Minutes, SIPPING Working Group. IETF 56
edited by Dean Willis
Session 1, Monday March 1700, 1930-2200
Scribe: Vijay Gurbani, Mary Barnes
Chat coordinator: Al with the Hat
Chairs called meeting to order.
Agenda agreed as:
1930 Agenda Bash
1935 Status -- Chairs
Call Control Issues
1945 Service Examples, Alan Johnston
draft-ietf-sipping-service-examples-04.txt
1955 Call Control -- Transfer, Allan Johnston
draft-ietf-sipping-cc-transfer-01.txt
2005 Caller Preferences Use cases, Jonathan Rosenberg
draft-rosenberg-sipping-callerprefs-usecases-00.txt
NAT and Policy Issues
2015 Persistent Connection Management Requirements, Vijay K. Gurbani
draft-jain-sipping-persistent-conn-reqs-00.txt
draft-ietf-sipping-connect-reuse-reqs-00.txt
2035 SIP Network Address Translation, Jonathan Rosenberg
draft-ietf-sipping-nat-scenarios-00.txt
draft-rosenberg-sipping-ice-00.txt
2045 Session Policy Requiments, Jonathan Rosenberg
draft-rosenberg-sipping-session-policy-00.txt
2055 URI Leasing, Jonathan Rosenberg
draft-rosenberg-sipping-lease-00.txt
Design Teams
2105 SIP Conferencing Design Team, Alan Johnston
Web
Page for the Design Team
2135 Application Server Interaction Design Team, Jonathan Rosenberg
Web Page
for the Design Team
2140 Transcoding Design Team, Gonzalo Camarillo
Web
Page for the Design Team
2145 Emergency Calls Design Team, Jon Peterson
Web Page for
the Design Team
2150 Limiting Notifications Rate, Aki Niemi
draft-niemi-sipping-event-throttle-reqs-01.txt
2200 Wrap
Topic: Service Examples, Alan Johnston
Moving well. Author wishes to add some text discussing how to implement
some servcies and discussing trade-offs and expects that draft will be
complete before next meeting
Topic: cc-transfer, Alan Johnston
Slides presented, included in proceedings.
This version had few changes: added a section on use of Referred-By
header. Added selected message details. Added many more call
flows on attended transfer and unattended transfer. Added a
security consideration section. No known open issues with the I-D.
Group polled on readiness for WGLC: No objections noted. Audience
asked if there was any overlap or dependency on globally-routable
contact URI work. Author belives there is currently no dependency, but
that if the GRURI work completes, it would be nice to reference it from
this draft.
Topic: Status report: Chairs
Slides presented, included in proceedings.
We have 3 RFCs which have been published, considering the amount of
work we had on our plate. 2 on IESG queue; bunch of individual
I-D. 3 in here that are ready for WGLC. A lot of work is blocked
on other stuff -- call control, ICE, work going on in midcom, etc.
Note chairs believe that formal expert review is not required for all
individual drafts. Current policy is to announce the draft to the list,
and ask the participantst to verify that the draft does not conflict
with WG efforts. Under the current process, we do a formal expert review
for P-headers or when asked to do so by IESG/ADs.
It may be useful for us to split things into smaller groups -- some
I-Ds document usage of SIP, others talk about services (cc-conferening,
cc-transfer). It may be appropriate to let some of this work
proceed without supervision of the WG. We may end up doing this in
Vienna in order to get up to speed. Will like to get comments on
the mailing list or after session on if this is okay.
Topic: Caller-Preferences Use Cases, Jonathan Rosenberg
Slides presented, included in proceedings.
Poll: Useful, interest in accepting as WG document? Strong consensus
recorded. AD suggested that these use cases be packaged with CallerPrefs
drafts.
Topic: ICE, Jonathan Rosenberg
Slides presented, included in proceedings.
Provides general methodology for using address-fixing protocols to get
SIP through NAT.
Question: What is the impact if some sort of underlying mobility
function causes node address changes? Does ICE resolve? Ans: Unknown,
but we think it should work if the frequency of address changes is lower
than 1/RTT.
