summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3891.txt
blob: 03a5974b80114eefcc3ac4a57ac09367024b1ab7 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
Network Working Group                                            R. Mahy
Request for Comments: 3891                           Cisco Systems, Inc.
Category: Standards Track                                       B. Biggs
                                                                 R. Dean
                                                          September 2004


        The Session Initiation Protocol (SIP) "Replaces" Header

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document defines a new header for use with Session Initiation
   Protocol (SIP) multi-party applications and call control.  The
   Replaces header is used to logically replace an existing SIP dialog
   with a new SIP dialog.  This primitive can be used to enable a
   variety of features, for example: "Attended Transfer" and "Call
   Pickup".  Note that the definition of these example features is non-
   normative.





















Mahy, et al.                Standards Track                     [Page 1]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


Table of Contents

   1.  Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  User Agent Server Behavior: Receiving a Replaces Header . . .   4
   4.  User Agent Client Behavior: Sending a Replaces Header . . . .   6
   5.  Proxy Behavior. . . . . . . . . . . . . . . . . . . . . . . .   7
   6.  Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . .   7
       6.1.  The Replaces Header . . . . . . . . . . . . . . . . . .   7
       6.2.  New Option Tag for Require and Supported Headers. . . .   8
   7.  Usage Examples. . . . . . . . . . . . . . . . . . . . . . . .   9
       7.1.  Replacing an Early Dialog at the Originator . . . . . .   9
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  13
       9.1.  Registration of "Replaces" SIP Header . . . . . . . . .  13
       9.2.  Registration of "replaces" SIP Option-tag . . . . . . .  13
   10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  13
   11. References. . . . . . . . . . . . . . . . . . . . . . . . . .  13
       11.1. Normative References. . . . . . . . . . . . . . . . . .  13
       11.2. Informative References. . . . . . . . . . . . . . . . .  14
   12. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . .  15
   13. Full Copyright Statement. . . . . . . . . . . . . . . . . . .  16

1.  Overview

   This document describes a SIP [1] extension header field as part of
   the SIP multiparty applications architecture framework [10].  The
   Replaces header is used to logically replace an existing SIP dialog
   with a new SIP dialog.  This is especially useful in peer-to-peer
   call control environments.

   One use of the "Replaces" header is to replace one participant with
   another in a multimedia conversation.  While this functionality is
   already available using 3rd party call control [11] style call
   control, the 3pcc model requires a central point of control which may
   not be desirable in many environments.  As such, a method of
   performing these same call control primitives in a distributed,
   peer-to-peer fashion is very desirable.

   Use of a new INVITE with a new header for dialog matching was chosen
   over making implicit associations in an incoming INVITE based on
   call-id or other fields for the following reasons:

   o  An INVITE already has the correct semantics for a new call

   o  Using an explicit Replaces header in a new request makes the
      intent of the request obvious.




Mahy, et al.                Standards Track                     [Page 2]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   o  A unique call-id may be given to the replacement call.  This
      avoids dialog matching problems in any of the related User Agents.

   o  There are no adverse effects if the header is unsupported.

   The Replaces header enables services such as attended call transfer,
   retrieve from park, and transition from locally mixed conferences to
   two party calls in a distributed peer-to-peer way.  This list of
   services is not exhaustive.  Although the Replaces header is
   frequently used in combination with the REFER [8] method as used in a
   Transfer [12], they may be used independently.

   For example, Alice is talking to Bob from phone1.  She transfers Bob
   to a Parking Place while she goes to the lab.  When she gets there
   she retrieves the "parked" call from phone2 by sending an INVITE with
   a Replaces header field to Bob with the dialog information Bob shared
   with the Parking Place.  Alice got this information using some out of
   band mechanism.  Perhaps she subscribed to this information from the
   Parking Place (using the session dialog package [13]), or went to a
   website and clicked on a URI.  A short call flow for this example
   follows.  (Via and Max-Forwards headers are omitted for clarity.)

