1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
|
Internet Engineering Task Force (IETF) H. Schulzrinne
Request for Comments: 7090 Columbia University
Category: Standards Track H. Tschofenig
ISSN: 2070-1721
C. Holmberg
Ericsson
M. Patel
Huawei Technologies (UK) Co., Ltd.
April 2014
Public Safety Answering Point (PSAP) Callback
Abstract
After an emergency call is completed (terminated either prematurely
by the emergency caller or normally by the call taker), the call
taker may feel the need for further communication. For example, the
call may have been dropped by accident without the call taker having
sufficient information about the current state of an accident victim.
A call taker may trigger a callback to the emergency caller using the
contact information provided with the initial emergency call. This
callback could, under certain circumstances, be treated like any
other call and, as a consequence, it may get blocked by authorization
policies or may get forwarded to an answering machine.
The IETF emergency services architecture specification already offers
a solution approach for allowing Public Safety Answering Point (PSAP)
callbacks to bypass authorization policies in order to reach the
caller without unnecessary delays. Unfortunately, the specified
mechanism only supports limited scenarios. This document discusses
shortcomings of the current mechanisms and illustrates additional
scenarios where better-than-normal call treatment behavior would be
desirable. We describe a solution based on a new header field value
for the SIP Priority header field, called "psap-callback", to mark
PSAP callbacks.
Schulzrinne, et al. Standards Track [Page 1]
^L
RFC 7090 PSAP Callback April 2014
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7090.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Schulzrinne, et al. Standards Track [Page 2]
^L
RFC 7090 PSAP Callback April 2014
Table of Contents
1. Introduction ....................................................3
2. Terminology .....................................................5
3. Callback Scenarios ..............................................5
3.1. Routing Asymmetry ..........................................5
3.2. Multi-Stage Routing ........................................7
3.3. Call Forwarding ............................................8
3.4. Network-Based Service URN Resolution ......................10
3.5. PSTN Interworking .........................................11
4. SIP PSAP Callback Indicator ....................................12
4.1. General ...................................................12
4.2. Usage .....................................................12
4.3. Syntax ....................................................12
4.3.1. General ............................................12
4.3.2. ABNF ...............................................12
5. Security Considerations ........................................12
5.1. Security Threat ...........................................12
5.2. Security Requirements .....................................13
5.3. Security Solution .........................................13
6. IANA Considerations ............................................15
7. Acknowledgements ...............................................16
8. References .....................................................16
8.1. Normative References ......................................16
8.2. Informative References ....................................17
1. Introduction
Summoning police, the fire department, or an ambulance in emergencies
is one of the fundamental and most valuable functions of the
telephone. As telephone functionality moves from circuit-switched
telephony to Internet telephony, its users rightfully expect that
this core functionality will continue to work at least as well as it
has for the legacy technology. New devices and services are being
made available that could be used to make a request for help and that
are not traditional telephones. Users are increasingly expecting
them to be used to place emergency calls.
An overview of the protocol interactions for emergency calling using
the IETF emergency services architecture is described in [RFC6443],
and [RFC6881] specifies the technical details. As part of the
emergency call setup procedure, two important identifiers are
conveyed to the PSAP call taker's user agent, namely the address-of-
record (AOR), and if available, the Globally Routable User Agent (UA)
URIs (GRUUs). RFC 3261 [RFC3261] defines the AOR as:
Schulzrinne, et al. Standards Track [Page 3]
^L
RFC 7090 PSAP Callback April 2014
An address-of-record (AOR) is a SIP or SIPS URI that points to a
domain with a location service that can map the URI to another URI
where the user might be available. Typically, the location
service is populated through registrations. An AOR is frequently
thought of as the "public address" of the user.
In SIP systems, a single user can have a number of user agents
(handsets, softphones, voicemail accounts, etc.) that are all
referenced by the same AOR. There are a number of cases in which it
is desirable to have an identifier that addresses a single user agent
rather than the group of user agents indicated by an AOR. The GRUU
is such a unique user-agent identifier, and it is also globally
routable. [RFC5627] specifies how to obtain and use GRUUs.
