1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
|
Network Working Group A. Niemi, Ed.
Request for Comments: 3903 Nokia
Category: Standards Track October 2004
Session Initiation Protocol (SIP) Extension
for Event State Publication
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document describes an extension to the Session Initiation
Protocol (SIP) for publishing event state used within the SIP Events
framework. The first application of this extension is for the
publication of presence information.
The mechanism described in this document can be extended to support
publication of any event state for which there exists an appropriate
event package. It is not intended to be a general-purpose mechanism
for transport of arbitrary data, as there are better-suited
mechanisms for this purpose.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Definitions and Document Conventions . . . . . . . . . . . . 3
3. Overall Operation . . . . . . . . . . . . . . . . . . . . . 4
4. Constructing PUBLISH Requests . . . . . . . . . . . . . . . 5
4.1. Identification of Published Event State. . . . . . . . 6
4.2. Creating Initial Publication . . . . . . . . . . . . . 7
4.3. Refreshing Event State . . . . . . . . . . . . . . . . 8
4.4. Modifying Event State . . . . . . . . . . . . . . . . 9
4.5. Removing Event State . . . . . . . . . . . . . . . . . 9
5. Processing PUBLISH Responses . . . . . . . . . . . . . . . . 10
6. Processing PUBLISH Requests . . . . . . . . . . . . . . . . 10
7. Processing OPTIONS Requests . . . . . . . . . . . . . . . . 13
8. Use of Entity-tags in PUBLISH . . . . . . . . . . . . . . . 13
Niemi Standards Track [Page 1]
^L
RFC 3903 SIP Event State Publication October 2004
8.1. General Notes. . . . . . . . . . . . . . . . . . . . . 13
8.2. Client Usage . . . . . . . . . . . . . . . . . . . . . 14
8.3. Server Usage . . . . . . . . . . . . . . . . . . . . . 14
9. Controlling the Rate of Publication . . . . . . . . . . . . 15
10. Considerations for Event Packages using PUBLISH . . . . . . 15
10.1. PUBLISH Bodies . . . . . . . . . . . . . . . . . . . . 16
10.2. PUBLISH Response Bodies. . . . . . . . . . . . . . . . 16
10.3. Multiple Sources for Event State . . . . . . . . . . . 16
10.4. Event State Segmentation . . . . . . . . . . . . . . . 17
10.5. Rate of Publication. . . . . . . . . . . . . . . . . . 17
11. Protocol Element Definitions . . . . . . . . . . . . . . . . 17
11.1. New Methods. . . . . . . . . . . . . . . . . . . . . . 17
11.1.1. PUBLISH Method . . . . . . . . . . . . . . . . 17
11.2. New Response Codes . . . . . . . . . . . . . . . . . . 19
11.2.1. "412 Conditional Request Failed" Response Code 19
11.3. New Header Fields . . . . . . . . . . . . . . . . . . 20
11.3.1. "SIP-ETag" Header Field . . . . . . . . . . . 20
11.3.2. "SIP-If-Match" Header Field . . . . . . . . . 20
12. Augmented BNF Definitions . . . . . . . . . . . . . . . . . 21
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . 21
13.1. Methods . . . . . . . . . . . . . . . . . . . . . . . 21
13.2. Response Codes . . . . . . . . . . . . . . . . . . . . 21
13.3. Header Field Names . . . . . . . . . . . . . . . . . . 21
14. Security Considerations . . . . . . . . . . . . . . . . . . 22
14.1. Access Control . . . . . . . . . . . . . . . . . . . . 22
14.2. Denial of Service Attacks . . . . . . . . . . . . . . 22
14.3. Replay Attacks . . . . . . . . . . . . . . . . . . . . 22
14.4. Man in the Middle Attacks . . . . . . . . . . . . . . 23
14.5. Confidentiality . . . . . . . . . . . . . . . . . . . 23
15. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 24
16. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 29
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30
18. References . . . . . . . . . . . . . . . . . . . . . . . . . 30
18.1. Normative References . . . . . . . . . . . . . . . . . 30
18.2. Informative References . . . . . . . . . . . . . . . . 31
Author's Address. . . . . . . . . . . . . . . . . . . . . . . . . 31
Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 32
1. Introduction
This specification provides a framework for the publication of event
state from a user agent to an entity that is responsible for
compositing this event state and distributing it to interested
parties through the SIP Events [1] framework.
Niemi Standards Track [Page 2]
^L
RFC 3903 SIP Event State Publication October 2004
In addition to defining an event publication framework, this
specification defines a concrete usage of that framework for the
publication of presence state [2] by a presence user agent [3] to a
presence compositor, which has a tightly coupled relationship with
the presence agent [1].
The requirements and model for presence publication are documented in
[10]. This specification will address each of those requirements.
The mechanism described in this document can be extended to support
publication of any event state for which there exists an appropriate
event package as defined in [1]. For instance, an application of SIP
events for message waiting indications [11] might choose to collect
the statuses of voice-mail boxes across a set of user agents using
the PUBLISH mechanism. The compositor in such an application would
then be responsible for collecting and distributing this state to the
subscribers of the event package.
Each application that makes use of the PUBLISH mechanism in the
publication of event state will need to adhere to the guidelines set
in Section 10. The mechanism described in this document is not
intended to be a general-purpose mechanism for transport of arbitrary
data, as there are better-suited mechanisms for this purpose.
2. Definitions and Document Conventions
In addition to the definitions of RFC 2778 [3], RFC 3265 [1], and RFC
3261 [4], this document introduces some new concepts:
Event State: State information for a resource, associated with an
event package and an address-of-record.
Event Publication Agent (EPA): The User Agent Client (UAC) that
issues PUBLISH requests to publish event state.
Event State Compositor (ESC): The User Agent Server (UAS) that
processes PUBLISH requests, and is responsible for compositing
event state into a complete, composite event state of a resource.
Presence Compositor: A type of Event State Compositor that is
responsible for compositing presence state for a presentity.
Publication: The act of an EPA sending a PUBLISH request to an ESC to
publish event state.
Event Hard State: The steady-state or default event state of a
resource, which the ESC may use in the absence of, or in addition
to, soft state publications.
Niemi Standards Track [Page 3]
^L
RFC 3903 SIP Event State Publication October 2004
Event Soft State: Event state published by an EPA using the PUBLISH
mechanism. A protocol element (i.e., an entity-tag) is used to
identify a specific soft state entity at the ESC. Soft state has
a defined lifetime and will expire after a negotiated amount of
time.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119 [5]
and indicate requirement levels for compliant implementations.
Indented passages such as this one are used in this document to
provide additional information and clarifying text. They do not
contain descriptions of normative protocol behavior.