        Alice          Alice                             Parking
        phone1         phone2            Bob               Place
        |               |                 |                   |
        |<===============================>|                   |
        |               |                 |                   |
        |        Alice transfers Bob to Parking Place         |
        |               |                 |                   |
        |------------REFER/200----------->|    *1    *2       |
        |<--NOTIFY/200 (trying)-----------|--INVITE/200/ACK-->|
        |<--NOTIFY/200 (success)----------|<=================>|
        |------------BYE/200------------->|                   |
        |               |                 |                   |
        |               |                 |                   |
        |  Alice later retrieves call from another phone      |
        |               |                 |                   |
        |            *3 |-INV w/Replaces->|                   |
        |               |<--200-----------|                   |
        |               |---ACK---------->|----BYE/200------->|
        |               |<===============>|                   |
        |               |                 |                   |









Mahy, et al.                Standards Track                     [Page 3]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   Message *1: Bob-> Parking Place

   INVITE sip:parkingplace@example.org SIP/2.0
   To: <sip:parkingplace@example.org>
   From: <sip:bob@example.org>;tag=7743
   Call-ID: 425928@bobster.example.org
   CSeq: 1 INVITE
   Contact: <sip:bob@bobster.example.org>
   Referred-By: <sip:alice@phone1.example.org>

   Message *2: Parking Place -> Bob

   SIP/2.0 200 OK
   To: <sip:parkingplace@example.org>;tag=6472
   From: <sip:bob@example.org>;tag=7743
   Call-ID: 425928@bobster.example.org
   CSeq: 1 INVITE
   Contact: <sip:parkplace@monopoly.example.org>

   Message *3: Alice@phone2 -> Bob

   INVITE sip:bob@bobster.example.org
   To: <sip:bob@example.org>
   From: <sip:alice@phone2.example.org>;tag=8983
   Call-ID: 09870@phone2.example.org
   CSeq: 1 INVITE
   Contact: <sip:alice@phone2.example.org>
   Require: replaces
   Replaces: 425928@bobster.example.org;to-tag=7743;from-tag=6472

2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14, RFC 2119 [2].

   This document refers frequently to the terms "confirmed dialog" and
   "early dialog".  These are defined in Section 12 of SIP [1].

3.  User Agent Server Behavior: Receiving a Replaces Header

   The Replaces header contains information used to match an existing
   SIP dialog (call-id, to-tag, and from-tag).  Upon receiving an INVITE
   with a Replaces header, the User Agent (UA) attempts to match this
   information with a confirmed or early dialog.  The User Agent Server
   (UAS) matches the to-tag and from-tag parameters as if they were tags





Mahy, et al.                Standards Track                     [Page 4]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   present in an incoming request.  In other words, the to-tag parameter
   is compared to the local tag, and the from-tag parameter is compared
   to the remote tag.

   If more than one Replaces header field is present in an INVITE, or if
   a Replaces header field is present in a request other than INVITE,
   the UAS MUST reject the request with a 400 Bad Request response.

   The Replaces header has specific call control semantics.  If both a
   Replaces header field and another header field with contradictory
   semantics are present in a request, the request MUST be rejected with
   a 400 "Bad Request" response.

   If the Replaces header field matches more than one dialog, the UA
   MUST act as if no match is found.

   If no match is found, the UAS rejects the INVITE and returns a 481
   Call/Transaction Does Not Exist response.  Likewise, if the Replaces
   header field matches a dialog which was not created with an INVITE,
   the UAS MUST reject the request with a 481 response.

   If the Replaces header field matches a dialog which has already
   terminated, the UA SHOULD decline the request with a 603 Declined
   response.  (If the matched invitation was just terminated, the
   replacement request should fail as well.  Declining the request with
   a 600-class response prevents an irritating race-condition where the
   UA rings or alerts for a replacement call which is not wanted.)

   If the Replaces header field matches an active dialog, the UA MUST
   verify that the initiator of the new INVITE is authorized to replace
   the matched dialog.  If the initiator of the new INVITE has been
   successfully authenticated as equivalent to the user who is being
   replaced, then the replacement is authorized.  For example, if the
   user being replaced and the initiator of the replacement dialog share
   the same credentials for Digest authentication [6], or they sign the
   replacement request with S/MIME [7] with the same private key and
   present the (same) corresponding certificate used in the original
   dialog, then the replacement is authorized.

   Alternatively, the Referred-By mechanism [4] defines a mechanism that
   the UAS can use to verify that a replacement request was sent on
   behalf of the other participant in the matched dialog (in this case,
   triggered by a REFER request).  If the replacement request contains a
   Referred-By header that corresponds to the user being replaced, the
   UA SHOULD treat the replacement as if the replacement was authorized
   by the replaced party.  The Referred-By header SHOULD reference a
   corresponding, valid Refererred-By Authenticated Identity Body [5].




Mahy, et al.                Standards Track                     [Page 5]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   The UA MAY apply other local policy to authorize the remainder of the
   request.  In other words, the UAS may apply a different policy to the
   replacement dialog than was applied to the replaced dialog.

