diff options
author | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 |
---|---|---|
committer | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 |
commit | 4bfd864f10b68b71482b35c818559068ef8d5797 (patch) | |
tree | e3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc7989.txt | |
parent | ea76e11061bda059ae9f9ad130a9895cc85607db (diff) |
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc7989.txt')
-rw-r--r-- | doc/rfc/rfc7989.txt | 2523 |
1 files changed, 2523 insertions, 0 deletions
diff --git a/doc/rfc/rfc7989.txt b/doc/rfc/rfc7989.txt new file mode 100644 index 0000000..512d0a8 --- /dev/null +++ b/doc/rfc/rfc7989.txt @@ -0,0 +1,2523 @@ + + + + + + +Internet Engineering Task Force (IETF) P. Jones +Request for Comments: 7989 G. Salgueiro +Obsoletes: 7329 C. Pearce +Category: Standards Track P. Giralt +ISSN: 2070-1721 Cisco Systems, Inc. + October 2016 + + + End-to-End Session Identification in + IP-Based Multimedia Communication Networks + +Abstract + + This document describes an end-to-end session identifier for use in + IP-based multimedia communication systems that enables endpoints, + intermediary devices, and management systems to identify a session + end-to-end, associate multiple endpoints with a given multipoint + conference, track communication sessions when they are redirected, + and associate one or more media flows with a given communication + session. While the identifier is intended to work across multiple + protocols, this document describes its usage in the Session + Initiation Protocol (SIP). + + This document also describes a backwards-compatibility mechanism for + an existing session identifier implementation (RFC 7329) that is + sufficiently different from the procedures defined in this document. + + This document obsoletes RFC 7329. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc7989. + + + + + + + + + +Jones, et al. Standards Track [Page 1] + +RFC 7989 End-To-End Session ID October 2016 + + +Copyright Notice + + Copyright (c) 2016 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 2] + +RFC 7989 End-To-End Session ID October 2016 + + +Table of Contents + + 1. Introduction ....................................................4 + 2. Conventions Used in This Document ...............................5 + 3. Session Identifier Definitions, Requirements, and Use Cases .....5 + 4. Constructing and Conveying the Session Identifier ...............5 + 4.1. Constructing the Session Identifier ........................5 + 4.2. Conveying the Session Identifier ...........................6 + 5. The Session-ID Header Field .....................................8 + 6. Endpoint Behavior ...............................................9 + 7. Processing by Intermediaries ...................................11 + 8. Handling of Remote UUID Changes ................................14 + 9. Associating Endpoints in a Multipoint Conference ...............16 + 10. Examples of Various Call Flow Operations ......................17 + 10.1. Basic Call with Two UUIDs ................................18 + 10.2. Basic Call Transfer Using REFER ..........................22 + 10.3. Basic Call Transfer Using Re-INVITE ......................24 + 10.4. Single Focus Conferencing ................................26 + 10.5. Single Focus Conferencing Using a Web-Based + Conference Service .......................................28 + 10.6. Cascading Conference Bridges .............................30 + 10.6.1. Establishing a Cascaded Conference ................30 + 10.6.2. Calling Into Cascaded Conference Bridges ..........31 + 10.7. Basic 3PCC for Two UAs ...................................33 + 10.8. Handling in 100 Trying SIP Response and CANCEL Request ...33 + 10.8.1. Handling in a 100 Trying SIP Response .............34 + 10.8.2. Handling a CANCEL SIP Request .....................35 + 10.9. Out-of-Dialog REFER Transaction ..........................36 + 11. Compatibility with a Previous Implementation ..................37 + 12. Security and Privacy Considerations ...........................39 + 13. IANA Considerations ...........................................40 + 13.1. Registration of the "Session-ID" Header Field ............40 + 13.2. Registration of the "remote" Parameter ...................40 + 14. References ....................................................41 + 14.1. Normative References .....................................41 + 14.2. Informative References ...................................42 + Acknowledgements ..................................................44 + Dedication ........................................................44 + Authors' Addresses ................................................45 + + + + + + + + + + + + +Jones, et al. Standards Track [Page 3] + +RFC 7989 End-To-End Session ID October 2016 + + +1. Introduction + + IP-based multimedia communication systems, such as Session Initiation + Protocol (SIP) [RFC3261] and [H.323], have the concept of a "call + identifier" that is globally unique. The identifier is intended to + represent an end-to-end communication session from the originating + device to the terminating device. Such an identifier is useful for + troubleshooting, session tracking, and so forth. + + For several reasons, however, the current call identifiers defined in + SIP and H.323 are not suitable for end-to-end session identification. + A fundamental issue in protocol interworking is the fact that the + syntax for the call identifier in SIP and H.323 is different. Thus, + if both protocols are used in a call, it is impossible to exchange + the call identifier end-to-end. + + Another reason why the current call identifiers are not suitable to + identify a session end-to-end is that, in real-world deployments, + devices such as session border controllers [RFC7092] often change the + session signaling, including the value of the call identifier, as it + passes through the device. While this is deliberate and useful, it + makes it very difficult to track a session end-to-end. + + This document defines a new identifier, referred to as the "session + identifier", that is intended to overcome the issues that exist with + the currently defined call identifiers used in SIP and other IP-based + communication systems. The identifier defined here has been adopted + by the ITU ([H.460.27]) for use in H.323-based systems, allowing for + the ability to trace a session end-to-end for sessions traversing + both SIP and H.323-based systems. This document defines its use in + SIP. + + The procedures specified in this document attempt to comply with the + requirements specified in [RFC7206]. The procedures also specify + capabilities not mentioned in [RFC7206], shown in the call flows in + Section 10. Additionally, this specification attempts to account for + a previous, pre-standard version of a SIP session identifier header + [RFC7329], specifying a backwards-compatibility approach in + Section 11. + + + + + + + + + + + + +Jones, et al. Standards Track [Page 4] + +RFC 7989 End-To-End Session ID October 2016 + + +2. Conventions Used in This Document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119] when they + appear in ALL CAPS. These words may also appear in this document in + lowercase, absent their normative meanings. + + The term "session identifier" refers to the value of the identifier, + whereas "Session-ID" refers to the header field used to convey the + identifier. The session identifier is a set of two Universally + Unique Identifiers (UUIDs) and each element of that set is simply + referred to herein as a "UUID". + + Throughout this document, the term "endpoint" refers to a SIP User + Agent (UA) that either initiates or terminates a SIP session, such as + a user's mobile phone or a conference server, but excludes entities + such as Back-to-Back User Agents (B2BUAs) that are generally located + along the call-signaling path between endpoints. The term + "intermediary" refers to any entity along the call-signaling path + between the aforementioned endpoints, including B2BUAs and SIP + proxies. In certain scenarios, intermediaries are allowed to + originate and terminate SIP messages without an endpoint being part + of the session or transaction. An intermediary may be performing + interworking between different protocols (e.g., SIP and H.323) that + support the session identifier defined in this document. + +3. Session Identifier Definitions, Requirements, and Use Cases + + Requirements and use cases for the end-to-end session identifier, + along with the definition of "session identifier", "communication + session", and "end-to-end" can be found in [RFC7206]. Throughout + this document, the term "session" refers to a "communication session" + as defined in [RFC7206]. + + As mentioned in Section 6.1 of [RFC7206], the ITU-T undertook a + parallel effort to define compatible procedures for an H.323 session + identifier. They are documented in [H.460.27]. + +4. Constructing and Conveying the Session Identifier + +4.1. Constructing the Session Identifier + + The session identifier comprises two UUIDs [RFC4122], with each UUID + representing one of the endpoints participating in the session. + + + + + + +Jones, et al. Standards Track [Page 5] + +RFC 7989 End-To-End Session ID October 2016 + + + The version number in the UUID indicates the manner in which the UUID + is generated, such as using random values or using the Media Access + Control (MAC) address of the endpoint. To satisfy the requirement + that no user or device information be conveyed, endpoints MUST + generate version 4 (random) or version 5 (SHA-1) UUIDs to address + privacy concerns related to the use of MAC addresses in UUIDs. + + When generating a version 5 UUID, endpoints or intermediaries MUST + utilize the procedures defined in Section 4.3 of [RFC4122] and employ + the following "namespace ID": + + uuid_t NameSpace_SessionID = { + /* a58587da-c93d-11e2-ae90-f4ea67801e29 */ + 0xa58587da, + 0xc93d, + 0x11e2, + 0xae, 0x90, 0xf4, 0xea, 0x67, 0x80, 0x1e, 0x29 + }; + + Further, the "name" to utilize for version 5 UUIDs is the + concatenation of the Call-ID header-value and the "tag" parameter + that appears on the "From" or "To" line associated with the device + for which the UUID is created. Once an endpoint generates a UUID for + a session, the UUID never changes, even if values originally used as + input into its construction change over time. + + Stateless intermediaries that insert a Session-ID header field into a + SIP message on behalf of an endpoint MUST utilize version 5 UUIDs to + ensure that UUIDs for the communication session are consistently + generated. If a stateless intermediary does not know the tag value + for the endpoint (e.g., a new INVITE request without a To: tag value + or an older SIP implementation [RFC2543] that did not include a "tag" + parameter), the intermediary MUST NOT attempt to generate a UUID for + that