--- 1/draft-ietf-ecrit-requirements-00.txt 2006-02-04 17:19:13.000000000 +0100 +++ 2/draft-ietf-ecrit-requirements-01.txt 2006-02-04 17:19:13.000000000 +0100 @@ -1,19 +1,19 @@ ecrit H. Schulzrinne Internet-Draft Columbia U. -Expires: March 6, 2006 R. Marshall, Ed. +Expires: April 24, 2006 R. Marshall, Ed. TCS - September 2, 2005 + October 21, 2005 Requirements for Emergency Context Resolution with Internet Technologies - draft-ietf-ecrit-requirements-00.txt + draft-ietf-ecrit-requirements-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -24,155 +24,139 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on March 6, 2006. + This Internet-Draft will expire on April 24, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document enumerates requirements for emergency calls placed by the public using voice-over-IP (VoIP) and general Internet multimedia systems, where Internet protocols are used end-to-end. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Basic Actors . . . . . . . . . . . . . . . . . . . . . . . . . 7 4. High-Level Requirements . . . . . . . . . . . . . . . . . . . 10 5. Identifying the Caller Location . . . . . . . . . . . . . . . 12 - 6. Emergency Identifier . . . . . . . . . . . . . . . . . . . . . 13 - 7. Mapping Protocol . . . . . . . . . . . . . . . . . . . . . . . 15 - 8. Emergency Caller Identification . . . . . . . . . . . . . . . 19 - 9. Performance and Reliability Considerations . . . . . . . . . . 20 - 10. Security Considerations . . . . . . . . . . . . . . . . . . . 21 - 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 22 - 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 - 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 - 13.1. Normative References . . . . . . . . . . . . . . . . . . 24 - 13.2. Informative References . . . . . . . . . . . . . . . . . 24 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25 - Intellectual Property and Copyright Statements . . . . . . . . . . 26 + 6. Emergency Identifier . . . . . . . . . . . . . . . . . . . . . 14 + 7. Mapping Protocol . . . . . . . . . . . . . . . . . . . . . . . 16 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 20 + 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 21 + 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 23 + 11.2. Informative References . . . . . . . . . . . . . . . . . 23 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24 + Intellectual Property and Copyright Statements . . . . . . . . . . 25 1. Introduction - Users of voice-centric, (telephone-like) IP-based services expect to - be able to call for emergency help, such as police, the fire - department, or ambulance services, regardless of where they are, what - (if any) service provider they are using, or what type of device they - have. - - Additionally, users of other real-time and near real-time services - (those other than voice) also expect to be able to summon emergency - help. For example, instant messaging (IM) and real time text users - want to have access to the same types of emergency services as - mentioned above. IM and real time text are particularly helpful for - hearing-disabled users, (RFC 3351 [4]), when there is a need for - exactness as for example for spelling out names and addresses and in - cases where bandwidth is scarce. + Users of both voice-centric (telephone-like) and non voice type + services (e.g. text messaging for hearing disabled users, (RFC 3351 + [4]) have an expectation to be able to initiate a request for help in + case of an emergency. - Unfortunately, the mechanisms for emergency calls that have evolved - in the public circuit-switched telephone network (PSTN) are not quite - appropriate for evolving IP-based voice, text and real-time - multimedia communications. This document outlines the key - requirements that end systems and network elements such as SIP - proxies need to satisfy in order to provide emergency call services - which at a minimum, offer the same functionality as existing PSTN - services, with the goal of making emergency calling more robust, - less-costly to implement, and multimedia-capable. + Unfortunately, the existing mechanisms to support emergency calls + that have evolved within the public circuit-switched telephone + network (PSTN), are not appropriate to handle evolving IP-based + voice, text and real-time multimedia communications. This document + outlines the key requirements that IP-based end systems and network + elements, such as SIP proxies, need to satisfy in order to provide + emergency call services, which at a minimum, offer the same + functionality as existing PSTN services, with the additional overall + goal of making emergency calling more robust, less-costly to + implement, and multimedia-capable. This document only focuses on end-to-end IP-based calls, i.e., where the emergency call originates from an IP end system, (Internet device), and terminates to an IP-capable PSAP, done entirely over an IP network. This document outlines the various functional issues which relate to - making an IP-based emergency call, including a description of general - requirements, (Section 4), identification of the emergency caller's - location, (Section 5), use of an emergency identifier to declare a - call to be an emergency call, (Section 6), the mapping function - required to route the call to the appropriate PSAP, (Section 7), and - finally, identifying who placed the call, (Section 8) + making an IP-based emergency call, including a description of + baseline requirements, (Section 4), identification of the emergency + caller's location, (Section 5), use of an emergency identifier to + declare a call to be an emergency call, (Section 6), and finally, the + mapping function required to route the call to the appropriate PSAP, + (Section 7). - Note that location is required for two separate purposes, first, to - route the call to the appropriate PSAP and second, to display the - caller's location to the call taker for help in dispatching emergency + Identification of the caller, while not incompatible with the + requirements for messaging outlined within this document, is not + currently considered within the scope of the ECRIT charter, and is + therefore, left for a future draft to describe. + + Note: Location is required for two separate purposes, first, to route + the call to the appropriate PSAP and second, to display the caller's + location to the call taker for help in dispatching emergency assistance to the correct location. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 [1] and indicate requirement levels for compliant implementations. Since a requirements document does not directly specify a protocol to implement, these compliance labels should be read as indicating requirements for the protocol or architecture, rather than an implementation. For lack of a better term, we will use the term "caller" or "emergency caller" to refer to the person placing an emergency call or sending an emergency IM. - Access Infrastructure Provider (AIP): An organization that provides - physical network connectivity to its customers or users, e.g. - through digital subscriber lines, cable TV plants, Ethernet, - leased lines or radio frequencies. This entity may or may not - also provide IP routing, IP addresses, or other Internet protocol - services. Examples of such organizations include - telecommunication carriers, municipal utilities, larger - enterprises with their own network infrastructure, and government - organizations such as the military. - - address: A description of a location of a person, organization, or - building, most often consisting of numerical and text elements - such as street number, street name, and city arranged in a - particular format. - - Application Service (Voice) Provider (ASP, VSP): The organization - that provides voice or other application-layer services, such as - call routing, a SIP URI or PSTN termination. This organization - can be a private individual, an enterprise, a government or a - service provider. We avoid the term voice service provider, since - emergency calls are sometimes likely to use other media, including - text and video. For a particular user, the ASP may not be the - same organization as the AIP or ISP. + Application Service Provider (ASP): The organization or entity that + provides application-layer services, which may include voice (see + term Voice Service Provider). This entity can be a private + individual, an enterprise, a government, or a service provider. + An ASP is defined as something more general than a Voice Service + Provider, since emergency calls are sometimes likely to use other + media, including text and video. Note: For a particular user, the + ASP may or may not be the same organization as the IAP and/or ISP. Basic Emergency Service: Basic Emergency Service allows a user to reach a PSAP serving its current location, but the PSAP may not be able to determine the identity or geographic location of the caller (except by having the call taker ask the caller). call taker: A call taker is an agent at the PSAP that accepts calls and may dispatch emergency help. (Sometimes the functions of call taking and dispatching are handled by different groups of people, but these divisions of labor are not generally visible to the outside and thus do not concern us here.) civic location: A described location based on some defined grid, such as a jurisdictional, postal, metropolitan, or rural reference system (e.g. street address). + directory service: A network service which uses a distributed + directory protocol to provide information about the PSAP, or + intermediary which knows about the PSAP, and is used to assist in + routing an emergency call. + emergency address: The sip:uri, sips:uri, or tel:uri which represents - the network address of the PSAP useful for the completion of a - VoIP emergency call. + the address of the PSAP useful for the completion of an emergency + call. emergency caller: The user or user device entity which sends his/her location to another entity in the network. emergency identifier: The numerical and/or text identifier which is supplied by a user or a user device, which identifies the call as an emergency call and is translated into an emergency address for call routing and completion. enhanced emergency service: Enhanced emergency services add the @@ -184,245 +168,250 @@ ESRP (Emergency Services Routing Proxy): An ESRP is a call routing entity that invokes the location-to-URL mapping, which in turn may return either the URL for another ESRP or the PSAP. (In a SIP system, the ESRP would typically be a SIP proxy, but could also be a Back-to-back user agent (B2BUA). geographic location: A reference to a locatable point described by a set of defined coordinates within a geographic coordinate system, (e.g. lat/lon within WGS-84 datum) + Internet Attachment Provider (IAP): An organization that provides + physical network connectivity to its customers or users, e.g. + through digital subscriber lines, cable TV plants, Ethernet, + leased lines or radio frequencies. This entity may or may not + also provide IP routing, IP addresses, or other Internet protocol + services. Examples of such organizations include + telecommunication carriers, municipal utilities, larger + enterprises with their own network infrastructure, and government + organizations such as the military. + Internet Service Provider (ISP): An organization that provides IP network-layer services to its customers or users. This entity may or may not provide the physical-layer and layer-2 connectivity, such as fiber or Ethernet. location: A geographic identification assigned to a region or feature based on a specific coordinate system, or by other precise - information such as a street address. In the geocoding process, - the location is defined with an x,y coordinate value according to - the distance north or south of the equator and east or west of the - prime meridian. + information such as a street number and name. In the geocoding + process, the location is defined with an x,y coordinate value + according to the distance north or south of the equator and east + or west of the prime meridian. location validation: A caller location