   In addition, the UA MAY use other authorization mechanisms defined
   for this purpose in standards track extensions.  Extensions could
   define other mechanisms for transitively asserting authorization of a
   replacement.

   If authorization is successful, the UA attempts to accept the new
   INVITE, reassign the user interface and other resources of the
   matched dialog to the new INVITE, and shut down the replaced dialog.
   If the UA cannot accept the new INVITE (for example: it cannot
   establish required QoS or keying, or it has incompatible media), the
   UA MUST return an appropriate error response and MUST leave the
   matched dialog unchanged.

   If the Replaces header field matches a confirmed dialog, it checks
   for the presence of the "early-only" flag in the Replaces header
   field.  (This flag allows the UAC to prevent a potentially
   undesirable race condition described in Section 7.1.) If the flag is
   present, the UA rejects the request with a 486 Busy response.
   Otherwise, it accepts the new INVITE by sending a 200-class response,
   and shuts down the replaced dialog by sending a BYE.  If the Replaces
   header field matches an early dialog that was initiated by the UA, it
   accepts the new INVITE by sending a 200-class response, and shuts
   down the replaced dialog by sending a CANCEL.

   If the Replaces header field matches an early dialog that was not
   initiated by this UA, it returns a 481 (Call/Transaction Does Not
   Exist) response to the new INVITE, and leaves the matched dialog
   unchanged.  Note that since Replaces matches only a single dialog,
   the replacement dialog will not be retargeted according to the same
   forking logic as the original request which created the early dialog.

   (Currently, no use cases have been identified for replacing just a
   single dialog in this circumstance.)

4.  User Agent Client Behavior: Sending a Replaces Header

   A User Agent that wishes to replace a single existing early or
   confirmed dialog with a new dialog of its own, MAY send the target
   User Agent an INVITE request containing a Replaces header field.  The
   User Agent Client (UAC) places the Call-ID, to-tag, and from-tag
   information for the target dialog in a single Replaces header field
   and sends the new INVITE to the target.  If the user agent only
   wishes to replace an early dialog (as in the Call Pickup example in
   Section 7.1), the UAC MAY also include the "early-only" parameter in



Mahy, et al.                Standards Track                     [Page 6]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   the Replaces header field.  A UAC MUST NOT send an INVITE with a
   Replaces header field that attempts to replace an early dialog which
   was not originated by the target of the INVITE with a Replaces header
   field.

   Note that use of this mechanism does not provide a way to match
   multiple dialogs, nor does it provide a way to match an entire call,
   an entire transaction, or to follow a chain of proxy forking logic.
   For example, if Alice replaces Cathy in an early dialog with Bob, but
   Bob does not answer, Alice's replacement request will not match other
   dialogs to which Bob's UA redirects, nor other branches to which his
   proxy forwards.  Although this specification takes reasonable
   precautions to prevent unexpected behavior in the face of forking,
   implementations SHOULD only address replacement requests (i.e., set
   the Request-URI of the replacement request) to the SIP Contact URI of
   the target.

5.  Proxy behavior

   Proxy Servers do not require any new behavior to support this
   extension.  They simply pass the Replaces header field transparently
   as described in the SIP specification.

   Note that it is possible for a proxy (especially when forking based
   on some application layer logic, such as caller screening or time-
   of-day routing) to forward an INVITE request containing a Replaces
   header field to a completely orthogonal set of Contacts other than
   the original request it was intended to replace.  In this case, the
   INVITE request with the Replaces header field will fail.

6.  Syntax

6.1.  The Replaces Header

   The Replaces header field indicates that a single dialog identified
   by the header field is to be shut down and logically replaced by the
   incoming INVITE in which it is contained.  It is a request header
   only, and defined only for INVITE requests.  The Replaces header
   field MAY be encrypted as part of end-to-end encryption.  Only a
   single Replaces header field value may be present in a SIP request.

   This document adds the following entry to Table 2 of [1].  Additions
   to this table are also provided for extension methods defined at the
   time of publication of this document.  This is provided as a courtesy
   to the reader and is not normative in any way.  MESSAGE, SUBSCRIBE
   and NOTIFY, REFER, INFO, UPDATE, PRACK, and PUBLISH are defined
   respectively in [15], [16], [8], [17], [18], [19], and [20].