endpoint. Note that, if an intermediary is stateless and the + endpoint on one end of the call is replaced with another endpoint due + to some service interaction, the values used to create the UUID + should change and, if so, the intermediary will compute a different + UUID. + +4.2. Conveying the Session Identifier + + The SIP User Agent (UA) initiating a new session by transmitting a + SIP request ("Alice"), i.e., a User Agent Client (UAC), MUST create a + new, previously unused UUID and transmit that to the ultimate + destination UA ("Bob"). Likewise, the destination UA ("Bob"), i.e., + a User Agent Server (UAS), MUST create a new, previously unused UUID + and transmit that to the first UA ("Alice"). These two distinct + UUIDs form what is referred to as the "session identifier" and is + + + +Jones, et al. Standards Track [Page 6] + +RFC 7989 End-To-End Session ID October 2016 + + + represented in this document in set notation of the form {A,B}, where + "A" is UUID value created by UA "Alice" and "B" is the UUID value + created by UA "Bob". The session identifier {A,B} is equal to the + session identifier {B,A}. Section 6 describes how the UUIDs selected + by the source and destination UAs persist for the duration of the + session. + + In the case where only one UUID is known, such as when a UA first + initiates a potentially dialog-initiating SIP request, the session + identifier would be {A,N}, where "A" represents the UUID value + transmitted by the UA "Alice", and "N" is what is referred to as the + "nil UUID" [RFC4122] (see Section 5 of this document). + + Since SIP sessions are subject to any number of service interactions, + SIP INVITE requests might be forked as sessions are established, and + since conferences might be established or expanded with endpoints + calling in or the conference focus calling out, the construction of + the session identifier as a set of UUIDs is important. + + To understand this better, consider that an endpoint participating in + a communication session might be replaced with another, such as the + case where two "legs" of a call are joined together by a Private + Branch Exchange (PBX). Suppose "Alice" and "Bob" both call UA "C" + ("Carol"). There would be two distinctly identifiable session + identifiers, namely {A,C} and {B,C}. Then, suppose that "Carol" uses + a local PBX function to join the call between herself and "Alice" + with the call between herself and "Bob", resulting in a single + remaining call between "Alice" and "Bob". This merged call can be + identified using two UUID values assigned by each entity in the + communication session, namely {A,B} in this example. + + In the case of forking, "Alice" might send an INVITE request that + gets forked to several different endpoints. A means of identifying + each of these separate communication sessions is needed; since each + of the destination UAs will create its own UUID, each communication + session would be uniquely identified by the values {A, B1}, {A, B2}, + {A, B3}, and so on, where each of the Bn values refers to the UUID + created by the different UAs to which the SIP session is forked. + + For conferencing scenarios, it is also useful to have a two-part + session identifier where the conference focus specifies the same UUID + for each conference participant. This allows for correlation among + the participants in a single conference. For example, in a + conference with three participants, the session identifiers might be + {A,M}, {B,M}, and {C,M}, where "M" is assigned by the conference + focus. Only a conference focus will purposely utilize the same UUID + for more than one SIP session and, even then, such reuse MUST be + restricted to the participants in the same conference. + + + +Jones, et al. Standards Track [Page 7] + +RFC 7989 End-To-End Session ID October 2016 + + + How a device acting on session identifiers processes or utilizes the + session identifier is outside the scope of this document. However, + devices storing a session identifier in a log file SHOULD follow the + security considerations outlined in [RFC6872]. Note that the primary + intent of a session identifier is for troubleshooting; therefore, it + should be included in logs at rest that will be used for + troubleshooting purposes. + +5. The Session-ID Header Field + + This document replaces the definition of the "Session-ID" token that + was added to the definition of the element "message-header" in the + SIP message grammar by [RFC7329]. The Session-ID header is a single- + instance header. + + Each endpoint participating in a communication session has a + distinct, preferably locally generated UUID associated with it. The + endpoint's UUID value remains unchanged throughout the duration of + the communication session. Multipoint conferences can bridge + sessions from multiple endpoints and impose unique requirements + defined in Section 9. An intermediary MAY generate a UUID on behalf + of an endpoint that did not include a UUID of its own. + + The UUID values for each endpoint are inserted into the Session-ID + header field of all transmitted SIP messages. The Session-ID header + field has the following ABNF [RFC5234] syntax: + + session-id = "Session-ID" HCOLON session-id-value + + session-id-value = local-uuid *(SEMI sess-id-param) + + local-uuid = sess-uuid / nil + + remote-uuid = sess-uuid / nil + + sess-uuid = 32(DIGIT / %x61-66) ;32 chars of [0-9a-f] + + sess-id-param = remote-param / generic-param + + remote-param = "remote" EQUAL remote-uuid + + nil = 32("0") + + The productions "SEMI", "EQUAL", and "generic-param" are defined in + [RFC3261]. The production DIGIT is defined in [RFC5234]. + + + + + + +Jones, et al. Standards Track [Page 8] + +RFC 7989 End-To-End Session ID October 2016 + + + The Session-ID header field MUST NOT have more than one "remote" + parameter. In the case where an entity compliant with this + specification is interworking with an entity that implemented a + session identifier as defined in [RFC7329], the "remote" parameter + may be absent; otherwise, the "remote" parameter MUST be present. + The details under which those conditions apply are described in + Section 11. Except for backwards compatibility with [RFC7329], the + "remote" parameter MUST be present. + + A special nil UUID value composed of 32 zeros is required in certain + situations. A nil UUID is expected as the "remote-uuid" of every + initial standard SIP request since the initiating endpoint would not + initially know the UUID value of the remote endpoint. This nil value + will get replaced by the ultimate destination UAS when that UAS + generates a response message. One caveat is explained in Section 11 + for a possible backwards-compatibility case. A nil UUID value is + also returned by some intermediary devices that send provisional or + other responses as the "local-uuid" component of the Session-ID + header field value, as described in Section 7. + + The "local-uuid" in the Session-ID header field represents the UUID + value of the endpoint transmitting a message and the "remote-uuid" in + the Session-ID header field represents the UUID of the endpoint's + peer. For example, a Session-ID header field might appear like this: + + Session-ID: ab30317f1a784dc48ff824d0d3715d86; + remote=47755a9de7794ba387653f2099600ef2 + + While this is the general form of the Session-ID header field, + exceptions to syntax and procedures are detailed in subsequent + sections. + + The UUID values are presented as strings of lowercase hexadecimal + characters, with the most significant octet of the UUID appearing + first. + +6. Endpoint Behavior + + To comply with this specification, endpoints (non-intermediaries) + MUST include a Session-ID header field value in all SIP messages + transmitted as a part of a communication session. The locally + generated UUID of the transmitter of the message MUST appear in the + "local-uuid" portion of the Session-ID header field value. The UUID + of the peer device, if known, MUST appear as the "remote" parameter + following the transmitter's UUID. The nil UUID value MUST be used if + the peer device's UUID is not known. + + + + + +Jones, et al. Standards Track [Page 9] + +RFC 7989 End-To-End Session ID October 2016 + + + Once an endpoint allocates a UUID value for a communication session, + the endpoint originating the request MUST NOT change that UUID value + for the duration of the session, including when: + + o communication attempts are retried due to receipt of 4xx messages + or request timeouts; + + o the session is redirected in response to a 3xx message; + + o a session is transferred via a REFER message [RFC3515]; or + + o a SIP dialog is replaced via an INVITE request with Replaces + [RFC3891]. + + An endpoint that receives a Session-ID header field MUST take note of + any non-nil "local-uuid" value that it receives and assume that is + the UUID of the peer endpoint within that communication session. + Endpoints MUST include this received UUID value as the "remote" + parameter when transmitting subsequent messages, making sure not to + change this UUID value in the process of moving the value internally + from the "local-uuid" field to the "remote-uuid" field. + + If an endpoint receives a 3xx message, a REFER that directs the + endpoint to a different peer, or an INVITE request with Replaces that + also potentially results in communicating with a new peer, the + endpoint MUST complete any message exchanges with its current peer + using the existing session identifier, but it MUST NOT use the + current peer's UUID value when sending the first message to what it + believes may be a new peer endpoint (even if the exchange results in + communicating with the same physical or logical entity). The + endpoint MUST retain its own UUID value, however, as described above. + + It should be noted that messages received by an endpoint might + contain a "local-uuid" value that does not match what the endpoint + expected its peer's UUID to be. It is also possible for an endpoint + to receive a "remote-uuid" value that does not match its generated + UUID for the session. Either might happen as a result of service + interactions by intermediaries and MUST NOT affect how the endpoint + processes the session; however, the endpoint may log this event for + troubleshooting purposes. + + An endpoint MUST assume that the UUID value of the peer endpoint may + change at any time due to service interactions. Section 8 discusses + how endpoints must handle remote UUID changes. + + It is also important to note that if an intermediary in the network + forks a session, the endpoint initiating a session may receive + multiple responses back from different endpoints, each of which + + + +Jones, et al. Standards Track [Page 10] + +RFC 7989 End-To-End Session ID October 2016 + + + contains a different UUID ("local-uuid") value. Endpoints MUST + ensure that the correct UUID value