3. Overall Operation
This document defines a new SIP method, PUBLISH, for publishing event
state. PUBLISH is similar to REGISTER in that it allows a user to
create, modify, and remove state in another entity which manages this
state on behalf of the user. Addressing a PUBLISH request is
identical to addressing a SUBSCRIBE request. The Request-URI of a
PUBLISH request is populated with the address of the resource for
which the user wishes to publish event state. The user may in turn
have multiple User Agents or endpoints that publish event state.
Each endpoint may publish its own unique state, out of which the
event state compositor generates the composite event state of the
resource. In addition to a particular resource, all published event
state is associated with a specific event package. Through a
subscription to that event package, the user is able to discover the
composite event state of all of the active publications.
A User Agent Client (UAC) that publishes event state is labeled an
Event Publication Agent (EPA). For presence, this is the familiar
Presence User Agent (PUA) role as defined in [2]. The entity that
processes the PUBLISH request is known as an Event State Compositor
(ESC). For presence, this is the familiar Presence Agent (PA) role
as defined in [2].
PUBLISH requests create soft state in the ESC. This event soft state
has a defined lifetime and will expire after a negotiated amount of
time, requiring the publication to be refreshed by subsequent PUBLISH
requests. There may also be event hard state provisioned for each
resource for a particular event package. This event state represents
the resource state that is present at all times, and does not expire.
The ESC may use event hard state in the absence of, or in addition
to, event soft state provided through the PUBLISH mechanism. Setting
Niemi Standards Track [Page 4]
^L
RFC 3903 SIP Event State Publication October 2004
this event hard state or configuring the ESC policy regarding the
aggregation of different event state is out of the scope of this
specification.
The body of a PUBLISH request carries the published event state. In
response to every successful PUBLISH request, the ESC assigns an
identifier to the publication in the form of an entity-tag. This
identifier is then used by the EPA in any subsequent PUBLISH request
that modifies, refreshes or removes the event state of that
publication. When event state expires or is explicitly removed, the
entity-tag associated with it becomes invalid. A publication for an
invalid entity-tag will naturally fail, and the EPA needs to start
anew and resend its event state without referencing a previous
entity-tag.
4. Constructing PUBLISH Requests
PUBLISH requests create, modify, and remove event state associated
with an address-of-record. A suitably authorized third party may
also perform publication on behalf of a particular address-of-record.
Except as noted, the construction of the PUBLISH request and the
behavior of clients sending a PUBLISH request are identical to the
general UAC behavior described in Section 8.1 and Section 17.1 of RFC
3261 [4].
If necessary, clients may probe for the support of PUBLISH using the
OPTIONS request defined in SIP [4]. The presence of "PUBLISH" in the
"Allow" header field in a response to an OPTIONS request indicates
support for the PUBLISH method. In addition, the "Allow-Events"
header field indicates the supported event packages.
Note that it is possible for the OPTIONS request to fork, and
consequently return a response from a User Agent other than the
ESC. In that case, support for the PUBLISH method may not be
appropriately represented for that particular Request-URI.
A PUBLISH request does not establish a dialog. A UAC MAY include a
Route header field in a PUBLISH request based on a pre-existing route
set as described in Section 8.1 of RFC 3261 [4]. The Record-Route
header field has no meaning in PUBLISH requests or responses, and
MUST be ignored if present. In particular, the UAC MUST NOT create a
new route set based on the presence or absence of a Record-Route
header field in any response to a PUBLISH request.
The PUBLISH request MAY contain a Contact header field, but including
one in a PUBLISH request has no meaning in the event publication
context and will be ignored by the ESC. An EPA MAY send a PUBLISH
Niemi Standards Track [Page 5]
^L
RFC 3903 SIP Event State Publication October 2004
request within an existing dialog. In that case, the request is
received in the context of any media session or sessions associated
with that dialog.
Note that while sending a PUBLISH request within an existing
dialog is not prohibited, it will typically not result in the
expected behavior. Unless the other end of the dialog is also an
ESC, it will probably reject the request.
EPAs MUST NOT send a new PUBLISH request (not a re-transmission) for
the same Request-URI, until they have received a final response from
the ESC for the previous one or the previous PUBLISH request has
timed out.
4.1. Identification of Published Event State
Identification of published event state is provided by three pieces
of information: Request-URI, event type, and (optionally) an entity-
tag.
The Request-URI of a PUBLISH request contains enough information to
route the request to the appropriate entity per the request routing
procedures outlined in RFC 3261 [4]. It also contains enough
information to identify the resource whose event state is to be
published, but not enough information to determine the type of the
published event state.
For determining the type of the published event state, the EPA MUST
include a single Event header field in PUBLISH requests. The value
of this header field indicates the event package for which this
request is publishing event state.
For each successful PUBLISH request, the ESC will generate and assign
an entity-tag and return it in the SIP-ETag header field of the 2xx
response.
When updating previously published event state, PUBLISH requests MUST
contain a single SIP-If-Match header field identifying the specific
event state that the request is refreshing, modifying or removing.
This header field MUST contain a single entity-tag that was returned
by the ESC in the SIP-ETag header field of the response to a previous
publication.
The PUBLISH request MAY contain a body, which contains event state
that the client wishes to publish. The content format and semantics
are dependent on the event package identified in the Event header
field.
Niemi Standards Track [Page 6]
^L
RFC 3903 SIP Event State Publication October 2004
The presence of a body and the SIP-If-Match header field determine
the specific operation that the request is performing, as described
in Table 1.
+-----------+-------+---------------+---------------+
| Operation | Body? | SIP-If-Match? | Expires Value |
+-----------+-------+---------------+---------------+
| Initial | yes | no | > 0 |
| Refresh | no | yes | > 0 |
| Modify | yes | yes | > 0 |
| Remove | no | yes | 0 |
+-----------+-------+---------------+---------------+
Table 1: Publication Operations
An 'Initial' publication sets the initial event state for a
particular EPA. There may, of course, already be event state
published by other EPAs (for the same address-of-record). That state
is unaffected by an initial publication. A 'Refresh' publication
refreshes the lifetime of a previous publication, whereas a 'Modify'
publication modifies the event state of a previous publication. A
'Remove' publication requests immediate removal of event state.
These operations are described in more detail in the following
sections.
4.2. Creating Initial Publication
An initial publication is a PUBLISH request created by the EPA and
sent to the ESC that establishes soft state for the event package
indicated in the Event header field of the request, and bound to the
address in the Request-URI of the request.