is considered valid if the civic or geographic location is recognizable within an acceptable - location reference systems (e.g. USPS, WGS84, etc.), and can be + location reference systems (e.g. USPS, WGS-84, etc.), and can be mapped to one or more PSAPs. Location validation ensures that a - location is reference able, but makes no assumption about the - association between the caller and the caller's location. + location is able to be referenced for mapping, but makes no + assumption about the association between the caller and the + caller's location. - Mapping: Process of resolving an address to a URI (or multiple URIs). + Mapping: Process of resolving an location to a URI (or multiple + URIs). Mapping Client: A Mapping Client interacts with the Mapping Server to - learn one or multiple URIs for a given address. - - Mapping Server: The Mapping Server holds information about the - address to URI mappings. + learn one or multiple URIs for a given location. - Miniumum Connectivity: A minimum set of [physical, virtual...??] - connectivity between two endpoints. + Mapping Protocol: A protocol used to convey the mapping request and + response. - [Ed. Send additional text.] + Mapping Server: The Mapping Server holds information about the + location to URI mappings. PSAP (Public Safety Answering Point): Physical location where emergency calls are received under the responsibility of a public authority. (This terminology is used by both ETSI, in ETSI SR 002 180, and NENA.) In the United Kingdom, PSAPs are called Operator Assistance Centres, in New Zealand, Communications Centres. Within this document, it is assumed, unless stated otherwise, that PSAP is that which supports the receipt of emergency calls over IP. It is also assumed that the PSAP is reachable by IP-based protocols, such as SIP for call signaling and RTP for media. + Voice Service Provider (VSP): A specific type of Application Service + Provider which provides voice related services based on IP, such + as call routing, a SIP URI, or PSTN termination. + 3. Basic Actors In order to support emergency services covering a large physical area - various infrastructure elements are necessary: Access Infrastructure - Providers, Application (Voice) Service Provider, PSAPs as endpoints + various infrastructure elements are necessary: Internet Attachment + Providers, Application/Voice Service Providers, PSAPs as endpoints for emergency calls, directory services or other infrastructure elements that assist in during the call routing and potentially many other entities. This section outlines which entities will be considered in the routing scenarios discussed. Location Information +-----------------+ - |(1) |Access | +-----------+ - v |Infrastructure | | | + |(1) |Internet | +-----------+ + v |Attachment | | | +-----------+ |Provider | | Directory | - | | | (3) | | | + | | | (3) | | Service | | Emergency |<---+-----------------+-->| | | Caller | | (2) | +-----------+ | |<---+-------+ | ^ +-----------+ | +----|---------+------+ | ^ | | Location | | | | | | Information<-+ | | | +--+--------------+ |(8) | | (5) | | +-----------v+ | | | (4) | |Emergency | | | +--------------+--->|Call Routing|<--+---+ | | |Support | | | | +------------+ | | | ^ | | | (6) | +----+--+ | (7) | +------->| | +--------------+--------------->| PSAP | | | | - |Application +----+--+ - |(Voice) | + |Application/ +----+--+ + |Voice | |Service | |Provider | +---------------------+ Figure 1: Framework Figure 1 shows the interaction between the entities involved in the call. There are a number of different deployment choices, as it can be easily seen from the figure. The following deployment choices need to be highlighted: o How is location information provided to the end host? It might either be known to the end host itself (due to manual configuration or provided via GPS) or available via a third party. Even if location information is known to the network it might be made available to the end host. Alternatively, location information is used as part of call routing and inserted by intermediaries. - o Is the Access Infrastructure Provider also the Application (Voice) + o Is the Internet Attachment Provider also the Application/Voice Service Provider? In the Internet today these roles are typically - provided by different entities. As a consequence, the Application - (Voice) Service Provider is typically not able to learn the physical - location of the Emergency Caller. + provided by different entities. As a consequence, the Application/ + Voice Service Provider is typically not able to learn the physical + location of the emergency caller. Please note that the overlapping squares aim to indicate that certain functionality can be collapsed into a single entity. As an example, - the Application (Voice) Service Provider might be the same entity as - the Access Infrastructure Provider and they might also operate the + the Application/Voice Service Provider might be the same entity as + the Internet Attachment Provider and they might also operate the PSAP. There is, however, no requirement that this must be the case. Additionally it is worth pointing out that end systems might be its own VSP, e.g., for enterprises or residential users. Below, we describe various interactions between the entities shown in Figure 1 are described: o (1) Location information might be available to the end host itself. o (2) Location information might, however, also be obtained from the - Access Infrastructure Provider (e.g., using DHCP or application layer + Internet Attachment Provider (e.g., using DHCP or application layer signaling protocols). - o (3) The Emergency Caller might need to consult a directory to - determine the PSAP that is appropriate for the physical location of - the emergency caller (and considering other attributes such as a + o (3) The Emergency Caller might need to consult a directory service + to determine the PSAP that is appropriate for the physical location + of the emergency caller (and considering other attributes such as a certain language support by the Emergency Call Takers). o (4) The Emergency Caller might get assistance for emergency call routing by infrastructure elements (referred as Emergency Call Routing Support entities). In case of SIP these entities are proxies. o (5) Individual Emergency Call Routing Support entities might need - to consult a directory to determine where to route the emergency - call. + to consult a directory servic to determine where to route the + emergency call. o (6) The Emergency Call Routing Support entities need to finally forward the call, if infrastructure based emergency call routing is used. o (7) The emergency caller might interact directly with the PSAP without any Emergency Call Routing Support entities. 4. High-Level Requirements Below, we summarize high-level architectural requirements that guide some of the component requirements detailed later in the document. - R1. Application Service Provider: The existence of an Application + Re1. Application Service Provider: The existence of an Application Service Provider (ASP) MUST NOT be assumed. - Motivation: The caller may not have a application (voice) service + Motivation: The caller may not have a application/voice service provider. For example, a residence may have its own DNS domain and run its own SIP proxy server for that domain. On a larger scale, a university might provide voice services to its students and staff, but not be a telecommunication provider. - R2. International: The protocols and protocol extensions developed + Re2. International: The protocols and protocol extensions developed MUST support regional, political and organizational differences. Motivation: It must be possible for a device or software developed or purchased in one country to place emergency calls in another country. System components should not be biased towards a particular set of emergency numbers or languages. Also, different countries have evolved different ways of organizing emergency services, e.g. either centralizing them or having smaller regional subdivisions such as United States counties or municipalities handle emergency calls. - R3. Distributed Administration: Deployment of emergency services + Re3. Distributed Administration: Deployment of emergency services MUST NOT depend on a sole central administration authority. Motivation: Once common standards are established, it must be possible to deploy and administer emergency calling features on a regional or national basis without requiring coordination with other regions or nations. The system cannot assume, for example, that there is a single global entity issuing certificates for - PSAPs, ASPs, AIPs or other participants. + PSAPs, ASPs, IAPs or other participants. - R4. Multiple Modes: Multiple communication modes, such as audio, + Re4. Multiple Modes: Multiple communication modes, such as audio, video and text messaging MUST be supported. Motivation: In PSTN, voice and text telephony (often called TTY or textphone in North America ) are the only commonly supported media. Emergency calling must support a variety of media. Such media should include voice, conversational text (RFC 4103 [6]), instant messaging and video. - R5. Minimum Connectivity: An emergency call SHOULD succeed as long - as there is a working network path between the caller and the - PSAP. In particular, reliance during call set-up and calls on - entities and network paths that are located elsewhere should be - minimized. - - Example: A caller in New York who needs to contact a PSAP in the - same city shouldn't have to get information from some entity in - Texas to make that call, as the call would then fail if the New - York to Texas path is unavailable. (To avoid this, the caller - could, for example, have cached mapping information, use a local - server that has the necessary information, or use other mechanisms - to avoid such off-path dependencies.) + Re5. Alternate Mapping Sources: The mapping protocol SHOULD allow + for alternative redundant sources of mapping information, possibly + of different degrees of currency. - [Ed. Added a skeleton definintion of "minimum connectivity" to - terms section (per ietf63 ecrit meeting minutes note), but still - no resolution for the above.] + Motivation: This provides the possibility of having available + alternative sources of mapping information when the normal source + is unavailable or unreachable, without specifying the means by + which the alternative source is created or updated. - R6. Incremental Deployment: The ECRIT mapping protocol MUST return - URIs that are useable by a standard signaling protocol (i.e., + Re6. Incremental Deployment: The ECRIT mapping protocol MUST return + URIs that are usable by a standard signaling protocol (i.e., without special emergency extensions) unless an error is returned. Motivation: The format of the output returned by the mapping protocol is in a standard format for communication protocol. For example, it should return something SIP specific (e.g. URI), that any SIP capable phone would be able to use if used in a SIP context. Special purpose URIs would not be understood by "legacy" SIP devices since they do not have knowledge about the mapping protocol, and therefore are not to be used. - R7. Relay Services: It SHOULD be possible to involve relay services - in the call for translation between different modes. + Re7. Relay Services: It SHOULD be possible to involve relay + services in the call for translation between different modes. Motivation: It should be possible to connect the relay service so that the direct flow of media to the emergency service is maintained. In addition, it should be possible to convey telemetry data, such as data from automobile crash sensors. - D1. PSAP Identification: The mapping information MUST be available + Re8. PSAP Identification: The mapping information MUST be available without having to enroll with a service provider. Motivation: The mapping server may well be operated by a service provider, but access to the server offering the mapping must not require use of a specific ISP or VSP. 5. Identifying the Caller Location Location can either be provided directly, or by reference, and