ecrit H. Schulzrinne Internet-Draft Columbia U. Expires:
March 6,April 24, 2006 R. Marshall, Ed. TCS September 2,October 21, 2005 Requirements for Emergency Context Resolution with Internet Technologies draft-ietf-ecrit-requirements-00.txtdraft-ietf-ecrit-requirements-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 6,April 24, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document enumerates requirements for emergency calls placed by the public using voice-over-IP (VoIP) and general Internet multimedia systems, where Internet protocols are used end-to-end. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Basic Actors . . . . . . . . . . . . . . . . . . . . . . . . . 7 4. High-Level Requirements . . . . . . . . . . . . . . . . . . . 10 5. Identifying the Caller Location . . . . . . . . . . . . . . . 12 6. Emergency Identifier . . . . . . . . . . . . . . . . . . . . . 1314 7. Mapping Protocol . . . . . . . . . . . . . . . . . . . . . . . 1516 8. Emergency Caller Identification . . . . . . . . . . . . . . . 19 9. Performance and Reliability Considerations . . . . . . . . . . 20 10.Security Considerations . . . . . . . . . . . . . . . . . . . 21 11.20 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 22 12.21 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 13.22 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 13.1.23 11.1. Normative References . . . . . . . . . . . . . . . . . . 24 13.2.23 11.2. Informative References . . . . . . . . . . . . . . . . . 2423 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 2524 Intellectual Property and Copyright Statements . . . . . . . . . . 2625 1. Introduction Users of voice-centric,both voice-centric (telephone-like) IP-based services expect to be able to call for emergency help, such as police, the fire department, or ambulance services, regardless of where they are, what (if any) service provider they are using, or what type of device they have. Additionally, users of other real-time and near real-time services (those other than voice) also expect to be able to summon emergency help. For example, instant messaging (IM)and real time text users want to have access to the same types of emergencynon voice type services as mentioned above. IM and real time(e.g. text are particularly helpfulmessaging for hearing-disabledhearing disabled users, (RFC 3351 ), when there is) have an expectation to be able to initiate a needrequest for exactness as for example for spelling out names and addresses andhelp in cases where bandwidth is scarce.case of an emergency. Unfortunately, the existing mechanisms forto support emergency calls that have evolved inwithin the public circuit-switched telephone network (PSTN)(PSTN), are not quiteappropriate forto handle evolving IP-based voice, text and real-time multimedia communications. This document outlines the key requirements that IP-based end systems and network elementselements, such as SIP proxiesproxies, need to satisfy in order to provide emergency call servicesservices, which at a minimum, offer the same functionality as existing PSTN services, with the additional overall goal of making emergency calling more robust, less-costly to implement, and multimedia-capable. This document only focuses on end-to-end IP-based calls, i.e., where the emergency call originates from an IP end system, (Internet device), and terminates to an IP-capable PSAP, done entirely over an IP network. This document outlines the various functional issues which relate to making an IP-based emergency call, including a description of generalbaseline requirements, (Section 4), identification of the emergency caller's location, (Section 5), use of an emergency identifier to declare a call to be an emergency call, (Section 6), and finally, the mapping function required to route the call to the appropriate PSAP, (Section 7), and finally, identifying who placed7). Identification of the call, (Section 8) Note that locationcaller, while not incompatible with the requirements for messaging outlined within this document, is not currently considered within the scope of the ECRIT charter, and is therefore, left for a future draft to describe. Note: Location is required for two separate purposes, first, to route the call to the appropriate PSAP and second, to display the caller's location to the call taker for help in dispatching emergency assistance to the correct location. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119  and indicate requirement levels for compliant implementations. Since a requirements document does not directly specify a protocol to implement, these compliance labels should be read as indicating requirements for the protocol or architecture, rather than an implementation. For lack of a better term, we will use the term "caller" or "emergency caller" to refer to the person placing an emergency call or sending an emergency IM. Access InfrastructureApplication Service Provider (AIP): An(ASP): The organization or entity that provides physical network connectivity to its customers or users, e.g. through digital subscriber lines, cable TV plants, Ethernet, leased lines or radio frequencies.application-layer services, which may include voice (see term Voice Service Provider). This entity maycan be a private individual, an enterprise, a government, or may not also provide IP routing, IP addresses, or other Internet protocol services. Examples of such organizations include telecommunication carriers, municipal utilities, larger enterprises with their own network infrastructure, and government organizations such as the military. address: A description of a location ofa person, organization, or building, most often consisting of numerical and text elements suchservice provider. An ASP is defined as street number, street name, and city arranged insomething more general than a particular format. ApplicationVoice Service (Voice) Provider (ASP, VSP): The organization that provides voice or other application-layer services, such as call routing, a SIP URI or PSTN termination. This organization can be a private individual, an enterprise, a government or a service provider. We avoid the term voice service provider,Provider, since emergency calls are sometimes likely to use other media, including text and video. Note: For a particular user, the ASP may or may not be the same organization as the AIP orIAP and/or ISP. Basic Emergency Service: Basic Emergency Service allows a user to reach a PSAP serving its current location, but the PSAP may not be able to determine the identity or geographic location of the caller (except by having the call taker ask the caller). call taker: A call taker is an agent at the PSAP that accepts calls and may dispatch emergency help. (Sometimes the functions of call taking and dispatching are handled by different groups of people, but these divisions of labor are not generally visible to the outside and thus do not concern us here.) civic location: A described location based on some defined grid, such as a jurisdictional, postal, metropolitan, or rural reference system (e.g. street address). directory service: A network service which uses a distributed directory protocol to provide information about the PSAP, or intermediary which knows about the PSAP, and is used to assist in routing an emergency call. emergency address: The sip:uri, sips:uri, or tel:uri which represents the networkaddress of the PSAP useful for the completion of a VoIPan emergency call. emergency caller: The user or user device entity which sends his/her location to another entity in the network. emergency identifier: The numerical and/or text identifier which is supplied by a user or a user device, which identifies the call as an emergency call and is translated into an emergency address for call routing and completion. enhanced emergency service: Enhanced emergency services add the ability to identify the caller identity and/or caller location to basic emergency services. (Sometimes, only the caller location may be known, e.g. from a public access point that is not owned by an individual.) ESRP (Emergency Services Routing Proxy): An ESRP is a call routing entity that invokes the location-to-URL mapping, which in turn may return either the URL for another ESRP or the PSAP. (In a SIP system, the ESRP would typically be a SIP proxy, but could also be a Back-to-back user agent (B2BUA). geographic location: A reference to a locatable point described by a set of defined coordinates within a geographic coordinate system, (e.g. lat/lon within WGS-84 datum) Internet Attachment Provider (IAP): An organization that provides physical network connectivity to its customers or users, e.g. through digital subscriber lines, cable TV plants, Ethernet, leased lines or radio frequencies. This entity may or may not also provide IP routing, IP addresses, or other Internet protocol services. Examples of such organizations include telecommunication carriers, municipal utilities, larger enterprises with their own network infrastructure, and government organizations such as the military. Internet Service Provider (ISP): An organization that provides IP network-layer services to its customers or users. This entity may or may not provide the physical-layer and layer-2 connectivity, such as fiber or Ethernet. location: A geographic identification assigned to a region or feature based on a specific coordinate system, or by other precise information such as a street address.number and name. In the geocoding process, the location is defined with an x,y coordinate value according to the distance north or south of the equator and east or west of the prime meridian. location validation: A caller location is considered valid if the civic or geographic location is recognizable within an acceptable location reference systems (e.g. USPS, WGS84,WGS-84, etc.), and can be mapped to one or more PSAPs. Location validation ensures that a location is reference able,able to be referenced for mapping, but makes no assumption about the association between the caller and the caller's location. Mapping: Process of resolving an addresslocation to a URI (or multiple URIs). Mapping Client: A Mapping Client interacts with the Mapping Server to learn one or multiple URIs for a given address.location. Mapping Protocol: A protocol used to convey the mapping request and response. Mapping Server: The Mapping Server holds information about the addresslocation to URI mappings. Miniumum Connectivity: A minimum set of [physical, virtual...??] connectivity between two endpoints. [Ed. Send additional text.]PSAP (Public Safety Answering Point): Physical location where emergency calls are received under the responsibility of a public authority. (This terminology is used by both ETSI, in ETSI SR 002 180, and NENA.) In the United Kingdom, PSAPs are called Operator Assistance Centres, in New Zealand, Communications Centres. Within this document, it is assumed, unless stated otherwise, that PSAP is that which supports the receipt of emergency calls over IP. It is also assumed that the PSAP is reachable by IP-based protocols, such as SIP for call signaling and RTP for media. 3. Basic Actors In order to support emergencyVoice Service Provider (VSP): A specific type of Application Service Provider which provides voice related services based on IP, such as call routing, a SIP URI, or PSTN termination. 3. Basic Actors In order to support emergency services covering a large physical area various infrastructure elements are necessary: Access InfrastructureInternet Attachment Providers, Application (Voice)Application/Voice Service Provider,Providers, PSAPs as endpoints for emergency calls, directory services or other infrastructure elements that assist in during the call routing and potentially many other entities. This section outlines which entities will be considered in the routing scenarios discussed. Location Information +-----------------+ |(1) |Access|Internet | +-----------+ v |Infrastructure|Attachment | | | +-----------+ |Provider | | Directory | | | | (3) | | Service | | Emergency |<---+-----------------+-->| | | Caller | | (2) | +-----------+ | |<---+-------+ | ^ +-----------+ | +----|---------+------+ | ^ | | Location | | | | | | Information<-+ | | | +--+--------------+ |(8) | | (5) | | +-----------v+ | | | (4) | |Emergency | | | +--------------+--->|Call Routing|<--+---+ | | |Support | | | | +------------+ | | | ^ | | | (6) | +----+--+ | (7) | +------->| | +--------------+--------------->| PSAP | | | | |Application|Application/ +----+--+ |(Voice)|Voice | |Service | |Provider | +---------------------+ Figure 1: Framework Figure 1 shows the interaction between the entities involved in the call. There are a number of different deployment choices, as it can be easily seen from the figure. The following deployment choices need to be highlighted: o How is location information provided to the end host? It might either be known to the end host itself (due to manual configuration or provided via GPS) or available via a third party. Even if location information is known to the network it might be made available to the end host. Alternatively, location information is used as part of call routing and inserted by intermediaries. o Is the Access InfrastructureInternet Attachment Provider also the Application (Voice)Application/Voice Service Provider? In the Internet today these roles are typically provided by different entities. As a consequence, the Application (Voice)Application/ Voice Service Provider is typically not able to learn the physical location of the Emergency Caller.emergency caller. Please note that the overlapping squares aim to indicate that certain functionality can be collapsed into a single entity. As an example, the Application (Voice)Application/Voice Service Provider might be the same entity as the Access InfrastructureInternet Attachment Provider and they might also operate the PSAP. There is, however, no requirement that this must be the case. Additionally it is worth pointing out that end systems might be its own VSP, e.g., for enterprises or residential users. Below, we describe various interactions between the entities shown in Figure 1 are described: o (1) Location information might be available to the end host itself. o (2) Location information might, however, also be obtained from the Access InfrastructureInternet Attachment Provider (e.g., using DHCP or application layer signaling protocols). o (3) The Emergency Caller might need to consult a directory service to determine the PSAP that is appropriate for the physical location of the emergency caller (and considering other attributes such as a certain language support by the Emergency Call Takers). o (4) The Emergency Caller might get assistance for emergency call routing by infrastructure elements (referred as Emergency Call Routing Support entities). In case of SIP these entities are proxies. o (5) Individual Emergency Call Routing Support entities might need to consult a directory servic to determine where to route the emergency call. o (6) The Emergency Call Routing Support entities need to finally forward the call, if infrastructure based emergency call routing is used. o (7) The emergency caller might interact directly with the PSAP without any Emergency Call Routing Support entities. 