--- 1/draft-ietf-ecrit-requirements-06.txt 2006-04-21 01:12:22.000000000 +0200 +++ 2/draft-ietf-ecrit-requirements-07.txt 2006-04-21 01:12:22.000000000 +0200 @@ -1,20 +1,20 @@ ECRIT H. Schulzrinne Internet-Draft Columbia U. -Expires: September 7, 2006 R. Marshall, Ed. +Expires: October 21, 2006 R. Marshall, Ed. TCS - March 6, 2006 + April 19, 2006 Requirements for Emergency Context Resolution with Internet Technologies - draft-ietf-ecrit-requirements-06.txt + draft-ietf-ecrit-requirements-07.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -25,50 +25,50 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on September 7, 2006. + This Internet-Draft will expire on October 21, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document enumerates requirements for the context resolution of emergency calls placed by the public using voice-over-IP (VoIP) and general Internet multimedia systems, where Internet protocols are used end-to-end. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Basic Actors . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. High-Level Requirements . . . . . . . . . . . . . . . . . . . 12 - 5. Identifying the Caller's Location . . . . . . . . . . . . . . 14 - 6. Emergency Identifier . . . . . . . . . . . . . . . . . . . . . 15 - 7. Mapping Protocol . . . . . . . . . . . . . . . . . . . . . . . 18 - 8. Security Considerations . . . . . . . . . . . . . . . . . . . 24 - 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 25 - 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 26 - 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 - 11.1. Normative References . . . . . . . . . . . . . . . . . . 27 - 11.2. Informative References . . . . . . . . . . . . . . . . . 27 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 - Intellectual Property and Copyright Statements . . . . . . . . . . 29 + 5. Identifying the Caller's Location . . . . . . . . . . . . . . 15 + 6. Emergency Identifier . . . . . . . . . . . . . . . . . . . . . 18 + 7. Mapping Protocol . . . . . . . . . . . . . . . . . . . . . . . 21 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 + 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 26 + 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 28 + 11.2. Informative References . . . . . . . . . . . . . . . . . 28 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29 + Intellectual Property and Copyright Statements . . . . . . . . . . 30 1. Introduction Users of both voice-centric (telephone-like) and non voice type services (e.g., text communication for hearing disabled users (RFC 3351 [8]) have an expectation to be able to initiate a request for help in case of an emergency. Unfortunately, the existing mechanisms to support emergency calls that have evolved within the public circuit-switched telephone @@ -91,48 +91,47 @@ caller's location (Section 5), use of an emergency identifier to declare a call to be an emergency call (Section 6), and finally, the mapping function required to route the call to the appropriate PSAP (Section 7). Ideally, the mapping protocol would yield a URI from a preferred set of URIs (e.g., SIP:URI, SIPS:URI) which would allow an emergency call to be completed using IP end-to-end. Despite this goal, some PSAPs may not immediately have IP based connectivity, and therefore it is imperative that the URI scheme not be fixed, in order to ensure - support for a less preferred set of URIs, such as a TEL URI which may - be used to complete a call via the PSTN. + support for a less preferred set of URIs such as, for example, a TEL + URI which may be used to complete a call via the PSTN. Identification of the caller, while not incompatible with the requirements for messaging outlined within this document, is considered to be outside the scope of the ECRIT charter. Location is required for two separate purposes, first, to route the call to the appropriate PSAP and second, to display the caller's location to the call taker for help in dispatching emergency - assistance to the correct location. + assistance to the appropriate location. - As used in this document, validation of location does not require to - ascertain whether the location actually exists. For example, - validation might only check that the house number in a civic address - falls within the assigned range, not whether that building exists at - that spot. However, such higher precision validation is desirable. + As used in this document, validation of location does not require + that we ascertain as to whether or not the location actually exists. + For example, validation might only check that the house number in a + civic address falls within the assigned range, not whether the + building exists at that location. However, such higher precision + validation is desirable. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", - and "OPTIONAL" are to be interpreted as described in RFC 2119 [1]. - - Since a requirements document does not directly specify a protocol to - implement, these compliance labels should be read as indicating - requirements for the protocol or architecture, rather than an - implementation. + and "OPTIONAL" are to be interpreted as described in RFC 2119 [1], + with the qualification that unless otherwise stated these words apply + to the design of the mapping protocol, not its implementation or + application. Codes: "caller" or "emergency caller" refers to the person placing an emergency call or sending an emergency instant message (IM). Application Service Provider (ASP): The organization or entity that provides application-layer services, which may include voice (see "Voice Service Provider"). This entity can be a private individual, an enterprise, a government, or a service provider. An ASP is more general than a Voice Service Provider, since emergency calls may use other media beyond voice, including text @@ -152,36 +151,34 @@ Civic location: A described location based on some defined grid, such as a jurisdictional, postal, metropolitan, or rural reference system, (e.g., street address). Emergency address: The URI (e.g., SIP:URI, SIPS:URI, XMPP:URI, IM: URI, etc.) which represents the address of the PSAP useful for the completion of an emergency call. Emergency call routing support: An intermediary function which - assists in the routing of an emergency call via IP. An ESRP, is - an example of an Emergency call routing support entity. + assists in the routing of an emergency call via IP. An ESRP is an + example of an Emergency call routing support entity. Emergency caller: The user or user device entity which sends his/her location to another entity in the