Mahy, et al.                Standards Track                     [Page 7]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


      Header field    where   proxy   ACK  BYE  CAN  INV  OPT  REG  MSG
      ------------    -----   -----   ---  ---  ---  ---  ---  ---  ---
      Replaces          R              -    -    -    o    -    -    -


                                      SUB  NOT  REF  INF  UPD  PRA  PUB
                                      ---  ---  ---  ---  ---  ---  ---
      Replaces          R              -    -    -    -    -    -    -

   The following syntax specification uses the augmented Backus-Naur
   Form (BNF) as described in RFC 2234 [3].  The syntax below relies on
   a number of productions from SIP [1].

      Replaces        = "Replaces" HCOLON callid *(SEMI replaces-param)
      replaces-param  = to-tag / from-tag / early-flag / generic-param
      to-tag          = "to-tag" EQUAL token
      from-tag        = "from-tag" EQUAL token
      early-flag      = "early-only"

   A Replaces header field MUST contain exactly one to-tag and exactly
   one from-tag, as they are required for unique dialog matching.  For
   compatibility with dialogs initiated by RFC 2543 [9] compliant UAs, a
   tag of zero matches both tags of zero and null.  A Replaces header
   field MAY contain the early-flag.

   Examples:

      Replaces: 98732@sip.example.com
                ;from-tag=r33th4x0r
                ;to-tag=ff87ff

      Replaces: 12adf2f34456gs5;to-tag=12345;from-tag=54321;early-only

      Replaces: 87134@171.161.34.23;to-tag=24796;from-tag=0

6.2.  New Option Tag for Require and Supported Headers

   This specification defines a new Require/Supported header option tag
   "replaces".  UAs which support the Replaces header MUST include the
   "replaces" option tag in a Supported header field.  UAs that want
   explicit failure notification if Replaces is not supported MAY
   include the "replaces" option in a Require header field.

   Example:

      Require: replaces, 100rel





Mahy, et al.                Standards Track                     [Page 8]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


7.  Usage Examples

   The following non-normative examples are not intended to enumerate
   all the possibilities for the usage of this extension, but rather to
   provide examples or ideas only.  For more examples, please see SIP
   Service Examples [14].  Via and Max-Forwards headers are omitted for
   clarity and brevity.

7.1.  Replacing an Early Dialog at the Originator

   In this example, Bob just arrived in the lab and hasn't registered
   there yet.  He hears his desk phone ring.  He quickly logs into a
   software UA on a nearby computer.  Among other things, the software
   UA has access to the dialog state of his desk phone.  When it notices
   that his phone is ringing, it offers him the choice of taking the
   call there.  The software UA sends an INVITE with Replaces to Alice.
   When Alice's UA receives this new INVITE, it CANCELs her original
   INVITE and connects Alice to Bob.

                              Bob                      Bob
       Alice                  desk                     lab
        |                       |                        |
    *1  |-----INVITE----------->|                        |
    *2  |<----180---------------|  Bob hears desk phone  |
        |                       |  ringing from lab but  |
        |                       |  isn't REGISTERed yet  |
        |                       |                        |
        |                       |<--fetch dialog state --|
        |                       |---response ----------->|
   *3/4 |<-----INVITE with Replaces/200/ACK--------------|
   *5/6 |------CANCEL/200------>|                        |
   *7   |<-----487--------------|                        |
        |------ACK------------->|                        |
        |                       |                        |
        |                       |                        |

   Message *1: Alice -> Bob's desk phone

   INVITE sip:bob@example.org SIP/2.0
   To: <sip:bob@example.org>
   From: <sip:alice@example.org>;tag=7743
   Call-ID: 425928@phone.example.org
   CSeq: 1 INVITE
   Contact: <sip:alice@phone.example.org>







Mahy, et al.                Standards Track                     [Page 9]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   Message *2: Bob's desk phone -> Alice

   SIP/2.0 180 Ringing
   To: <sip:bob@example.org>;tag=6472
   From: <sip:alice@example.org>;tag=7743
   Call-ID: 425928@phone.example.org
   CSeq: 1 INVITE
   Contact: <sip:bob@bobster.example.org>

   Message *3: Bob in lab -> Alice

   INVITE sip:alice@phone.example.org
   To: <sip:alice@example.org>
   From: <sip:bob@example.org>;tag=8983
   Call-ID: 09870@labpc.example.org
   CSeq: 1 INVITE
   Contact: <sip:bob@labpc.example.org>
   Replaces: 425928@phone.example.org
    ;to-tag=7743;from-tag=6472;early-only