Question: Does having STUN server on every node open up the network to
denial-of-service attacks on NAT translation? Ans: No -- at least, no
more than port-scanning already would.
Poll: Who read: fairly large number.
Question: Muxing STUN and media -- is that required? What is the
implication of demux? Ans: It seems to be feasible to use magic-cookies
in the TUN level to work it out.
Comment: This DOES require widespread deployment to be useful, can we
get that? Ans: If it works, people will implement it.
Question: What are implications if only one end supports? Ans: We
fall back to what we have now. Question: IS it easier to fix the NAT
than to fix the SIP? Ans. Debatable. There's a lot of $39 NAT
boxes out there.
Poll: How many people would be interested in implementing? (several)
Will one volunteer to write the preconditions (document things like like
SDP changes, requirements in SIPPING) Yes-- Cullen Jennings.
Poll: Would you like this work to be documented in SIPPING, along with
fallback to previous modes? Ans: Loud response, a few dissenters.
Proposal: Cullen to work on preconditions, Jonathan to work on
furthering ICE draft, WG to request authorization to pursue as WG effort.
Topic: Session Policy Requirements, Jonathan Rosenberg
Slides presented, included in proceedings.
Slides presented reviewed scenarios. Poll: Do we want to work on this?
Brian Rosen reports that he really needs this for dealing with 6Mb/s
streams and managing admissions policy dynamically. Another comment made
that this approach could obviate the need for some B2BUAs. Comment that
we should add requirements to do this without "new headers" and it shoud
work with e2e encryption (req #1 in presentation). Poll: who thinks we
should take this work on as a baseline for requirements? Strong
consensus reported, none opposed.
What happens when a service provider wants to insist on some aspects of
a session (media flows through a realy, video not be used, etc.) So far
this has been done with SDP modification. Well known problems:
does not work with data encryption, requires proxies to have knowledge
of session descriptions, proxy complexity increases, ...
Solution: 3GPP does this -- they use 488 as a response code to list
codecs which are acceptable. This has some drawbacks as well.
Do we want to work on this problem? That is the real issue for us
to decide now.
Many people approached the mic and agreed to the requirements being
valid.
Keith Drage suggested that we resolve the requirements before
proceeding with a solution, and that consideration of various solutions
(such as Jonathan's proposal) should be deferred until the requirements
are agreed.
Poll: who thinks we should take this work on as a baseline for
requirements? Strong consensus reported, none opposed. Chairs
will request approval as a WG item from ADs.
Topic: URI Leasing, Jonathan Rosenberg
Slides presented, included in proceedings.
Material introduced from slides.
Question: This allows for temporally scoped URIs. Can we give an
example of where this would be useful? Ans. Assume a conference call
running over a set time. Discussion that current document may be a bit
complex in this area. The word "temporal" is probably misapplied in this
context and the author would like to withdraw it. This all comes down to
embedded route headers vs. a lease-and-preference model. Perhaps we
need to step up a level and ask what the top-level requirements really
are? The draft proposes three explicit. There may be also "without
hiding state in the domain name" and some others.
Comment: Leasing seems to imply temporal scoping. Huh? Long discussion
. . .
Comment: It seems that all of the given requirements could be met by
relaxing a single restriction in 3261.
Conclusion: More list discussion on requirements needed.
Topic: App Interaction Design Team, Jonathan Rosenberg
Slides presented, included in proceedings.
Minimal activity since last meeting. We should develop use cases
illustrating the requirements. Jonathan Rosenberg requested that
proposed use cases be sent to him via email.
Topic: Persistent Connections, Vijay Gurbani
Slides presented included in proceedings.
Basics presented. Discussion ensued.
Question: What is the requirement difference between signaled
persistence and simply configuring persistence?
Assertion: Reuse is only important in the client-server case.
Assertion: This sounds like my kids discussing bedtime. There is really
only reason to close a TCP connection -- to recover resources.
Therefore, the interesting thing, is not how do connections come up, but
figuring out which connection to kill if we need to kill one.