network. - Emergency identifier: The numerical and/or text identifier which is - supplied by a user or a user device, which identifies the call as - an emergency call. A universal emergency identifier is an example - of an emergency identifier. + Emergency identifier: An identifier that marks a call as an emergency + call. Emergency Service Routing Proxy (ESRP): An ESRP is an emergency call - routing support entity that invokes the location-to-URI mapping, - to return either the URI for the appropriate PSAP, or the URL for - another ESRP. (In a SIP system, the ESRP would typically be a SIP - proxy, but may also be a Back-to-back user agent (B2BUA). + routing support entity that invokes the location-to-PSAP URI + mapping, to return either the URI for the appropriate PSAP, or the + URL for another ESRP. (In a SIP system, the ESRP would typically + be a SIP proxy, but may also be a Back-to-back user agent (B2BUA). Enhanced emergency service: Enhanced emergency services add the ability to identify the caller's identity or location to basic emergency services. (Sometimes, only the caller location may be known, e.g., when a call is placed from a public access point that is not owned by an individual.) Geographic location: A reference to a locatable point described by a set of defined coordinates within a geographic coordinate system, (e.g., lat/lon within the WGS-84 datum). For example, (2-D) @@ -212,45 +209,46 @@ Location: A geographic identification assigned to a region or feature based on a specific coordinate system, or by other precise information such as a street number and name. It can be either a civic or geographic location. Location-dependent emergency dial string: Location-dependent emergency dial strings should be thought of as the digit sequence that is dialed in order to reach emergency services. There are two dial strings, namely either a "home emergency dial string", or a "visited emergency dial string", and is something separate from - a universal emergency identifier, since each represents specific - emergency dial string key sequences which are recognized within a - local geographic area or jurisdiction. + an emergency identifier, since each represents specific emergency + dial string key sequences which are recognized within a local + geographic area or jurisdiction. Location validation: A caller location is considered valid if the civic or geographic location is recognizable within an acceptable - location reference systems (e.g., USPS, WGS-84, etc.), and can be + location reference system (e.g., USPS, WGS-84, etc.), and can be mapped to one or more PSAPs. While it is desirable to determine that a location exists, validation may not ensure that such a location exists. Location validation ensures that a location is able to be referenced for mapping, but makes no assumption about the association between the caller and the caller's location. - Mapping: Process of resolving a location to a URI (or multiple URIs) - which identify a PSAP, or intermediary which knows about a PSAP - that is designated as responsible to serve that location. + Mapping: The process of resolving a location to one or more PSAP URIs + which directly identify a PSAP, or point to an intermediary which + knows about a PSAP and that is designated as responsible to serve + that location. Mapping client: A mapping client interacts with the Mapping Server to - learn one or more URIs for a given location. + learn one or more PSAP URIs for a given location. Mapping protocol: A protocol used to convey the mapping request and response. Mapping server: The Mapping Server holds information about the - location-to-URI mappings. + location-to-PSAP URI mapping. Mapping service: A network service which uses a distributed mapping protocol, to perform a mapping between a location and a PSAP, or intermediary which knows about the PSAP, and is used to assist in routing an emergency call. PSAP (Public Safety Answering Point): Physical location where emergency calls are received under the responsibility of a public authority. (This terminology is used by both ETSI, in ETSI SR 002 180, and NENA.) In the United Kingdom, PSAPs are called Operator @@ -258,43 +256,40 @@ Within this document, it is assumed, unless stated otherwise, that PSAP is that which supports the receipt of emergency calls over IP. It is also assumed that the PSAP is reachable by IP-based protocols, such as SIP for call signaling and RTP for media. PSAP URI: PSAP URI is a general term, used to refer to the output of the mapping protocol, and represents either the actual PSAP IP address, or the IP address of some other intermediary, e.g., an ESRP, which points to the actual PSAP. - Universal emergency identifier: An emergency identifier which is - recognized by any compatible endpoint, from any geographic - location. A general approach to using universal emergency - identifiers is outlined in the service URN draft (I-D.ietf-ecrit- - service-urn [5]). - Visited emergency dial string: A visited emergency dial string represents a sequence of digits that is used to initiate an emergency call within a geographically correct location of the caller if outside the caller's "home" location or vicinity. Voice Service Provider (VSP): A specific type of Application Service Provider which provides voice related services based on IP, such - as call routing, a SIP URI, or PSTN termination. + as call routing, a SIP URI, or PSTN termination. In this + document, unless noted otherwise, any reference to "Voice Service + Provider" or "VSP" may be used interchangeably with "Application/ + Voice Service Provider" or "ASP/VSP". 3. Basic Actors In order to support emergency services covering a large physical area, various infrastructure elements are necessary, including: Internet Attachment Providers (IAPs), Application/Voice Service - Providers (ASPs or VSPs), PSAPs as endpoints for emergency calls, - mapping services or other infrastructure elements that assist during - the call routing. + Providers (ASP/VSPs), PSAPs as endpoints for emergency calls, mapping + services or other infrastructure elements that assist during the call + routing. This section outlines which entities will be considered in the routing scenarios discussed. Location Information +-----------------+ |(1) |Internet | +-----------+ v |Attachment | | | +-----------+ |Provider | | Mapping | | | | (3) | | Service | @@ -340,21 +335,21 @@ Service Provider? In the Internet today these roles are typically provided by different entities. As a consequence, the Application/ Voice Service Provider is typically not able to learn the physical location of the emergency