4. High-Level Requirements Below, we summarize high-level architectural requirements that guide some of the component requirements detailed later in the document. R1.Re1. Application Service Provider: The existence of an Application Service Provider (ASP) MUST NOT be assumed. Motivation: The caller may not have a application (voice)application/voice service provider. For example, a residence may have its own DNS domain and run its own SIP proxy server for that domain. On a larger scale, a university might provide voice services to its students and staff, but not be a telecommunication provider. R2.Re2. International: The protocols and protocol extensions developed MUST support regional, political and organizational differences. Motivation: It must be possible for a device or software developed or purchased in one country to place emergency calls in another country. System components should not be biased towards a particular set of emergency numbers or languages. Also, different countries have evolved different ways of organizing emergency services, e.g. either centralizing them or having smaller regional subdivisions such as United States counties or municipalities handle emergency calls. R3.Re3. Distributed Administration: Deployment of emergency services MUST NOT depend on a sole central administration authority. Motivation: Once common standards are established, it must be possible to deploy and administer emergency calling features on a regional or national basis without requiring coordination with other regions or nations. The system cannot assume, for example, that there is a single global entity issuing certificates for PSAPs, ASPs, AIPsIAPs or other participants. R4.Re4. Multiple Modes: Multiple communication modes, such as audio, video and text messaging MUST be supported. Motivation: In PSTN, voice and text telephony (often called TTY or textphone in North America ) are the only commonly supported media. Emergency calling must support a variety of media. Such media should include voice, conversational text (RFC 4103 ), instant messaging and video. R5. Minimum Connectivity: An emergency callRe5. Alternate Mapping Sources: The mapping protocol SHOULD succeed as long as there is a working network path between the caller and the PSAP. In particular, reliance during call set-up and calls on entities and network paths that are located elsewhere should be minimized. Example: A caller in New York who needs to contact a PSAP inallow for alternative redundant sources of mapping information, possibly of different degrees of currency. Motivation: This provides the same city shouldn't have to getpossibility of having available alternative sources of mapping information from some entity in Texas to make that call, as the call would then fail ifwhen the New York to Texas pathnormal source is unavailable. (To avoid this,unavailable or unreachable, without specifying the caller could, for example, have cached mapping information, use a local server that hasmeans by which the necessary information,alternative source is created or use other mechanisms to avoid such off-path dependencies.) [Ed. Added a skeleton definintion of "minimum connectivity" to terms section (per ietf63 ecrit meeting minutes note), but still no resolution for the above.] R6.updated. Re6. Incremental Deployment: The ECRIT mapping protocol MUST return URIs that are useableusable by a standard signaling protocol (i.e., without special emergency extensions) unless an error is returned. Motivation: The format of the output returned by the mapping protocol is in a standard format for communication protocol. For example, it should return something SIP specific (e.g. URI), that any SIP capable phone would be able to use if used in a SIP context. Special purpose URIs would not be understood by "legacy" SIP devices since they do not have knowledge about the mapping protocol, and therefore are not to be used. R7.Re7. Relay Services: It SHOULD be possible to involve relay services in the call for translation between different modes. Motivation: It should be possible to connect the relay service so that the direct flow of media to the emergency service is maintained. In addition, it should be possible to convey telemetry data, such as data from automobile crash sensors. D1.Re8. PSAP Identification: The mapping information MUST be available without having to enroll with a service provider. Motivation: The mapping server may well be operated by a service provider, but access to the server offering the mapping must not require use of a specific ISP or VSP. 5. Identifying the Caller Location Location can either be provided directly, or by reference, and represents either a civic location, or as a geographic location. How does the location (or