is returned in the "remote" + parameter when interacting with each endpoint. The one exception is + when the endpoint sends a CANCEL request, in which case the Session- + ID header field value MUST be identical to the Session-ID header + field value sent in the original request. + + If an endpoint receives a message that does not contain a Session-ID + header field, that message must have no effect on what the endpoint + believes is the UUID value of the remote endpoint. That is, the + endpoint MUST NOT change the internally maintained "remote-uuid" + value for the peer. + + If an endpoint receives a SIP response with a non-nil "local-uuid" + that is not 32 octets long, this response comes from a misbehaving + implementation, and its Session-ID header field MUST be discarded. + That said, the response might still be valid according to the rules + within SIP [RFC3261], and it SHOULD be checked further. + + A Multipoint Control Unit (MCU) is a special type of conferencing + endpoint and is discussed in Section 9. + +7. Processing by Intermediaries + + The following applies only to an intermediary that wishes to comply + with this specification and does not impose a conformance requirement + on intermediaries that elect not to provide any special treatment for + the Session-ID header field. Intermediaries that do not comply with + this specification might pass the header unchanged or drop it + entirely. + + The Call-ID often reveals personal, device, domain, or other + sensitive information associated with a user, which is one reason why + intermediaries, such as session border controllers, sometimes alter + the Call-ID. In order to ensure the integrity of the end-to-end + session identifier, it is constructed in a way that does not reveal + such information, removing the need for intermediaries to alter it. + + When an intermediary receives messages from one endpoint in a + communication session that causes the transmission of one or more + messages toward the second endpoint in a communication session, the + intermediary MUST include the Session-ID header field in the + transmitted messages with the same UUID values found in the received + message, except as outlined in this section and in Section 8. + + If the intermediary aggregates several responses from different + endpoints, as described in Section 16.7 of [RFC3261], the + intermediary MUST set the local-uuid field to the nil UUID value when + + + +Jones, et al. Standards Track [Page 11] + +RFC 7989 End-To-End Session ID October 2016 + + + forwarding the aggregated response to the endpoint since the true + UUID value of the peer is undetermined at that point. Note that an + intermediary that does not implement this specification might forward + a non-nil value, resulting in the originating endpoint receiving + different UUID values in the responses. It is possible for this to + result in the endpoint temporarily using the wrong remote UUID. + Subsequent messages in the dialog should resolve the temporary + mismatch as long as the endpoint follows the rules outlined in + Section 8 dealing with the handling of remote UUID changes. + + Intermediary devices that transfer a call, such as by joining + together two different "call legs", MUST properly construct a + Session-ID header field that contains the UUID values associated with + the endpoints involved in the joined session and correct placement of + those values. As described in Section 6, the endpoint receiving a + message transmitted by the intermediary will assume that the first + UUID value belongs to its peer endpoint. + + If an intermediary receives a SIP message without a Session-ID header + field or valid header field value from an endpoint for which the + intermediary is not storing a "remote-uuid" value, the intermediary + MAY assign a "local-uuid" value to represent that endpoint and, + having done so, MUST insert that assigned value into all signaling + messages on behalf of the endpoint for that dialog. In effect, the + intermediary becomes dialog-stateful, and it MUST follow the endpoint + procedures in Section 6 with respect to Session-ID header field value + treatment with itself acting as the endpoint (for the purposes of the + Session-ID header field) for which it inserted a component into the + Session-ID header field value. If the intermediary is aware of the + UUID value that identifies the endpoint to which a message is + directed, it MUST insert that UUID value into the Session-ID header + field value as the "remote-uuid" value. If the intermediary is + unaware of the UUID value that identifies the receiving endpoint, it + MUST use the nil UUID value as the "remote-uuid" value. + + If an intermediary receives a SIP message without a Session-ID header + field or a valid Session-ID header field value from an endpoint for + which the intermediary has previously received a Session-ID and is + storing a "remote-uuid" value for that endpoint, the lack of a + Session-ID must have no effect on what the intermediary believes is + the UUID value of the endpoint. That is, the intermediary MUST NOT + change the internally maintained "remote-uuid" value for the peer. + + When an intermediary originates a response, such as a provisional + response or a response to a CANCEL request, the "remote-uuid" field + will contain the UUID value of the receiving endpoint. When the UUID + of the peer endpoint is known, the intermediary MUST insert the UUID + of the peer endpoint in the "local-uuid" field of the header value. + + + +Jones, et al. Standards Track [Page 12] + +RFC 7989 End-To-End Session ID October 2016 + + + Otherwise, the intermediary MAY set the "local-uuid" field of the + header value to the "nil" UUID value. + + When an intermediary originates a request message without first + having received a SIP message that triggered the transmission of the + message (e.g., sending a BYE message to terminate a call for policy + reasons), the intermediary MUST, if it has knowledge of the UUID + values for the two communicating endpoints, insert a Session-ID + header field with the "remote-uuid" field of the header value set to + the UUID value of the receiving endpoint and the "local-uuid" field + of the header value set to the UUID value of the other endpoint. + When the intermediary does not have knowledge of the UUID value of an + endpoint in the communication session, the intermediary SHOULD set + the unknown UUID value(s) to the "nil" UUID value. (If both are + unknown, the Session-ID header value SHOULD NOT be included at all, + since it would have no practical value.) + + With respect to the previous two paragraphs, note that if an + intermediary transmits a "nil" UUID value, the receiving endpoint + might use that value in subsequent messages it sends. This + effectively violates the requirement of maintaining an end-to-end + session identifier value for the communication session if a UUID for + the peer endpoint had been previously conveyed. Therefore, an + intermediary MUST only send the "nil" UUID when the intermediary has + not communicated with the peer endpoint to learn its UUID. This + means that intermediaries SHOULD maintain state related to the UUID + values for both ends of a communication session if it intends to + originate messages (versus merely conveying messages). An + intermediary that does not maintain this state and that originates a + message as described in the previous two paragraphs MUST NOT insert a + Session-ID header field in order to avoid unintended, incorrect + reassignment of a UUID value. + + The Session-ID header field value included in a CANCEL request MUST + be identical to the Session-ID header field value included in the + corresponding request being cancelled. + + If a SIP intermediary initiates a dialog between two endpoints in a + third-party call control (3PCC [RFC3725]) scenario, the initial + INVITE request will have a non-nil, locally fabricated "local-uuid" + value; call this temporary UUID "X". The request will still have a + nil "remote-uuid" value; call this value "N". The SIP server MUST be + transaction-stateful. The UUID pair in the INVITE request will be + {X,N}. A 1xx or 2xx response will have a UUID pair {A,X}. This + transaction-stateful, dialog-initiating SIP server MUST replace its + own UUID, i.e.,"X", with a nil UUID (i.e., {A,N}) in the INVITE + request sent towards the other UAS as expected (see Section 10.7 for + an example). + + + +Jones, et al. Standards Track [Page 13] + +RFC 7989 End-To-End Session ID October 2016 + + + Intermediaries that manipulate messages containing a Session-ID + header field SHOULD be aware of what UUID values it last sent towards + an endpoint and, following any kind of service interaction initiated + or affected by the intermediary, what UUID values the receiving + endpoint should have knowledge of to ensure that both endpoints in + the session have the correct and same UUID values. If an + intermediary can determine that an endpoint might not have received a + current, correct Session-ID field, the intermediary SHOULD attempt to + provide the correct Session-ID header field to the endpoint such as + by sending a re-INVITE request. Failure to take such measures may + make troubleshooting more difficult because of the mismatched + identifiers; therefore, it is strongly advised that intermediaries + attempt to provide the correct session identifier if able to do so. + + If an intermediary receives a SIP response with a non-nil "local- + uuid" that is not 32 octets long, this response comes from a + misbehaving implementation, and its Session-ID header field MUST be + discarded. That said, the response might still be valid according to + the rules within SIP [RFC3261], and it SHOULD be checked further. + + An intermediary MUST assume that the UUID value of session peers may + change at any time due to service interactions and MAY itself change + UUID values for sessions under its control to ensure that end-to-end + session identifiers are consistent for all participants in a session. + Section 8 discusses how intermediaries must handle remote UUID + changes if they maintain state of the session identifier. + + An intermediary may perform protocol interworking between different + IP-based communications systems, e.g., interworking between H.323 and + SIP. If the intermediary supports the session identifier for both + protocols for which it is interworking, it SHOULD pass the identifier + between the two call legs to maintain an end-to-end identifier, + regardless of protocol. + +8. Handling of Remote UUID Changes + + It is desirable to have all endpoints and intermediaries involved in + a session agree upon the current session identifier when these + changes occur. Due to race conditions or certain interworking + scenarios, it is not always possible to guarantee session identifier + consistency; however, in an attempt to ensure the highest