represents either a civic location, or as a geographic location. How @@ -435,367 +424,371 @@ announcements (LLDP). UA-referenced: The caller's user agent provides a reference, via a permanent or temporary identifier, to the location which is stored by a location service somewhere else and then retrieved by the PSAP. Proxy-inserted: A proxy along the call path inserts the location or location reference. - L6. Validation of civic location: It MUST be possible to validate an - address prior to its use in an actual emergency call. + Lo1. Validation of civic location: It MUST be possible to validate + an civic location prior to its use in an actual emergency call. - Motivation: Location validation refers to a process to determine - whether or not a given civic location is valid or not. + Motivation: Location validation provides an opportunity to help + assure ahead of time, whether successful mapping to the + appropriate PSAP will likely occur when it is required. + Validation may also help to avoid delays during emergency call + setup due to invalid locations. - L10. Preferred datum: The preferred coordinate reference system for - emergency calls MUST be WGS-84. + Lo2.: Validation of a civic location MUST NOT be required to enable + any feature that is part of the emergency call process. - L28. Location Provided: An Emergency Services Routing Proxy (ESRP) + Motivation: In some cases, (based on a variety of factors), a + civic location may not be considered valid. This fact should not + result in the call being dropped or rejected by any entity along + the signaling path to the PSAP. + + Lo3. Reference Datum: The mapping server MUST understand WGS-84 + coordinate reference system and may understand other reference + systems. + + Lo4. Location Provided: An Emergency Services Routing Proxy (ESRP) MUST NOT remove location information after performing location based routing. Motivation: The ESRP and the PSAP use the same location information object but for a different purpose. Therefore, the PSAP still requires the receipt of information which represents the end device's location. - L29.: Validation of civic addresses MUST NOT be required to enable - any feature that is part of the emergency call process. - - Motivation: Emergency routing protocols must take into account - location based on a variety of forms and formats, (e.g. civic - address, MSAG, USPS, lat/lon, etc.) and be able to perform - adequate PSAP routing for the context in which the call is - initiated. - 6. Emergency Identifier - A1a. Universal Identifier - Setup: One or more universal emergency + Id1. Universal Identifier - Setup: One or more universal emergency identifiers MUST be recognized by any device or network element for call setup purposes Motivation: There must be some way for any device or element to recognize an emergency call throughout the call setup. This is regardless of the device location, the application (voice) service provider used (if any at all), or of any other factor. Examples of these might include: 911, 112, and sos.*. - A1b. Universal Identifier - Mapping: One or more universal emergency - identifiers MUST be recognized by any device or network element to - support mapping. + Id2. Universal Identifier Resolution: Where multiple emergency + service types exist, it MUST be possible to treat each emergency + identifier separately, based on the specific type of emergency + help requested. - Motivation: Mapping must be made to work under all circumstances, - by any network element or device. This is regardless of the - device location, the application (voice) service provider used (if - any at all), or of any other factor. Examples of these might - include: 911, 112, and sos.*. + Motivation: Some jurisdictions may have multiple types of + emergency services available at the same level, (e.g. fire, + police, ambulance), in which case it is important that any one + could be selected directly. - A1c. Emergency Marking: Emergency requests which are not already - marked as emergency calls, MUST be recognizable and marked by user - agents, proxies, and other network elements as emergency calls. + Id3. Emergency Marking: Any device in the signaling path that + recognizes by some means that the signaling is associated with an + emergency call MUST add the emergency indication called for in A1a + to the signaling before forwarding it. This marking mechanism + must be different than QoS marking. - Motivation: SIP and other call signaling protocols are not - specific to one country or service provider and devices are likely - to be used across national or service provider boundaries. Since - services such as disabling mandatory authentication for emergency - calls requires the cooperation of outbound proxies, the outbound - proxy has to be able to recognize the emergency address and be - assured that it will be routed as an emergency call. A universal - address also makes it possible to create user interface elements - that are correctly configured without user intervention. UA - features could be made to work without such an identifier, but the - user interface would then have to provide an unambiguous way to - declare a particular call an emergency call. + Motivation: Marking ensures proper handling as an emergency call + by downstream elements that may not recognize, for example, a + local variant of a logical emergency address (see requirement + A4+). - A3. Recognizable: Emergency calls MUST be recognizable by user - agents, proxies and other network elements. + Id4. Emergency Identifier-based Marking: User agents, proxies, and + other network elements that process signaling associated with + emergency calls SHOULD be configured to recognize a reasonable + selection of logical emergency identifiers (described in + requirements below) as a means to initiate emergency marking. - Motivation: To prevent fraud, an address identified as an - emergency number for call features or authentication override MUST - also cause routing to a PSAP. + Motivation: Since user devices roam, emergency identifiers may + vary from region to region. It is