location reference) become associated with the call? In general, we can distinguish three modes of operation of how a location is associated with an emergency call: UA-inserted: The caller's user agent inserts the location information, derived from sources such as GPS, DHCP or link-layer announcements (LLDP). UA-referenced: The caller's user agent provides a reference, via a permanent or temporary identifier, to the location which is stored by a location service somewhere else and then retrieved by the PSAP. Proxy-inserted: A proxy along the call path inserts the location or location reference. L6.Lo1. Validation of civic location: It MUST be possible to validate an addresscivic location prior to its use in an actual emergency call. Motivation: Location validation refers to a processprovides an opportunity to determinehelp assure ahead of time, whether or notsuccessful mapping to the appropriate PSAP will likely occur when it is required. Validation may also help to avoid delays during emergency call setup due to invalid locations. Lo2.: Validation of a givencivic location is valid or not. L10. Preferred datum: The preferred coordinate reference system for emergency calls MUST be WGS-84. L28. Location Provided: An Emergency Services Routing Proxy (ESRP)MUST NOT remove location information after performing location based routing. Motivation: The ESRP and the PSAP usebe required to enable any feature that is part of the emergency call process. Motivation: In some cases, (based on a variety of factors), a civic location may not be considered valid. This fact should not result in the call being dropped or rejected by any entity along the signaling path to the PSAP. Lo3. Reference Datum: The mapping server MUST understand WGS-84 coordinate reference system and may understand other reference systems. Lo4. Location Provided: An Emergency Services Routing Proxy (ESRP) MUST NOT remove location information after performing location based routing. Motivation: The ESRP and the PSAP use the same location information object but for a different purpose. Therefore, the PSAP still requires the receipt of information which represents the end device's location. L29.: Validation of civic addresses MUST NOT be required to enable any feature that is part of the emergency call process. Motivation: Emergency routing protocols must take into account location based on a variety of forms and formats, (e.g. civic address, MSAG, USPS, lat/lon, etc.) and be able to perform adequate PSAP routing for the context in which the call is initiated.6. Emergency Identifier A1a.Id1. Universal Identifier - Setup: One or more universal emergency identifiers MUST be recognized by any device or network element for call setup purposes Motivation: There must be some way for any device or element to recognize an emergency call throughout the call setup. This is regardless of the device location, the application (voice) service provider used (if any at all), or of any other factor. Examples of these might include: 911, 112, and sos.*. A1b.Id2. Universal Identifier - Mapping: One or more universalResolution: Where multiple emergency identifiersservice types exist, it MUST be recognized by any device or network elementpossible to support mapping.treat each emergency identifier separately, based on the specific type of emergency help requested. Motivation: Mapping must be made to work under all circumstances, by any network element or device. This is regardlessSome jurisdictions may have multiple types of the device location, the application (voice) service provider used (if anyemergency services available at all), or ofthe same level, (e.g. fire, police, ambulance), in which case it is important that any other factor. Examples of these might include: 911, 112, and sos.*. A1c.one could be selected directly. Id3. Emergency Marking: Emergency requests which are not already marked as emergency calls, MUST be recognizable and markedAny device in the signaling path that recognizes by user agents, proxies, and other network elements assome means that the signaling is associated with an emergency calls. Motivation: SIP and othercall signaling protocols are not specific to one country or service provider and devices are likelyMUST add the emergency indication called for in A1a to the signaling before forwarding it. This marking mechanism must be used across national or service provider boundaries. Since services suchdifferent than QoS marking. Motivation: Marking ensures proper handling as disabling mandatory authentication foran emergency calls requires the cooperationcall by downstream elements that may not recognize, for example, a local variant of outbound proxies, the outbound proxy has to be able to recognize thea logical emergency address (see requirement A4+). Id4. Emergency Identifier-based Marking: User agents, proxies, and be assuredother network elements that it willprocess signaling associated with emergency calls SHOULD be routed as anconfigured to recognize a reasonable selection of