[RFC6881] also makes use of the GRUU for emergency calls.
Regulatory requirements demand that the emergency call setup
procedure itself provides enough information to allow the call taker
to initiate a callback to the emergency caller. This is desirable in
those cases where the call is dropped prematurely or when further
communication needs arise. The AOR and the GRUU serve this purpose.
The communication attempt by the PSAP call taker back to the
emergency caller is called a "PSAP callback".
A PSAP callback may, however, be blocked by user-configured
authorization policies or may be forwarded to an answering machine
since SIP entities (SIP proxies as well as the SIP user equipment
itself) cannot differentiate the PSAP callback from any other SIP
call. "Call barring", "do not disturb", or "call diversion" (also
called call forwarding) are features that prevent delivery of a call.
It is important to note that these features may be implemented by SIP
intermediaries as well as by the user agent.
Among the emergency services community, there is a desire to treat
PSAP callbacks in such a way that the chances of reaching the
emergency caller are increased. At the same time, any solution must
minimize the chance that other calls bypass call forwarding or other
authorization policies. Ideally, the PSAP callback has to relate to
an earlier emergency call that was made "not too long ago". An exact
time interval is difficult to define in a global IETF standard due to
the variety of national regulatory requirements, but [RFC6881]
suggests 30 minutes.
Schulzrinne, et al. Standards Track [Page 4]
^L
RFC 7090 PSAP Callback April 2014
Nevertheless, to meet the needs from the emergency services
community, a basic mechanism for preferential treatment of PSAP
callbacks was defined in Section 13 of [RFC6443]. The specification
says:
A UA may be able to determine a PSAP callback by examining the
domain of incoming calls after placing an emergency call and
comparing that to the domain of the answering PSAP from the
emergency call. Any call from the same domain and directed to the
supplied Contact header or AOR after an emergency call should be
accepted as a callback from the PSAP if it occurs within a
reasonable time after an emergency call was placed.
This approach mimics a stateful packet-filtering firewall and is
indeed helpful in a number of cases. It is also relatively simple to
implement even though it requires call state to be maintained by the
user agent as well as by SIP intermediaries. Unfortunately, the
solution does not work in all deployment scenarios. In Section 3 we
describe cases where the currently standardized approach is
insufficient.
2. Terminology
Emergency-services-related terminology is borrowed from [RFC5012].
This includes terminology like emergency caller, user equipment, call
taker, Emergency Service Routing Proxy (ESRP), and Public Safety
Answering Point (PSAP).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3. Callback Scenarios
This section illustrates a number of scenarios where the currently
specified solution, as described in [RFC6881], for preferential
treatment of callbacks fails. As explained in Section 1, a SIP
entity examines an incoming PSAP callback by comparing the domain of
the PSAP with the destination domain of the outbound emergency call
placed earlier.
3.1. Routing Asymmetry
In some deployment environments, it is common to have incoming and
outgoing SIP messaging routed through different SIP entities.
Figure 1 shows this graphically whereby a Voice over IP (VoIP)
provider uses different SIP proxies for inbound and for outbound call
handling. Unless the two devices are synchronized, the callback
Schulzrinne, et al. Standards Track [Page 5]
^L
RFC 7090 PSAP Callback April 2014
reaching the inbound proxy would get treated like any other call
since the emergency call established state information at the
outbound proxy only.
,-------.
,' `.
