draft-ietf-drinks-spp-framework-02.txt   draft-ietf-drinks-spp-framework-03.txt 
DRINKS K. Cartwright DRINKS K. Cartwright
Internet-Draft V. Bhatia Internet-Draft V. Bhatia
Intended status: Standards Track TNS Intended status: Standards Track TNS
Expires: January 17, 2013 S. Ali Expires: April 25, 2013 S. Ali
NeuStar NeuStar
D. Schwartz D. Schwartz
XConnect XConnect
July 16, 2012 October 22, 2012
Session Peering Provisioning Framework (SPPF) Session Peering Provisioning Framework (SPPF)
draft-ietf-drinks-spp-framework-02 draft-ietf-drinks-spp-framework-03
Abstract Abstract
This document specifies the data model and the overall structure for This document specifies the data model and the overall structure for
a framework to provision session establishment data into Session Data a framework to provision session establishment data into Session Data
Registries and SIP Service Provider data stores. The framework is Registries and SIP Service Provider data stores. The framework is
called the Session Peering Provisioning Framework (SPPF). The called the Session Peering Provisioning Framework (SPPF). The
provisioned data is typically used by network elements for session provisioned data is typically used by network elements for session
peering. establishment.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 17, 2013. This Internet-Draft will expire on April 25, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 8
3. Framework High Level Design . . . . . . . . . . . . . . . . . 9 3. Framework High Level Design . . . . . . . . . . . . . . . . . 10
3.1. Framework Data Model . . . . . . . . . . . . . . . . . . . 9 3.1. Framework Data Model . . . . . . . . . . . . . . . . . . . 10
3.2. Time Value . . . . . . . . . . . . . . . . . . . . . . . . 12 3.2. Time Value . . . . . . . . . . . . . . . . . . . . . . . . 13
4. Transport Protocol Requirements . . . . . . . . . . . . . . . 13 3.3. Extensibility . . . . . . . . . . . . . . . . . . . . . . 13
4.1. Connection Oriented . . . . . . . . . . . . . . . . . . . 13 4. Transport Protocol Requirements . . . . . . . . . . . . . . . 14
4.2. