltaker | | | Calltaker | |
| Bob |<--------+ | | Bob |<--------+ |
+-----------+ | v +-----------+ | v
------------------- -------------------
//// \\\\ +------------+ //// \\\\ +------------+
| | |PSTN / VoIP | | | |PSTN / VoIP |
| PSTN |---->|Gateway | | PSTN |---->|Gateway |
\\\\ //// | | \\\\ //// | |
------------------- +----+-------+ ------------------- +----+-------+
^ | ^ |
| | | |
+-------------+ | +--------+ +-------------+ | +--------+
| | | |VoIP | | | | |VoIP |
| PSTN / VoIP | +->|Service | | PSTN / VoIP | +->|Service |
| Gateway | |Provider| | Gateway | |Provider|
| |<------Invite----| Y | | |<------INVITE----| Y |
+-------------+ +--------+ +-------------+ +--------+
| ^ | ^
| | | |
Invite Invite INVITE INVITE
| | | |
V | V |
+-------+ +-------+
| SIP | | SIP |
| UA | | UA |
| Alice | | Alice |
+-------+ +-------+
Figure 5: Example for PSTN Interworking. Figure 5: Example for PSTN Interworking
Note: This scenario is considered outside the scope of this document. Note: This scenario is considered outside the scope of this document.
The specified solution does not support this use case. The specified solution does not support this use case.
4. SIP PSAP Callback Indicator 4. SIP PSAP Callback Indicator
4.1. General 4.1. General
This section defines a new header field value, called "psap- This section defines a new header field value, called "psap-
callback", for the SIP Priority header field defined in [RFC3261]. callback", for the SIP Priority header field defined in [RFC3261].
The value is used to inform SIP entities that the request is The value is used to inform SIP entities that the request is
associated with a PSAP callback SIP session. associated with a PSAP callback SIP session.
4.2. Usage 4.2. Usage
SIP entities that receive the header field value within an initial SIP entities that receive the header field value within an initial
request for a SIP session can, depending on local policies, apply request for a SIP session can, depending on local policies, apply
PSAP callback specific procedures for the session or request. PSAP callback-specific procedures for the session or request.
The PSAP callback specific procedures may be applied by SIP-based The PSAP callback-specific procedures may be applied by SIP-based
network entities and by the callee. The specific procedures taken network entities and by the callee. The specific actions taken when
when receiving such a PSAP callback marked call, such as bypassing receiving a call marked as a PSAP callback marked call, such as
services and barring procedures, are outside the scope of this bypassing services and barring procedures, are outside the scope of
document. this document.
4.3. Syntax 4.3. Syntax
4.3.1. General 4.3.1. General
This section defines the ABNF for the new SIP Priority header field This section defines the ABNF [RFC5234] for the new SIP Priority
value "psap-callback". header field value "psap-callback".
4.3.2. ABNF 4.3.2. ABNF
priority-value /= "psap-callback" priority-value =/ "psap-callback"
Figure 6: ABNF Figure 6: ABNF
5. Security Considerations 5. Security Considerations
5.1. Security Threat 5.1. Security Threat
The PSAP callback functionality described in this document allows The PSAP callback functionality described in this document allows
marked calls to bypass blacklists, ignore call forwarding procedures marked calls to bypass blacklists and ignore call-forwarding
and other similar features used to raise the attention of emergency procedures and other similar features used to raise the attention of
callers when attempting to contact them. In the case where the SIP emergency callers when attempting to contact them. In the case where
Priority header value, 'psap-callback', is supported by the SIP UA, the SIP Priority header value, "psap-callback", is supported by the
it would override user interface configurations, such as vibrate-only SIP UA, it would override user-interface configurations, such as
mode, to alert the caller of the incoming call. vibrate-only mode, to alert the caller of the incoming call.
5.2. Security Requirements 5.2. Security Requirements
The security threat discussed in Section 5.1 leads to the requirement The security threat discussed in Section 5.1 leads to the requirement
to ensure that the mechanisms described in this document can not be to ensure that the mechanisms described in this document cannot be
used for malicious purposes, including telemarketing. used for malicious purposes, including telemarketing.
Furthermore, if the newly defined extension is not recognized, not Furthermore, if the newly defined extension is not recognized, not
verified adequately, or not obeyed by SIP intermediaries or SIP verified adequately, or not obeyed by SIP intermediaries or SIP
endpoints then it must not lead to a failure of the call handling endpoints, then it must not lead to a failure of the call handling
procedure. Such call must be treated like a call that does not have procedure. Such a call must be treated like a call that does not
any marking attached. have any marking attached.