Assertion: the mechanism here is equivalent to "just doing the right
thing" with TCP, so we should fix it operationally, not by changing the
protocol.
Poll: Should we change the SIP spec to encourage leaving TCP
connections open unless they need to be closed? Strong consensus
reported. Proposed that we do minimal bug fixes in SIP, and do a
separate document with an operational focus on "how to" reuse TCP,
initially as a discussion and possibly leading into a BCP. No objections
noted. Vijay Gurbani may volunteer to lead on a usage document.
Topic: Conferencing Design Team, Alan Johnstson
Requirements, Framework, and Call Control ready for WG adoption.
Conference Policy is splitting into two and should be ready shortly.
Media policies work requirements progressing, work on policy
manipulation is ongoing, and the policy work needs a new home. MMUSIC is
not going to adopt this in their new charter.
Question: This policy work is related to data manipulation in SIMPLE,
can we combine it? Ans: Probably not. One is data manipulation, the
other is policy RPC.
Open issues recapped in slides.
Discussion of absolute vs. relative time in focus. Why not have
absolute time? Ans. Simplifies timeing coordination on focus.
Comment: We do have requirements for realtime transitional controls for
things like camera-follows-speaker. SOAP and ACAP don't combine to meet
this requirement. Ans: This is for more persistent policy, not
floor-control. Floor-control remains a media problem.
Poll: Do we wish to, as proposed, adopt the requirements, framework,
and call control drafts as wg efforts? Strong consensus, no objections.
Question: Is discovery in-scope? It could be a furball.
Request: Make focus migration happen sooner rather than later. This
will be required for three-way to more-way migrations. This is also
important from a fault recovery standpoint. The call-control is easy,
just a REFER series, but handling the policy migration is more
interesting.
Discussion: Policy group needs working group home. Rohan: mmusic
will NOT be chartered to do this; so it is either us or a new BOF.
Will work it out with the ADs later. We have not been told that we
have to stop working on this.
Open issues: conference policy protocol, floor control, notifications.
Proposed: Adopt Reqs, framework, and call control I-Ds as WG documents.
Poll taken, and strong consensus reported.
Open reqs: discovery, focus role migration, cascading and camera
control.
Topic: Hearing impaired media transcoding, Gonzalo Camarillo
Work proceeding, no surprises. Author reports little
progresssince last IETF and believes that now that we have media
policy I-D and session policy reqs, we will make more progress for the
next IETF.
Topic: Emergency calling design team, Jon Peterson
Work proceeding, will try to have face-to-face meeting here. Two cases
-- regular 911 calls, and PSAP access-link replacement. Can we divide
these two cases so that there is something available for "today's PSTN
PSAP"?
Topic: Event Throttling Requirements, Aki Niemi
Notification rate limiting is the "common factor" among most of the
event filtering discussions. Issues: Is the model accurate and
appropriate? Do we need both the leaky bucket and the strict throttle?
Is it ok to leave handling of quarantined notifications out of scope? Is
this work useful?
Discussion: It may be important to have a different throttling
mechanism for "aggregated/filtered" notifications than for simply
prioritized or decimated notifications. The current work does not really
consider notification volume/size, just counts. Discussion about the
difference between quarantine and gating/throttling functions. One can
define a five-token multibucket scenario that's fairly complete. Is this
too complicated to be practical? Volutneers to review reqs -- Jonathan,
David Oran, and Tomn Taylor volunttered. Poll for adoption: none
opposed. Question: Is there standardization required to be able to rate
limit?
Event Throttle Requirements, Aki Niemi
Aki went through the model and the requirements (see slides). Issues:
Is the model accurate and appropriate? Do we need both leaky-bucket and
the strict throttle models, or is only one of them enough?
Observation from floor: Quarantining and throttling are not the same
thing. One introduces delay the other control rates.
Rohan: Jonathan, Dave Oran and Dean will review the I-D and the
WG will receive an update from them before this becomes a WG document.