,-------. / Emergency \
,' `. | Services |
/ VoIP \ I | Network |
| Provider | n | |
| | t | |
| | e | |
| +-------+ | r | |
+--+---|Inbound|<--+-----m | |
| | |Proxy | | e | +------+ |
| | +-------+ | d | |PSAP | |
| | | i | +--+---+ |
+----+ | | | a-+ | | |
| UA |<---+ | | t | | | |
| |----+ | | e | | | |
+----+ | | | | | | |
| | | P | | | |
| | | r | | | |
| | +--------+ | o | | | |
+--+-->|Outbound|--+---->v | | +--+---+ |
| |Proxy | | i | | +-+ESRP | |
| +--------+ | d | | | +------+ |
| | e | | | |
| | r +----+-+ |
\ / | |
`. ,' \ /
'-------' `. ,'
'-------'
Figure 1: Example for Routing Asymmetry
Schulzrinne, et al. Standards Track [Page 6]
^L
RFC 7090 PSAP Callback April 2014
3.2. Multi-Stage Routing
Consider the emergency call routing scenario shown in Figure 2 where
routing towards the PSAP occurs in several stages. In this scenario,
we consider a SIP UA that uses the Location-to-Service Translation
(LoST) Protocol [RFC5222] to learn the next-hop destination, namely
esrp@example.net, to get the call closer to the PSAP. This call is
then sent to the proxy of the user's VoIP provider (example.org).
The user's VoIP provider receives the emergency call and creates a
state based on the destination domain, namely example.net. It then
routes the call to the indicated ESRP. When the ESRP receives the
call, it needs to decide what the next hop is to get to the final
PSAP. In our example, the next hop is the PSAP with the URI
psap@example.com.
When a callback is sent from psap@example.com towards the emergency
caller, the call will get normal treatment by the proxy of the VoIP
provider since the domain of the PSAP does not match the stored state
information.
,-----------.
+----+ ,' `.
| UA |--- esrp@example.net / Emergency \
+----+ \ | Services |
\ ,-------. | Network |
,' `. | |
/ VoIP \ | +------+ |
( Provider ) | | PSAP | |
\ example.org / | +--+---+ |
`. ,' | | |
'---+---' | | |
| | psap@example.com |
esrp@example.net | | |
| | | |
| | | |
| | +--+---+ |
+------------+-----+ ESRP | |
| +------+ |
| |
\ /
`. ,'
'----------'
Figure 2: Example for Multi-Stage Routing
Schulzrinne, et al. Standards Track [Page 7]
^L
RFC 7090 PSAP Callback April 2014
3.3. Call Forwarding
Imagine the following case where an emergency call enters an
emergency network (state.example) via an ESRP, but then it gets
forwarded to a different emergency services network (in our example,
to example.net, example.org, or example.com). The same
considerations apply when the police, fire and, ambulance networks
are part of the state.example subdomains (e.g.,
police.state.example).
Similar to the previous scenario, the wrong state information is
being set up during the emergency call setup procedure. A callback
would originate in the example.net, example.org, or example.com
domains whereas the emergency caller's SIP UA or the VoIP outbound
proxy has stored state.example.
Schulzrinne, et al. Standards Track [Page 8]
^L
RFC 7090 PSAP Callback April 2014
,-------.
,' `.
/ Emergency \
| Services |
| Network |
|(state.example)|
| |
| |
| +------+ |
| |PSAP +--+ |
| +--+---+ | |
| | | |
| | | |
| | | |
| | | |
| | | |
| +--+---+ | |
------------------+---+ESRP | | |
esrp-a@state.org | +------+ | |
| | |
| Call Fwd | |
| +-+-+---+ |
\ | | | /
`. | | | ,'
'-|-|-|-' ,-------.
Police | | | Fire ,' `.
+------------+ | +----+ / Emergency \
,-------. | | | | Services |
,' `. | | | | Network |
/ Emergency \ | Ambulance | | (Fire) |
| Services | | | | | |
| Network | | +----+ | | +------+ |
| (Police) | | ,-------. | +----+---+PSAP | |
| | | ,' `. | | +------+ |
| +------+ | | / Emergency \ | | |
| |PSAP +----+--+ | Services | | | example.com ,
| +------+ | | Network | | `~~~~~~~~~~~~~~~
| | | (Ambulance) | |
| example.net , | | |
`~~~~~~~~~~~~~~~ | +------+ | |
| |PSAP +----+ +
| +------+ |
| |
| example.org ,
`~~~~~~~~~~~~~~~
Figure 3: Example for Call Forwarding
Schulzrinne, et al. Standards Track [Page 9]
^L
RFC 7090 PSAP Callback April 2014
3.4. Network-Based Service URN Resolution
The IETF emergency services architecture also considers cases where
the resolution from the Service URN to the PSAP URI does not only
happen at the SIP UA itself but at intermediate SIP entities, such as
the user's VoIP provider.