caller. The overlapping squares in the figure indicate that some functions can be collapsed into a single entity. As an example, the Application/Voice Service Provider might be the same entity as the Internet Attachment Provider. There is, however, no requirement that this must be the case. Additionally, we consider that end systems - might act as their own VSP, e.g., either for enterprises or for + might act as their own ASP/VSP, e.g., either for enterprises or for residential users. Various potential interactions between the entities depicted in Figure 1, are described in the following: (1) Location information might be available to the end host itself. (2) Location information might, however, also be obtained from the Internet Attachment Provider (e.g., using DHCP or application layer signaling protocols). @@ -363,123 +358,137 @@ determine the PSAP that is appropriate for the physical location of the emergency caller, possibly considering other attributes such as appropriate language support by the emergency call taker. (4) The emergency caller might get assistance for emergency call routing by infrastructure elements that are Emergency Call Routing Support entities, e.g., an Emergency Service Routing Proxy (ESRP), in SIP). (5) Location Information is used by emergency call routing entities - to determine the appropriate PSAP. + for subsequent mapping requests. - (6) Individual emergency call routing support entities might need to - consult a mapping service to determine where to route the emergency - call. + (6) Emergency call routing support entities might need to consult a + mapping service to determine where to route the emergency call. (7) For infrastructure-based emergency call routing (in contrast to UE-based emergency call routing), the emergency call routing support entity needs to forward the call to the PSAP. (8) The emergency caller (UE) may interact directly with the PSAP (e.g., UE invokes mapping, and initiates a connection), without relying on any intermediary emergency call routing support entities. 4. High-Level Requirements Below, we summarize high-level architectural requirements that guide some of the component requirements detailed later in the document. - Re1. Application/Voice service provider: The existence of an - Application/Voice Service Provider (ASP/VSP) SHOULD NOT be - assumed. + Re1. Application/Voice service provider existence: The initiation of + an IP-based emergency call SHOULD NOT assume the existence of an + Application/Voice Service Provider (ASP/VSP). Motivation: The caller may not have an application/voice service provider. For example, a residence may have its own DNS domain and run its own SIP proxy server for that domain. On a larger scale, a university might provide voice services to its students and staff, but not be a telecommunication provider. - Re2. International: Regional, political and organizational aspects - MUST be considered during the design of protocols and protocol - extensions. + Re2. International applicability: Regional, political and + organizational aspects MUST be considered during the design of + protocols and protocol extensions which support IP-based emergency + calls. Motivation: It must be possible for a device or software developed or purchased in one country to place emergency calls in another country. System components should not be biased towards a particular set of emergency numbers or languages. Also, different countries have evolved different ways of organizing emergency services, e.g., either centralizing them or having smaller regional subdivisions such as United States counties or municipalities handle emergency calls. - Re3. Distributed administration: Deployment of emergency services - MUST NOT depend on a sole central administration authority. + Re3. Distributed administration: Deployment of IP-based emergency + services MUST NOT depend on a sole central administration + authority. - Motivation: Once common standards are established, it must be - possible to deploy and administer emergency calling features on a - regional or national basis without requiring coordination with - other regions or nations. The system cannot assume, for example, - that there is a single global entity issuing certificates for - PSAPs, ASPs, IAPs or other participants. + Motivation: The design mapping protocol must make it possible to + deploy and administer emergency calling features on a regional or + national basis without requiring coordination with other regions + or nations. The system cannot assume, for example, that there is + a single global entity issuing certificates for PSAPs, ASP/VSPs, + IAPs or other participants. - Re4. Multiple modes: Multiple communication modes, such as audio, - video and text MUST be supported (i.e., implemented in the - protocol, though not necessarily used in all calls). + Re4. Multi-mode communication: IP-based emergency calls MUST support + multiple communication modes, including, for example, audio, video + and text. Motivation: In PSTN, voice and text telephony (often called TTY or - textphone in North America) are the only commonly supported media. - Emergency calling must support a variety of media. Such media - should include voice, conversational text (RFC 4103 [10]), instant - messaging and video. + text-phone in North America) are the only commonly supported + media. Emergency calling must support a variety of media. Such + media should include voice, conversational text (RFC 4103 [10]), + instant messaging and video. Re5. Alternate mapping sources: The mapping protocol MUST implement a mechanism that allows for the retrieval of mapping information from different sources. Motivation: This provides the possibility of having available alternative sources of mapping information when the normal source is unavailable or unreachable. - Re6. Differences of currency in mapping sources: For alternate - mapping, differences in currency between mapping data contained - within mapping sources SHOULD be minimized. + Re6. Currency indication: The mapping protocol SHOULD support an + indicator describing how current the information provided by the + mapping source is. - Motivation: Alternative sources of mapping data may not have been - created or updated with the same set of information within the - same timeframe. + Motivation: This is especially useful when an alternate mapping is + requested, and alternative sources of mapping data may not have + been created or updated with the same set of information or within + the same timeframe. Differences in currency between mapping data + contained within mapping sources should be