logical emergency call. A universal address also makes it possibleidentifiers (described in requirements below) as a means to createinitiate emergency marking. Motivation: Since user interface elementsdevices roam, emergency identifiers may vary from region to region. It is therefore important that are correctly configured without user intervention. UA features coulda network entity be madeable to work without such an identifier, butperform mapping and/or call routing within the user interface would then have to provide an unambiguous way to declare a particularcontext of its own point of origin rather than relying on non-local logical emergency identifiers as the only basis for emergency marking of calls. Id5. Prevention of Fraud: A call identified as an emergency call. A3. Recognizable: Emergency callscall or marked as such in accordance with the above requirements for marking MUST be recognizable by user agents, proxies and other network elements.routed to a PSAP. Motivation: To prevent fraud, an address identified as anthis prevents use of the emergency number forcall indication to gain access to call features or authentication override MUST also cause routing to a PSAP. A4.for non- emergency purposes. Id6. Minimal configuration: Any local emergency identifiers SHOULD be configured automatically, without user intervention. Motivation: A new UA "unofficially imported" into an organization from elsewhere should have the same emergency capabilities as one officially installed. Id7. Emergency Identifier Replacement: For each signaling protocol that can be used in an emergency call, reserved identifiers SHOULD be allowed to replace the original emergency identifier, based on local conventions, regulations, or preference (e.g. as in the case of an enterprise). Motivation: Any signalling protocol requires the use of some identifier to indicate the called party, and the user terminal may lack the capability to determine the actual emergency address (PSAP uri). The use of local conventions may be required as a transition mechanism. Note: Such use complicates international movement of the user terminal, and evolution to a standardized universal emergency identifier or set of identifiers is preferred. 7. Mapping Protocol There are two approaches for triggeringGiven the mapping protocol: caller- based, or mediated. Fromrequirement from the previous section, we take the requirementthat of a single (or asmall number of) emergency addressesidentifier(s) which are independent of the caller's location. However, since for reasons of robustness, jurisdictional and local knowledge,location, and since PSAPs only serve a limited geographic region, and for reasons of jurisdictional and local knowledge, having the call reach the appropriate PSAP based on a mapping protocol, is crucial. There appears to beare two basic architectures described for translating an emergency identifier into the appropriate PSAP emergency address. We refer to these as caller-based and mediated. InFor caller-based resolution, the caller's user agent consults a directory and determinesmapping service to determine the appropriate PSAP based on its location.the location provided. The resolution may take place well before the actual emergency call is placed, or at the time of the call. For mediated resolution, a call signaling server, such as a SIP (outbound) proxy or redirect server performs this function.function (a request for mapping) by invoking the mapping protocol. Note that the latterthis case includes therelies on an architecture where the call is effectively routed to a copy of the database, rather than having some non-SIP protocol query the database. Since servers may be used as outbound proxy servers by clients that are not in the same geographic area as the proxy server, any proxy server has to be able to translate any caller location to the appropriate PSAP. (A traveler may, for example, accidentally or intentionally configure its home proxy server as its outbound proxy server, even while far away from home.) The resolution may take place well before the actual emergency call is placed, or at the time of the call. Theproblem at hand is more difficult to resolve than that for traditional web or email services. In this case, the emergency caller only dialed an emergency identifier, and depending on the location, any one of several thousand PSAPs around the world could be appropriate PSAP. In addition, there may be a finer resolution of routing (which the caller probably does not careisn't aware of), which specificresults in a particular "accredited" PSAP answers the call, but rather that it be an accredited PSAP, e.g.(i.e. one run by thelocal government authorities.authorities) answering to call. (Many PSAPs are run by private entities. For example, universities and corporations with large campuses often have their own emergency response centers.) I1.Ma1. Appropriate PSAP: Calls MUST be routed to the PSAP responsible for this particular geographic area. Motivation:In particular, the location determination should not be fooled by the location of IP telephony gateways or dial-in lines into a corporate LAN (and dispatch emergency help to the gateway or campus, rather than the caller), multi-site LANs and similar arrangements. I3.Motivation: Routing to the wrong PSAP will result in delays in handling emergencies as calls are redirected, and result in inefficient use of PSAP resources at the initial point of contact. Ma2. Mapping redirection: The mapping protocol MUST support redirection functionality. Motivation: Infunctionality, since in some cases, an initial mapping may provide a single URL for a large geographic area. The ESRP identified by that URLRedirection is needed to then re-invokes the mapping protocol on a different database to obtain another URL for an more resolute ESRP or PSAP coveringPSAP, which covers a smaller area. D5.Motivation: The more local the mapping output is, the more favourable (in most cases) the likely outcome will be for the emergency caller. Ma3. Minimal additional delay: The execution of the mapping protocol SHOULD minimize the amount of additional delay to the overall call-setup time. Motivation: Since outbound proxies will likely be asked to resolve the same geographic coordinates repeatedly, a suitable time- limited caching mechanism should be supported. D7.Ma4. Referral: The mapping client MUST be able to contact any server and be referred to another server that is more qualified to answer the query. Motivation: This requirement alleviates the potential for incorrect configurations to cause calls to fail, particularly for caller-based queries. I4. ReturnMa5. The mapping protocol MUST allow a response to carry multiple PSAPs:URIs. Motivation: In response to a mapping request, a server will normally provide a URI or set of URIs for contacting the appropriate PSAP. Ma6. The mapping protocol MUST be able to return a URI or contact method explicitly marked as an alternate contact. Motivation: In response to a mapping request, if an expected URI is unable to be returned, then mapping server may return an alternate URI. When and how this would be used will be described in an operational document. Ma7. Multiple PSAP uri's: The mapping protocol MUST be able to return multiple URLs for different PSAPs that cover the same area. Ma8. URL properties: The mapping protocol must provide additional information that allows the querying entity to determine relevant properties of the URL. Motivation: In some cases, the same geographic area is served by several PSAPs, for example, a corporate campus might be served by both a corporate security department and the municipal PSAP. The mapping protocol should then return URLs for both, with information allowing the querying entity to choose one or the other. This determination could be made by either an ESRP, based on local policy, or by direct user choice, in the case of caller- based trigger methods. I7.Ma9. Traceable resolution: The entity requesting mapping SHOULD be able to determine the entity or entities who provided the emergency address resolution information. I8.Motivation: To provide operational traceability in case of errors. Ma10. Resilience against server failure: A client MUST be able to fail over to another replica of the mapping server, so that a failure of a server does not endanger the ability to perform the mapping. I10.Ma11. Incrementally deployable: The mapping function MUST be capable of being deployed incrementally. Motivation: It must not be necessary, for example, to have a global street level database before deploying the system. It is acceptable to have some misrouting of calls when the database does not (yet) contain accurate boundary information. I13.Ma12. Verify mapping support: The mapping protocol SHOULD support the ability for a requesting entity to verify that mapping services are available for a referenced location. Motivation: It should be possible to make sure ahead of time, that requests for emergency services will work when needed. I25.Ma13. Mapping requested from anywhere: The mapping protocol MUST be able to provide the mapping regardless of where the mapping client is located, either geographically or by network location. Motivation: The mapping client, (such as the ESRP), may not necessarily be anywhere close to the caller or the appropriate PSAP, but must still be able to obtain a mapping. I31: The mapping protocol MUST allow a response to carry multiple URIs. Motivation: In response to a mapping request, a server will normally provide a URI or set of URIs for contacting the appropriate PSAP. I31b: The mapping protocol MUST be able to return a URI or contact method explicitly marked as an alternate contact. Motivation: In response to a mapping request, if an expected URI is unable to be returned, then mapping server may return an alternate URI. When and how this would be used will be described in an operational document. I39.Ma14. Location Updates: It SHOULD be possible to have updates of location. Motivation: Updated location information may changehave an impact on PSAP routing. In some cases it may be possible to redirect that call routing,to a more appropriate PSAP (some device measurement techniques provide quick (i.e. early), but imprecise "first fix" location). I40.Ma15. Extensible Protocol The mapping protocol MUST be extensible to allow for the inclusion of new location fields. Motivation: This is needed, for example, to accommodate future extensions to location information that might be included in the PIDF-LO (I-D.ietf-geopriv-pidf-lo-03 ) I41.Ma16. Split responsibility: The mapping protocol MUST allow that within a single level of the civic addresslocation hierarchy, multiple mapping servers handle subsets of the data elements. Motivation: For example, two directories for the same city or county may handle different streets within that city or county. I42.Ma17. The mapping function MUST be able to be invoked at any time, including while an emergency call is in process. D9.Ma18. Baseline query protocol: A mandatory-to-implement protocol MUST be specified. Motivation: An over-abundance of similarly-capable choices appears undesirable for interoperability. 8. Emergency Caller Identification TEXT REQUESTED [Ed. This section was never here, but was requested (H. Schulzrinne, 8/09/05 email.).] 9. Performance and Reliability Considerations Baseline performance and reliability requirements, while tend to be more of an implementation related set of issues, should still be discussed some within the context of basic requirements for the protocol. Therefore, some suggested values relating to portions of the routing protocol are provided. Latency to ring-tone It is recommended that a session setup interval be no more than 2 seconds, 68% (1-sigma) of the time, 4 seconds for 95% (2-sigma), and 8 seconds for 99% (3-sigma), for the interval of time between when the session is initiated, until the time that the signaling "ring-tone" is received by the initiator. [Ed. Not sure if the inclusion of this here is warranted. May still be controversial.] Latency to operator It is recommended that a session setup interval be no more than 6 seconds, 68% (1-sigma) of the time, 8 seconds for 95% (2-sigma), and 10 seconds for 99% (3-sigma), for the interval of time between when the session is initiated, until the time that the signaling is received by the operator. [Ed. same comment as above.] 10.Security Considerations Note: Security Considerations are referenced in the ECRIT security document . 11.9. Contributors The information contained in this document is a result of a joint effort based on individual contributions by those involved in the ECRIT WG. The contributors include Nadine Abbott, Hideki Arai, Martin Dawson, Motoharu Kawanishi, Brian Rosen, Richard Stastny, Martin Thomson, James Winterbottom. The contributors can be reached at: Nadine Abbott email@example.com Hideki Arai firstname.lastname@example.org Martin Dawson email@example.comMartin.Dawson@andrew.com Motoharu Kawanishi firstname.lastname@example.org Brian Rosen email@example.com Richard Stastny Richard.Stastny@oefeg.at Martin Thomson firstname.lastname@example.orgMartin.Thomson@andrew.com James Winterbottom email@example.com 12.James.Winterbottom@andrew.com 10. Acknowledgments We would like to thank Michael Hammer, Ted Hardie, Marc Linsner, Andrew Newton, James Polk, Ted HardieTom Taylor, and Andrew NewtonHannes Tschofenig for their input. 13.11. References 220.127.116.11. Normative References  Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.  Peterson, J., "A Presence-based GEOPRIV Location Object Format", draft-ietf-geopriv-pidf-lo-03 (work in progress), September 2004.  Tschofenig, H., "Security Threats and Requirements for Emergency Calling", draft-tschofenig-ecrit-security-threats-01 (work in progress), July 2005. 18.104.22.168. Informative References  Charlton, N., Gasson, M., Gybels, G., Spanner, M., and A. van Wijk, "User Requirements for the Session Initiation Protocol (SIP) in Support of Deaf, Hard of Hearing and Speech-impaired Individuals", RFC 3351, August 2002.  Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and J. Polk, "Geopriv Requirements", RFC 3693, February 2004.  Hellstrom, G. and P. Jones, "RTP Payload for Text Conversation", RFC 4103, June 2005.  Wijk, A., "Framework of requirements for real-time text conversation using SIP", draft-ietf-sipping-toip-02draft-ietf-sipping-toip-03 (work in progress), AugustSeptember 2005. Authors' Addresses Henning Schulzrinne Columbia University Department of Computer Science 450 Computer Science Building New York, NY 10027 US Phone: +1 212 939 7004 Email: firstname.lastname@example.org URI: http://www.cs.columbia.edu Roger Marshall (editor) TeleCommunication Systems 2401 Elliott Avenue 2nd Floor Seattle, WA 98121 US Phone: +1 206 792 2424 Email: email@example.com URI: http://www.telecomsys.com Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at firstname.lastname@example.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society.