Figure 4 shows this message exchange of the outgoing emergency call
and the incoming PSAP graphically. While the state information
stored at the VoIP provider is correct, the state allocated at the
SIP UA is not.
,-------.
,' `.
/ Emergency \
| Services |
| Network |
| example.com |
| |
| +------+ | INVITE to police@example.com
| |PSAP +<---+------------------------+
| | +----+--------------------+ ^
| +------+ |INVITE from | |
| ,police@example.com | |
`~~~~~~~~~~~~~~~ | |
v |
+--------+ Query with location +--+---+-+
| | + urn:service:sos | VoIP |
| LoST |<-----------------------|Service |
| Server | police@example.com |Provider|
| |----------------------->| |
+--------+ +--------+
| ^
INVITE| | INVITE
from| | to
police@example.com| | urn:service:sos
V |
+-------+
| SIP |
| UA |
| Alice |
+-------+
Figure 4: Example for Network-Based Service URN Resolution
Schulzrinne, et al. Standards Track [Page 10]
^L
RFC 7090 PSAP Callback April 2014
3.5. PSTN Interworking
In case an emergency call enters the Public Switched Telephone
Network (PSTN), as shown in Figure 5, there is no guarantee that the
callback sometime later leaves the same PSTN/VoIP gateway or that the
same endpoint identifier is used in the forward as well as in the
backward direction making it difficult to reliably detect PSAP
callbacks.
+-----------+
| PSTN |-------------+
| Calltaker | |
| Bob |<--------+ |
+-----------+ | v
-------------------
//// \\\\ +------------+
| | |PSTN / VoIP |
| PSTN |---->|Gateway |
\\\\ //// | |
------------------- +----+-------+
^ |
| |
+-------------+ | +--------+
| | | |VoIP |
| PSTN / VoIP | +->|Service |
| Gateway | |Provider|
| |<------INVITE----| Y |
+-------------+ +--------+
| ^
| |
INVITE INVITE
| |
V |
+-------+
| SIP |
| UA |
| Alice |
+-------+
Figure 5: Example for PSTN Interworking
Note: This scenario is considered outside the scope of this document.
The specified solution does not support this use case.
Schulzrinne, et al. Standards Track [Page 11]
^L
RFC 7090 PSAP Callback April 2014
4. SIP PSAP Callback Indicator
4.1. General
This section defines a new header field value, called "psap-
callback", for the SIP Priority header field defined in [RFC3261].
The value is used to inform SIP entities that the request is
associated with a PSAP callback SIP session.
4.2. Usage
SIP entities that receive the header field value within an initial
request for a SIP session can, depending on local policies, apply
PSAP callback-specific procedures for the session or request.
The PSAP callback-specific procedures may be applied by SIP-based
network entities and by the callee. The specific actions taken when
receiving a call marked as a PSAP callback marked call, such as
bypassing services and barring procedures, are outside the scope of
this document.
4.3. Syntax
4.3.1. General
This section defines the ABNF [RFC5234] for the new SIP Priority
header field value "psap-callback".
4.3.2. ABNF
priority-value =/ "psap-callback"
Figure 6: ABNF
5. Security Considerations
5.1. Security Threat
The PSAP callback functionality described in this document allows
marked calls to bypass blacklists and ignore call-forwarding
procedures and other similar features used to raise the attention of
emergency callers when attempting to contact them. In the case where
the SIP Priority header value, "psap-callback", is supported by the
SIP UA, it would override user-interface configurations, such as
vibrate-only mode, to alert the caller of the incoming call.
Schulzrinne, et al. Standards Track [Page 12]
^L
RFC 7090 PSAP Callback April 2014
5.2. Security Requirements
The security threat discussed in Section 5.1 leads to the requirement
to ensure that the mechanisms described in this document cannot be
used for malicious purposes, including telemarketing.