The indicator described in Section 4 can be inserted by any SIP The indicator described in Section 4 can be inserted by any SIP
entity, including attackers. So it is critical that the indicator entity, including attackers. So it is critical that the indicator
only lead to preferential call treatment in cases where the recipient only lead to preferential call treatment in cases where the recipient
has some trust in the caller, as described in the next section. has some trust in the caller, as described in the next section.
5.3. Security Solution 5.3. Security Solution
The approach for dealing with implementing the security requirements The approach for dealing with the implementation of the security
described in Section 5.2 can be differentiated between the behavior requirements described in Section 5.2 can be differentiated between
applied by the UA and by SIP proxies. A UA that has made an the behavior applied by the UA and by SIP proxies. A UA that has
emergency call MUST keep state information so that it can recognize made an emergency call MUST keep state information so that it can
and accepted a callback from the PSAP if it occurs within a recognize and accept a callback from the PSAP if it occurs within a
reasonable time after an emergency call was placed, as described in reasonable time after an emergency call was placed, as described in
Section 13 of [RFC6443]. Only a timer started at the time when the Section 13 of [RFC6443]. Only a timer started at the time when the
original emergency call has ended is required; information about the original emergency call has ended is required; information about the
calling party identity is not needed since the callback may use a calling party identity is not needed since the callback may use a
different calling party identity, as described in Section 3. Since different calling party identity, as described in Section 3. Since
these SIP UA considerations are described already in [RFC6443] as these SIP UA considerations are described already in [RFC6443] as
well as in [RFC6881] the rest of this section focuses on the behavior well as in [RFC6881] the rest of this section focuses on the behavior
of SIP proxies. of SIP proxies.
Figure 7 shows the architecture that utilizes the identity of the Figure 7 shows the architecture that utilizes the identity of the
PSAP to decide whether a preferential treatment of callbacks should PSAP to decide whether a preferential treatment of callbacks should
be provided. To make this policy decision, the identity of the PSAP be provided. To make this policy decision, the identity of the PSAP
(i.e., calling party identity) is compared with a PSAPs white list. (i.e., calling party identity) is compared with a PSAPs white list.
+----------+ +----------+
| List of |+ | List of |+
| valid || | valid ||
| PSAPs || | PSAPs ||
+----------+| +----------+|
+----------+ +----------+
* *
* white list * white list
* *
V V
Incoming +----------+ Normal
Incoming +----------+ Normal SIP Msg | SIP |+ Treatment
SIP Msg | SIP |+ Treatment -------------->| Entity ||======================>
-------------->| Entity ||======================> + Identity | ||(if not in white list)
+ Identity | ||(if not in white list) Info +----------+|
Info +----------+| +----------+
+----------+ ||
|| ||
|| || Preferential
|| Preferential || Treatment
|| Treatment ++========================>
++========================> (if successfully verified)
(if successfully verified)
Figure 7: Identity-based Authorization Figure 7: Identity-Based Authorization
The identity assurance in SIP can come in different forms, namely via The identity assurance in SIP can come in different forms, namely via
the SIP Identity [RFC4474] or the P-Asserted-Identity [RFC3325] the SIP Identity [RFC4474] or the P-Asserted-Identity [RFC3325]
mechanisms. The former technique relies on a cryptographic assurance mechanisms. The former technique relies on a cryptographic assurance
and the latter on a chain of trust. Also the usage of TLS between and the latter on a chain of trust. Also, the usage of Transport
neighboring SIP entities may provide useful identity information. At Layer Security (TLS) between neighboring SIP entities may provide
the time of writing these identity technologies are being revised in useful identity information. At the time of writing, these identity
the Secure Telephone Identity Revisited (stir) working group [STIR] technologies are being revised in the Secure Telephone Identity
to offer better support for legacy technologies interworking and SIP Revisited (stir) working group [STIR] to offer better support for
intermediaries that modify the content of various SIP headers and the legacy technologies interworking and SIP intermediaries that modify
body. Once the work on these specifications has been completed they the content of various SIP headers and the body. Once the work on
will offer a stronger calling party identity mechanism that limits or these specifications has been completed, they will offer a stronger
prevents identity spoofing. calling party identity mechanism that limits or prevents identity
spoofing.