An initial PUBLISH request MUST NOT contain a SIP-If-Match header
field. However, if the EPA expects an appropriate, locally stored
entity-tag to still be valid, it SHOULD first try to modify that
event state as described in Section 4.4, instead of submitting an
initial publication.
An initial PUBLISH request MUST contain a body that contains the
published event state.
An initial PUBLISH request MAY contain a single Expires header field.
This value indicates the suggested lifetime of the event state
publication.
Niemi Standards Track [Page 7]
^L
RFC 3903 SIP Event State Publication October 2004
The ESC may lower the suggested lifetime of the publication, but it
will never extend it. If an Expires header field is not present, the
EPA is indicating its desire for the ESC to choose. The Expires
header field in a 2xx response to the initial PUBLISH indicates the
actual duration for which the publication will remain active. Unless
refreshed before this lifetime is exceeded, the publication will
expire.
4.3. Refreshing Event State
An EPA is responsible for refreshing its previously established
publications before their expiration interval has elapsed. To
refresh a publication, the EPA MUST create a PUBLISH request that
includes in a SIP-If-Match header field the entity-tag of the
publication to be refreshed.
The SIP-If-Match header field containing an entity-tag conditions the
PUBLISH request to refresh a specific event state established by a
prior publication. If the entity-tag matches previously published
event state at the ESC, the refresh succeeds, and the EPA receives a
2xx response.
Like the 2xx response to an initial PUBLISH request, the 2xx response
to a refresh PUBLISH request will contain a SIP-ETag header field
with an entity-tag. The EPA MUST store this entity-tag, replacing
any existing entity-tag for the refreshed event state. See Section
8.2 for more information on the EPA handling of entity-tags.
If there is no matching event state, e.g., the event state to be
refreshed has already expired, the EPA receives a 412 (Conditional
Request Failed) response to the PUBLISH request.
A publication refresh MAY contain a single Expires header field.
This value indicates the suggested lifetime of the event state.
The ESC may lower the suggested lifetime of the publication refresh,
but it will never extend it. If an Expires header field is not
present, the EPA is indicating its desire for the ESC to choose. The
Expires header field in a 2xx response to the publication refresh
indicates the actual duration for which the publication will remain
active.
A publication refresh only extends the expiration time of already
existing event state. It does not affect that event state in any
other way. Therefore, a PUBLISH request that refreshes event state
MUST NOT have a body.
Niemi Standards Track [Page 8]
^L
RFC 3903 SIP Event State Publication October 2004
4.4. Modifying Event State
Modifying event state closely resembles the creation of initial event
state. However, instead of establishing completely new event state
at the ESC, already existing event state is updated with modified
event state. The nature of this update depends on the content of the
body, and the semantics associated with the format of that body.
To modify event state, the EPA MUST construct a PUBLISH request that
includes in a SIP-If-Match header field the entity-tag of the event
state publication to be modified. A PUBLISH request that modifies
event state MUST contain a body that includes the modified event
state.
The SIP-If-Match header field conditions the PUBLISH request to
modify a specific event state established by a prior publication, and
identified by the entity-tag. If the entity-tag matches previously
published event state at the ESC, that event state is replaced by the
event state carried in the PUBLISH request, and the EPA receives a
2xx response.
Like the 2xx response to an initial PUBLISH request, the 2xx response
to a modifying PUBLISH request will contain a SIP-ETag header field
with an entity-tag. The EPA MUST store this entity-tag, replacing
any existing entity-tag for the modified event state. See Section
8.2 for more information on the EPA handling of entity-tags.
If there is no matching event state at the ESC, e.g., the event state
to be modified has already expired, the EPA receives a 412
(Conditional Request Failed) response to the PUBLISH request.
A modifying PUBLISH request MAY contain a single Expires header
field. This value indicates the suggested lifetime of the event
state publication.
The ESC may lower the suggested lifetime of the publication, but it
will never extend it. If an Expires header field is not present, the
EPA is indicating its desire for the ESC to choose. The Expires
header field in a 2xx response to the modifying PUBLISH request
indicates the actual duration for which the publication will remain
active. Unless refreshed before this lifetime is exceeded, the
publication will expire.
4.5. Removing Event State
Event state established by a prior publication may also be explicitly
removed.
Niemi Standards Track [Page 9]
^L
RFC 3903 SIP Event State Publication October 2004
To request the immediate removal of event state, an EPA MUST create a
PUBLISH request with an Expires value of "0", and set the SIP-If-
Match header field to contain the entity-tag of the event state
publication to be removed.
Note that removing event state is effectively a publication
refresh suggesting an infinitesimal expiration interval.
Consequently, the refreshed event state expires immediately after
being refreshed.
Similar to an event state refresh, the removal of event state only
affects the expiry of the event state. Therefore, a PUBLISH request
that removes event state MUST NOT contain a body.
5. Processing PUBLISH Responses
When processing responses to PUBLISH requests, the steps in Section
8.1.2 of RFC 3261 [4] apply.
If an EPA receives a 412 (Conditional Request Failed) response, it
MUST NOT reattempt the PUBLISH request. Instead, to publish event
state, the EPA SHOULD perform an initial publication, i.e., a PUBLISH
request without a SIP-If-Match header field, as described in Section
4.2. The EPA MUST also discard the entity-tag that produced this
error response.
If an EPA receives a 423 (Interval Too Brief) response to a PUBLISH
request, it MAY retry the publication after changing the expiration
interval in the Expires header field to be equal to or greater than
the expiration interval within the Min-Expires header field of the
423 (Interval Too Brief) response.
6. Processing PUBLISH Requests
The Event State Compositor (ESC) is a User Agent Server (UAS) that
processes and responds to PUBLISH requests, and maintains a list of
publications for a given address-of-record. The ESC has to know
(e.g., through configuration) the set of addresses for which it
maintains event state.
The ESC MUST ignore the Record-Route header field if it is included
in a PUBLISH request. The ESC MUST NOT include a Record-Route header
field in any response to a PUBLISH request. The ESC MUST ignore the
Contact header field if one is present in a PUBLISH request.
Niemi Standards Track [Page 10]
^L
RFC 3903 SIP Event State Publication October 2004
PUBLISH requests with the same Request-URI MUST be processed in the
order that they are received. PUBLISH requests MUST also be
processed atomically, meaning that a particular PUBLISH request is
either processed completely or not at all.
When receiving a PUBLISH request, the ESC follows the steps defining
general UAS behavior in Section 8.2 of RFC 3261 [4]. In addition,
for PUBLISH specific behavior the ESC follows these steps:
1. The ESC inspects the Request-URI to determine whether this request
is targeted to a resource for which the ESC is responsible for
maintaining event state. If not, the ESC MUST return a 404 (Not
Found) response and skip the remaining steps.