minimized. - Re7. Mapping result usability: The ECRIT mapping protocol MUST - return a URI (or URIs) that are usable within a standard signaling - protocol (i.e., without special emergency extensions). + Re7. Mapping result usability: The mapping protocol MUST return one + or more URIs that are usable within a standard signaling protocol + (i.e., without special emergency extensions). - Motivation: For example, a SIP specific URI returned by the - mapping protocol, needs to be usable within any SIP capable phone - in a SIP initiated emergency call. This is in contrast to a + Motivation: For example, a SIP specific URI which is returned by + the mapping protocol needs to be usable by any SIP capable phone + within a SIP initiated emergency call. This is in contrast to a "special purpose" URI, which may not be recognizable by a legacy SIP device. - Re8. PSAP accessibility: The mapping information MUST be available - without having to enroll with a service provider. + Re8. PSAP URI accessibility: The mapping protocol MUST support + interaction between the client and server where no enrollment to a + mapping service exists or is required. Motivation: The mapping server may well be operated by a service provider, but access to the server offering the mapping must not - require use of a specific ISP or VSP. + require use of a specific ISP or ASP/VSP. - Re9. No modification of location databases: The mapping protocol - SHOULD NOT require that data within location databases be - transformed or modified in any unusual or unreasonable way in - order for the mapping protocol to use the data. + Re9. Common data structures and formats: The mapping protocol SHOULD + support common data structures and formats from the mapping + server. - Motivation: Databases which contain civic addresses used within - location servers, may be used for multiple purposes and - applications beyond emergency service mapping. + Motivation: Location databases should not need to be transformed + or modified in any unusual or unreasonable way in order for the + mapping protocol to use the data. For example, a database which + contains civic addresses used by location servers may be used for + multiple purposes and applications beyond emergency service + location-to-PSAP URI mapping. + + Re10. Anonymous mapping: The mapping protocol MUST NOT require the + true identity of the target for which the location information is + attributed. + + Motivation: Ideally, no identity information is provided via the + mapping protocol. Where identity information is provided, it may + be in the form of an unlinked pseudonym (RFC 3693 [9]). 5. Identifying the Caller's Location Location can either be provided direct, or by reference, and represents either a civic location, or as a geographic location. How does the location (or location reference) become associated with the call? In general, we can distinguish three modes of operation of how a location is associated with an emergency call: UA-inserted: The caller's user agent inserts the location information @@ -490,142 +499,206 @@ UA-referenced: The caller's user agent provides a pointer (i.e., a location reference), via a permanent or temporary identifier, to the location which is stored by a location service somewhere else and then retrieved by the PSAP, ESRP, or other authorized service entity. Proxy-inserted: A proxy along the call path inserts the location or location reference. - Lo1. Reference datum: The mapping server MUST implement support for - the WGS-84 coordinate reference system and MAY support other - coordinate reference systems. + Lo1. Reference datum: The mapping protocol MUST support the WGS-84 + coordinate reference system and MAY support other coordinate + reference systems. - Lo2. Location provided: An Emergency Services Routing Proxy (ESRP) - MUST NOT remove location information after performing location - based routing. + Lo2. Location provided: The mapping protocol MUST retain any + location information which is provided to it, even after mapping + is performed. Motivation: The ESRP and the PSAP use the same location - information object, but for a different purpose. Therefore, the - PSAP still needs to receive the caller's location. + information object, but for a different purpose. Therefore, it is + imperative that the mapping protocol not remove location + Information so that the PSAP can still receive the caller + location. + + Lo3. Location delivery by-value: The mapping protocol MUST support + the delivery of location information using a by-value method, + though it MAY also support de-referencing a URL that references a + location object. + + Motivation: The mapping protocol is not required to support the + ability to de-reference specific location references. + + Lo4. Alternate community names: The mapping protocol MUST support + both the jurisdictional community name and the postal community + name fields within the PIDF-LO data. + + Motivation: A mapping query must be accepted with either or both + community name fields, and provide appropriate responses. If a + mapping query is made with only one field present, and if the + database contains both jurisdictional and postal, the mapping + protocol response should return both. + + Lo5. Validation of civic location: The mapping protocol MUST support + civic address validation, based on location, prior to initiating + an emergency call. + + Motivation: Location validation provides an opportunity to help + assure ahead of time, whether or not successful mapping to the + appropriate PSAP will likely occur when it is required. + Validation may also help to avoid delays during emergency call + setup due to invalid locations. + + Lo6. Validation resolution: The mapping protocol MUST support the + ability to provide ancillary information about the resolution of + location data used to retrieve a PSAP URI. + + Motivation: The mapping server may not use all the data elements + in the provided location information to determine a match, or may + be able to find a match based on all of the information except for + some specific data elements. The uniqueness of this information + set may be used to differentiate among emergency jurisdictions. + Precision or resolution in the context of this requirement might + mean, for example, explicit identification of the data elements + that were used successfully in the mapping. + + Lo7. Indication of non-existent location: The mapping protocol MUST + support a mechanism to indicate and resolve any associated issues + attributed to a location or a part of a location that is known to + not exist, despite the receipt of a successful mapping response. + + Motivation: The emergency authority for a given jurisdiction may + provide a means to resolve addressing problems, e.g., a URI for a + web service that can be used to report problems with an address. + + Lo8. Limits to validation: Successful validation of a civic location + MUST NOT be required to place an emergency call. + + Motivation: In some cases, a civic location may not be considered + valid. This fact should not result in the call being dropped or + rejected by any entity along the call setup signaling path to the + PSAP. + + Lo9. 