An important aspect from a security point of view is the relationship An important aspect from a security point of view is the relationship
between the emergency services network (containing the PSAPs) and the between the emergency services network (containing the PSAPs) and the
VoIP provider (assuming that the emergency call travels via the VoIP VoIP provider, assuming that the emergency call travels via the VoIP
provider and not directly between the SIP UA and the PSAP). provider and not directly between the SIP UA and the PSAP.
The establishment of a white list with PSAP identities may be The establishment of a white list with PSAP identities may be
operationally complex and dependent on the relationship between the operationally complex and dependent on the relationship between the
emergency services operator and the VoIP provider. When there is a emergency services operator and the VoIP provider. If there is a
relationship between the VoIP provider and the PSAP operator, for relationship between the VoIP provider and the PSAP operator, for
example when they are both operating in the same geographical region, example, when they are both operating in the same geographical
then populating the white list is fairly simple and consequently the region, then populating the white list is fairly simple and
identification of a PSAP callback is less problematic compared to the consequently the identification of a PSAP callback is less
case where the two entities have never interacted with each other problematic compared to the case where the two entities have never
before. In the end, the VoIP provider has to verify whether the interacted with each other before. In the end, the VoIP provider has
marked callback message indeed came from a legitimate source. to verify whether the marked callback message indeed came from a
legitimate source.
VoIP providers MUST only give PSAP callbacks preferential treatment VoIP providers MUST only give PSAP callbacks preferential treatment
when the calling party identity of the PSAP was successfully matched when the calling party identity of the PSAP was successfully matched
against entries in the white list. If it cannot be verified (because against entries in the white list. If it cannot be verified (because
there was no match),then the VoIP provider MUST remove the PSAP there was no match), then the VoIP provider MUST remove the PSAP
callback marking. Thereby, the callback is degenerated to a normal callback marking. Thereby, the callback reverts to a normal call.
call. As a second step, SIP UAs MUST maintain a timer that is As a second step, SIP UAs MUST maintain a timer that is started with
started with the original emergency call and this timer expires the original emergency call and this timer expires within a
within a reasonable amount of time, such as 30 minutes per [RFC6881]. reasonable amount of time, such as 30 minutes per [RFC6881]. Such a
Such a timer also ensures that VoIP providers cannot misuse the PSAP timer also ensures that VoIP providers cannot misuse the PSAP
callback mechanism, for example to ensure that their support calls callback mechanism, for example, to ensure that their support calls
reaches their customers. reach their customers.
Finally, a PSAP callback MUST use the same media as the original Finally, a PSAP callback MUST use the same media as the original
emergency call. For example, when an initial emergency call emergency call. For example, when an initial emergency call
established a real-time text communication session then the PSAP established a real-time text communication session, then the PSAP
callback must also attempt to establish a real-time communication callback must also attempt to establish a real-time communication
interaction. The reason for this is two-fold. First, the person interaction. The reason for this is twofold. First, the person
seeking for help may have disabilities that prevent them from using seeking help may have disabilities that prevent them from using
certain media and hence using the same media for the callback avoids certain media and hence using the same media for the callback avoids
unpleasant surprises and delays. Second, the emergency caller may unpleasant surprises and delays. Second, the emergency caller may
have intentionally chosen a certain media and does not prefer to have intentionally chosen a certain media and does not prefer to
communicate in a different way. For example, it would be unfortunate communicate in a different way. For example, it would be unfortunate
if a hostage tries to seek for help using instant messaging to avoid if a hostage tries to seek help using instant messaging to avoid any
any noise when subsequently the ring-tone triggered by a PSAP noise when subsequently the ringtone triggered by a PSAP callback
callback using a voice call gets the attention of the hostage-taker. using a voice call gets the attention of the hostage-taker. User-
User interface designs need to cater to such situations. interface designs need to cater to such situations.
6. IANA Considerations 6. IANA Considerations
This document adds the "psap-callback" value to the SIP Priority This document adds the "psap-callback" value to the SIP "Priority
header IANA registry allocated by [RFC6878]. The semantic of the Header Field Values" registry allocated by [RFC6878]. The semantic
newly defined "psap-callback" value is defined in Section 4. of the newly defined "psap-callback" value is defined in Section 4.