It may also be that the Request-URI points to a domain that the
ESC is not responsible for. In that case, the UAS receiving the
request can assume the role of a proxy server and forward the
request to a more appropriate target.
2. The ESC examines the Event header field of the PUBLISH request.
If the Event header field is missing or contains an event package
which the ESC does not support, the ESC MUST respond to the
PUBLISH request with a 489 (Bad Event) response, and skip the
remaining steps.
3. The ESC examines the SIP-If-Match header field of the PUBLISH
request for the presence of a request precondition.
* If the request does not contain a SIP-If-Match header field,
the ESC MUST generate and store a locally unique entity-tag for
identifying the publication. This entity-tag is associated
with the event-state carried in the body of the PUBLISH
request.
* Else, if the request has a SIP-If-Match header field, the ESC
checks whether the header field contains a single entity-tag.
If not, the request is invalid, and the ESC MUST return with a
400 (Invalid Request) response and skip the remaining steps.
* Else, the ESC extracts the entity-tag contained in the SIP-If-
Match header field and matches that entity-tag against all
locally stored entity-tags for this resource and event package.
If no match is found, the ESC MUST reject the publication with
a response of 412 (Conditional Request Failed), and skip the
remaining steps.
Niemi Standards Track [Page 11]
^L
RFC 3903 SIP Event State Publication October 2004
4. The ESC processes the Expires header field value from the PUBLISH
request.
* If the request has an Expires header field, that value MUST be
taken as the requested expiration.
* Else, a locally-configured default value MUST be taken as the
requested expiration.
* The ESC MAY choose an expiration less than the requested
expiration interval. Only if the requested expiration interval
is greater than zero and less than a locally-configured
minimum, the ESC MAY reject the publication with a response of
423 (Interval Too Brief), and skip the remaining steps. This
response MUST contain a Min-Expires header field that states
the minimum expiration interval the ESC is willing to honor.
5. The ESC processes the published event state contained in the body
of the PUBLISH request. If the content type of the request does
not match the event package, or is not understood by the ESC, the
ESC MUST reject the request with an appropriate response, such as
415 (Unsupported Media Type), and skip the remainder of the steps.
* The ESC stores the event state delivered in the body of the
PUBLISH request and identified by the associated entity-tag,
updating any existing event state for that entity-tag. The
expiration value is set to the chosen expiration interval.
* If the request has no message body and contained no entity-tag,
the ESC SHOULD reject the request with an appropriate response,
such as 400 (Invalid Request), and skip the remainder of the
steps. Alternatively, in case either ESC local policy or the
event package has defined semantics for an initial publication
containing no message body, the ESC MAY accept it.
* Else, the event state identified by the entity-tag is
refreshed, setting the expiration value to the chosen
expiration interval.
* If the chosen expiration interval has a special value of "0",
the event state identified by the entity-tag MUST be
immediately removed. The ESC MUST NOT store any event state as
a result of such a request.
Niemi Standards Track [Page 12]
^L
RFC 3903 SIP Event State Publication October 2004
The processing of the PUBLISH request MUST be atomic. If internal
errors (such as the inability to access a back-end database) occur
before processing is complete, the publication MUST NOT succeed,
and the ESC MUST fail with an appropriate error response, such as
504 (Server Time-out), and skip the last step.
6. The ESC returns a 200 (OK) response. The response MUST contain an
Expires header field indicating the expiration interval chosen by
the ESC. The response MUST also contain a SIP-ETag header field
that contains a single entity-tag identifying the publication.
The ESC MUST generate a new entity-tag for each successful
publication, replacing any previous entity-tag associated with
that event state. The generated entity-tag MUST be unique from any
other entity-tags currently assigned to event state associated
with that Request-URI, and MUST be different from any entity-tag
assigned previously to event state for that Request-URI. See
Section 8.3 for more information on the ESC handling of entity-
tags.
7. Processing OPTIONS Requests
A client may probe the ESC for the support of PUBLISH using the
OPTIONS request defined in SIP [4]. The ESC processes OPTIONS
requests as defined in Section 11.2 of RFC 3261 [4]. In the response
to an OPTIONS request, the ESC SHOULD include "PUBLISH" to the list
of allowed methods in the Allow header field. Also, it SHOULD list
the supported event packages in an Allow-Events header field.
The Allow header field may also be used to specifically announce
support for PUBLISH messages when registering. (See SIP Capabilities
[12] for details).
8. Use of Entity-tags in PUBLISH
This section makes a general overview of the entity-tags usage in
PUBLISH. It is informative in nature and thus contains no normative
protocol description.
8.1. General Notes
The PUBLISH mechanism makes use of entity-tags, as defined in HTTP/
1.1 [13]. While the main functionality is preserved, the syntax and
semantics for entity-tags and the corresponding header fields is
adapted specifically for use with the PUBLISH method. The main
differences are:
o The syntax for entity-tags is a token instead of quoted-string.
There is also no prefix defined for indicating a weak entity-tag.
Niemi Standards Track [Page 13]
^L
RFC 3903 SIP Event State Publication October 2004
o A PUBLISH precondition can only apply to a single entity-tag, so
request preconditions with multiple entity-tags are not allowed.
o A request precondition can't apply to "any" entity, namely there
is no special "*" entity-tag value defined for PUBLISH.
o Whereas in HTTP/1.1 returning an entity-tag is optional for origin
servers, in PUBLISH ESCs are required to always return an entity-
tag for a successful publication.
The main motivation for the above adaptation is that PUBLISH is
conceptually an HTTP PUT, for which only a subset of the features in
cache validation using entity-tags is allowed in HTTP/1.1. It makes
little sense to enable features other than this subset for event
state publication.
To make it apparent that the entity-tags usage in PUBLISH is similar
but not identical to HTTP/1.1, we have not adopted the header field
names directly from HTTP/1.1, but rather have created similar but
distinct names, as can be seen in Section 11.
8.2. Client Usage
Each successful publication will get assigned an entity-tag which is
then delivered to the EPA in the response to the PUBLISH request.
The EPA needs to store that entity-tag, replacing any previous
entity-tag for that event state. If a request fails with a 412
(Conditional Request Failed) response, the EPA discards the entity-
tag that caused the failure.
Entity-tags are opaque tokens to the EPA. The EPA cannot infer any
further semantics from an entity-tag beyond a simple identifier, or
assume a specific formatting. An entity-tag may be a monotonically
increasing counter, but it may also be a totally random token. It is
up to the ESC implementation as to what the formatting of an entity-
tag is.