3D sensitive mapping: The mapping protocol MUST implement + support for both 2D and 3D location information, and may accept + either a 2D or 3D mapping request as input. + + Motivation: It is expected that provisioning systems will accept + both 2D and 3D data. When a 3D request is presented to an area + only defined by 2D data, the mapping result would be the same as + if the height/altitude dimension was omitted in the request. 6. Emergency Identifier - Id1. Universal emergency identifier setup: One or more universal - emergency identifiers MUST be recognized by any device or network - element for call setup purposes. + Id1. Emergency identifier support: The mapping protocol MUST support + one or more emergency identifiers for delivery back to mapping + clients to be used for call setup purposes. - Motivation: There must be some way for any device or element to - recognize an emergency call throughout the call setup. This is - regardless of the device location, the application/voice service - provider used. An example of this might be "urn:service:sos". + Motivation: Since there is a need for any device or network + element to recognize an emergency call throughout the call setup, + there is also a need to have the mapping protocol provide support + for such an identifier. This is regardless of the device location + or the ASP/VSP used. An example of this kind of identifier might + be "urn:service:sos". Id2. Emergency identifier resolution: Where multiple emergency - identifiers exist, there MUST be a mechanism to differentiate each - emergency identifier used, based on the specific type of emergency - help requested. + identifiers exist, the mapping protocol MUST be able to + differentiate between identifiers based on the specific type of + emergency help requested. Motivation: Some jurisdictions may have multiple types of emergency services available, (e.g., fire, police, ambulance), in which case, it is important that any one could be selected directly. - Id3. Emergency identifier marking: Any device in the signaling path - that recognizes by some means that the signaling is associated - with an emergency call MUST add a specific emergency indication, - if it doesn't already exist, to the signaling before forwarding - it. This marking mechanism must be different than QoS marking. + Id3. Emergency identifier marking: The mapping protocol MUST include + an emergency identifier with the signaling, if one does not exist, + for the purpose of marking the call as an emergency call. Motivation: Marking ensures proper handling as an emergency call by downstream elements that may not recognize, for example, a - local variant of a logical emergency address. + local variant of a logical emergency address, etc. This marking + mechanism is assumed to be different than a QoS marking mechanism. - Id4. Prevention of fraud: A call MUST be routed to a PSAP if it is - identified as an emergency call. + Id4. Prevention of fraud: If a call is identified as an emergency + call, the mapping protocol MUST support that call being + successfully routed to a PSAP. Motivation: This prevents use of the emergency call indication to gain access to call features or authentication override for non- emergency purposes. - Id5. Extensibility of emergency identifiers: The list of defined - emergency identifiers MUST be extensible, and it is not necessary - to provide mapping for every possible service. + Id5. Extensible emergency identifiers: The mapping protocol MUST + support an extensible list of emergency identifiers, though it is + not required to provide mapping for every possible service. Motivation: The use of an emergency identifier is locally determined. - Id6. Discovery of emergency dial strings: The protocol MUST support - a mechanism to discover existing location-dependent emergency dial - strings, (e.g., "9-1-1", "1-1-2"), which are contextually - appropriate for the location of the caller. + Id6. Discovery of emergency dial string: The mapping protocol MUST + support a mechanism to discover an existing location-dependent + emergency dial string, (e.g., "9-1-1", "1-1-2"), which are + contextually appropriate for the location of the caller. Motivation: Users are trained to dial the appropriate emergency dial string to reach emergency services. There needs to be a way to figure out what the dial string is within the local environment of the caller. - Id7. Local emergency dial string translation: An end device (i.e., - SIP UA), SHOULD translate home emergency dial strings into - universal emergency identifiers. The UA would most likely be pre- - provisioned with the appropriate information in order to make such - a translation. + Id7. Home emergency dial string translation: The mapping protocol + MUST support end device translation (e.g. SIP UA) of a home + emergency dial string into an emergency identifier. - Id8. Emergency dial string replacement: For each signaling protocol - that can be used in an emergency call, reserved universal - emergency identifiers SHOULD be allowed to replace the original - emergency dial strings, based on local conventions, regulations, - or preference (e.g., as in the case of an enterprise). + Motivation: The UA would most likely be pre-provisioned with the + appropriate information in order to make such a translation. The + mapping protocol would be able to support either type for those + clients which may not support dial string translation. + + Id8. Emergency dial string replacement: The mapping protocol SHOULD + support replacement of the original dial string with a reserved + emergency identifier for each signaling protocol used for an + emergency call. This replacement of the original dial string + should be based on local conventions, regulations, or preference + (e.g., as in the case of an enterprise). Motivation: Any signaling protocol requires the use of some identifier to indicate the called party, and the user terminal may lack the capability to determine the actual emergency address (PSAP URI). The use of local conventions may be