XCON H. Khartabil Internet-Draft Nokia Expires: April 12, 2005 October 12, 2004 An Extensible Markup Language (XML) Configuration Access Protocol (XCAP) Usages for Conference Policy Manipulation and Conference Policy Privelges Manipulation draft-ietf-xcon-cpcp-xcap-03 Status of this Memo This document is an Internet-Draft and is subject to all provisions of section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 12, 2005. Copyright Notice Copyright (C) The Internet Society (2004). Abstract The Conference Policy is defined as the complete set of rules for a particular conference manipulated by the conference policy server. The Conferece Policy Control Protocol (CPCP) is the protocol used by client to manipulate the conference policy. This document defines an XML Configuration Access Protocol (XCAP) application usage that may be used to store and manipulate a conference policy. Khartabil Expires April 12, 2005 [Page 1] There also exists an Extensible Markup Language (XML) Schema that enumerates the conference policy meta data that enable a user to assign privileges to users that enables them to read and/or manipulate parts of or the entirety of a conference policy. This document defines an XML Configuration Access Protocol (XCAP) application usage that may be used to store and manipulate a conference policy priveleges XML document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. An XCAP Usage for Conference Policy Manipulation . . . . . . . 4 4.1 Application Unique ID . . . . . . . . . . . . . . . . . . 4 4.2 Resource Interdependencies . . . . . . . . . . . . . . . . 4 4.3 Additional Constraints . . . . . . . . . . . . . . . . . . 4 4.4 Naming Conventions . . . . . . . . . . . . . . . . . . . . 4 4.5 Authorization Policies . . . . . . . . . . . . . . . . . . 4 4.6 MIME Type for CPCP XML Document . . . . . . . . . . . . . 4 5. An XCAP Usage for Conference Policy Privileges Manipulation . 5 5.1 Application Unique ID . . . . . . . . . . . . . . . . . . 5 5.2 Resource Interdependencies . . . . . . . . . . . . . . . . 5 5.3 Additional Constraints . . . . . . . . . . . . . . . . . . 5 5.4 Naming Conventions . . . . . . . . . . . . . . . . . . . . 5 5.5 Authorization Policies . . . . . . . . . . . . . . . . . . 5 5.6 MIME Type for CPCP XML Document . . . . . . . . . . . . . 5 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1 Conference Policy Manipulation . . . . . . . . . . . . . . 5 6.1.1 Creating a Conference . . . . . . . . . . . . . . . . 5 6.1.2 Expelling a User . . . . . . . . . . . . . . . . . . . 6 6.1.3 Allowing An Expelled Participant To Join Again . . . . 6 6.1.4 Allowing Sarah to Refer Users . . . . . . . . . . . . 7 6.1.5 Removing A Conference . . . . . . . . . . . . . . . . 7 6.2 Conference Policy Privileges Manipulation . . . . . . . . 8 6.2.1 Creating Conference Policy Privilegtes . . . . . . . . 8 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8.1 XCAP Application Usage IDs . . . . . . . . . . . . . . . . 9 8.1.1 conference-policies . . . . . . . . . . . . . . . . . 9 8.1.2 conference-policy-privielges . . . . . . . . . . . . . 9 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 10. Normative References . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10 Intellectual Property and Copyright Statements . . . . . . . . 11 Khartabil Expires April 12, 2005 [Page 2] Internet-Draft Conferencing-XCAP October 2004 1. Introduction The SIP conferencing framework [8] defines the mechanisms for multi-party centralized conferencing in a SIP environment. Existing SIP mechanisms allow users, for example, to join and leave a conference, as described in [5]. A centralised server, called focus, can expel and invite users, and may have proprietary access control lists and user privilege definitions. The Conference Policy Control Protocol [1] defines an XML Schema that enumerates the conference policy data elements that enable a user to define a conference policy. This policy document may be given to a focus using a number of transports. Mechanisms such as a web page or a voice response system can also be used to manipulate conference policy data. Similarily, Privileges for Manipulating a Conference Policy [2] defines an Extensible Markup Language (XML) Schema that enumerates the conference policy meta data that enable a user to assign privileges to users that enables them to read and/or manipulate a conference policy. Mechanims are also needed to manipulate such data. In many cases it is useful to have standardised means to manipulate conference policy elements and conference policy privileges elements. Two XML Configuration Access Protocol (XCAP) [6] application usages are defined that allow for the real-time manipulation of conference policy and conference policy privileges and meets the requirements in [4] to store and manipulate a conference policy object and a conference policy privileges object. XCAP has many advantages in its use for conference policy control protocol. It is a HTTP 1.1 based protocol that allows clients to read, write, modify and delete application data stored in XML format at a server. XCAP maps XML document elements and attributes to HTTP URIs that can be directly accessed by HTTP. One application area which has already adopted XCAP is the manipulation of event lists [7]. For manipulation of the Conference Policy XML object, the system MAY support the XCAP usage defined in Section 4. For manipulation of the Conference Policy Privileges XML object, the system MAY support the XCAP usage defined in Section 5. 2. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3]. Khartabil Expires April 12, 2005 [Page 3] Internet-Draft Conferencing-XCAP October 2004 3. Terminology This document uses terminology from [8]. Some additional definitions are introduced in [1]. 4. An XCAP Usage for Conference Policy Manipulation 4.1 Application Unique ID XCAP requires application usages to define a unique application usage ID (AUID) in either the IETF tree or a vendor tree. This specification defines the "conference-policies" AUID within the IETF tree, via the IANA registration in Section 8. 4.2 Resource Interdependencies The conference policy server MAY fill the conference URI(s), but the client MUST propose a conference URI. If the CPS does not allow assignments of URIs by the client, it rejects the request with a "409" response and SHOULD include a body in the response detailing the error. XCAP Base document [6] section 7.2.1 explains how such a response body is constructed. The CPS MAY assign multiple conference URIs to a conference, one for each call signaling protocol that it supports. Section xx of [1] (Conference Settings) discusses this is more detail. Sidebar URIs are subject to the same behaviour. 4.3 Additional Constraints These are defined within the XML structure definition in [1]. 4.4 Naming Conventions There are no naming conventions that need to be defined for this application usage. 4.5 Authorization Policies A server can allow privileged users to modify documents that they don't own. The establishment and indication of such policies is done by setting the authorization rules as described in [2]. 4.6 MIME Type for CPCP XML Document The MIME type for the CPCP XML document is defined in [1]. Khartabil Expires April 12, 2005 [Page 4] Internet-Draft Conferencing-XCAP October 2004 5. An XCAP Usage for Conference Policy Privileges Manipulation 5.1 Application Unique ID XCAP requires application usages to define a unique application usage ID (AUID) in either the IETF tree or a vendor tree. This specification defines the "conference-policy-privileges" AUID within the IETF tree, via the IANA registration in Section 8. 5.2 Resource Interdependencies There are no resource interdependencies that need to be defined fo this application usage. 5.3 Additional Constraints These are defined within the XML structure definition in [2]. 5.4 Naming Conventions The "filename" as defined in XCAP Base document [6] is used to describe the final path segment in the document selector. This XCAP usage requires that the filename of the conference policy privileges be exactly the same as the filename given to the conference policy that it relates to. This will save processing time in that the focus does not need to search all conference privileges documents looking for the right one. This also eliminates any conflicts that may occur by disallowing more than one conference policy privileges document to exist for a single conference policy. 5.5 Authorization Policies This application usage does not modify the default XCAP authorization policy, which is that only a user can read, write or modify their own documents. 5.6 MIME Type for CPCP XML Document The MIME type for the Conference Policy Privileges XML document is defined in [2] 6. Examples 6.1 Conference Policy Manipulation 6.1.1 Creating a Conference Continuing with the example in Section xx of [1], Alice's client uses Khartabil Expires April 12, 2005 [Page 5] Internet-Draft Conferencing-XCAP October 2004 XCAP to transport the conference policy to the conference policy server PUT http://xcap.example.com/services/conference-policies/users/Alice/c onference.xml HTTP/1.1 Content-Type: application/conference-policy+xml [conference policy from [1] example goes here]. At exactly 2004-12-17T09:30:00-05:00, the focus sends SIP INVITE request to Alice and a SIP REFER request to Sarah. At 2004-12-17T09:25:00-05:00, SIP INVITE requests can be accepted from anyone at domain example.com. Any attempts to join the conference by users in other domains are rejected. 6.1.2 Expelling a User After the conference has started, Alice decides to expel Bob who has joined the conference. So she modifies the authorization rule that allows everyone at example.com to join: PUT http://xcap.example.com/services/conference-policies/users/Alice/c onference.xml/~~/conference/authorization-rules/rule[@id=""]/condi tions/identity/ HTTP/1.1 Content-Type:text/plain example.com bob@example.com At this point, the focus sends a SIP BYE request to Bob ending Bob's participation in the conference. This also guarantees that Bob cannot rejoin the conference since he is explicitly blocked. Any attempt Bob makes in rejoining the conference will fail. 6.1.3 Allowing An Expelled Participant To Join Again Continuing with the example above, Alice now decides to allow Bob to join again after a period of time. She does so by rewriting parts of Khartabil Expires April 12, 2005 [Page 6] Internet-Draft Conferencing-XCAP October 2004 the rule that blocks him from joining. PUT http://xcap.example.com/services/conference-policies/users/Alice/c onference.xml/~~/conference/authorization-rules/rule[@id=""]/condi tions/identity/ HTTP/1.1 Content-Type:text/plain example.com Bob can now rejoin the conference by sending a SIP INVITE request. 