8.3. Server Usage
Entity-tags are generated and maintained by the ESC. They are part
of the state maintained by the ESC that also includes the actual
event state and its remaining expiration interval. An entity-tag is
generated and stored for each successful event state publication, and
returned to the EPA in a 200 (OK) response. Each event state
publication from the EPA that updates a previous publication will
include an entity-tag that the ESC can use as a search key in the set
of active publications.
Niemi Standards Track [Page 14]
^L
RFC 3903 SIP Event State Publication October 2004
The way in which an entity-tag is generated is an implementation
decision. One possible way to generate an entity-tag is to implement
it as an integer counter that is incremented by one for each
successfully processed publication. Other, equally valid ways for
generating entity-tags exist, and this document makes no
recommendations or preference for a single way.
9. Controlling the Rate of Publication
As an entity responsible for aggregating state information from
potentially many sources, the ESC can be subject to considerable
amounts of publication traffic. There are ways to reduce the amount
of PUBLISH requests that the ESC receives:
o Choice of the expiration interval for a publication can be
affected by the ESC. It can insist that an EPA chooses a longer
expiration value to what it suggests, in case the ESC's local
default minimum expiration value is not reached. Maintaining a
longer default minimum expiration value at the ESC reduces the
rate at which publications are refreshed.
o Another way of reducing publication traffic is to use a SIP-level
push-back to quench a specific source of publication traffic. To
push back on publications from a particular source, the ESC MAY
respond to a PUBLISH request with a 503 (Service Unavailable), as
defined in RFC 3261 [4]. This response SHOULD contain a Retry-
After header field indicating the time interval that the
publication source is required to wait until sending another
PUBLISH request.
At the time of writing this specification, work on managing load in
SIP is starting, which may be able to provide further tools for
managing load in event state publication systems.
10. Considerations for Event Packages using PUBLISH
This section discusses several issues which should be taken into
consideration when applying the PUBLISH mechanism to event packages.
It also demonstrates how these issues are handled when using PUBLISH
for presence publication.
Any future event package specification SHOULD include a discussion of
its considerations for using PUBLISH. At a minimum those
considerations SHOULD address the issues presented in this chapter,
and MAY include additional considerations.
Niemi Standards Track [Page 15]
^L
RFC 3903 SIP Event State Publication October 2004
10.1. PUBLISH Bodies
The body of the PUBLISH request typically carries the published event
state. Any application of the PUBLISH mechanism for a given event
package MUST define what content type or types are expected in
PUBLISH requests. Each event package MUST also describe the
semantics associated with that content type, and MUST prescribe a
default, mandatory to implement MIME type.
This document defines the semantics of the presence publication
requests (event package "presence") when the Common Profile for
Presence (CPP) Presence Information Data Format (PIDF) [6] is used.
A PUA that uses PUBLISH to publish presence state to the PA MUST
support the PIDF presence format. It MAY support other formats.
10.2. PUBLISH Response Bodies
The response to a PUBLISH request indicates whether the request was
successful or not. In general, the body of such a response will be
empty unless the event package defines explicit meaning for such a
body.
There is no such meaning for the body of a response to a presence
publication.
10.3. Multiple Sources for Event State
For some event packages, the underlying model is that of a single
entity responsible for aggregating event state (ESC), and multiple
sources, out of which only some may be using the PUBLISH mechanism.
Note that sources for event state other than those using the
PUBLISH mechanism are explicitly allowed. However, it is beyond
the scope of this document to define such interfaces.
Event packages that make use of the PUBLISH mechanism SHOULD describe
whether this model for event state publication is applicable, and MAY
describe specific mechanisms used for aggregating publications from
multiple sources.
For presence, a PUA can publish presence state for just a subset of
the tuples that may be composited into the presence document that
watchers receive in a NOTIFY. The mechanism by which the ESC
aggregates this information is a matter of local policy and out of
the scope of this specification.
Niemi Standards Track [Page 16]
^L
RFC 3903 SIP Event State Publication October 2004
10.4. Event State Segmentation
For some event packages, there exists a natural decomposition of
event state into segments. Each segment is defined as one of
potentially many identifiable sections in the published event state.
Any event package whose content type supports such segmentation of
event state, SHOULD describe the way in which these event state
segments are identified by the ESC.
In presence publication, the EPA MUST keep the "id" attributes of
tuples consistent in the context of an entity-tag. If a publication
modifies the contents of a tuple, that tuple MUST maintain its
original "id". The ESC will interpret each tuple in the context of
the entity-tag with which the request arrived. A tuple whose "id" is
missing compared to the original publication will be considered as
being removed. Similarly, a tuple is interpreted as being added if
its "id" attribute is one that the original publication did not
contain.
10.5. Rate of Publication
Controlling the rate of publication is discussed in Section 9.
Individual event packages MAY in turn define recommendations (SHOULD
or MUST strength) on absolute maximum rates at which publications are
allowed to be generated by a single EPA.
There are no rate limiting recommendations for presence publication.
11. Protocol Element Definitions
This section describes the extensions required for event publication
in SIP.
11.1. New Methods
11.1.1. PUBLISH Method
"PUBLISH" is added to the definition of the element "Method" in the
SIP message grammar. As with all other SIP methods, the method name
is case sensitive. PUBLISH is used to publish event state to an
entity responsible for compositing this event state.
Table 2 and Table 3 extend Tables 2 and 3 of RFC 3261 [4] by adding
an additional column, defining the header fields that can be used in
PUBLISH requests and responses. The keys in these tables are
specified in Section 20 of RFC 3261 [4].