required as a transition mechanism. Note: Such use complicates international - movement of the user terminal, and evolution to a standardized - universal emergency identifier or set of identifiers is preferred. - - Id9. Universal emergency identifier recognition: A universal - emergency identifier MUST be recognized by any network element - which supports the mapping protocol. + movement of the user terminal. Evolution to a standardized + emergency identifier or set of identifiers is preferred. - Id10. Emergency identifier not recognized: A call MUST be recognized - as an emergency call even if the specific emergency service - requested is not recognized. + Id9. Emergency identifier not recognized: The mapping protocol MUST + support calls which are initiated as emergency calls even if the + specific emergency service requested is not recognized, based on + the emergency identifier used. Motivation: In order to have a robust system that supports incremental service deployment while still maintaining a fallback capability. - Id11. Discovery of visited emergency dial strings: The mapping - protocol MUST support (i.e., implement, though not necessarily - use) a mechanism to allow the end device to learn visited - emergency dial strings. + Id10. Discovery of visited emergency dial strings: The mapping + protocol MUST support a mechanism to allow the end device to learn + visited emergency dial strings. Motivation: Scenarios exist where a user dials a visited emergency dial string that is different from the home emergency dial string: If a user (i.e., UA operator) visits a foreign country, observes a fire truck with 999 on the side, the expectation is one of being able to dial that same number to summon a fire truck. Another use case cited is where a tourist collapses, and a "good Samaritan" - uses the tourist's cell phone to enter a local emergency dial - string. + uses the tourist's cell phone to enter a home emergency dial + string appropriate for that foreign country. 7. Mapping Protocol - Given the requirement from the previous section, one of having a - universal emergency identifier that is independent of the caller's - location, and since each PSAP only serves a limited geographic - region, and for reasons of jurisdictional and local knowledge, having - the call reach the appropriate PSAP based on a mapping protocol is - crucial. - There are two basic approaches to invoking a mapping service. We refer to these as caller-based and mediated. In each case, the mapping client initiates a request to a mapping server via a mapping protocol. A proposed mapping protocol is outlined in the document I-D.hardie-ecrit-lost [6]. For caller-based resolution, the caller's user agent invokes a mapping service to determine the appropriate PSAP based on the location provided. The resolution may take place well before the actual emergency call is placed, or at the time of the call. @@ -633,247 +706,174 @@ For mediated resolution, a call signaling server, such as a SIP (outbound) proxy or redirect server invokes the mapping service. Since servers may be used as outbound proxy servers by clients that are not in the same geographic area as the proxy server, any proxy server has to be able to translate any caller location to the appropriate PSAP. (A traveler may, for example, accidentally or intentionally configure its home proxy server as its outbound proxy server, even while far away from home.) - Ma1. Appropriate PSAP: Calls MUST be routed to the PSAP responsible - for a particular geographic area. In particular, the location - determination should not be fooled by the location of IP telephony - gateways or dial-in lines into a corporate LAN (and dispatch - emergency help to the gateway or campus, rather than the caller), - multi-site LANs and similar arrangements. + Ma1. Appropriate PSAP: The mapping protocol MUST support the routing + of an emergency call to the PSAP responsible for a particular + geographic area. Motivation: Routing to the wrong PSAP will result in delays in handling emergencies as calls are redirected, and result in inefficient use of PSAP resources at the initial point of contact. + It is important that the location determination mechanism not be + fooled by the location of IP telephony gateways or dial-in lines + into a corporate LAN (and dispatch emergency help to the gateway + or campus, rather than the caller), multi-site LANs and similar + arrangements. - Ma2. Minimal additional delay: The execution of the mapping protocol - SHOULD minimize the amount of additional delay to the overall - call-setup time. + Ma2. Minimal additional delay: Mapping protocol execution SHOULD + minimize the amount of delay within the overall call-setup time. Motivation: Since outbound proxies will likely be asked to resolve the same geographic coordinates repeatedly, a suitable time- limited caching mechanism should be supported. - Ma3. Referral: The mapping protocol MUST support (i.e., Implement - for use), a mechanism for the mapping client to be able to contact - any mapping server and be referred to another server that is more - qualified to answer the query. + Ma3. Mapping referral: The mapping protocol MUST support a mechanism + for the mapping client to contact any mapping server and be + referred to another mapping server that is more qualified to + answer the query. - Motivation: This requirement alleviates the potential for - incorrect configurations to cause calls to fail, particularly for - caller-based queries. + Motivation: To help avoid the case of relying on incorrect + configuration data which may cause calls to fail, particularly for + caller-based mapping queries. - Ma4. Multiple response URIs: The mapping protocol response MUST - support the inclusion of multiple URIs in the response. + Ma4. Multiple response URIs: The mapping protocol MUST support the + possible inclusion of multiple URIs in a mapping response. - Ma5. URI alternate contact: The mapping protocol MUST support the - return of a URI or contact method explicitly marked as an - alternate contact. + Motivation: Multiple URIs may be available from the mapping + server. + + Ma5. URI alternate contact: In addition to returning a primary + contact, the mapping protocol MUST support the return of a URI or + contact method explicitly marked as an alternate contact. Motivation: In response to a mapping request, the mapping server may return an alternate URI. Implementation details to be described within an operational document. Ma6. URL properties: The mapping protocol MUST support the ability - to provide additional information that allows the mapping client - to