   Message *4: Alice -> Bob in lab

   SIP/2.0 200 OK
   To: <sip:alice@example.org>;tag=9232
   From: <sip:bob@example.org>;tag=8983
   Call-ID: 09870@labpc.example.org
   CSeq: 1 INVITE
   Contact: <sip:alice@phone.example.org>

   Message *5: Alice -> Bob's desk

   CANCEL sip:bob@example.org SIP/2.0
   To: <sip:bob@example.org>
   From: <sip:alice@example.org>;tag=7743
   Call-ID: 425928@phone.example.org
   CSeq: 1 CANCEL
   Contact: <sip:alice@phone.example.org>

   Message *6: Bob's desk -> Alice

   SIP/2.0 200 OK
   To: <sip:bob@example.org>
   From: <sip:alice@example.org>;tag=7743
   Call-ID: 425928@phone.example.org
   CSeq: 1 CANCEL
   Contact: <sip:bob@bobster.example.org>





Mahy, et al.                Standards Track                    [Page 10]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   Message *7: Bob's desk -> Alice

   SIP/2.0 487 Request Terminated
   To: <sip:bob@example.org>;tag=6472
   From: <sip:alice@example.org>;tag=7743
   Call-ID: 425928@phone.example.org
   CSeq: 1 INVITE

8.  Security Considerations

   The extension specified in this document significantly changes the
   relative security of SIP devices.  Currently in SIP, even if an
   eavesdropper learns the Call-ID, To, and From headers of a dialog,
   they cannot easily modify or destroy that dialog if Digest
   authentication or end-to-end message integrity are used.

   This extension can be used to disconnect participants or replace
   participants in a multimedia conversation.  As such, invitations with
   the Replaces header MUST only be accepted if the peer requesting
   replacement has been properly authenticated using a standard SIP
   mechanism (Digest or S/MIME), and authorized to request a replacement
   of the target dialog.  All SIP implementations are already required
   to support Digest Authentication.  In addition, implementations which
   support the Replaces header SHOULD also implement the Referred-By
   mechanism.

   How a User Agent determines which requests are legitimately
   authorized to make dialog replacements is non-trivial and depends on
   a considerable amount of local policy configuration.  In general,
   there are four cases when an authorization for a replacement is
   reasonable or warranted.

   1. Replacement made by a party considered equivalent to the replaced
      party

   2. Replacement made on behalf of the replaced party (perhaps
      transitively)

   3. Replacement made by a former participant

   4. Replacement made by a specifically authorized party

   Starting with #1 for example, if an executive and an assistant both
   receive requests for a shared address-of-record, if so configured,
   either should be able to replace dialogs of the other for the shared
   identity.  Both could even share the same keying material (Digest or
   S/MIME), or one could hold an authorization document signed by the




Mahy, et al.                Standards Track                    [Page 11]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   other expressing this relationship.  Likewise, in a call center
   environment, each call center agent could possess credentials to
   which supervisors also have access.

   The most common use case of a replacement is on the request of the
   replaced participant (who no longer wants to be involved).  This is
   the case in many features, such as completing an Attended Transfer
   and converting a 3-way call to a point-to-point call.  Such
   replacements are typically triggered by a REFER [8] request from the
   replaced participant.  The Referred-By [4] mechanism defines one way
   to identify the apparent original requester and can point to a SIP
   Authenticated Identity Body [5] (an S/MIME-based signed assertion) to
   secure this information.

   In the example in section 1, Alice sends an INVITE with Replaces to
   Bob.  Alice was a former participant in the conversation and had a
   previous dialog relationship with Bob.  Alice can use the same Digest
   or S/MIME credentials she used to authenticate with Bob during the
   original call to prove that she was a former participant.  Note that
   this justification for replacing calls is more dangerous than the
   others, and in most cases is another way to authorize that the
   replacing participant is available.  Implementations SHOULD NOT rely
   on this method as an authorization mechanism.

   The last scenario is the easiest to secure but the least likely to be
   useful in practice.  It is unlikely that an arbitrary host in the
   Internet is aware of any special authorization relationship between
   the replaced and the replacing parties.  However, this use case may
   be useful in some environments.  Since this usage does not
   effectively degrade the security of the solution, it is still
   allowed.

