1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
|
Network Working Group P. Kyzivat
Request for Comments: 5628 Cisco Systems, Inc.
Category: Standards Track October 2009
Registration Event Package Extension for
Session Initiation Protocol (SIP)
Globally Routable User Agent URIs (GRUUs)
Abstract
RFC 3680 defines a Session Initiation Protocol (SIP) event package
for registration state. This package allows a watcher to learn about
information stored by a SIP registrar, including its registered
contact.
However, the registered contact is frequently unreachable and thus
not useful for watchers. The Globally Routable User Agent URI
(GRUU), defined in RFC 5627, is a URI that is capable of reaching a
particular contact. However this URI is not included in the document
format defined in RFC 3680. This specification defines an extension
to the registration event package to include GRUUs assigned by the
registrar.
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Kyzivat Standards Track [Page 1]
^L
RFC 5628 Reg Event GRUU Extension October 2009
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Notifier Processing of SUBSCRIBE Requests . . . . . . . . . . 4
5. Notifier Generation of NOTIFY Requests . . . . . . . . . . . . 4
6. Subscriber Processing of NOTIFY Requests . . . . . . . . . . . 5
6.1. Managing Temporary GRUU Lifetime . . . . . . . . . . . . . 5
7. Sample reginfo Document . . . . . . . . . . . . . . . . . . . 7
8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Example: Welcome Notice . . . . . . . . . . . . . . . . . 8
8.2. Example: Implicit Registration . . . . . . . . . . . . . . 8
9. XML Schema Definition . . . . . . . . . . . . . . . . . . . . 11
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
10.1. URN Sub-Namespace Registration . . . . . . . . . . . . . . 12
10.2. XML Schema Registration . . . . . . . . . . . . . . . . . 13
11. Security Considerations . . . . . . . . . . . . . . . . . . . 13
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
13.1. Normative References . . . . . . . . . . . . . . . . . . . 14
13.2. Informative References . . . . . . . . . . . . . . . . . . 14
Kyzivat Standards Track [Page 2]
^L
RFC 5628 Reg Event GRUU Extension October 2009
1. Introduction
RFC 3680 [2] defines a Session Initiation Protocol (SIP) [5] event
package for registration state. This package allows a watcher to
learn about information stored by a SIP registrar, including the
registered contacts.
However, a registered contact is frequently unreachable from hosts
outside of the domain of the User Agent (UA). It is commonly a
private address, or, when it is a public address, access to it may be
blocked by firewalls.
The Globally Routable User Agent URI (GRUU), defined in RFC 5627 [3],
is a URI that reaches a particular UA instance, but is reachable by
any host on the Internet. GRUUs assigned by the registrar represent
additional registration state. However, GRUUs assigned by the
registrar are not included in the notifications provided by RFC 3680.
For many applications of the registration event package, a GRUU is
needed, and not the registered contact.
For example, the Welcome Notices example in [2] will only operate
correctly if the contact address in the registration event
notification is reachable by the sender of the welcome notice. When
the registering device is using the GRUU extension, it is likely that
the registered contact address will not be globally addressable, and
a GRUU should be used as the target address for the MESSAGE.
Another case where this feature may be helpful is within the Third
Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS).
IMS employs a technique where a REGISTER of a contact address to one
Address of Record (AOR) causes the implicit registration of the same
contact to other associated AORs. If GRUUs are requested and
obtained as part of the registration request, then additional GRUUs
will also be needed for the implicit registrations. While assigning
the additional GRUUs is straightforward, informing the registering UA
of them is not. In IMS, UAs typically subscribe to the registration
event, and subscriptions to the registration event for an AOR result
in notifications, each containing the registration state of all the
associated AORs. The proposed extension provides a way to easily
deliver the GRUUs for the associated AORs.