determine relevant properties of the URL. + to provide ancillary information about a contact or URI that + allows the mapping client to determine relevant properties of the + URL. Motivation: In some cases, the same geographic area is served by several PSAPs, for example, a corporate campus might be served by both a corporate security department and the municipal PSAP. The mapping protocol should then return URLs for both, with information allowing the querying entity to choose one or the other. This determination could be made by either an ESRP, based on local policy, or by direct user choice, in the case of caller- based methods. Ma7. Traceable resolution: The mapping protocol SHOULD support the ability of the mapping client to be able to determine the entity or entities which provided the emergency address resolution information. Motivation: It is important for public safety reasons, that there is a method to provide operational traceability in case of errors. - Ma8. URI for error reporting: The mapping protocol MUST support - (i.e., implement for use) a mechanism to return a URI that can be - used to report a suspected or known error within the mapping - database. + Ma8. URI for error reporting: The mapping protocol MUST support the + return of a URI that can be used to report a suspected or known + error within the mapping database. - Ma9. Resilience against failure: The mapping protocol MUST support - (i.e., implement for use) a mechanism to enable the mapping client - to be able to fail over to another replica of the mapping server, - so that a failure of a server does not endanger the ability to - perform the mapping. + Motivation: If an error is returned, for example, there needs to + be a URI which points to a resource which can explain or + potentially help resolve the error. + + Ma9. Resilience against failure: The mapping protocol MUST support a + mechanism which enables fail over to different (replica) mapping + server in order to obtain a successful mapping. + + Motivation: It is important that the failure of a single mapping + server does not preclude the mapping client's ability to receive + mapping from a different mapping server. Ma10. Incrementally deployable: The mapping protocol MUST be designed in such a way that supports the incremental deployment of mapping services. Motivation: It must not be necessary, for example, to have a global street level database before deploying the system. It is acceptable to have some misrouting of calls when the database does not (yet) contain accurate PSAP service area information. - Ma11. Mapping requested from anywhere: The mapping protocol MUST - support (i.e., implement, though not necessarily use) the ability - to provide mapping information in response to queries from any - (earthly) location, regardless of where the mapping client is - located, either geographically or by network location. + Ma11. Any time mapping: The mapping protocol MUST support the + ability of the mapping function to be invoked at any time, + including while an emergency call is in process and before an + emergency call. + + Motivation: Used as a fallback mechanism only, if a mapping query + fails at emergency call time, it may be advantageous to have prior + knowledge of the PSAP URI. This prior knowledge would be obtained + by performing a mapping query at any time prior to an emergency + call. + + Ma12. Anywhere mapping: The mapping protocol MUST support the + ability to provide mapping information in response to an + individual query from any (earthly) location, regardless of where + the mapping client is located, either geographically or by network + location. Motivation: The mapping client, such as an ESRP, may not necessarily be anywhere close to the caller or the appropriate - PSAP, but must still be able to obtain a mapping. + PSAP, but must still be able to obtain mapping information. - Ma12. Extensible protocol: The mapping protocol MUST be designed to + Ma13. Extensible protocol: The mapping protocol MUST be designed to support the extensibility of location data elements, both for new and existing fields. Motivation: This is needed, for example, to accommodate future extensions to location information that might be included in the PIDF-LO (RFC 4119 [3]). - Ma13. Split responsibility: The mapping protocol MUST support (i.e., - implement for use) the division of data subset handling between - multiple mapping servers within a single level of a civic location - hierarchy. + Ma14. Split responsibility: The mapping protocol MUST support the + division of data subset handling between multiple mapping servers + within a single level of a civic location hierarchy. Motivation: For example, two mapping servers for the same city or county may handle different streets within that city or county. - Ma14. Any time mapping: The mapping protocol MUST support (i.e., - implement for use) the ability of the mapping function to be - invoked at any time, including while an emergency call is in - process and before an emergency call. - - Motivation: Used as a fallback mechanism only, if a mapping query - fails at emergency call time, it may be advantageous to have prior - knowledge of the PSAP URI. This prior knowledge would be obtained - by performing a mapping query at any time prior to an emergency - call. - Ma15. Baseline query protocol: A mandatory-to-implement protocol MUST be specified. Motivation: An over-abundance of similarly-capable choices appears undesirable for interoperability. - Ma16. Multiple PSAP URIs: The mapping protocol MUST support (i.e., - implement, though not necessarily use), a method to be able to - return multiple URIs for different PSAPs that cover the same area. + Ma16. Multiple PSAP URIs: The mapping protocol MUST support a method + to receive multiple PSAP URIs which cover the same geographic + area. + + Motivation: Two different mapping servers may cover the same + geographic area, and therefore have the same set of coverage + information. Ma17. Single URI per contact protocol: Though the mapping protocol supports the return of multiple URIs, it SHOULD return only one URI per contact protocol, so that clients are not required to select among different targets for the same contact protocol. Motivation: There may be two or more URIs returned when multiple contact protocols are available (e.g., SIP and SMS). The client may select among multiple contact protocols based on its capabilities, preference settings, or availability. - Ma18. Anonymous mapping: The mapping protocol MUST NOT require the - true identity of the target for which the location information is - attributed. Ideally, no identity information is provided via the - mapping protocol. Where identity information is provided, it may - be in the form of an unlinked pseudonym (RFC 3693 [9]). - - Ma19. Location delivery by-value: The mapping protocol MUST support - (i.e., implement, though not necessarily use) the delivery of - location information using a by-value method, though it MAY also - support de-referencing a URL that references a location object. - - Motivation: The mapping protocol is not required to support the - ability to de-reference specific location references. - - Ma20. Alternate community names: The mapping protocol MUST support - both the jurisdictional community name and the postal community - name fields within the PIDF-LO data. - - Motivation: A mapping query must be accepted with either or both - community name fields, and provide appropriate responses. If a - mapping query is made with only one field present, and if the - database contains both jurisdictional and postal, the mapping - protocol response should return both. - - Ma21. Ubiquitous triggering: The mapping protocol MUST implement, - but not necessarily use, the ability to be invoked at any time, - from any location, by any client which supports the mapping - protocol. - - Motivation: While end devices are the typical initiators of - mapping service requests, it is also expected that other mapping - clients, such as relays, 3rd party devices, PSAPs, etc. may also - trigger a mapping request. - - Ma22. Validation of civic location: The mapping protocol MUST - implement a method via a mapping request, that makes it possible - for a mapping server to validate a civic location prior to that - location's use in an actual emergency call. - - Motivation: Location validation provides an opportunity to help - assure ahead of time, whether successful mapping to the - appropriate PSAP will likely occur when it is required. - Validation may also help to avoid delays during emergency call - setup due to invalid locations. - - Ma23. Validation resolution: The mapping protocol MUST support - (i.e., required to implement, but not required for use) the return - of additional information which can be used to determine the - precision or resolution of the data elements used to determine a - PSAP URI. - - Motivation: The mapping server may not use all the data elements - in the provided location information to determine a match, or may - be able to find a match based on all of the information except for - some specific data elements. The uniqueness of this information - set may be used to differentiate among emergency jurisdictions. - Precision or resolution in the context of this requirement might - mean, for example, explicit identification of the data elements - that were used successfully in the mapping. - - Ma24. Indication of non-existent location: The protocol MUST support - a mechanism to indicate that a location or a part of a location is - known to not exist, even if a valid location-to-PSAP URI mapping - can be provided. This includes a way to identify a separate - mechanism to resolve any such discrepancy. - - Motivation: The emergency authority for a given jurisdiction may - provide a means to resolve addressing problems, e.g., a URI for a - web service that can be used to report problems with an address. - - Ma25. Limits to validation: Successful validation of a civic - location MUST NOT be required to place an emergency call. - - Motivation: In some cases, a civic location may not be considered - valid. This fact should not result in the call being dropped or - rejected by any entity along the signaling path to the PSAP. - - Ma26. 3D sensitive mapping: The mapping protocol MUST implement - support for both 2D and 3D location information, and may accept - either a 2D or 3D mapping request as input. - - Motivation: It is expected that provisioning systems will accept - both 2D and 3D data. When a 3D request is presented to an area - only defined by 2D data, the mapping result would be the same as - if the height/altitude dimension was omitted in the request. - 8. Security Considerations Security considerations are discussed in the ECRIT security document - I-D.taylor-ecrit-security-threats [4] . + I-D.ietf-ecrit-security-threats [4] . 9. Contributors The information contained in this document is a result of a joint effort based on individual contributions by those involved in the ECRIT WG. The contributors include Nadine Abbott, Hideki Arai, Martin Dawson, Motoharu Kawanishi, Brian Rosen, Richard Stastny, Martin Thomson, James Winterbottom. The contributors can be reached at: @@ -914,28 +914,26 @@ [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Polk, J., Schnizlein, J., and M. Linsner, "Dynamic Host Configuration Protocol Option for Coordinate-based Location Configuration Information", RFC 3825, July 2004. [3] Peterson, J., "A Presence-based GEOPRIV Location Object Format", RFC 4119, December 2005. - [4] Schulzrinne, H., "Security Threats and Requirements for - Emergency Call Marking and Mapping", - draft-taylor-ecrit-security-threats-03 (work in progress), - March 2006. + [4] Taylor, T., "Security Threats and Requirements for Emergency + Call Marking and Mapping", draft-ietf-ecrit-security-threats-01 + (work in progress), April 2006. [5] Schulzrinne, H., "A Uniform Resource Name (URN) for Services", - draft-ietf-ecrit-service-urn-00 (work in progress), - February 2006. + draft-ietf-ecrit-service-urn-02 (work in progress), April 2006. [6] Hardie, T., "LoST: A Location-to-Service Translation Protocol", draft-hardie-ecrit-lost-00 (work in progress), March 2006. [7] Schulzrinne, H., "Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration Information", draft-ietf-geopriv-dhcp-civil-09 (work in progress), January 2006. 11.2. Informative References @@ -944,23 +942,22 @@ Wijk, "User Requirements for the Session Initiation Protocol (SIP) in Support of Deaf, Hard of Hearing and Speech-impaired Individuals", RFC 3351, August 2002. [9] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and J. Polk, "Geopriv Requirements", RFC 3693, February 2004. [10] Hellstrom, G. and P. Jones, "RTP Payload for Text Conversation", RFC 4103, June 2005. - [11] Wijk, A., "Framework of requirements for real-time text - conversation using SIP", draft-ietf-sipping-toip-03 (work in - progress), September 2005. + [11] Wijk, A., "Framework for real-time text over IP using SIP", + draft-ietf-sipping-toip-04 (work in progress), March 2006. Authors' Addresses Henning Schulzrinne Columbia University Department of Computer Science 450 Computer Science Building New York, NY 10027 US