6.1.4 Allowing Sarah to Refer Users Alice now decides that Sarah can ask the focus to refer users to the conference: PUT http://xcap.example.com/services/conference-policies/users/Alice/c onference.xml/~~/conference/authorization-rules/rule[@id="3"] HTTP/1.1 Content-Type:text/plain sarah@example.com true 6.1.5 Removing A Conference Alice now decides she no longer wants this conference to exist and Khartabil Expires April 12, 2005 [Page 7] Internet-Draft Conferencing-XCAP October 2004 therefore deletes the conference: DELETE http://xcap.example.com/services/conference-policies/users/Alice/c onference.xml As a result of this action, the focus sends SIP BYE requests to all current participants in the conference. The conference server terminates the focus thereafter. 6.2 Conference Policy Privileges Manipulation 6.2.1 Creating Conference Policy Privilegtes Continuing with the example in Section xx of [2], Alice's client uses XCAP to transport the conference policy privileges to the conference policy server PUT http://xcap.example.com/services/conference-policy-privileges/user s/Alice/cp-privileges.xml HTTP/1.1 Content-Type: application/privileges+xml [conference policy privileges from [2] example goes here]. 7. Security Considerations The information contained in conference-policies and conference-policy-privileges documents are particularly sensitive. The former represents critical conference information like allowed user and conference time while the latter represents the list of privileged people with assigned privileges. As a result, clients SHOULD use TLS when contacting servers in order to fetch this information. Note that this does not represent a change in requirement strength from XCAP. The XCAP base specification mandates that all XCAP servers MUST implement HTTP Authentication: Basic and Digest Access Authentication [9]. Furthermore, XCAP servers MUST implement HTTP over TLS [10]. It is recommended that administrators of XCAP servers use an HTTPS URI as the XCAP root services URI, so that the digest client authentication occurs over TLS. By using these means, XCAP client and server can ensure the confidentiality and integrity of the XCAP created conference policy and conference policy privileges documents and their manipulation operations, and that only authorized clients are allowed to perform them. Khartabil Expires April 12, 2005 [Page 8] Internet-Draft Conferencing-XCAP October 2004 8. IANA Considerations 8.1 XCAP Application Usage IDs 8.1.1 conference-policies Name of the AUID: conference-policies Description: Conference policy application manipulates conference policy at a server. 8.1.2 conference-policy-privielges Name of the AUID: conference-policy-privileges Description: Conference policy privileges application manipulates conference policy privielges at a server. 9. Acknowledgements The authors would like to thank Alan Johnston and the IETF XCON working group for their feedback and suggestions. 10 Normative References [1] Khartabil, H., Koskelainen, P. and A. Niemi, "The Conference Policy Control Protocol (CPCP)", Internet-Draft I-D.draft-ietf-xcon-cpcp, September 2004. [2] Khartabil, H. and A. Niemi, "Privileges for Manipulating a Conference Policy", Internet-Draft I-D.draft-ietf-xcon-conference-policy-privileges, September 2004. [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, BCD 14, March 1997. [4] Koskelainen, P. and H. Khartabil, "Requirements for conference policy control protocol", draft-ietf-xcon-cpcp-req-01 (work in progress), January 2004. [5] Johnston, A. and O. Levin, "Session Initiation Protocol Call Control - Conferencing for User Agents", draft-ietf-sipping-cc-conferencing-03 (work in progress), February 2004. [6] Rosenberg, J., "The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)", draft-ietf-simple-xcap-02 (work in progress), February 2004. Khartabil Expires April 12, 2005 [Page 9] Internet-Draft Conferencing-XCAP October 2004 [7] Rosenberg, J., "An Extensible Markup Language (XML) Configuration Access Protocol (XCAP) Usage for Presence Lists", draft-ietf-simple-xcap-list-usage-02 (work in progress), February 2004. [8] Rosenberg, J., "A Framework for Conferencing with the Session Initiation Protocol", draft-ietf-sipping-conferencing-framework-01 (work in progress), October 2003. [9] Franks, J., "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [10] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. Author's Address Hisham Khartabil Nokia P.O. Box 321 Helsinki FIN-00045 Finland EMail: hisham.khartabil@nokia.com Khartabil Expires April 12, 2005 [Page 10] Internet-Draft Conferencing-XCAP October 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Khartabil Expires April 12, 2005 [Page 11]