Niemi Standards Track [Page 17]
^L
RFC 3903 SIP Event State Publication October 2004
+---------------------+---------+---------+
| Header Field | where | PUBLISH |
+---------------------+---------+---------+
| Accept | R | o |
| Accept | 2xx | - |
| Accept | 415 | m* |
| Accept-Encoding | R | o |
| Accept-Encoding | 2xx | - |
| Accept-Encoding | 415 | m* |
| Accept-Language | R | o |
| Accept-Language | 2xx | - |
| Accept-Language | 415 | m* |
| Alert-Info | | - |
| Allow | R | o |
| Allow | r | o |
| Allow | 405 | m |
| Allow-Events | R | o |
| Allow-Events | 489 | m |
| Authentication-Info | 2xx | o |
| Authorization | R | o |
| Call-ID | c | m |
| Call-Info | | o |
| Contact | R | - |
| Contact | 1xx | - |
| Contact | 2xx | - |
| Contact | 3xx | o |
| Contact | 485 | o |
| Content-Disposition | | o |
| Content-Encoding | | o |
| Content-Language | | o |
| Content-Length | | t |
| Content-Type | | * |
| CSeq | c | m |
| Date | | o |
| Event | R | m |
| Error-Info | 300-699 | o |
| Expires | | o |
| Expires | 2xx | m |
| From | c | m |
| In-Reply-To | R | - |
| Max-Forwards | R | m |
| Min-Expires | 423 | m |
| MIME-Version | | o |
| Organization | | o |
+---------------------+---------+---------+
Table 2: Summary of header fields, A--O
Niemi Standards Track [Page 18]
^L
RFC 3903 SIP Event State Publication October 2004
+---------------------+-----------------+---------+
| Header Field | where | PUBLISH |
+---------------------+-----------------+---------+
| Priority | R | o |
| Proxy-Authenticate | 407 | m |
| Proxy-Authenticate | 401 | o |
| Proxy-Authorization | R | o |
| Proxy-Require | R | o |
| Record-Route | | - |
| Reply-To | | - |
| Require | | o |
| Retry-After | 404,413,480,486 | o |
| Retry-After | 500,503 | o |
| Retry-After | 600,603 | o |
| Route | R | c |
| Server | r | o |
| Subject | R | o |
| Supported | R | o |
| Supported | 2xx | o |
| Timestamp | | o |
| To | c(1) | m |
| Unsupported | 420 | o |
| User-Agent | | o |
| Via | R | m |
| Via | rc | m |
| Warning | r | o |
| WWW-Authenticate | 401 | m |
| WWW-Authenticate | 407 | o |
+---------------------+-----------------+---------+
Table 3: Summary of header fields, P--Z
11.2. New Response Codes
11.2.1. "412 Conditional Request Failed" Response Code
The 412 (Conditional Request Failed) response is added to the
"Client-Error" header field definition. 412 (Conditional Request
Failed) is used to indicate that the precondition given for the
request has failed.
Niemi Standards Track [Page 19]
^L
RFC 3903 SIP Event State Publication October 2004
11.3. New Header Fields
Table 4, Table 5, and Table 6 expand on Table 3 in SIP [4], as
amended by the changes in Section 11.1.
+--------------+-------+-------+-----+-----+-----+-----+-----+
| Header Field | where | proxy | ACK | BYE | CAN | INF | INV |
+--------------+-------+-------+-----+-----+-----+-----+-----+
| SIP-ETag | 2xx | | - | - | - | - | - |
| SIP-If-Match | R | | - | - | - | - | - |
+--------------+-------+-------+-----+-----+-----+-----+-----+
Table 4: Summary of header fields, P--Z
+--------------+-------+-------+-----+-----+-----+-----+-----+
| Header Field | where | proxy | NOT | OPT | PRA | REG | SUB |
+--------------+-------+-------+-----+-----+-----+-----+-----+
| SIP-ETag | 2xx | | - | - | - | - | - |
| SIP-If-Match | R | | - | - | - | - | - |
+--------------+-------+-------+-----+-----+-----+-----+-----+
Table 5: Summary of header fields, P--Z
+--------------+-------+-------+-----+-----+-----+---------+
| Header Field | where | proxy | UPD | MSG | REF | PUBLISH |
+--------------+-------+-------+-----+-----+-----+---------+
| SIP-ETag | 2xx | | - | - | - | m |
| SIP-If-Match | R | | - | - | - | o |
+--------------+-------+-------+-----+-----+-----+---------+
Table 6: Summary of header fields, P--Z
11.3.1. "SIP-ETag" Header Field
SIP-ETag is added to the definition of the element "general-header"
in the SIP message grammar. Usage of this header is described in
Section 4 and Section 6.
11.3.2. "SIP-If-Match" Header Field
SIP-If-Match is added to the definition of the element "general-
header" in the SIP message grammar. Usage of this header is
described in Section 4 and Section 6.
Niemi Standards Track [Page 20]
^L
RFC 3903 SIP Event State Publication October 2004
12. Augmented BNF Definitions
This section describes the syntax extensions required for event
publication in SIP. The formal syntax definitions described in this
section are expressed in the Augmented BNF [7] format used in SIP
[4], and contain references to elements defined therein.
PUBLISHm = %x50.55.42.4C.49.53.48 ; PUBLISH in caps.
extension-method = PUBLISHm / token
SIP-ETag = "SIP-ETag" HCOLON entity-tag
SIP-If-Match = "SIP-If-Match" HCOLON entity-tag
entity-tag = token
13. IANA Considerations
This document registers a new method name, a new response code and
two new header field names.
13.1. Methods
This document registers a new SIP method, defined by the following
information, which has been added to the method and response-code
sub-registry under http://www.iana.org/assignments/sip-parameters.
Method Name: PUBLISH
Reference: [RFC3903]
13.2. Response Codes
This document registers a new response code. This response code is
defined by the following information, which has been added to the
method and response-code sub-registry under
http://www.iana.org/assignments/sip-parameters.
Response Code Number: 412
Default Reason Phrase: Conditional Request Failed
13.3. Header Field Names
This document registers two new SIP header field names. These
headers are defined by the following information, which has been
added to the header sub-registry under
http://www.iana.org/assignments/sip-parameters.
Header Name: SIP-ETag
Compact Form: (none)
Niemi Standards Track [Page 21]
^L
RFC 3903 SIP Event State Publication October 2004
Header Name: SIP-If-Match
Compact Form: (none)
14. Security Considerations
14.1. Access Control
Since event state may be considered sensitive information, the ESC
should have the ability to selectively accept publications from
authorized sources only, based on the identity of the EPA.
The state agent SHOULD authenticate the EPA, and SHOULD apply its
authorization policies (e.g., based on access control lists) to all
requests. The composition model makes no assumptions that all input
sources for an ESC are on the same network, or in the same
administrative domain.
ESCs and EPAs MUST implement Digest for authenticating PUBLISH
requests, as defined in RFC 3261 [4]. The exact methods for creating
and manipulating access control policies in the ESC are outside the
scope of this document.
14.2. Denial of Service Attacks
The creation of state at the ESC upon receipt of a PUBLISH request
can be used by attackers to consume resources on a victim's machine,
possibly rendering it unusable.
To reduce the chances of such an attack, implementations of ESCs
SHOULD require authentication of PUBLISH requests. Implementations
MUST support Digest authentication, as defined in RFC 3261 [4].
Also, the ESC SHOULD throttle incoming publications and the
corresponding notifications resulting from the changes in event
state. As a first step, careful selection of default minimum Expires
header field values for the supported event packages at an ESC can
help limit refreshes of event state.
Additional throttling and debounce logic at the ESC is advisable to
further reduce the notification traffic produced as a result of a
PUBLISH request.