7. Acknowledgements 7. Acknowledgements
We would like to thank the following persons for their feedback: Paul We would like to thank the following persons for their feedback:
Kyzivat, Martin Thomson, Robert Sparks, Keith Drage, Cullen Jennings Bernard Aboba, Andrew Allen, John-Luc Bakker, Kenneth Carlberg,
Brian Rosen, Martin Dolly, Bernard Aboba, Andrew Allen, Atle Monrad, Martin Dolly, Keith Drage, Timothy Dwight, John Elwell, Janet Gunn,
John-Luc Bakker, John Elwell, Geoff Thompson, Dan Romascanu, James Cullen Jennings, Hadriel Kaplan, Paul Kyzivat, John Medland, Atle
Polk, John Medland, Hadriel Kaplan, Kenneth Carlberg, Timothy Dwight, Monrad, James Polk, Dan Romascanu, Brian Rosen, Robert Sparks, Geoff
Janet Gunn Thompson, and Martin Thomson.
We would like to thank the ECRIT working group chairs, Marc Linsner We would also like to thank the ECRIT working group chairs, Marc
and Roger Marshall, for their support. Roger Marshall was the Linsner and Roger Marshall, for their support. Roger Marshall was
document shepherd for this document. Vijay Gurbani provided the the document shepherd for this document. Vijay Gurbani provided the
general area review. general area review.
During IESG review the document received good feedback from Barry During IESG review, the document received good feedback from Barry
Leiba, Spencer Dawkins, Richard Barnes, Joel Jaeggli, Stephen Leiba, Spencer Dawkins, Richard Barnes, Joel Jaeggli, Stephen
Farrell, and Benoit Claise. Farrell, and Benoit Claise.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for
Syntax Specifications: ABNF", STD 68, RFC 5234, January
2008.
[RFC5627] Rosenberg, J., "Obtaining and Using Globally Routable User [RFC5627] Rosenberg, J., "Obtaining and Using Globally Routable User
Agent URIs (GRUUs) in the Session Initiation Protocol Agent URIs (GRUUs) in the Session Initiation Protocol
(SIP)", RFC 5627, October 2009. (SIP)", RFC 5627, October 2009.
[RFC6878] Roach, A., "IANA Registry for the Session Initiation [RFC6878] Roach, A., "IANA Registry for the Session Initiation
Protocol (SIP) "Priority" Header Field", RFC 6878, March Protocol (SIP) "Priority" Header Field", RFC 6878, March
2013. 2013.
8.2. Informative References 8.2. Informative References
skipping to change at page 14, line 50 skipping to change at page 17, line 33
[RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, [RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
"Framework for Emergency Calling Using Internet "Framework for Emergency Calling Using Internet
Multimedia", RFC 6443, December 2011. Multimedia", RFC 6443, December 2011.
[RFC6881] Rosen, B. and J. Polk, "Best Current Practice for [RFC6881] Rosen, B. and J. Polk, "Best Current Practice for
Communications Services in Support of Emergency Calling", Communications Services in Support of Emergency Calling",
BCP 181, RFC 6881, March 2013. BCP 181, RFC 6881, March 2013.
[STIR] IETF, "Secure Telephone Identity Revisited (stir) Working [STIR] IETF, "Secure Telephone Identity Revisited (stir) Working
Group", URL: http://datatracker.ietf.org/wg/stir/charter/, Group", http://datatracker.ietf.org/wg/stir/charter/,
Oct 2013. October 2013.
Authors' Addresses Authors' Addresses
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
Department of Computer Science Department of Computer Science
450 Computer Science Building 450 Computer Science Building
New York, NY 10027 New York, NY 10027
US US
Phone: +1 212 939 7004 Phone: +1 212 939 7004
EMail: hgs+ecrit@cs.columbia.edu EMail: hgs+ecrit@cs.columbia.edu
URI: http://www.cs.columbia.edu URI: http://www.cs.columbia.edu
Hannes Tschofenig Hannes Tschofenig
Nokia Solutions and Networks
Linnoitustie 6
Espoo 02600
Finland
Phone: +358 (50) 4871445
EMail: Hannes.Tschofenig@gmx.net EMail: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at URI: http://www.tschofenig.priv.at
Christer Holmberg Christer Holmberg
Ericsson Ericsson
Hirsalantie 11 Hirsalantie 11
Jorvas 02420 Jorvas 02420
Finland Finland
EMail: christer.holmberg@ericsson.com EMail: christer.holmberg@ericsson.com
Milan Patel Milan Patel
InterDigital Communications Huawei Technologies (UK) Co., Ltd.
300 South Oak Way, Green Park
Reading, Berkshire RG2 6UF
U.K.
EMail: Milan.Patel@interdigital.com EMail: Milan.Patel@huawei.com
 End of changes. 76 change blocks. 
371 lines changed or deleted 380 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/