As specified in RFC 5627 [3], temporary GRUUs are invalidated when
contact address bindings for the corresponding AOR and instance ID
are not refreshed, or when a registration to the AOR and instance ID
is performed with a new Call-ID. A UA cannot always determine with
certainty which temporary GRUUs are valid based solely on the
response to the REGISTER requests it has issued, or from
Kyzivat Standards Track [Page 3]
^L
RFC 5628 Reg Event GRUU Extension October 2009
notifications according to RFC 3680 [2]. The extension defined in
this document provides sufficient information for a UA to determine
which temporary GRUUs are valid.
The registration event package has provisions for including extension
elements within the <contact> element. This document defines new
elements that may be used in that context to deliver the public and
temporary GRUUs corresponding to the contact.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. [1]
3. Description
Two new elements (<pub-gruu> and <temp-gruu>) are defined, each of
which contains a GRUU. The <temp-gruu> element also identifies the
oldest temporary GRUU that is currently valid.
These optional elements may be included within the body of a NOTIFY
for the registration event package when GRUUs are associated with the
contact. The contact URI and the GRUUs are then all available to the
watcher.
4. Notifier Processing of SUBSCRIBE Requests
Unchanged from RFC 3680 [2].
5. Notifier Generation of NOTIFY Requests
A notifier for the registration event package [2] SHOULD include the
<pub-gruu> element when a contact has an instance ID and a public
GRUU is associated with the combination of the AOR and the instance
ID. When present, the <pub-gruu> element MUST be positioned as a
child of the <contact> element.
A notifier for the registration event package [2] MAY include the
<temp-gruu> element when a contact has an instance ID and a temporary
GRUU is associated with the combination of the AOR and the instance
ID. This element SHOULD be included if the subscriber is also
authorized to register to the AOR. This element SHOULD NOT be
included if the subscriber is not authorized to register to the AOR,
unless there is an explicitly configured policy directing that it be
included. When present, the <temp-gruu> element MUST be positioned
as a child of the <contact> element.
Kyzivat Standards Track [Page 4]
^L
RFC 5628 Reg Event GRUU Extension October 2009
Note that it is possible for multiple registered contacts to share
the same instance ID. In such a case, each <contact> element will
have child <pub-gruu> and <temp-gruu> elements, which are identical
to the corresponding child elements in those other <contact> elements
that share the same instance ID. Since a particular contact cannot
be associated with more than one instance ID, a <contact> element
will never have more than one <pub-gruu> and one <temp-gruu> child
element.
If the notifier includes the <pub-gruu> element, it MUST populate the
element with the public GRUU that is associated with the instance ID
and AOR of the registered contact.
If the notifier includes the <temp-gruu> element, it MUST populate
the element with the most recently assigned temporary GRUU that is
associated with the instance ID and AOR of the registered contact.
It MUST also populate the element with a "cseq" attribute
corresponding to the first (oldest) currently active temporary GRUU
that is associated with the instance ID and AOR of the registered
contact. The value of the "cseq" attribute is set to the value of
the CSeq header field of the REGISTER request that caused that first
temporary GRUU to be assigned.
6. Subscriber Processing of NOTIFY Requests
When a subscriber receives a registration event notification with a
<contact> containing a <pub-gruu>, it MAY associate the public GRUU
with the corresponding AOR and instance ID. Any previously received
public GRUU for the same AOR and instance ID MUST be discarded. (It
will no longer function.)
When a subscriber receives a registration event notification with a
<contact> containing a <temp-gruu>, it MAY associate the temporary
GRUU, together with the "callid" and "cseq" attributes, with the
corresponding AOR and instance ID.
Subscribers that are unaware of this extension will, as required by
[2], ignore the <pub-gruu> and <temp-gruu> elements.