therefore important that a + network entity be able to perform mapping and/or call routing + within the context of its own point of origin rather than relying + on non-local logical emergency identifiers as the only basis for + emergency marking of calls. - A4. Minimal configuration: Any local emergency identifiers SHOULD be - configured automatically, without user intervention. + Id5. Prevention of Fraud: A call identified as an emergency call or + marked as such in accordance with the above requirements for + marking MUST be routed to a PSAP. + + Motivation: this prevents use of the emergency call indication to + gain access to call features or authentication override for non- + emergency purposes. + + Id6. Minimal configuration: Any local emergency identifiers SHOULD + be configured automatically, without user intervention. Motivation: A new UA "unofficially imported" into an organization from elsewhere should have the same emergency capabilities as one officially installed. -7. Mapping Protocol + Id7. Emergency Identifier Replacement: For each signaling protocol + that can be used in an emergency call, reserved identifiers SHOULD + be allowed to replace the original emergency identifier, based on + local conventions, regulations, or preference (e.g. as in the case + of an enterprise). - There are two approaches for triggering the mapping protocol: caller- - based, or mediated. + Motivation: Any signalling protocol requires the use of some + identifier to indicate the called party, and the user terminal may + lack the capability to determine the actual emergency address + (PSAP uri). The use of local conventions may be required as a + transition mechanism. Note: Such use complicates international + movement of the user terminal, and evolution to a standardized + universal emergency identifier or set of identifiers is preferred. - From the previous section, we take the requirement of a single (or a - small number of) emergency addresses which are independent of the - caller's location. However, since for reasons of robustness, - jurisdictional and local knowledge, and since PSAPs only serve a - limited geographic region, having the call reach the appropriate PSAP - is crucial. +7. Mapping Protocol - There appears to be two basic architectures for translating an + Given the requirement from the previous section, that of a single (or + small number of) emergency identifier(s) which are independent of the + caller's location, and since PSAPs only serve a limited geographic + region, and for reasons of jurisdictional and local knowledge, having + the call reach the appropriate PSAP based on a mapping protocol, is + crucial. + + There are two basic architectures described for translating an emergency identifier into the appropriate PSAP emergency address. We - refer to these as caller-based and mediated. In caller-based - resolution, the caller's user agent consults a directory and - determines the appropriate PSAP based on its location. + refer to these as caller-based and mediated. + + For caller-based resolution, the caller's user agent consults a + mapping service to determine the appropriate PSAP based on the + location provided. The resolution may take place well before the + actual emergency call is placed, or at the time of the call. For mediated resolution, a call signaling server, such as a SIP - (outbound) proxy or redirect server performs this function. Note - that the latter case includes the architecture where the call is + (outbound) proxy or redirect server performs this function (a request + for mapping) by invoking the mapping protocol. + + Note that this case relies on an architecture where the call is effectively routed to a copy of the database, rather than having some - non-SIP protocol query the database. Since servers may be used as - outbound proxy servers by clients that are not in the same geographic - area as the proxy server, any proxy server has to be able to - translate any caller location to the appropriate PSAP. (A traveler - may, for example, accidentally or intentionally configure its home - proxy server as its outbound proxy server, even while far away from - home.) + non-SIP protocol query the database. - The resolution may take place well before the actual emergency call - is placed, or at the time of the call. + Since servers may be used as outbound proxy servers by clients that + are not in the same geographic area as the proxy server, any proxy + server has to be able to translate any caller location to the + appropriate PSAP. (A traveler may, for example, accidentally or + intentionally configure its home proxy server as its outbound proxy + server, even while far away from home.) The problem at hand is more difficult to resolve than that for traditional web or email services. In this case, the emergency caller only dialed an emergency identifier, and depending on the location, any one of several thousand PSAPs around the world could be - appropriate PSAP. In addition, the caller probably does not care - which specific PSAP answers the call, but rather that it be an - accredited PSAP, e.g. one run by the local government authorities. - (Many PSAPs are run by private entities. For example, universities - and corporations with large campuses often have their own emergency - response centers.) - I1. Appropriate PSAP: Calls MUST be routed to the PSAP responsible - for this particular geographic area. + appropriate PSAP. In addition, there may be a finer resolution of + routing (which the caller isn't aware of), which results in a + particular "accredited" PSAP (i.e. one run by local authorities) + answering to call. (Many PSAPs are run by private entities. For + example, universities and corporations with large campuses often have + their own emergency response centers.) + Ma1. Appropriate PSAP: Calls MUST be routed to the PSAP responsible + for this particular geographic area. In particular, the location + determination should not be fooled by the location of IP telephony + gateways or dial-in lines into a corporate LAN (and dispatch + emergency help to the gateway or campus, rather