Session 2, Wednesday March 19, 1530-1730:
Scribes: Paul Kyzivat, Vijay Gurbani
Chat coordinator: Brian Rosen
Session called to-order by chairs. Agenda agreed as follows:
1530 Agenda Bash
Security Related Issues
1535 Role-based Authorization Requirements, Jon Peterson
draft-peterson-sipping-role-authz-00.txt
1545 Request History, Mary Barnes
draft-ietf-sipping-req-history-02.txt
draft-barnes-sipping-history-info-02.txt
Operations
1605 SIP Endpoint Service Charging Requirements, Wolfgang Beck
draft-beck-sipping-svc-charging-req-01.txt
1615 SIP User Agent Configuration - Dan Petrie
draft-ietf-sipping-config-framework-00.txt
1625 Issues in Dual Stack Environments, Hakan Persson
draft-persson-sipping-sip-issues-dual-stack-00.txt
1635 SIP-AAA Requirements, Gonzalo Camarillo
draft-ietf-sipping-aaa-req-02.txt
Media Related Issues
1645 Early Media, Gonzalo Camarillo
draft-camarillo-sipping-early-media-01.txt
1710 Network Announcements, Eric Burger
draft-burger-sipping-netann-05.txt
1720 Considerations on the IPREP Requirements, Jon Peterson
draft-peterson-sipping-ieprep-00.txt
1730 Wrap
Topic: Role-Based Authentication, Jon Peterson
Slides introduce concept. Question: Can you show some use cases? Assume
two previously unassociated carriers in a federation wish to exchange
calls. One carrier issues an authorization object, which the caller
hands to the other carrier, allowing the call to proceed. Other examples
followed.
Discussion from floor: Are we proposing replacing identity
with roles? Jon responded that this could encompass
identity, but maybe not. suggested from floor that we add more in
doc explaining relationship between identity and roles, agreed to by
author.
Request: Somebody asked for more use cases. Was also concerned whether
all stated requirements were self consistent.
Observation from floor: Jiri Kuthan suggested that this was a
replacement/alternative for network asserted identity.
Observation from floor: Somebody suggested that Role wasn’t
exactly the right term to use.
Topic: Request History Rqmts and Solution, Mary Barnes
Slides presented, included in proceedings. Mary Barnes presented
current status of both documents. Both requirements and solution
have had two new versions since last meeting, now up to -02. Mary
explained changes. Of note - separating out security requirements,
to separate document.
Remaining open issue is security, which is work-in-progress, which a
seperate security solution draft expected soon.
Consensus that requirements document is roughly complete and should be
referred to SIP WG for action. Chairs need to refer to AD for approval.
Topic: SIP Endpoint Service Charging Requirements, Wolfgang Beck
Slides presented included in proceedings.
Introduces requirements and a model for third-party trust assignment
with SIP. Possibly combinable with role-based-authorization.
Proposal: this should be two drafts, one around charging and another
about advice-of-charge.
Comment: this seems to be limited to a fixedSIP architecture as
currently written.
Comment: the evaluation of the requirements presented in the
draft would be greatly aided by the inclusion of use cases.
Comment: reading the document indicates a specific business model
in-mind. Work here should be network agnostic and not make assumptions
about who is paying (like caller always pays) etc.
Question from chairs: Are we interested in trying to gather
requirements to support an endpoint based charging model (i.e., not
billing from intermediaries). Consensus that we would like to see the
work more completely illustrated, including use cases, before
considering its utility.
Topic: Config Framework, Dan Petrie
Slides presented included in proceedings.
Open Question: Should HTTPS be a SHOULD or MUST strength reequirement:
Ans. MUST implement, SHOULD use. Open Question: Is HTTPish preferred to
LDAP or ACAP?
Open Question: Is this related to NETCONF work?
Discussion: There are issues here that cannot be fixed with HTTPS pixie
dust. You need a separate mechanism of top of HTTPS to verify the
identity of the node requesting configuration. Of course, this needs to
be configured in. So there is a bootstrapping problem.
Open question: device identity parameters: User-agent header? New
header? No decision made.
Open question: How to indicate profile type? Accept-header or event
header parameter or request-URI? Comment: this is the same problem as
SIMPLE's buddy list management and should use the same mechanism.