likelihood + of consistency, all endpoints and intermediaries involved in a + session MUST accept a peer's new UUID under the following conditions: + + + + + + + + +Jones, et al. Standards Track [Page 14] + +RFC 7989 End-To-End Session ID October 2016 + + + o When an endpoint or intermediary receives a mid-dialog request + containing a new UUID from a peer, all responses to that request + MUST contain the new UUID value as the "remote" parameter unless a + subsequent successful transaction (for example, an UPDATE) + contains a different UUID, in which case, the newest UUID MUST be + used. + + o If an endpoint or intermediary sends a successful (2xx) or + redirection (3xx) response to the request containing the new UUID + value, the endpoint or intermediary MUST accept the peer's UUID + and include this new UUID as the "remote" parameter for any + subsequent messages unless the UUID from a subsequent transaction + has already been accepted. The one exception is a CANCEL request, + as outlined below. + + o If the endpoint or intermediary sends a failure (4xx, 5xx, or 6xx) + response, it MUST NOT accept the new UUID value and any subsequent + messages MUST contain the previously stored UUID value in the + "remote" parameter for any subsequent message. Note that the + failure response itself will contain the new UUID value from the + request in the "remote" parameter. + + o When an endpoint or intermediary receives an ACK for a successful + (2xx) or redirection (3xx) response with a new UUID value, it MUST + accept the peer's new UUID value and include this new UUID as the + "remote" parameter for any subsequent messages. If the ACK is for + a failure (4xx, 5xx, or 6xx) response, the new value MUST NOT be + used. + + o As stated in Sections 6 and 7, the Session-ID header field value + included in a CANCEL request MUST be identical to the Session-ID + header field value included in the corresponding INVITE request. + Upon receiving a CANCEL request, an endpoint or intermediary would + normally send a 487 Request Terminated response (see + Section 15.1.2 of [RFC3261]) which, by the rules outlined above, + would result in the endpoint or intermediary not storing any UUID + value contained in the CANCEL request. Section 3.8 of [RFC6141] + specifies conditions where a CANCEL request can result in a 2xx + response. Because a CANCEL request is not passed end-to-end and + will always contain the UUID from the original INVITE request, + retaining a new UUID value received in a CANCEL request may result + in inconsistency with the Session-ID value stored on the endpoints + and intermediaries involved in the session. To avoid this + situation, an endpoint or intermediary MUST NOT accept the new + UUID value received in a CANCEL request and any subsequent + messages MUST contain the previously stored UUID value in the + + + + + +Jones, et al. Standards Track [Page 15] + +RFC 7989 End-To-End Session ID October 2016 + + + "remote" parameter". Note that the response to the CANCEL request + will contain the UUID value from the CANCEL request in the + "remote" parameter. + + o When an endpoint or intermediary receives a response containing a + new UUID from a peer, the endpoint or intermediary MUST accept the + new UUID as the peer's UUID and include this new UUID as the + "remote" parameter for any subsequent messages. + + When an intermediary accepts a new UUID from a peer, the intermediary + SHOULD attempt to provide the correct Session-ID header field to + other endpoints involved in the session, for example, by sending a + re-INVITE request. If an intermediary receives a message with a + "remote" parameter in the session identifier that does not match the + updated UUID, the intermediary MUST update the "remote" parameter + with the latest stored UUID. + + If an intermediary is performing interworking between two different + protocols that both support the session identifier defined in this + document (e.g., SIP to H.323), UUID changes SHOULD be communicated + between protocols to maintain the end-to-end session identifier. + +9. Associating Endpoints in a Multipoint Conference + + Multipoint Control Units (MCUs) group two or more sessions into a + single multipoint conference and have a conference focus responsible + for maintaining the dialogs connected to it [RFC4353]. MCUs, + including cascaded MCUs, MUST utilize the same UUID value ("local- + uuid" portion of the Session-ID header field value) with all + participants in the conference. In so doing, each individual session + in the conference will have a unique session identifier (since each + endpoint will create a unique UUID of its own), but will also have + one UUID in common with all other participants in the conference. + + When creating a cascaded conference, an MCU MUST convey the UUID + value to be utilized for a conference via the "local-uuid" portion of + the Session-ID header field value in an INVITE request to a second + MCU when using SIP to establish the cascaded conference. A + conference bridge, or MCU, needs a way to identify itself when + contacting another MCU. [RFC4579] defines the "isfocus" Contact + header field value parameter just for this purpose. The initial MCU + MUST include the UUID of that particular conference in the "local- + uuid" of an INVITE request to the other MCU(s) participating in that + conference. Also included in this INVITE request is an "isfocus" + Contact header field value parameter identifying that this INVITE + request is coming from an MCU, and that this UUID is to be given out + in all responses from endpoints into those MCUs participating in this + + + + +Jones, et al. Standards Track [Page 16] + +RFC 7989 End-To-End Session ID October 2016 + + + same conference. This ensures that a single UUID is common across + all participating MCUs of the same conference, but that it is unique + between different conferences. + + In the case where two existing conferences are joined, there should + be a session between the two MCUs where the session identifier is + comprised of the UUID values of the two conferences. This session + identifier can be used to correlate the sessions between participants + in the joined conference. This specification does not impose any + additional requirements when two existing conferences are joined. + + Intermediary devices or network-diagnostic equipment might assume + that when they see two or more sessions with different session + identifiers but with one UUID in common, the sessions are part of the + same conference. However, the assumption that two sessions having + one common UUID being part of the same conference is not always + correct. In a SIP-forking scenario, for example, there might also + exist what appears to be multiple sessions with a shared UUID value; + this is intended. The desire is to allow for the association of + related sessions, regardless of whether a session is forked or part + of a conference. + +10. Examples of Various Call Flow Operations + + Seeing something frequently makes understanding easier. With that in + mind, this section includes several call flow examples with the + initial UUID and the complete session identifier indicated per + message, as well as examples of when the session identifier changes + according to the rules within this document during certain + operations/functions. + + This section is for illustrative purposes only and is non-normative. + In the following flows, "RTP" refers to the Real-time Transport + Protocol [RFC3550]. + + In the examples in this section, "N" represents a nil UUID and other + letters represent the unique UUID values corresponding to endpoints + or MCUs. + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 17] + +RFC 7989 End-To-End Session ID October 2016 + + +10.1. Basic Call with Two UUIDs + + Session-ID + --- Alice B2BUA Bob Carol + {A,N} |---INVITE F1--->| | + {A,N} | |---INVITE F2--->| + {B,A} | |<---200 OK F3---| + {B,A} |<---200 OK F4---| | + {A,B} |-----ACK F5---->| | + {A,B} | |-----ACK F6---->| + |<==============RTP==============>| + + Figure 1: Session-ID Creation When Alice Calls Bob + + General operation of this example: + + o UA-Alice populates the "local-uuid" portion of the Session-ID + header field value. + + o UA-Alice sends its UUID in the SIP INVITE request and populates + the "remote" parameter with a nil value (32 zeros). + + o The B2BUA receives an INVITE request with both a "local-uuid" + portion of the Session-ID header field value from UA-Alice as well + as the nil "remote-uuid" value and transmits the INVITE request + towards UA-Bob with an unchanged Session-ID header field value. + + o UA-Bob receives the Session-ID and generates its "local-uuid" + portion of the Session-ID header field value UUID to construct the + whole/complete Session-ID header field value, at the same time + transferring UA-Alice's UUID unchanged to the "remote-uuid" + portion of the Session-ID header field value in the 200 OK SIP + response. + + o The B2BUA receives the 200 OK response with a complete Session-ID + header field value from UA-Bob and transmits the 200 OK response + towards UA-Alice with an unchanged Session-ID header field value. + + o UA-Alice, upon reception of the 200 OK from the B2BUA, transmits + the ACK towards the B2BUA. The construction of the Session-ID + header field in this ACK is that of UA-Alice's UUID is the "local- + uuid", and UA-Bob's UUID populates the "remote-uuid" portion of + the header-value. + + o The B2BUA receives the ACK with a complete Session-ID header field + from UA-Alice and transmits the ACK towards UA-Bob with an + unchanged Session-ID header field value. + + + + +Jones, et al. Standards Track [Page 18] + +RFC 7989 End-To-End Session ID October 2016 + + + Below is a SIP message exchange illustrating proper use of the + Session-ID header field. For the sake of brevity, non-essential + headers and message bodies are omitted. + + + F1 INVITE Alice -> B2BUA + + INVITE sip:bob@biloxi.example.com SIP/2.0 + Via: SIP/2.0/UDP pc33.atlanta.example.com + ;branch=z9hG4bK776asdhds + Max-Forwards: 70 + To: Bob <sip:bob@biloxi.example.com> + From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 + Call-ID: a84b4c76e66710@pc33.atlanta.example.com + Session-ID: ab30317f1a784dc48ff824d0d3715d86 + ;remote=00000000000000000000000000000000 + CSeq: 314159 INVITE + Contact: <sip:alice@pc33.atlanta.example.com> + Content-Type: application/sdp + Content-Length: 142 + + (Alice's SDP not shown) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 19] + +RFC 7989 End-To-End Session ID October 2016 + + + F2 INVITE B2BUA -> Bob + + INVITE sip:bob@192.168.10.20 SIP/2.0 + Via: SIP/2.0/UDP server10.biloxi.example.com + ;branch=z9hG4bK4b43c2ff8.1 + Via: SIP/2.0/UDP pc33.atlanta.example.com + ;branch=z9hG4bK776asdhds;received=10.1.3.33 + Max-Forwards: 69 + To: Bob <sip:bob@biloxi.example.com> + From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 + Call-ID: a84b4c76e66710@pc33.atlanta.example.com + Session-ID: ab30317f1a784dc48ff824d0d3715d86 + ;remote=00000000000000000000000000000000 + CSeq: 314159 INVITE + Contact: <sip:alice@pc33.atlanta.example.com> + Record-Route: <sip:server10.biloxi.example.com;lr> + Content-Type: application/sdp + Content-Length: 142 + + (Alice's SDP not shown) + + + F3 200 OK Bob -> B2BUA + + SIP/2.0 200 OK + Via: SIP/2.0/UDP server10.biloxi.example.com + ;branch=z9hG4bK4b43c2ff8.1;received=192.168.10.1 + Via: SIP/2.0/UDP pc33.atlanta.example.com + ;branch=z9hG4bK776asdhds;received=10.1.3.33 + To: Bob <sip:bob@biloxi.example.com>;tag=a6c85cf + From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 + Call-ID: a84b4c76e66710@pc33.atlanta.example.com + Session-ID: 47755a9de7794ba387653f2099600ef2 + ;remote=ab30317f1a784dc48ff824d0d3715d86 + CSeq: 314159 INVITE + Contact: <sip:bob@192.168.10.20> + Record-Route: <sip:server10.biloxi.example.com;lr> + Content-Type: application/sdp + Content-Length: 131 + + (Bob's SDP not shown) + + + + + + + + + + +Jones, et al. Standards Track [Page 20] + +RFC 7989 End-To-End Session ID October 2016 + + + F4 200 OK B2BUA -> Alice + + SIP/2.0 200 OK + Via: SIP/2.0/UDP pc33.atlanta.example.com + ;branch=z9hG4bK776asdhds;received=10.1.3.33 + To: Bob <sip:bob@biloxi.example.com>;tag=a6c85cf + From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 + Call-ID: a84b4c76e66710@pc33.atlanta.example.com + Session-ID: 47755a9de7794ba387653f2099600ef2 + ;remote=ab30317f1a784dc48ff824d0d3715d86 + CSeq: 314159 INVITE + Contact: <sip:bob@192.168.10.20> + Record-Route: <sip:server10.biloxi.example.com;lr> + Content-Type: application/sdp + Content-Length: 131 + + (Bob's SDP not shown) + + + F5 ACK Alice -> B2BUA + + ACK sip:bob@192.168.10.20 SIP/2.0 + Via: SIP/2.0/UDP pc33.atlanta.example.com + ;branch=z9hG4bKnashds8 + Route: <sip:server10.biloxi.example.com;lr> + Max-Forwards: 70 + To: Bob <sip:bob@biloxi.example.com>;tag=a6c85cf + From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 + Call-ID: a84b4c76e66710@pc33.atlanta.example.com + Session-ID: ab30317f1a784dc48ff824d0d3715d86 + ;remote=47755a9de7794ba387653f2099600ef2 + CSeq: 314159 ACK + Content-Length: 0 + + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 21] + +RFC 7989 End-To-End Session ID October 2016 + + + F6 ACK B2BUA -> Bob + + ACK sip:bob@192.168.10.20 SIP/2.0 + Via: SIP/2.0/UDP server10.biloxi.example.com + ;branch=z9hG4bK4b43c2ff8.2 + Via: SIP/2.0/UDP pc33.atlanta.example.com + ;branch=z9hG4bKnashds8;received=10.1.3.33 + Max-Forwards: 70 + To: Bob <sip:bob@biloxi.example.com>;tag=a6c85cf + From: Alice <sip:alice@atlanta.example.com>;tag=1928301774 + Call-ID: a84b4c76e66710@pc33.atlanta.example.com + Session-ID: ab30317f1a784dc48ff824d0d3715d86 + ;remote=47755a9de7794ba387653f2099600ef2 + CSeq: 314159 ACK + Content-Length: 0 + + + The remaining examples in this section do not display the complete + SIP message exchange. Instead, they simply use the set notation + described in Section 4.2 to show the session identifier exchange + throughout the particular call flow being illustrated. + +10.2. Basic Call Transfer Using REFER + + From the example built within Section 10.1, we proceed to this 'Basic + Call Transfer using REFER' example. Note that this is a mid-dialog + REFER in contrast with the out-of-dialog REFER in Section 10.9. + + + + + + + + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 22] + +RFC 7989 End-To-End Session ID October 2016 + + + Session-ID + --- Alice B2BUA Bob Carol + | | | | + |<==============RTP==============>| | + {B,A} | |<---re-INVITE---| | + {B,A} |<---re-INVITE---| (puts Alice on Hold) | + {A,B} |-----200 OK---->| | | + {A,B} | |-----200 OK---->| | + {B,A} | |<-----ACK-------| | + {B,A} |<-----ACK-------| | | + | | | | + {B,A} | |<----REFER------| | + {B,A} |<----REFER------| | | + {A,B} |-----200 OK---->| | | + {A,B} | |-----200 OK---->| | + {A,B} |-----NOTIFY---->| | | + {A,B} | |-----NOTIFY---->| | + {B,A} | |<----200 OK-----| | + {B,A} |<----200 OK-----| | | + | | | | + {A,N} |-----INVITE---->| | + {A,N} | |-----INVITE-------------------->| + {C,A} | |<----200 OK---------------------| + {C,A} |<----200 OK-----| | + {A,C} |------ACK------>| | + {A,C} | |------ACK---------------------->| + | | | | + |<======================RTP======================>| + | | | | + {A,B} |-----NOTIFY---->| | | + {A,B} | |-----NOTIFY---->| | + {B,A} | |<----200 OK-----| | + {B,A} |<----200 OK-----| | | + {B,A} | |<-----BYE-------| | + {B,A} |<-----BYE-------| | | + {A,B} |-----200 OK---->| | | + {A,B} | |-----200 OK---->| | + | | | | + + Figure 2: Call Transfer Using REFER + + + + + + + + + + + +Jones, et al. Standards Track [Page 23] + +RFC 7989 End-To-End Session ID October 2016 + + + General operation of this example: + + Starting from the existing Alice/Bob call described in Figure 1 of + this document, which established an existing Session-ID header field + value: + + o UA-Bob requests Alice to call Carol, using a REFER transaction, as + described in [RFC3515]. UA-Alice is initially put on hold, then + told in the REFER who to contact with a new INVITE, in this case + UA-Carol. This Alice-to-Carol dialog will have a new Call-ID; + therefore, it requires a new Session-ID header field value. The + wrinkle here is we can, and will, use Alice's UUID from her + existing dialog with Bob in the new INVITE request to Carol. + + o UA-Alice retains her UUID from the Alice-to-Bob call {A} when + requesting a call with UA-Carol. This is placed in the "local- + uuid" portion of the Session-ID header field value, at the same + time inserting a nil "remote-uuid" value (because Carol's UA has + not yet received the UUID value). This same UUID traverses the + B2BUA unchanged. + + o UA-Carol receives the INVITE request with a session identifier + UUID {A,N}, replaces the "A" UUID value into the "remote-uuid" + portion of the Session-ID header field value and creates its own + UUID {C}, and places this value in the "local-uuid" portion of the + Session-ID header field value, thereby removing the "N" (nil) + value altogether. This combination forms a full session + identifier {C,A} in the 200 OK to the INVITE. This Session-ID + header field traverses the B2BUA unchanged towards UA-Alice. + + o UA-Alice receives the 200 OK with the session identifier {C,A} and + responds to UA-Carol with an ACK (just as in Figure 1, this + switches the places of the two UUID fields), and generates a + NOTIFY request to Bob with a session identifier {A,B} indicating + that the call transfer was successful. + + o It does not matter which UA terminates the Alice-to-Bob call; + Figure 2 shows UA-Bob terminating the call. + +10.3. Basic Call Transfer Using Re-INVITE + + From the example built within Section 10.1, we proceed to this 'Basic + Call Transfer using re-INVITE' example. + + Alice is talking to Bob. Bob pushes a button on his phone to + transfer Alice to Carol via the B2BUA (using re-INVITE). + + + + + +Jones, et al. Standards Track [Page 24] + +RFC 7989 End-To-End Session ID October 2016 + + + Session-ID + --- Alice B2BUA Bob Carol + | | | | + |<==============RTP==============>| | + | | | | + | | <--- (non-standard signaling) | + {A,B} | |---re-INVITE--->| | + {B,A} | |<-----200 OK----| | + {A,B} | |-----ACK------->| | + | | | | + {A,N} | |-----INVITE-------------------->| + {C,A} | |<----200 OK---------------------| + {A,C} | |------ACK---------------------->| + | | | | + |<======================RTP======================>| + | | | | + {A,B} | |------BYE------>| | + {B,A} | |<----200 OK-----| | + | | | | + {C,A} |<--re-INVITE----| | | + {A,C} |----200 OK----->| | | + {C,A} |<-----ACK-------| | | + | (Suppose Alice modifies the session) | + {A,C} |---re-INVITE--->| | | + {A,C} | |---re-INVITE------------------->| + {C,A} | |<---200 OK----------------------| + {C,A} |<---200 OK------| | | + {A,C} |------ACK------>| | | + {A,C} | |------ACK---------------------->| + | | | | + + Figure 3: Call Transfer Using Re-INVITE + + General operation of this example: + + o We assume the call between Alice and Bob from Section 10.1 is + operational with session identifier {A,B}. + + o Bob uses non-standard signaling to the B2BUA to initiate a call + transfer from Alice to Carol. This could also be initiated via a + REFER message from Bob, but the signaling that follows might still + be similar to the above flow. In either case, Alice is completely + unaware of the call transfer until a future point in time when + Alice receives a message from Carol. + + o The B2BUA sends a re-INVITE request with the session identifier + {"local-uuid" = "A", "remote-uuid" = "B"} to renegotiate the + session with Bob. + + + +Jones, et al. Standards Track [Page 25] + +RFC 7989 End-To-End Session ID October 2016 + + + o The B2BUA sends a new INVITE request with Alice's UUID {"local- + uuid" = "A"} to Carol. + + o Carol receives the INVITE request and accepts the request and adds + her UUID {C} to the session identifier for this session {"local- + uuid" = "C", "remote-uuid" = "A"}. + + o The B2BUA then terminates the call to Bob with a BYE using the + session identifier {"local-uuid" = "A", "remote-uuid" = "B"}. + + o The B2BUA sends a re-INVITE request to Alice to update Alice's + view of the session identifier. + + o When Alice later attempts to modify the session with a re-INVITE, + Alice will send "remote-uuid" = "C" toward Carol because it had + previously received the updated UUID in the re-INVITE request from + the B2BUA. The B2BUA maintains the session identifier {"local- + uuid" = "A", "remote-uuid" = "C"}. Carol replies with the "local- + uuid" = "C", "remote-uuid" = "A" to reflect what was received in + the INVITE request (which Carol already knew from previous + exchanges with the B2BUA). Alice then includes "remote-uuid" = + "C" in the subsequent ACK message. + +10.4. Single Focus Conferencing + + Multiple users call into a conference server (for example, an MCU) to + attend one of many conferences hosted on or managed by that server. + Each user has to identify which conference they want to join, but + this information is not necessarily in the SIP messaging. It might + be done by having a dedicated address for the conference or via an + Interactive Voice Response (IVR), as assumed in this example and + depicted with the use of M1, M2, and M3. Each user in this example + goes through a two-step process of signaling to gain entry onto their + conference call, which the conference focus identifies as "M". + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 26] + +RFC 7989 End-To-End Session ID October 2016 + + + Session-ID Conference + --- Alice Focus Bob Carol + | | | | + | | | | + {A,N} |----INVITE----->| | | + {M1,A} |<---200 OK------| | | + {A,M1} |-----ACK------->| | | + |<====RTP=======>| | | + {M',A} |<---re-INVITE---| | | + {A,M'} |-----200 