   Some mechanisms for obtaining the dialog information needed by the
   Replaces header (Call-ID, to-tag, and from-tag) include URIs on a web
   page, subscriptions to an appropriate event package, and
   notifications after a REFER request.  Since manipulating this dialog
   information could cause User Agents to replace the wrong dialog, use
   of message integrity protection for this information is STRONGLY
   RECOMMENDED.  Use of end-to-end security mechanisms to encrypt this
   information is also RECOMMENDED.

   This extension was designed to take advantage of future signature or
   authorization schemes defined in standards track extensions.  In
   general, call control features benefit considerably from such work.







Mahy, et al.                Standards Track                    [Page 12]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


9.  IANA Considerations

9.1.  Registration of "Replaces" SIP header

   Name of Header:          Replaces

   Short form:              none

   Normative description:   section 6.1 of this document

9.2.  Registration of "replaces" SIP Option-tag

   Name of option:          replaces

   Description:             Support for the SIP Replaces header

   SIP headers defined:     Replaces

   Normative description:   This document

10.  Acknowledgments

   Thanks to Robert Sparks, Alan Johnston, Dan Petrie, Ben Campbell, and
   many other members of the SIP WG for their continued support of the
   cause of distributed call control in SIP.

11.  References

11.1.  Normative References

   [1]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
        Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
        Session Initiation Protocol", RFC 3261, June 2002.

   [2]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [3]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
        Specifications: ABNF", RFC 2234, November 1997.

   [4]  Sparks, R., "The Session Initiation Protocol (SIP) Referred-By
        Mechanism", RFC 3892, September 2004.

   [5]  Peterson, J., "The Session Initiation Protocol (SIP)
        Authenticated Identity Body (AIB) Format", RFC 3893, September
        2004.





Mahy, et al.                Standards Track                    [Page 13]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   [6]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
        Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication:
        Basic and Digest Access Authentication", RFC 2617, June 1999.

   [7]  Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
        (S/MIME) Version 3.1 Message Specification", RFC 3851, July
        2004.

11.2.  Informative References

   [8]  Sparks, R., "The Session Initiation Protocol (SIP) Refer
        Method", RFC 3515, April 2003.

   [9]  Handley, M., Schulzrinne, H., Schooler, E., and J. Rosenberg,
        "SIP: Session Initiation Protocol", RFC 2543, March 1999.

   [10] Mahy, R., "A Call Control and Multi-party usage framework for
        the Session Initiation Protocol (SIP)", Work in Progress, March
        2003.

   [11] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. Camarillo,
        "Best Current Practices for Third Party Call Control (3pcc) in
        the Session Initiation Protocol (SIP)", BCP 85, RFC 3725, April
        2004.

   [12] Sparks, R. and A. Johnston, "Session Initiation Protocol Call
        Control - Transfer", Work in Progress, February 2003.

   [13] Rosenberg, J. and H. Schulzrinne, "An INVITE Initiated Dialog
        Event Package for the Session Initiation Protocol (SIP)", Work
        in Progress, March 2003.

   [14] Johnston, A. and S. Donovan, "Session Initiation Protocol
        Service Examples", Work in Progress, March 2003.

   [15] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., and
        D. Gurle, "Session Initiation Protocol (SIP) Extension for
        Instant Messaging", RFC 3428, December 2002.

   [16] Roach, A., "Session Initiation Protocol (SIP)-Specific Event
        Notification", RFC 3265, June 2002.

   [17] Donovan, S., "The SIP INFO Method", RFC 2976, October 2000.

   [18] Rosenberg, J., "The Session Initiation Protocol (SIP) UPDATE
        Method", RFC 3311, October 2002.





Mahy, et al.                Standards Track                    [Page 14]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


   [19] Rosenberg, J. and H. Schulzrinne, "Reliability of Provisional
        Responses in Session Initiation Protocol (SIP)", RFC 3262, June
        2002.

   [20] Campbell, B., "SIMPLE Presence Publication Mechanism", Work in
        Progress, February 2003.

12.  Authors' Addresses

   Rohan Mahy
   Cisco Systems, Inc.
   5617 Scotts Valley Dr
   Scotts Valley, CA  95066
   USA

   EMail: rohan@cisco.com


   Billy Biggs

   EMail: bbiggs@dumbterm.net


   Rick Dean

   EMail: rfc@fdd.com

























Mahy, et al.                Standards Track                    [Page 15]
^L
RFC 3891               The SIP "Replaces" Header          September 2004


13.  Full Copyright Statement

   Copyright (C) The Internet Society (2004).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the IETF's procedures with respect to rights in IETF Documents can
   be found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.







Mahy, et al.                Standards Track                    [Page 16]
^L