Furthermore, if the newly defined extension is not recognized, not
verified adequately, or not obeyed by SIP intermediaries or SIP
endpoints, then it must not lead to a failure of the call handling
procedure. Such a call must be treated like a call that does not
have any marking attached.
The indicator described in Section 4 can be inserted by any SIP
entity, including attackers. So it is critical that the indicator
only lead to preferential call treatment in cases where the recipient
has some trust in the caller, as described in the next section.
5.3. Security Solution
The approach for dealing with the implementation of the security
requirements described in Section 5.2 can be differentiated between
the behavior applied by the UA and by SIP proxies. A UA that has
made an emergency call MUST keep state information so that it can
recognize and accept a callback from the PSAP if it occurs within a
reasonable time after an emergency call was placed, as described in
Section 13 of [RFC6443]. Only a timer started at the time when the
original emergency call has ended is required; information about the
calling party identity is not needed since the callback may use a
different calling party identity, as described in Section 3. Since
these SIP UA considerations are described already in [RFC6443] as
well as in [RFC6881] the rest of this section focuses on the behavior
of SIP proxies.
Figure 7 shows the architecture that utilizes the identity of the
PSAP to decide whether a preferential treatment of callbacks should
be provided. To make this policy decision, the identity of the PSAP
(i.e., calling party identity) is compared with a PSAPs white list.
Schulzrinne, et al. Standards Track [Page 13]
^L
RFC 7090 PSAP Callback April 2014
+----------+
| List of |+
| valid ||
| PSAPs ||
+----------+|
+----------+
*
* white list
*
V
Incoming +----------+ Normal
SIP Msg | SIP |+ Treatment
-------------->| Entity ||======================>
+ Identity | ||(if not in white list)
Info +----------+|
+----------+
||
||
|| Preferential
|| Treatment
++========================>
(if successfully verified)
Figure 7: Identity-Based Authorization
The identity assurance in SIP can come in different forms, namely via
the SIP Identity [RFC4474] or the P-Asserted-Identity [RFC3325]
mechanisms. The former technique relies on a cryptographic assurance
and the latter on a chain of trust. Also, the usage of Transport
Layer Security (TLS) between neighboring SIP entities may provide
useful identity information. At the time of writing, these identity
technologies are being revised in the Secure Telephone Identity
Revisited (stir) working group [STIR] to offer better support for
legacy technologies interworking and SIP intermediaries that modify
the content of various SIP headers and the body. Once the work on
these specifications has been completed, they will offer a stronger
calling party identity mechanism that limits or prevents identity
spoofing.
An important aspect from a security point of view is the relationship
between the emergency services network (containing the PSAPs) and the
VoIP provider, assuming that the emergency call travels via the VoIP
provider and not directly between the SIP UA and the PSAP.
The establishment of a white list with PSAP identities may be
operationally complex and dependent on the relationship between the
emergency services operator and the VoIP provider. If there is a
relationship between the VoIP provider and the PSAP operator, for
Schulzrinne, et al. Standards Track [Page 14]
^L
RFC 7090 PSAP Callback April 2014
example, when they are both operating in the same geographical
region, then populating the white list is fairly simple and
consequently the identification of a PSAP callback is less
problematic compared to the case where the two entities have never
interacted with each other before. In the end, the VoIP provider has
to verify whether the marked callback message indeed came from a
legitimate source.
VoIP providers MUST only give PSAP callbacks preferential treatment
when the calling party identity of the PSAP was successfully matched
against entries in the white list. If it cannot be verified (because
there was no match), then the VoIP provider MUST remove the PSAP
callback marking. Thereby, the callback reverts to a normal call.
As a second step, SIP UAs MUST maintain a timer that is started with
the original emergency call and this timer expires within a
reasonable amount of time, such as 30 minutes per [RFC6881]. Such a
timer also ensures that VoIP providers cannot misuse the PSAP
callback mechanism, for example, to ensure that their support calls
reach their customers.