OK---->| | | + {M',A} |<-----ACK-------| | | + | | | | + | | | | + {B,N} | |<----INVITE-----| | + {M2,B} | |-----200 OK---->| | + {B,M2} | |<-----ACK-------| | + | |<=====RTP======>| | + {M',B} | |---re-INVITE--->| | + {B,M'} | |<----200 OK-----| | + {M',B} | |------ACK------>| | + | | | | + | | | | + {C,N} | |<--------------------INVITE-----| + {M3,C} | |---------------------200 OK---->| + {C,M3} | |<---------------------ACK-------| + | |<=====================RTP======>| + {M',C} | |-------------------re-INVITE--->| + {C,M'} | |<--------------------200 OK-----| + {M',C} | |----------------------ACK------>| + + Figure 4: Single Focus Conference Bridge + + General operation of this example: + + Alice calls into a conference server to attend a certain conference. + This is a two-step operation since Alice cannot include the + conference ID at this time and/or any passcode in the INVITE request. + The first step is Alice's UA calling another UA to participate in a + session. This will appear to be similar as the call flow in Figure 1 + (in Section 10.1). What is unique about this call is the second + step: the conference server sends a re-INVITE request with its second + UUID, but maintaining the UUID Alice sent in the first INVITE. This + subsequent UUID from the conference server will be the same for each + UA that calls into this conference server participating in this same + conference bridge/call, which is generated once Alice typically + authenticates and identifies which bridge she wants to participate + on. + + + + +Jones, et al. Standards Track [Page 27] + +RFC 7989 End-To-End Session ID October 2016 + + + o Alice sends an INVITE request to the conference server with her + UUID {A} and a "remote-uuid" = "N". + + o The conference server responds with a 200 OK response, which + replaces the "N" UUID with a temporary UUID ("M1") as the "local- + uuid" and a "remote-uuid" = "A". + + NOTE: this 'temporary' UUID is a real UUID; it is only temporary to + the conference server because it knows that it is going to generate + another UUID to replace the one just sent in the 200 OK response. + + o Once Alice, the user, gains access to the IVR for this conference + server, she enters a specific conference ID and whatever passcode + (if needed) to enter a specific conference call. + + o Once the conference server is satisfied Alice has identified which + conference she wants to attend (including any passcode + verification), the conference server re-INVITEs Alice to the + specific conference and includes the Session-ID header field value + component "local-uuid" = "M'" (and "remote-uuid" = "A") for that + conference. All valid participants in the same conference will + receive this same UUID for identification purposes and to better + enable monitoring and tracking functions. + + o Bob goes through this two-step process of an INVITE transaction, + followed by a re-INVITE transaction to get this same UUID ("M'") + for the conference. + + o In this example, Carol (and each additional user) goes through the + same procedures as Alice and Bob to get on this same conference. + +10.5. Single Focus Conferencing Using a Web-Based Conference Service + + Alice, Bob, and Carol call into the same web-based conference. Note + that this is one of many ways of implementing this functionality, and + it should not be construed as the preferred way of establishing a + web-based conference. + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 28] + +RFC 7989 End-To-End Session ID October 2016 + + + Session-ID Conference + --- Alice Focus Bob Carol + | | | | + |<** HTTPS *****>| | | + | Transaction | | | + | | | | + {M,N} |<----INVITE-----| | | + {A,M} |-----200 OK---->| | | + {M,A} |<-----ACK-------| | | + |<=====RTP======>| | | + | | | | + | |<** HTTPS *****>| | + | | Transaction | | + | | | | + {M,N} | |-----INVITE---->| | + {B,M} | |<----200 OK-----| | + {M,B} | |------ACK------>| | + | |<=====RTP======>| | + | | | | + | |<****************** HTTPS *****>| + | | Transaction | + | | | | + {M,N} | |--------------------INVITE----->| + {C,M} | |<-------------------200 OK------| + {M,C} | |---------------------ACK------->| + | |<====================RTP=======>| + + Figure 5: Single Focus Web-Based Conference + + General operation of this example: + + o Alice communicates with the web server that she wants to join a + certain meeting by using a meeting number and including UA-Alice's + contact information (phone number, URI, and/or IP address, etc.) + for each device she wants for this conference call. For example, + the audio and video (A/V) play-out devices could be separate + units. + + o The Conference Focus server sends the INVITE request (Session-ID + header field value components "local-uuid" = "M" and a remote UUID + of "N", where "M" equals the "local-uuid" for each participant on + this conference bridge) to UA-Alice to start a session with that + server for this A/V conference call. + + + + + + + + +Jones, et al. Standards Track [Page 29] + +RFC 7989 End-To-End Session ID October 2016 + + + o Upon receiving the INVITE request from the conference focus + server, Alice responds with a 200 OK. Her UA moves the "local- + uuid" unchanged into the "remote-uuid" field, generates her own + UUID, and places that into the "local-uuid" field to complete the + Session-ID construction. + + o Bob and Carol perform same function to join this same A/V + conference call as Alice. + +10.6. Cascading Conference Bridges + +10.6.1. Establishing a Cascaded Conference + + Expanding conferencing capabilities requires cascading conference + bridges. A conference bridge, or MCU, needs a way to identify itself + when contacting another MCU. [RFC4579] defines the "isfocus" Contact + header field value parameter just for this purpose. + + + Session-ID + --- MCU-1 MCU-2 MCU-3 MCU-4 + | | | | + {M',N} |----INVITE----->| | | + {J,M'} |<---200 OK------| | | + {M',J} |-----ACK------->| | | + + Figure 6: MCUs Communicating Session Identifier UUID for Bridge + + Regardless of which MCU (1 or 2) a UA contacts for this conference, + once the above exchange has been received and acknowledged, the UA + will get the same {M',N} UUID pair from the MCU for the complete + session identifier. + + A more complex form would be a series of MCUs all being informed of + the same UUID to use for a specific conference. This series of MCUs + can be informed in one of two ways: + + o All by one MCU (that initially generates the UUID for the + conference). + + o The MCU that generates the UUID informs one or several MCUs of + this common UUID, and then they inform downstream MCUs of this + common UUID that each will be using for this one conference. + + + + + + + + +Jones, et al. Standards Track [Page 30] + +RFC 7989 End-To-End Session ID October 2016 + + + Session-ID + --- MCU-1 MCU-2 MCU-3 MCU-4 + | | | | + {M',N} |----INVITE----->| | | + {J,M'} |<---200 OK------| | | + {M',J} |-----ACK------->| | | + | | | | + {M',N} |---------------------INVITE----->| | + {K,M'} |<--------------------200 OK------| | + {M',K} |----------------------ACK------->| | + | | | | + {M',N} |-------------------------------------INVITE----->| + {L,M'} |<------------------------------------200 OK------| + {M',L} |--------------------------------------ACK------->| + + Figure 7: MCU Communicating + Session Identifier UUID to More Than One MCU + + General operation of this example: + + o The MCU generating the session identifier UUID communicates this + in a separate INVITE, having a Contact header with the "isfocus" + Contact header field value parameter. This will identify the MCU + as what [RFC4579] calls a "conference-aware" SIP entity. + + o An MCU that receives this {M',N} UUID pair in an inter-MCU + transaction can communicate the M' UUID in a manner in which it + was received to construct a hierarchical cascade (though this time + this second MCU would be the UAC MCU). + + o Once the conference is terminated, the cascaded MCUs will receive + a BYE message to terminate the cascade. + +10.6.2. Calling Into Cascaded Conference Bridges + + Here is an example of how a UA, Robert for example, calls into a + cascaded conference focus. Because MCU-1 has already contacted MCU-3 + (the MCU where Robert is going to join the conference), MCU-3 already + has the Session-ID (M') for this particular conference call. + + + + + + + + + + + + +Jones, et al. Standards Track [Page 31] + +RFC 7989 End-To-End Session ID October 2016 + + + Session-ID + --- MCU-1 MCU-2 MCU-3 Robert + | | | | + {M',N} |----INVITE----->| | | + {J,M'} |<---200 OK------| | | + {M',J} |-----ACK------->| | | + | | | | + {M',N} |---------------------INVITE----->| | + {K,M'} |<--------------------200 OK------| | + {M',K} |----------------------ACK------->| | + | | | | + {R,N} | | |<---INVITE-----| + (M',R} | | |----200 OK---->| + {R,M'} | | |<----ACK-------| + + Figure 8: A UA Calling Into a Cascaded MCU UUID + + General operation of this example: + + o The UA, Robert in this case, INVITEs the MCU to join a particular + conference call. Robert's UA does not know anything about whether + this is the main MCU of the conference call or a cascaded MCU. + Robert likely does not know MCUs can be cascaded, he just wants to + join a particular call. As is the case with any standard + implementation, he includes a nil "remote-uuid". + + o The cascaded MCU, upon receiving this INVITE request from Robert, + replaces the nil UUID with the UUID value communicated from MCU-1 + for this conference call as the "local-uuid" in the SIP response, + thus moving Robert's UUID "R" to the "remote-uuid" value. + + o The ACK has the Session-ID {R,M'}, completing the three-way + handshake for this call establishment. Robert has now joined the + conference call originated from MCU-1. + + o Once the conference is terminated, the cascaded MCUs will receive + a BYE message to terminate the cascade. + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 32] + +RFC 7989 End-To-End Session ID October 2016 + + +10.7. Basic 3PCC for Two UAs + + An external entity sets up calls to both Alice and Bob for them to + talk to each other. + + Session-ID + --- Alice B2BUA Bob Carol + | | | + {X,N} |<----INVITE-----| | + {A,X} |-----200 OK---->| | + {A,N} | |----INVITE----->| + {B,A} | |<---200 OK------| + {B,A} |<-----ACK-------| | + {A,B} | |------ACK------>| + |<==============RTP==============>| + + Figure 9: 3PCC-Initiated Call between Alice and Bob + + General operation of this example: + + o Some out-of-band procedure directs a B2BUA (or other SIP server) + to have Alice and Bob talk to each other. In this case, the SIP + server has to be transaction stateful, if not dialog stateful. + + o The SIP server INVITEs Alice to a session and uses a temporary + UUID {X} and a nil UUID pairing. + + o Alice receives and accepts this call setup and replaces the nil + UUID with her UUID {A} in the session identifier, now {A,X}. + + o The transaction-stateful SIP server receives Alice's