14.3. Replay Attacks
Replaying a PUBLISH request can have detrimental effects. An
attacker may be able to perform any event state publication it
witnessed being performed at some point in the past, by replaying
that PUBLISH request. Among other things, such a replay message may
Niemi Standards Track [Page 22]
^L
RFC 3903 SIP Event State Publication October 2004
be used to spoof old event state information, although a versioning
mechanism, e.g., a timestamp, in the state information may help
mitigate such an attack.
To prevent replay attacks, implementations MUST support Digest
authentication with replay protection, as defined in RFC 3261 [4].
Further mechanisms for countering replay attacks are discussed in SIP
[4].
14.4. Man in the Middle Attacks
Even with authentication, man-in-the-middle attacks using PUBLISH may
be used to install arbitrary event state information, modify or
remove existing event state information in publications, or even
remove event state altogether at an ESC.
To prevent such attacks, implementations SHOULD, at a minimum,
provide integrity protection across the To, From, Event, SIP-If-
Match, Route, and Expires header fields and the bodies of PUBLISH
requests.
If the ESC receives event state in a PUBLISH request which is
integrity protected using a security association that is not with the
ESC (e.g., integrity protection is applied end-to-end, from publisher
to subscriber), the state agent coupled with the ESC MUST NOT modify
the event state before exposing it to the subscribers of this event
state in NOTIFY requests. This is to preserve the end-to-end
integrity of the event state.
For integrity protection, ESCs MUST implement TLS [8], and MUST
support both mutual and one-way authentication, and MUST also support
the SIPS URI scheme defined in SIP [4]. EPAs SHOULD be capable of
initiating TLS and SHOULD support the SIPS URI scheme. ESCs and EPAs
MAY support S/MIME [9] for integrity protection, as defined in SIP
[4].
14.5. Confidentiality
The state information contained in a PUBLISH message may potentially
contain sensitive information. Implementations MAY encrypt such
information to ensure confidentiality.
For providing confidentiality, ESCs MUST implement TLS [8], MUST
support both mutual and one-way authentication, and MUST also support
the SIPS URI scheme defined in SIP [4]. EPAs SHOULD be capable of
initiating TLS and SHOULD support the SIPS URI scheme. ESCs and EPAs
MAY support S/MIME [9] for encryption of event state information, as
defined in SIP [4].
Niemi Standards Track [Page 23]
^L
RFC 3903 SIP Event State Publication October 2004
15. Examples
This section shows an example of using the PUBLISH method for
publishing a presence document from a presence user agent to a
presence agent. The watcher in this example is subscribing to the
presentity's presence information from the PA. The PUA may also
SUBSCRIBE to its own presence to see the composite presence state
exposed by the PA. This is an optional but likely step for the PUA,
and is not shown in this example.
When the value of the Content-Length header field is "..." this means
that the value should be whatever the computed length of the body is.
PUA PA WATCHER
(EPA) (ESC)
| | |
| | <---- M1: SUBSCRIBE --- |
| | |
| | ----- M2: 200 OK -----> |
| | |
| | ----- M3: NOTIFY -----> |
| | |
| | <---- M4: 200 OK ------ |
| | |
| | |
| ---- M5: PUBLISH ---> | |
| | |
| <--- M6: 200 OK ---- | |
| | |
| | ----- M7: NOTIFY -----> |
| | |
| | <---- M8: 200 OK ------ |
| | |
| ---- M9: PUBLISH ---> | |
| | |
| <--- M10: 200 OK --- | |
| | |
| | |
| --- M11: PUBLISH ---> | |
| | |
| <-- M12: 200 OK ---- | |
| | |
| | ----- M13: NOTIFY ----> |
| | |
| | <---- M14: 200 OK ----- |
| | |
Niemi Standards Track [Page 24]
^L
RFC 3903 SIP Event State Publication October 2004
Message flow:
M1: The watcher initiates a new subscription to the
presentity@example.com's presence agent.
SUBSCRIBE sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP host.example.com;branch=z9hG4bKnashds7
To: <sip:presentity@example.com>
From: <sip:watcher@example.com>;tag=12341234
Call-ID: 12345678@host.example.com
CSeq: 1 SUBSCRIBE
Max-Forwards: 70
Expires: 3600
Event: presence
Contact: sip:user@host.example.com
Content-Length: 0
M2: The presence agent for presentity@example.com processes the
subscription request and creates a new subscription. A 200 (OK)
response is sent to confirm the subscription.
SIP/2.0 200 OK
Via: SIP/2.0/UDP host.example.com;branch=z9hG4bKnashds7
;received=192.0.2.1
To: <sip:presentity@example.com>;tag=abcd1234
From: <sip:watcher@example.com>;tag=12341234
Call-ID: 12345678@host.example.com
CSeq: 1 SUBSCRIBE
Contact: sip:pa.example.com
Expires: 3600
Content-Length: 0
M3: In order to complete the process, the presence agent sends the
watcher a NOTIFY with the current presence state of the
presentity.
NOTIFY sip:user@host.example.com SIP/2.0
Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK8sdf2
To: <sip:watcher@example.com>;tag=12341234
From: <sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 1 NOTIFY
Max-Forwards: 70
Event: presence
Subscription-State: active; expires=3599
Contact: sip:pa.example.com
Content-Type: application/pidf+xml
Content-Length: ...
Niemi Standards Track [Page 25]
^L
RFC 3903 SIP Event State Publication October 2004
[PIDF document]
M4: The watcher confirms receipt of the NOTIFY request.
SIP/2.0 200 OK
Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK8sdf2
;received=192.0.2.2
To: <sip:watcher@example.com>;tag=12341234
From: <sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 1 NOTIFY
M5: A presence user agent (acting for the presentity) initiates a
PUBLISH request to the presence agent in order to update it with
new presence information. The Expires header field indicates the
suggested duration for this event soft state.
PUBLISH sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bK652hsge
To: <sip:presentity@example.com>
From: <sip:presentity@example.com>;tag=1234wxyz
Call-ID: 81818181@pua.example.com
CSeq: 1 PUBLISH
Max-Forwards: 70
Expires: 3600
Event: presence
Content-Type: application/pidf+xml
Content-Length: ...
[Published PIDF document]
M6: The presence agent receives, and accepts the presence
publication. The published data is incorporated into the
presentity's presence information.
SIP/2.0 200 OK
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bK652hsge
;received=192.0.2.3
To: <sip:presentity@example.com>;tag=1a2b3c4d
From: <sip:presentity@example.com>;tag=1234wxyz
Call-ID: 81818181@pua.example.com
CSeq: 1 PUBLISH
SIP-ETag: dx200xyz
Expires: 1800
M7: The presence agent determines that a reportable change has been
made to the presentity's presence information, and sends a
new presence notification to the watcher.