Further discussion taken to the list.
Dan Petrie presented. Identified changes from prior version.
(draft-petrie-sipping-config-framework-00)
There were comments about strength of use for HTTPS for content
indirection in here. General sentiment seemed to be that HTTPS should be
MUST implement, SHOULD use. Other protocols other than http/https
are also possible.
Henning Schulzrinne said https isn’t enough. Said there were both
confidentiality issues as well as way to ensure the client gets the
right data. In absence of client cert, which you can’t assume
during config, presents difficult problems – how to bootstrap.
Dan acknowledged this problem, and said he has already proposed to
do work to deal with that. Further discussion went on. Rohan asked
that
this go to list.
Dan requested input on list for where device identification should go –
in User-Agent header or somewhere else.
Discussion of profile type – where to indicate in subscription.
Jonathan Rosenberg thought you could subscribe to a different request
uri for each kind of thing. Rohan Mahy disagreed. Was sent to the list
for discussion.
Jonathan suggested this is similar to SIMPLE problem regarding
buddylists, and the two works should be synchronized.
Topic: Dual-Stack Issues, Hakan Persson
Slides introduce problem and recaps several solutions. The "contact"
problem seems to be addressable in part by dual-interfaced record-route
and in part by ICE. The document will be revisited by the author
exlporing usage of these techniques and, if the solution is
satisfactory, can become a usage document illustrating the solution to
the problems it has already raised.
Topic: AAA Req, Gonzalo Camarillo
Slides presented included in proceedings.
Currently in WGLC. Poll: Any issues that have been missed? No new
issues. Attendees encouraged to follw WGLC.
Topic: Early Media, Gonzalo Camarillo
Slides presented included in proceedings.
Open issues: There appear to be three ringback states from ISUP, and
only two codes (180, 183) available in SIP. Not all protagonists are
present and the author proposes to hold a conference call for
resolution. Debate ensued anyhow, trying to capture essence of the
issue. Francois, Flemming, Rohan, others agreed to send use cases
illustrating the issues they need solved. Poll: should we add a flag? No
clear consensus
Topic: Network Announcements, Eric Burger
Slides presented included in proceedings.
Open Issue: Media on Hold? What does a media server do when it gets put
on hold? This seems to be application specific, not a SIP protocol
problem.
Open Issue: 409 Result code proposal? Suggestion from audience Can we
TRY not to use things that are used in HTTP to mean something different?
Sugggestion: Could we use a standard response code and a Reason field?
Conversation deferred to list with emphasis on 6xx vs 4xx debate.
Open Issue: Multiple Media Streams:? What do do then, to play
multiple things? Eric asserted this isn’t an issue if the target uri is
a composite object. He wanted to know if that is the predominant use
case. And if not, how would the multiple streams be synced? Brian Rosen
wondered why it isn’t good enough to pick one stream. Confusion reigns,
deferred to list.
Open issue: IS everything in this draft consistent with WG usage? We
need to be sure we're aligned with conferencing and early media work?
Author asked to work with Alan Johnston on conferencing alignment, and
Gonzalo Camarillo on early media.
Topic: IEPREP Considerations, Jon Peterson
SIPPING asked to provide formal response to the IEPREP considerations,
widely discussed on mailing list. Open Issue: SHOULD we address this
here? As there is already work in SIP on the priority header? Should we
do it here?
Discussion:
Jon Peterson presented. Said this work was in response to requests
by area directors for comments on RFC3478. This is Jon’s private
attempt at comments, based on some discussion on list.
Jon raised privacy issues. Henning said there are fundamental tradeoffs
between privacy and proxies, and that therefore it is necessary to offer
endpoint with options for either.
Keith Drage asserted that either there is an error in the IEPREP
requirements that ought to be fixed there, or else it should be dealt
with by SIP in responding to the requirements, so there is no need for
SIPPING draft in this instance. Allison Mankin agreed, said the area
directors could deal with this aspect now, and don’t need any more
input.
Rohan observed that SIP already adopted a mechanism that relates to
this. :
Meeting concluded.