6.1. Managing Temporary GRUU Lifetime
Section 4.2 of RFC 5627 [3] gives guidance for developers of UAs on
how to ensure that only valid temporary GRUUs are retained and used
by the UA. A UA cannot always determine with certainty which
temporary GRUUs are valid based solely on the information contained
in responses to the REGISTER requests it has issued or from the
information contained in notifications that conform solely to RFC
3680 [2]. The extension defined in this document provides sufficient
Kyzivat Standards Track [Page 5]
^L
RFC 5628 Reg Event GRUU Extension October 2009
added information for a UA to determine which temporary GRUUs are
valid. The extension to RFC 3680 defined in this document provides
added information to help with that process. The following are steps
that the UA MAY take to ensure it only retains valid GRUUs:
o The UA should subscribe to the registration event package for the
AOR it is registering.
o When a UA receives a 2xx response to a REGISTER request, it may
extract and retain temporary GRUUs from the response for future
use, as long as they remain valid. Appropriate GRUUs to retain
are those corresponding to the contact address and instance ID it
has registered. (Typically, the UA will register only one contact
address, and so receive at most one temporary GRUU.)
o The UA may add the temporary GRUU to the set of valid temporary
GRUUs associated with the AOR. (Note, in this case AOR is the
To-address of the REGISTER request.) To aid in tracking validity,
the UA should also associate a "callid" attribute and "cseq"
attribute with the temporary GRUU, with values obtained
respectively from the Call-ID and CSeq values of the REGISTER
response containing the temporary GRUU.
o If the UA receives a registration event notification with an AOR
(that it supports) and a <contact>, for a contact address and
instance ID (that it has registered and that contains a <temp-
gruu>), it may update its set of valid temporary GRUUs associated
with the AOR, as follows:
* It may add the temporary GRUU to the set. To aid in tracking
validity, the UA should associate the "callid" and "cseq"
attributes of the <contact> with the GRUU in the set.
* It should remove any temporary GRUUs with a "callid" attribute
value different from that in the value of the "callid"
attribute of the <contact>, or with a "cseq" attribute with
value less than the value of the "first-cseq" attribute of the
<temp-gruu>.
o If the UA receives a registration event notification with an AOR
that it supports, and there are no <contact> entries for its
instance ID, then it should discard all the temporary GRUUs it has
saved for that AOR.
Kyzivat Standards Track [Page 6]
^L
RFC 5628 Reg Event GRUU Extension October 2009
7. Sample reginfo Document
Note: This example and others in the following section are
indented for readability by the addition of a fixed amount of
whitespace to the beginning of each line. This whitespace is not
part of the example. The conventions of [7] are used to describe
representation of long message lines.
The following is an example registration information document that
includes the new element:
<?xml version="1.0"?>
<reginfo xmlns="urn:ietf:params:xml:ns:reginfo"
xmlns:gr="urn:ietf:params:xml:ns:gruuinfo"
version="0" state="full">
<registration aor="sip:user@example.com" id="as9"
state="active">
<contact id="76" state="active" event="registered"
duration-registered="36001" expires="3599"
callid="1j9FpLxk3uxtm8tn@192.0.2.1" cseq="54321"
q="0.8">
<uri>sip:user@192.0.2.1</uri>
<allOneLine>
<unknown-param name="+sip.instance">
"<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
</unknown-param>
</allOneLine>
<allOneLine>
<gr:pub-gruu uri="sip:user@example.com
;gr=hha9s8d-999a"/>
</allOneLine>
<allOneLine>
<gr:temp-gruu uri="sip:8ffkas08af7fasklzi9@example.com
;gr" first-cseq="54301"/>
</allOneLine>
</contact>
</registration>
</reginfo>
8. Examples
Note: In the following examples, the SIP messages have been
simplified, removing headers that are not pertinent to the example.
When the value of the Content-Length header field is "...", this
means that the value should be the computed length of the body.