Niemi Standards Track [Page 26]
^L
RFC 3903 SIP Event State Publication October 2004
NOTIFY sip:user@host.example.com SIP/2.0
Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK4cd42a
To: <sip:watcher@example.com>;tag=12341234
From: <sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 2 NOTIFY
Max-Forwards: 70
Event: presence
Subscription-State: active; expires=3400
Contact: sip:pa.example.com
Content-Type: application/pidf+xml
Content-Length: ...
[New PIDF document]
M8: The watcher confirms receipt of the NOTIFY request.
SIP/2.0 200 OK
Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK4cd42a
;received=192.0.2.2
To: <sip:watcher@example.com>;tag=12341234
From: <sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 2 NOTIFY
Content-Length: 0
M9: The PUA determines that the event state it previously published
is about to expire, and refreshes that event state.
PUBLISH sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bK771ash02
To: <sip:presentity@example.com>
From: <sip:presentity@example.com>;tag=1234kljk
Call-ID: 98798798@pua.example.com
CSeq: 1 PUBLISH
Max-Forwards: 70
SIP-If-Match: dx200xyz
Expires: 3600
Event: presence
Content-Length: 0
M10: The presence agent receives, and accepts the publication
refresh. The timers regarding the expiration of the specific
event state identified by the entity-tag are updated. As always,
the ESC returns an entity-tag in the response to a successful
PUBLISH. Note that no actual state change has occurred, so the
watchers will receive no NOTIFYs.
Niemi Standards Track [Page 27]
^L
RFC 3903 SIP Event State Publication October 2004
SIP/2.0 200 OK
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bK771ash02
;received=192.0.2.3
To: <sip:presentity@example.com>;tag=2affde434
From: <sip:presentity@example.com>;tag=1234kljk
Call-ID: 98798798@pua.example.com
CSeq: 1 PUBLISH
SIP-ETag: kwj449x
Expires: 1800
M11: The PUA of the presentity detects a change in the user's
presence state. It initiates a PUBLISH request to the presence
agent to modify the published presence information with the recent
change.
PUBLISH sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bKcdad2
To: <sip:presentity@example.com>
From: <sip:presentity@example.com>;tag=54321mm
Call-ID: 5566778@pua.example.com
CSeq: 1 PUBLISH
Max-Forwards: 70
SIP-If-Match: kwj449x
Expires: 3600
Event: presence
Content-Type: application/pidf+xml
Content-Length: ...
[Published PIDF Document]
M12: The presence agent receives, and accepts the modifying
publication. The published data is incorporated into the
presentity's presence information, updating the previous
publication from the same PUA.
SIP/2.0 200 OK
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bKcdad2
;received=192.0.2.3
To: <sip:presentity@example.com>;tag=effe22aa
From: <sip:presentity@example.com>;tag=54321mm
Call-ID: 5566778@pua.example.com
CSeq: 1 PUBLISH
SIP-ETag: qwi982ks
Expires: 3600
M13: The presence agent determines that a reportable change has been
made to the presentity's presence document, and sends a
new presence notification to all active subscriptions.
Niemi Standards Track [Page 28]
^L
RFC 3903 SIP Event State Publication October 2004
NOTIFY sip:user@host.example.com SIP/2.0
Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK32defd3
To: <sip:watcher@example.com>;tag=12341234
From: <sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 2 NOTIFY
Max-Forwards: 70
Event: presence
Subscription-State: active; expires=3400
Contact: sip:pa.example.com
Content-Type: application/pidf+xml
Content-Length: ...
[New PIDF document]
M14: The watcher confirms receipt of the NOTIFY request.
SIP/2.0 200 OK
Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK32defd3
;received=192.0.2.3
To: <sip:watcher@example.com>;tag=12341234
From: <sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 2 NOTIFY
Content-Length: 0
16. Contributors
The original contributors to this specification are:
Ben Campbell
Estacado Systems
Sean Olson
Microsoft
Jon Peterson
Neustar, Inc.
Jonathan Rosenberg
dynamicsoft
Brian Stucker
Nortel Networks, Inc.
Niemi Standards Track [Page 29]
^L
RFC 3903 SIP Event State Publication October 2004
17. Acknowledgements
The authors would like to thank the SIMPLE Working Group for their
collective effort, and specifically the following people for their
review and support of this work: Henning Schulzrinne, Paul Kyzivat,
Hisham Khartabil, George Foti, Keith Drage, Samir Srivastava, Arun
Kumar, Adam Roach, Pekka Pessi, Kai Wang, Cullen Jennings, Mikko
Lonnfors, Eva-Maria Leppanen, Ernst Horvath, Thanos Diacakis, Oded
Cnaan, Rohan Mahy, and Dean Willis.
18. References
18.1. Normative References
[1] Roach, A., "Session Initiation Protocol (SIP)-Specific Event
Notification", RFC 3265, June 2002.
[2] Rosenberg, J., "A Presence Event Package for the Session
Initiation Protocol (SIP)", RFC 3856, August 2004.
[3] Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence and
Instant Messaging", RFC 2778, February 2000.
[4] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[5] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[6] Sugano, H., Fujimoto, S., Klyne, G., Bateman, A., Carr, W., and
J. Peterson, "Presence Information Data Format (PIDF)", RFC
3863, August 2004.
[7] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[8] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC
2246, January 1999.
[9] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail Extensions
(S/MIME) Version 3.1 Message Specification", RFC 3851, July
2004.
Niemi Standards Track [Page 30]
^L
RFC 3903 SIP Event State Publication October 2004
19.2. Informative References
[10] Campbell, B., "SIMPLE Presence Publication Requirements", Work
in Progress, February 2003.
[11] Mahy, R., "A Message Summary and Message Waiting Indication
Event Package for the Session Initiation Protocol (SIP)", RFC
3842, August 2004.
[12] Rosenberg, J., Schulzrinne, H., and P. Kyzivat, "Indicating User
Agent Capabilities in the Session Initiation Protocol (SIP)",
RFC 3840, August 2004.
[13] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999.
Author's Address
Aki Niemi (editor)
Nokia
P.O. Box 407
NOKIA GROUP, FIN 00045
Finland
Phone: +358 50 389 1644
EMail: aki.niemi@nokia.com
Niemi Standards Track [Page 31]
^L
RFC 3903 SIP Event State Publication October 2004
Full Copyright Statement
Copyright (C) The Internet Society (2004).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the IETF's procedures with respect to rights in IETF Documents can
be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Niemi Standards Track [Page 32]
^L
|