Finally, a PSAP callback MUST use the same media as the original
emergency call. For example, when an initial emergency call
established a real-time text communication session, then the PSAP
callback must also attempt to establish a real-time communication
interaction. The reason for this is twofold. First, the person
seeking help may have disabilities that prevent them from using
certain media and hence using the same media for the callback avoids
unpleasant surprises and delays. Second, the emergency caller may
have intentionally chosen a certain media and does not prefer to
communicate in a different way. For example, it would be unfortunate
if a hostage tries to seek help using instant messaging to avoid any
noise when subsequently the ringtone triggered by a PSAP callback
using a voice call gets the attention of the hostage-taker. User-
interface designs need to cater to such situations.
6. IANA Considerations
This document adds the "psap-callback" value to the SIP "Priority
Header Field Values" registry allocated by [RFC6878]. The semantic
of the newly defined "psap-callback" value is defined in Section 4.
Schulzrinne, et al. Standards Track [Page 15]
^L
RFC 7090 PSAP Callback April 2014
7. Acknowledgements
We would like to thank the following persons for their feedback:
Bernard Aboba, Andrew Allen, John-Luc Bakker, Kenneth Carlberg,
Martin Dolly, Keith Drage, Timothy Dwight, John Elwell, Janet Gunn,
Cullen Jennings, Hadriel Kaplan, Paul Kyzivat, John Medland, Atle
Monrad, James Polk, Dan Romascanu, Brian Rosen, Robert Sparks, Geoff
Thompson, and Martin Thomson.
We would also like to thank the ECRIT working group chairs, Marc
Linsner and Roger Marshall, for their support. Roger Marshall was
the document shepherd for this document. Vijay Gurbani provided the
general area review.
During IESG review, the document received good feedback from Barry
Leiba, Spencer Dawkins, Richard Barnes, Joel Jaeggli, Stephen
Farrell, and Benoit Claise.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002.
[RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for
Syntax Specifications: ABNF", STD 68, RFC 5234, January
2008.
[RFC5627] Rosenberg, J., "Obtaining and Using Globally Routable User
Agent URIs (GRUUs) in the Session Initiation Protocol
(SIP)", RFC 5627, October 2009.
[RFC6878] Roach, A., "IANA Registry for the Session Initiation
Protocol (SIP) "Priority" Header Field", RFC 6878, March
2013.
Schulzrinne, et al. Standards Track [Page 16]
^L
RFC 7090 PSAP Callback April 2014
8.2. Informative References
[RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private
Extensions to the Session Initiation Protocol (SIP) for
Asserted Identity within Trusted Networks", RFC 3325,
November 2002.
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for
Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 4474, August 2006.
[RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for
Emergency Context Resolution with Internet Technologies",
RFC 5012, January 2008.
[RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H.
Tschofenig, "LoST: A Location-to-Service Translation
Protocol", RFC 5222, August 2008.
[RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
"Framework for Emergency Calling Using Internet
Multimedia", RFC 6443, December 2011.
[RFC6881] Rosen, B. and J. Polk, "Best Current Practice for
Communications Services in Support of Emergency Calling",
BCP 181, RFC 6881, March 2013.
[STIR] IETF, "Secure Telephone Identity Revisited (stir) Working
Group", http://datatracker.ietf.org/wg/stir/charter/,
October 2013.
Schulzrinne, et al. Standards Track [Page 17]
^L
RFC 7090 PSAP Callback April 2014
Authors' Addresses
Henning Schulzrinne
Columbia University
Department of Computer Science
450 Computer Science Building
New York, NY 10027
US
Phone: +1 212 939 7004
EMail: hgs+ecrit@cs.columbia.edu
URI: http://www.cs.columbia.edu
Hannes Tschofenig
EMail: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at
Christer Holmberg
Ericsson
Hirsalantie 11
Jorvas 02420
Finland
EMail: christer.holmberg@ericsson.com
Milan Patel
Huawei Technologies (UK) Co., Ltd.
300 South Oak Way, Green Park
Reading, Berkshire RG2 6UF
U.K.
EMail: Milan.Patel@huawei.com
Schulzrinne, et al. Standards Track [Page 18]
^L
|