Kyzivat Standards Track [Page 7]
^L
RFC 5628 Reg Event GRUU Extension October 2009
8.1. Example: Welcome Notice
Consider the Welcome Notices example in [2]. When the application
server receives a notification of a new registration containing the
reginfo shown in Section 7, it should address messages using the
contained public GRUU as follows:
MESSAGE sip:user@example.com;gr=hha9s8d-999a SIP/2.0
To: <sip:user@example.com>
From: "SIPland Notifier" <sip:notifier@example.com>;tag=7xy8
Content-Type: text/plain
Content-Length: ...
Welcome to SIPland!
Blah, blah, blah.
8.2. Example: Implicit Registration
In a 3GPP IMS setting, a UA may send a single register message,
requesting assignment of GRUUs, as follows:
REGISTER sip:example.net SIP/2.0
From: <sip:user_aor_1@example.net>;tag=5ab4
To: <sip:user_aor_1@example.net>
Call-ID: faif9a@ua.example.com
CSeq: 23001 REGISTER
Contact: <sip:ua.example.com>
;expires=3600
;+sip.instance="<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
Supported: path, gruu
Content-Length: 0
The response reports success of the registration and returns the
GRUUs assigned for the combination of AOR, instance ID, and Contact.
It also indicates (via the P-Associated-URI header [6]) that there
are two other associated AORs that may have been implicitly
registered using the same contact. Each of those implicitly
registered AORs will have unique GRUUs assigned. The REGISTER
response will not include those GRUUs; it will only include the GRUUs
for the AOR and instance ID explicitly included in the registration.
SIP/2.0 200 OK
From: <sip:user_aor_1@example.net>;tag=5ab4
To: <sip:user_aor_1@example.net>;tag=373392
Call-ID: faif9a@ua.example.com
CSeq: 23001 REGISTER
Path: <sip:proxy.example.net;lr>
Service-Route: <sip:proxy.example.net;lr>
Kyzivat Standards Track [Page 8]
^L
RFC 5628 Reg Event GRUU Extension October 2009
Contact: <sip:ua.example.com>
;expires=3600
;+sip.instance="<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
;pub-gruu="sip:user_aor_1@example.net;gr=hha9s8d-999a"
;temp-gruu="sip:8ffkas08af7fasklzi9@example.net;gr"
P-Associated-URI: <sip:user_aor_2@example.net>,
<sip:+358504821437@example.net;user=phone>
Content-Length: 0
The UA then subscribes to the registration event package as follows:
SUBSCRIBE sip:user_aor_1@example.net SIP/2.0
From: <sip:user_aor_1@example.net>;tag=27182
To: <sip:user_aor_1@example.net>
Call-ID: gbjg0b@ua.example.com
CSeq: 45001 SUBSCRIBE
Route: <sip:proxy.example.net;lr>
Event: reg
Expires: 3600
Accept: application/reginfo+xml
Contact: <sip:user_aor_1@example.net;gr=hha9s8d-999a>
Content-Length: 0
(The successful response to the subscription is not shown.) Once the
subscription is established, an initial notification is sent giving
registration status. In IMS deployments, the response includes, in
addition to the status for the requested URI, the status for the
other associated URIs.
NOTIFY sip:user_aor_1@example.net;gr=hha9s8d-999a SIP/2.0
From: <sip:user_aor_1@example.net>;tag=27182
To: <sip:user_aor_1@example.net>;tag=262281
Call-ID: gbjg0b@ua.example.com
CSeq: 633 NOTIFY
Subscription-State: active;expires=3600
Event: reg
Content-Type: application/reginfo+xml
Contact: <sip:registrar.example.net>
Content-Length: ...