UUID {A} in + the local UUID portion and keeps it there; and it discards its own + UUID {X}, replacing this with a nil UUID value in the INVITE + request to Bob as if this came from Alice originally. + + o Bob receives and accepts this INVITE request and adds his own UUID + {B} to the session identifier, now {B,A}, for the response. + + o The session is established. + +10.8. Handling in 100 Trying SIP Response and CANCEL Request + + The following two subsections show examples of the session identifier + for a 100 Trying response and a CANCEL request in a single call flow. + + + + + + + +Jones, et al. Standards Track [Page 33] + +RFC 7989 End-To-End Session ID October 2016 + + +10.8.1. Handling in a 100 Trying SIP Response + + The following 100 Trying response is taken from [RFC5359], + Section 2.9 ("Call Forwarding - No Answer"). + + Session-ID Alice SIP Server Bob-1 Bob-2 + | | | | + {A,N} |----INVITE----->| | | + {A,N} | |---INVITE---->| | + {N,A} |<--100 Trying---| | | + {B1,A} | |<-180 Ringing-| | + {B1,A} |<--180 Ringing--| | | + | | | | + | *Request Timeout* | + | | | | + {A,N} | |---CANCEL---->| | + {B1,A} | |<--200 OK-----| | + {B1,A} | |<---487-------| | + {A,B1} | |---- ACK ---->| | + | | | | + {N,A} |<-181 Call Fwd--| | | + | | | | + {A,N} | |------------------INVITE------>| + {B2,A} | |<----------------180 Ringing---| + {B2,A} |<-180 Ringing---| | | + {B2,A} | |<-----------------200 OK ------| + {B2,A} |<--200 OK-------| | | + {A,B2} |----ACK-------->| | | + {A,B2} | |------------------ACK--------->| + | | | | + |<=========== Both way RTP Established =========>| + | | | | + {A,B2} |----BYE-------->| | | + {A,B2} | |--------------------BYE------->| + {B2,A} | |<------------------200 OK------| + {B2,A} |<--200 OK-------| | | + | | | | + + Figure 10: Session Identifier in the 100 Trying and CANCEL Messaging + + Below is the explanatory text from RFC 5359, Section 2.9, detailing + what the desired behavior is in the above call flow (i.e., what the + call flow is attempting to achieve). + + Bob wants calls to B1 forwarded to B2 if B1 is not answered + (information is known to the SIP server). Alice calls B1, and no + one answers. The SIP server then places the call to B2. + + + + +Jones, et al. Standards Track [Page 34] + +RFC 7989 End-To-End Session ID October 2016 + + + General operation of this example: + + o Alice generates an INVITE request because she wants to invite Bob + to join her session. She creates a UUID as described in + Section 10.1, and she places that value in the "local-uuid" field + of the Session-ID header field value. Alice also generates a + "remote-uuid" of nil and sends this along with the "local-uuid". + + o The SIP server (imagine this is a B2BUA), upon receiving Alice's + INVITE request, generates the optional provisional response 100 + Trying. Since the SIP server has no knowledge of Bob's UUID for + his part of the session identifier value, it cannot include his + "local-uuid". Rather, any 100 Trying response includes Alice's + UUID in the "remote-uuid" portion of the Session-ID header-value + with a nil "local-uuid" value in the response. This is consistent + with what Alice's UA expects to receive in any SIP response + containing this UUID. + +10.8.2. Handling a CANCEL SIP Request + + In the same call flow example as the 100 Trying response is a CANCEL + request. Please refer to Figure 10 for the CANCEL request example. + + General operation of this example: + + o In Figure 10 above, Alice generates an INVITE request with her + UUID value in the Session-ID header field. + + o Bob-1 responds to this INVITE request with a 180 Ringing. In that + response, he includes his UUID in the Session-ID header field + value (i.e., {B1,A}); thus completing the Session-ID header field + for this session, even though no final response has been generated + by any of Bob's UAs. + + o While this means that if the SIP server were to generate a SIP + request within this session it could include the complete + SessionID, the server sends a CANCEL request and a CANCEL request + always uses the same Session-ID header field as the original + INVITE request. Thus, the CANCEL request would have a session + identifier with the "local-uuid" = "A", and the "remote-uuid" = + "N". + + o As it happens with this CANCEL, the SIP server intends to invite + another UA of Bob's (i.e., B2) for Alice to communicate with. + + o In this example call flow, taken from RFC 5359, Section 2.9, a 181 + Call is Being Forwarded response is sent to Alice. Since the SIP + server generated this SIP request, and has no knowledge of Bob-2's + + + +Jones, et al. Standards Track [Page 35] + +RFC 7989 End-To-End Session ID October 2016 + + + UUID value, it cannot include that value in this 181. Thus, and + for the exact reasons the 100 Trying including the session + identifier value, only Alice's UUID is included in the remote-uuid + component of the Session-ID header field value, with a nil UUID + present in the "local-uuid" component. + +10.9. Out-of-Dialog REFER Transaction + + The following call flow was extracted from Section 6.1 of [RFC5589] + ("Successful Transfer"), with the only changes being the names of the + UAs to maintain consistency within this document. + + Alice is the transferee + Bob is the transferer + and Carol is the transfer-target + + Session-ID Bob Alice Carol + | | | + {A,N} |<-----INVITE--------| | + {B,A} |------200 OK------->| | + {A,B} |<------ACK----------| | + | | | + {B,A} |--INVITE {hold}---->| | + {A,B} |<-200 OK------------| | + {B,A} |--- ACK ----------->| | + | | | + {B,A} |--REFER------------>|(Refer-To:Carol) | + {A,B} |<-202 Accepted------| | + | | | + {A,B} |<NOTIFY {100 Trying}| | + {B,A} |-200 OK------------>| | + | | | + {A,N} | |--INVITE------------>| + {C,A} | |<-200 OK-------------| + {A,C} | |---ACK-------------->| + | | | + {A,B} |<--NOTIFY {200 OK}--| | + {B,A} |---200 OK---------->| | + | | | + {B,A} |--BYE-------------->| | + {A,B} |<-200 OK------------| | + {C,A} | |<------------BYE-----| + {A,C} | |-------------200 OK->| + + Figure 11: Out-Of-Dialog Call Transfer + + + + + + +Jones, et al. Standards Track [Page 36] + +RFC 7989 End-To-End Session ID October 2016 + + + General operation of this example: + + o Just as in Section 10.2, Figure 2, Alice invites Bob to a session, + and Bob eventually transfers Alice to communicate with Carol. + + o What is different about the call flow in Figure 11 is that Bob's + REFER is not in-dialog. Even so, this is treated as part of the + same communication session and, thus, the session identifier in + those messages is {A,B}. + + o Alice will use her existing UUID and the nil UUID ({A,N}) in the + INVITE request towards Carol (who generates UUID "C" for this + session), thus maintaining the common UUID within the session + identifier for this new Alice-to-Carol session. + +11. Compatibility with a Previous Implementation + + There is a much earlier document that specifies the use of a Session- + ID header field (namely, [RFC7329]) that we will herewith attempt to + achieve backwards compatibility. Neither Session-ID header field has + any versioning information, so merely adding that this document + describes "version 2" is insufficient. This section contains the set + of rules for compatibility between the two specifications. Although + the previous version was never standardized, it has been heavily + implemented and adopted by other standards development organizations. + For the purposes of this discussion, we will label the pre-standard + specification of the Session-ID as the "old" version and this + specification as the "new" version of the Session-ID. + + The previous (i.e., "old") version only has a single UUID value as a + Session-ID header field value, but has a generic-parameter value that + can be of use. + + In order to have an "old" version talk to an "old" version + implementation, nothing needs to be done as far as the IETF is + concerned. + + In order to have a "new" version talk to a "new" version + implementation, both implementations need to follow this document (to + the letter) and everything should be just fine. + + + + + + + + + + + +Jones, et al. Standards Track [Page 37] + +RFC 7989 End-To-End Session ID October 2016 + + + For this "new" implementation to work with the "old" implementation + and an "old" implementation to work with "new" implementations, there + needs to be a set of rules that all "new" implementations MUST follow + if the "new" implementation will be communicating with devices that + have implemented the "old" implementation. + + o Since no option tags or feature tags are to be used for + distinguishing versions, the presence and order of any "remote- + uuid" value within the Session-ID header field value is to be used + to distinguish implementation versions. + + o If a SIP request has a "remote-uuid" value, this comes from a + standard implementation, and not a pre-standard one. + + o If a SIP request has no "remote-uuid" value, this comes from a + pre-standard implementation, and not a standard one. In this + case, one UUID is used to identify this dialog, even if the + responder is a standard implementor of this specification. + + o If a SIP response has a non-nil "local-uuid" that is 32 octets + long and differs from the endpoint's own UUID value, this response + comes from a standard implementation. + + o If a SIP response arrives that has the same value of Session-ID + UUIDs in the same order as was sent, this comes from a pre- + standard implementation and MUST NOT be discarded even though the + "remote-uuid" may be nil. In this case, any new transaction + within this dialog MUST preserve the order of the two UUIDs within + all Session-ID header fields, including the ACK, until this dialog + is terminated. + + o If a SIP response only contains the "local-uuid" that was sent + originally, this comes from a pre-standard implementation and MUST + NOT be discarded for removing the nil "remote-uuid". In this + case, all future transactions within this dialog MUST contain only + the UUID received in the first SIP response. Any new transaction + starting a new dialog from the standard Session-ID implementation + MUST include a "local-uuid" and a nil "remote-uuid", even if that + new dialog is between the same two UAs. + + o Standard implementations should not expect pre-standard + implementations to be consistent in their implementation, even + within the same dialog. For example, perhaps the first, third, + and tenth responses contain a "remote-uuid", but all the others do + not. This behavior MUST be allowed by implementations of this + specification. + + + + + +Jones, et al. Standards Track [Page 38] + +RFC 7989 End-To-End Session ID October 2016 + + + o The foregoing does not apply to other, presently unknown + parameters that might be defined in the future. They are ignored + for the purposes of interoperability with previous + implementations. + +12. Security and Privacy Considerations + + The session identifier MUST be constructed in such a way that does + not convey any user or device information as outlined in Section 4.1. + This ensures that the data contained in the session identifier itself + does not convey user or device information; however, the session + identifier may reveal relationships between endpoints that might not + be revealed by messages without a session identifier. + + Section 4.2 requires that a UA always generate a new, previously + unused UUID when transmitting a request to initiate a new session. + This ensures that two unrelated sessions originating from the same UA + will never have the same UUID value, thereby removing the ability for + an attacker to use the session identifier to identify the two + unrelated sessions as being associated with the same user. + + Because of the inherent property that session identifiers are + conveyed end-to-end and remain unchanged by a UA for the duration of + a session, the session identifier could be misused to discover + relationships between two or more parties when multiple parties are + involved in the same session such as the case of a redirect, + transfer, or conference. For example, suppose that Alice calls Bob + and Bob, via his PBX (acting as a B2BUA), forwards or transfers the + call to Carol. Without use of the session identifier, an + unauthorized third party that is observing the communications between + Alice and Bob might not know that Alice is actually communicating + with Carol. If Alice, Bob, and Carol include the session identifier + as a part of the signaling messages, it is possible for the third + party to observe that the UA associated with Bob changed to some + other UA. If the third party also has access to signaling messages + between Bob and Carol, the third party can then discover that Alice + is communicating with Carol. This would be true even if all other + information relating to the session is changed by the PBX, including + both signaling information and media address information. That said, + the session identifier would not reveal the identity of Alice, Bob, + or Carol. It would only reveal the fact that those endpoints were + associated with the same session. + + This document allows for additional parameters (generic-param) to be + included in the Session-ID header. This is done to allow for future + extensions while preserving backward compatibility with this + document. To protect privacy, the data for any generic-param + included in the Session-ID header value MUST NOT include any user or + + + +Jones, et al. Standards Track [Page 39] + +RFC 7989 End-To-End Session ID October 2016 + + + device information. Additionally, any information conveyed through + an additional parameter MUST NOT persist beyond the current session, + and therefore MUST NOT be reused between unrelated sessions. + Additional parameters MAY be used by future extensions of this + document to correlate related communication sessions that cannot + already be correlated by the procedures described in this document as + long as the requirements regarding privacy and persistence defined + above are followed. + + An intermediary implementing a privacy service that provides user + privacy as per Section 5.3 of [RFC3323] MAY choose to consider the + Session-ID header as being a nonessential informational header with + the understanding that doing so will impair the ability to use the + session identifier for troubleshooting purposes. + +13. IANA Considerations + +13.1. Registration of the "Session-ID" Header Field + + The following is the registration for the Session-ID header field to + the "Header Name" registry at + + <http://www.iana.org/assignments/sip-parameters>: + + RFC number: RFC 7989 + + Header name: 'Session-ID' + + Compact form: none + + Note: This document replaces the Session-ID header originally + registered via [RFC7329]. + +13.2. Registration of the "remote" Parameter + + The following parameter has been added to the "Header Field + Parameters and Parameter Values" section of the "Session Initiation + Protocol (SIP) Parameters" registry: + + +--------------+----------------+-------------------+-----------+ + | Header Field | Parameter Name | Predefined Values | Reference | + +--------------+----------------+-------------------+-----------+ + | Session-ID | remote | No | [RFC7989] | + +--------------+----------------+-------------------+-----------+ + + + + + + + +Jones, et al. Standards Track [Page 40] + +RFC 7989 End-To-End Session ID October 2016 + + +14. References + +14.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + <http://www.rfc-editor.org/info/rfc2119>. + + [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, + A., Peterson, J., Sparks, R., Handley, M., and E. + Schooler, "SIP: Session Initiation Protocol", RFC 3261, + DOI 10.17487/RFC3261, June 2002, + <http://www.rfc-editor.org/info/rfc3261>. + + [RFC3515] Sparks, R., "The Session Initiation Protocol (SIP) Refer + Method", RFC 3515, DOI 10.17487/RFC3515, April 2003, + <http://www.rfc-editor.org/info/rfc3515>. + + [RFC3891] Mahy, R., Biggs, B., and R. Dean, "The Session Initiation + Protocol (SIP) "Replaces" Header", RFC 3891, + DOI 10.17487/RFC3891, September 2004, + <http://www.rfc-editor.org/info/rfc3891>. + + [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally + Unique IDentifier (UUID) URN Namespace", RFC 4122, + DOI 10.17487/RFC4122, July 2005, + <http://www.rfc-editor.org/info/rfc4122>. + + [RFC4579] Johnston, A. and O. Levin, "Session Initiation Protocol + (SIP) Call Control - Conferencing for User Agents", + BCP 119, RFC 4579, DOI 10.17487/RFC4579, August 2006, + <http://www.rfc-editor.org/info/rfc4579>. + + [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax + Specifications: ABNF", STD 68, RFC 5234, + DOI 10.17487/RFC5234, January 2008, + <http://www.rfc-editor.org/info/rfc5234>. + + [RFC7206] Jones, P., Salgueiro, G., Polk, J., Liess, L., and H. + Kaplan, "Requirements for an End-to-End Session + Identification in IP-Based Multimedia Communication + Networks", RFC 7206, DOI 10.17487/RFC7206, May 2014, + <http://www.rfc-editor.org/info/rfc7206>. + + + + + + + +Jones, et al. Standards Track [Page 41] + +RFC 7989 End-To-End Session ID October 2016 + + +14.2. Informative References + + [H.323] International Telecommunications Union, "Packet-based + multimedia communications systems", ITU-T + Recommendation H.323, December 2009. + + [H.460.27] International Telecommunications Union, "End-to-End + Session Identifier for H.323 Systems", ITU-T + Recommendation H.460.27, November 2015. + + [RFC2543] Handley, M., Schulzrinne, H., Schooler, E., and J. + Rosenberg, "SIP: Session Initiation Protocol", RFC 2543, + DOI 10.17487/RFC2543, March 1999, + <http://www.rfc-editor.org/info/rfc2543>. + + [RFC3323] Peterson, J., "A Privacy Mechanism for the Session + Initiation Protocol (SIP)", RFC 3323, + DOI 10.17487/RFC3323, November 2002, + <http://www.rfc-editor.org/info/rfc3323>. + + [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. + Jacobson, "RTP: A Transport Protocol for Real-Time + Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, + July 2003, <http://www.rfc-editor.org/info/rfc3550>. + + [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. + Camarillo, "Best Current Practices for Third Party Call + Control (3pcc) in the Session Initiation Protocol (SIP)", + BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, + <http://www.rfc-editor.org/info/rfc3725>. + + [RFC4353] Rosenberg, J., "A Framework for Conferencing with the + Session Initiation Protocol (SIP)", RFC 4353, + DOI 10.17487/RFC4353, February 2006, + <http://www.rfc-editor.org/info/rfc4353>. + + [RFC5359] Johnston, A., Ed., Sparks, R., Cunningham, C., Donovan, + S., and K. Summers, "Session Initiation Protocol Service + Examples", BCP 144, RFC 5359, DOI 10.17487/RFC5359, + October 2008, <http://www.rfc-editor.org/info/rfc5359>. + + [RFC5589] Sparks, R., Johnston, A., Ed., and D. Petrie, "Session + Initiation Protocol (SIP) Call Control - Transfer", + BCP 149, RFC 5589, DOI 10.17487/RFC5589, June 2009, + <http://www.rfc-editor.org/info/rfc5589>. + + + + + + +Jones, et al. Standards Track [Page 42] + +RFC 7989 End-To-End Session ID October 2016 + + + [RFC6141] Camarillo, G., Ed., Holmberg, C., and Y. Gao, "Re-INVITE + and Target-Refresh Request Handling in the Session + Initiation Protocol (SIP)", RFC 6141, + DOI 10.17487/RFC6141, March 2011, + <http://www.rfc-editor.org/info/rfc6141>. + + [RFC6872] Gurbani, V., Ed., Burger, E., Ed., Anjali, T., Abdelnur, + H., and O. Festor, "The Common Log Format (CLF) for the + Session Initiation Protocol (SIP): Framework and + Information Model", RFC 6872, DOI 10.17487/RFC6872, + February 2013, <http://www.rfc-editor.org/info/rfc6872>. + + [RFC7092] Kaplan, H. and V. Pascual, "A Taxonomy of Session + Initiation Protocol (SIP) Back-to-Back User Agents", + RFC 7092, DOI 10.17487/RFC7092, December 2013, + <http://www.rfc-editor.org/info/rfc7092>. + + [RFC7329] Kaplan, H., "A Session Identifier for the Session + Initiation Protocol (SIP)", RFC 7329, + DOI 10.17487/RFC7329, August 2014, + <http://www.rfc-editor.org/info/rfc7329>. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 43] + +RFC 7989 End-To-End Session ID October 2016 + + +Acknowledgements + + The authors would like to thank Robert Sparks, Hadriel Kaplan, + Christer Holmberg, Paul Kyzivat, Brett Tate, Keith Drage, Mary + Barnes, Charles Eckel, Peter Dawes, Andrew Hutton, Arun Arunachalam, + Adam Gensler, Roland Jesske, and Faisal Siyavudeen for their + invaluable comments during the development of this document. + +Dedication + + This document is dedicated to the memory of James Polk, a long-time + friend and colleague. James made important contributions to this + specification, including being one of its primary editors. The IETF + global community mourns his loss, and he will be missed dearly. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Jones, et al. Standards Track [Page 44] + +RFC 7989 End-To-End Session ID October 2016 + + +Authors' Addresses + + Paul E. Jones + Cisco Systems, Inc. + 7025 Kit Creek Rd. + Research Triangle Park, NC 27709 + United States of America + + Phone: +1 919 476 2048 + Email: paulej@packetizer.com + + + Gonzalo Salgueiro + Cisco Systems, Inc. + 7025 Kit Creek Rd. + Research Triangle Park, NC 27709 + United States of America + + Phone: +1 919 392 3266 + Email: gsalguei@cisco.com + + + Chris Pearce + Cisco Systems, Inc. + 2300 East President George Bush Highway + Richardson, TX 75082 + United States of America + + Phone: +1 972 813 5123 + Email: chrep@cisco.com + + + Paul Giralt + Cisco Systems, Inc. + 7025 Kit Creek Rd. + Research Triangle Park, NC 27709 + United States of America + + Phone: +1 919 991 5644 + Email: pgiralt@cisco.com + + + + + + + + + + + +Jones, et al. Standards Track [Page 45] + |