than the caller), + multi-site LANs and similar arrangements. - Motivation: In particular, the location determination should not - be fooled by the location of IP telephony gateways or dial-in - lines into a corporate LAN (and dispatch emergency help to the - gateway or campus, rather than the caller), multi-site LANs and - similar arrangements. + Motivation: Routing to the wrong PSAP will result in delays in + handling emergencies as calls are redirected, and result in + inefficient use of PSAP resources at the initial point of contact. - I3. Mapping redirection: The mapping protocol MUST support - redirection functionality. + Ma2. Mapping redirection: The mapping protocol MUST support + redirection functionality, since in some cases, an initial mapping + may provide a single URL for a large geographic area. Redirection + is needed to then re-invokes the mapping protocol on a different + database to obtain another URL for an more resolute ESRP or PSAP, + which covers a smaller area. - Motivation: In some cases, an initial mapping may provide a single - URL for a large geographic area. The ESRP identified by that URL - then re-invokes the mapping protocol on a different database to - obtain another URL for an ESRP or PSAP covering a smaller area. + Motivation: The more local the mapping output is, the more + favourable (in most cases) the likely outcome will be for the + emergency caller. - D5. Minimal additional delay: The execution of the mapping protocol + Ma3. Minimal additional delay: The execution of the mapping protocol SHOULD minimize the amount of additional delay to the overall call-setup time. Motivation: Since outbound proxies will likely be asked to resolve the same geographic coordinates repeatedly, a suitable time- limited caching mechanism should be supported. - D7. Referral: The mapping client MUST be able to contact any server + Ma4. Referral: The mapping client MUST be able to contact any server and be referred to another server that is more qualified to answer the query. Motivation: This requirement alleviates the potential for incorrect configurations to cause calls to fail, particularly for caller-based queries. - I4. Return multiple PSAPs: The mapping protocol MUST be able to + Ma5. The mapping protocol MUST allow a response to carry multiple + URIs. + + Motivation: In response to a mapping request, a server will + normally provide a URI or set of URIs for contacting the + appropriate PSAP. + + Ma6. The mapping protocol MUST be able to return a URI or contact + method explicitly marked as an alternate contact. + + Motivation: In response to a mapping request, if an expected URI + is unable to be returned, then mapping server may return an + alternate URI. When and how this would be used will be described + in an operational document. + + Ma7. Multiple PSAP uri's: The mapping protocol MUST be able to return multiple URLs for different PSAPs that cover the same area. - The mapping protocol must provide additional information that - allows the querying entity to determine relevant properties of the - URL. + Ma8. URL properties: The mapping protocol must provide additional + information that allows the querying entity to determine relevant + properties of the URL. Motivation: In some cases, the same geographic area is served by several PSAPs, for example, a corporate campus might be served by both a corporate security department and the municipal PSAP. The mapping protocol should then return URLs for both, with information allowing the querying entity to choose one or the other. This determination could be made by either an ESRP, based on local policy, or by direct user choice, in the case of caller- based trigger methods. - I7. Traceable resolution: The entity requesting mapping SHOULD be + Ma9. Traceable resolution: The entity requesting mapping SHOULD be able to determine the entity or entities who provided the emergency address resolution information. - I8. Resilience against server failure: A client MUST be able to fail - over to another replica of the mapping server, so that a failure - of a server does not endanger the ability to perform the mapping. + Motivation: To provide operational traceability in case of errors. - I10. Incrementally deployable: The mapping function MUST be capable + Ma10. Resilience against server failure: A client MUST be able to + fail over to another replica of the mapping server, so that a + failure of a server does not endanger the ability to perform the + mapping. + + Ma11. Incrementally deployable: The mapping function MUST be capable of being deployed incrementally. - It must not be necessary, for example, to have a global street - level database before deploying the system. It is acceptable to - have some misrouting of calls when the database does not (yet) - contain accurate boundary information. + Motivation: It must not be necessary, for example, to have a + global street level database before deploying the system. It is + acceptable to have some misrouting of calls when the database does + not (yet) contain accurate boundary information. - I13. Verify mapping support: The mapping protocol SHOULD support the - ability for a requesting entity to verify that mapping services - are available for a referenced location. + Ma12. Verify mapping support: The mapping protocol SHOULD support + the ability for a requesting entity to verify that mapping + services are available for a referenced location. Motivation: It should be possible to make sure ahead of time, that requests for emergency services will work when needed. - I25. Mapping requested from anywhere: The mapping protocol MUST be + Ma13. Mapping requested from anywhere: The mapping protocol MUST be able to provide the mapping regardless of where the mapping client is located, either geographically or by network location. Motivation: The mapping client, (such as the ESRP), may not necessarily be anywhere close to the caller or the appropriate PSAP, but must still be able to obtain a mapping. - I31: The mapping protocol MUST allow a response to carry multiple - URIs. - - Motivation: In response to a