<?xml version="1.0"?>
<reginfo xmlns="urn:ietf:params:xml:ns:reginfo"
xmlns:gr="urn:ietf:params:xml:ns:gruuinfo"
version="1" state="full">
<registration aor="sip:user_aor_1@example.net" id="a7"
state="active">
<contact id="92" state="active" event="registered"
duration-registered="1" expires="3599"
Kyzivat Standards Track [Page 9]
^L
RFC 5628 Reg Event GRUU Extension October 2009
callid="faif9a@ua.example.com" cseq="23001">
<uri>
sip:ua.example.com
</uri>
<allOneLine>
<unknown-param name="+sip.instance">
"<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
</unknown-param>
</allOneLine>
<allOneLine>
<gr:pub-gruu uri="sip:user_aor_1@example.net
;gr=hha9s8d-999a"/>
</allOneLine>
<allOneLine>
<gr:temp-gruu uri="sip:8ffkas08af7fasklzi9@example.net
;gr" first-cseq="54301"/>
</allOneLine>
</contact>
</registration>
<registration aor="sip:user_aor_2@example.net" id="a8"
state="active">
<contact id="93" state="active" event="created"
duration-registered="1" expires="3599"
callid="faif9a@ua.example.com" cseq="23001">
<uri>
sip:ua.example.com
</uri>
<allOneLine>
<unknown-param name="+sip.instance">
"<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
</unknown-param>
</allOneLine>
<allOneLine>
<gr:pub-gruu uri="sip:user_aor_2@example.net
;gr=hha9s8d-999b"/>
</allOneLine>
<allOneLine>
<gr:temp-gruu uri="sip:07hcovy36vp6vngvbia@example.net
;gr" first-cseq="54301"/>
</allOneLine>
</contact>
</registration>
<registration
aor="sip:+358504821437@example.net;user=phone"
id="a9"
state="active">
<contact id="94" state="active" event="created"
duration-registered="1" expires="3599"
Kyzivat Standards Track [Page 10]
^L
RFC 5628 Reg Event GRUU Extension October 2009
callid="faif9a@ua.example.com" cseq="23001">
<uri>
sip:ua.example.com
</uri>
<allOneLine>
<unknown-param name="+sip.instance">
"<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>"
</unknown-param>
</allOneLine>
<allOneLine>
<gr:pub-gruu uri="sip:+358504821437@example.net
;user=phone;gr=hha9s8d-999c"/>
</allOneLine>
<allOneLine>
<gr:temp-gruu uri="sip:h99egjbv17fe8ibvlka@example.net
;gr" first-cseq="54301"/>
</allOneLine>
</contact>
</registration>
</reginfo>
The status indicates that the associated URIs all have the same
contact registered. It also includes the unique GRUUs that have been
assigned to each. The UA may then retain those GRUUs for use when
establishing dialogs using the corresponding AORs.
9. XML Schema Definition
The <pub-gruu> and <temp-gruu> elements are defined within a new XML
namespace URI. This namespace is "urn:ietf:params:xml:ns:gruuinfo".
The schema for these elements is:
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:ietf:params:xml:ns:gruuinfo"
elementFormDefault="qualified"
attributeFormDefault="unqualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:tns="urn:ietf:params:xml:ns:gruuinfo">
<xs:complexType name="pubGruu">
<xs:attribute name="uri" type="xs:anyURI"
use="required"/>
</xs:complexType>
<xs:complexType name="tempGruu">
<xs:complexContent>
<xs:extension base="tns:pubGruu">
<xs:attribute name="first-cseq"
type="xs:unsignedLong"
use="required"/>
Kyzivat Standards Track [Page 11]
^L
RFC 5628 Reg Event GRUU Extension October 2009
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:element name="pub-gruu" type="tns:pubGruu"/>
<xs:element name="temp-gruu" type="tns:tempGruu"/>
</xs:schema>
10. IANA Considerations
There are two IANA considerations associated with this specification.
10.1. URN Sub-Namespace Registration
This section registers a new XML namespace, per the guidelines in
[4].
URI: The URI for this namespace is urn:ietf:params:xml:ns:gruuinfo
Registrant Contact: IETF, SIPPING working group, <sipping@ietf.org>,
Paul Kyzivat <pkyzivat@cisco.com>
XML:
BEGIN
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
"http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type"
content="text/html;charset=iso-8859-1"/>
<title>Reg Information GRUU Extension Namespace</title>
</head>
<body>
<h1>Namespace for Reg Information GRUU Extension</h1>
<h2>urn:ietf:params:xml:ns:gruuinfo</h2>
<p>See <a href="http://www.rfc-editor.org/rfc/rfc5628.txt">
RFC5628</a>.</p>
</body>
</html>
END
Kyzivat Standards Track [Page 12]
^L
RFC 5628 Reg Event GRUU Extension October 2009
10.2. XML Schema Registration
This section registers an XML schema per the procedures in [4].
URI: urn:ietf:params:xml:schema:gruuinfo.
Registrant Contact: IETF, SIPPING working group, <sipping@ietf.org>,
Paul Kyzivat <pkyzivat@cisco.com>
The XML for this schema can be found in Section 9.
11. Security Considerations
Security considerations for the registration event package are
discussed in RFC 3680 [2], and those considerations apply here.
If a contact address obtained via subscription to the registration
event package is not reachable by the subscriber, then its disclosure
may arguably be considered a minimal security risk. In that case,
the inclusion of a GRUU may be considered to increase the risk by
providing a reachable address. On the other hand, requests addressed
to a GRUU are always first processed by the servicing proxy before
they reach the intended User Agent. The proxy may control access as
desired, just as it may for the AOR. For instance, the proxy
servicing a GRUU may accept requests from senders whose identity
appears on a white list, and reject other requests. In this respect,
disclosing a GRUU presents no more risk than disclosing the AOR.
Temporary GRUUs have an additional security consideration. The
intent of the temporary GRUU is to provide a contact address that
cannot be correlated to the identity of the calling party. The
recipient of a call using a temporary GRUU may guess the identity of
the calling party and then attempt to obtain the temporary GRUUs
assigned to that caller to confirm the conjecture. Two possible
approaches to obtaining the temporary GRUUs are:
o Send a REGISTER request to a conjectured caller.
o Send a SUBSCRIBE request for the registration event package to the
conjectured caller.
Typically, REGISTER is restricted to devices or users that are
authorized to originate and receive calls with the AOR. Anonymity
among users of the same AOR is hard to achieve and typically
unnecessary. It is recommended (see Section 5) that the
authorization policy for the registration event package permit only
those subscribers who are authorized to register to the AOR to
receive temporary GRUUs. With this policy, the confidentiality of
Kyzivat Standards Track [Page 13]
^L
RFC 5628 Reg Event GRUU Extension October 2009
the temporary GRUU will be the same with and without the registration
event package. User Agents that use a temporary GRUU should note
that confidentiality does not extend to parties that are permitted to
register to the AOR or to obtain the temporary GRUU when subscribing
to the registration event package.
12. Acknowledgements
The author would like to thank Jonathan Rosenberg for help with this
document, and Jari Urpalainen for assistance with the XML.
13. References
13.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Rosenberg, J., "A Session Initiation Protocol (SIP) Event
Package for Registrations", RFC 3680, March 2004.
[3] Rosenberg, J., "Obtaining and Using Globally Routable User Agent
(UA) URIs (GRUU) in the Session Initiation Protocol (SIP)", RFC
5627, October 2009.
[4] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004.
13.2. Informative References
[5] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[6] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header
(P-Header) Extensions to the Session Initiation Protocol (SIP)
for the 3rd-Generation Partnership Project (3GPP)", RFC 3455,
January 2003.
[7] Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and H.
Schulzrinne, "Session Initiation Protocol (SIP) Torture Test
Messages", RFC 4475, May 2006.
Kyzivat Standards Track [Page 14]
^L
RFC 5628 Reg Event GRUU Extension October 2009
Author's Address
Paul H. Kyzivat
Cisco Systems, Inc.
1414 Massachusetts Avenue
Boxborough, MA 01719
USA
EMail: pkyzivat@cisco.com
Kyzivat Standards Track [Page 15]
^L
|