mapping request, a server will - normally provide a URI or set of URIs for contacting the - appropriate PSAP. - - I31b: The mapping protocol MUST be able to return a URI or contact - method explicitly marked as an alternate contact. - - Motivation: In response to a mapping request, if an expected URI - is unable to be returned, then mapping server may return an - alternate URI. When and how this would be used will be described - in an operational document. - - I39. Location Updates: It SHOULD be possible to have updates of + Ma14. Location Updates: It SHOULD be possible to have updates of location. - Motivation: Updated location information may change call routing, - (some device measurement techniques provide quick (i.e. early), - but imprecise "first fix" location). + Motivation: Updated location information may have an impact on + PSAP routing. In some cases it may be possible to redirect that + call to a more appropriate PSAP (some device measurement + techniques provide quick (i.e. early), but imprecise "first fix" + location). - I40. The mapping protocol MUST be extensible to allow for the - inclusion of new location fields. + Ma15. Extensible Protocol The mapping protocol MUST be extensible to + allow for the inclusion of new location fields. Motivation: This is needed, for example, to accommodate future extensions to location information that might be included in the PIDF-LO (I-D.ietf-geopriv-pidf-lo-03 [2]) - I41. Split responsibility: The mapping protocol MUST allow that - within a single level of the civic address hierarchy, multiple + Ma16. Split responsibility: The mapping protocol MUST allow that + within a single level of the civic location hierarchy, multiple mapping servers handle subsets of the data elements. Motivation: For example, two directories for the same city or county may handle different streets within that city or county. - I42. The mapping function MUST be able to be invoked at any time, + Ma17. The mapping function MUST be able to be invoked at any time, including while an emergency call is in process. - D9. Baseline query protocol: A mandatory-to-implement protocol MUST - be specified. + Ma18. Baseline query protocol: A mandatory-to-implement protocol + MUST be specified. Motivation: An over-abundance of similarly-capable choices appears undesirable for interoperability. -8. Emergency Caller Identification - - TEXT REQUESTED - - [Ed. This section was never here, but was requested (H. - Schulzrinne, 8/09/05 email.).] - -9. Performance and Reliability Considerations - - Baseline performance and reliability requirements, while tend to be - more of an implementation related set of issues, should still be - discussed some within the context of basic requirements for the - protocol. Therefore, some suggested values relating to portions of - the routing protocol are provided. - - Latency to ring-tone It is recommended that a session setup interval - be no more than 2 seconds, 68% (1-sigma) of the time, 4 seconds - for 95% (2-sigma), and 8 seconds for 99% (3-sigma), for the - interval of time between when the session is initiated, until the - time that the signaling "ring-tone" is received by the initiator. - - [Ed. Not sure if the inclusion of this here is warranted. May - still be controversial.] - - Latency to operator It is recommended that a session setup interval - be no more than 6 seconds, 68% (1-sigma) of the time, 8 seconds - for 95% (2-sigma), and 10 seconds for 99% (3-sigma), for the - interval of time between when the session is initiated, until the - time that the signaling is received by the operator. - - [Ed. same comment as above.] - -10. Security Considerations +8. Security Considerations Note: Security Considerations are referenced in the ECRIT security document [3]. -11. Contributors +9. Contributors The information contained in this document is a result of a joint effort based on individual contributions by those involved in the ECRIT WG. The contributors include Nadine Abbott, Hideki Arai, Martin Dawson, Motoharu Kawanishi, Brian Rosen, Richard Stastny, Martin Thomson, James Winterbottom. The contributors can be reached at: Nadine Abbott nabbott@telcordia.com Hideki Arai arai859@oki.com - Martin Dawson mdawson@nortelnetworks.com + Martin Dawson Martin.Dawson@andrew.com Motoharu Kawanishi kawanishi381@oki.com Brian Rosen br@brianrosen.net Richard Stastny Richard.Stastny@oefeg.at - Martin Thomson marthom@nortelnetworks.com + Martin Thomson Martin.Thomson@andrew.com - James Winterbottom winterb@nortelnetworks.com + James Winterbottom James.Winterbottom@andrew.com -12. Acknowledgments +10. Acknowledgments - We would like to thank James Polk, Ted Hardie and Andrew Newton for + We would like to thank Michael Hammer, Ted Hardie, Marc Linsner, + Andrew Newton, James Polk, Tom Taylor, and Hannes Tschofenig for their input. -13. References +11. References -13.1. Normative References +11.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Peterson, J., "A Presence-based GEOPRIV Location Object Format", draft-ietf-geopriv-pidf-lo-03 (work in progress), September 2004. [3] Tschofenig, H., "Security Threats and Requirements for Emergency Calling", draft-tschofenig-ecrit-security-threats-01 (work in progress), July 2005. -13.2. Informative References +11.2. Informative References [4] Charlton, N., Gasson, M., Gybels, G., Spanner, M., and A. van Wijk, "User Requirements for the Session Initiation Protocol (SIP) in Support of Deaf, Hard of Hearing and Speech-impaired Individuals", RFC 3351, August 2002. [5] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and J. Polk, "Geopriv Requirements", RFC 3693, February 2004. [6] Hellstrom, G. and P. Jones, "RTP Payload for Text Conversation", RFC 4103, June 2005. [7] Wijk, A., "Framework of requirements for real-time text - conversation using SIP", draft-ietf-sipping-toip-02 (work in - progress), August 2005. + conversation using SIP", draft-ietf-sipping-toip-03 (work in + progress), September 2005. Authors' Addresses Henning Schulzrinne Columbia University Department of Computer Science 450 Computer Science Building New York, NY 10027 US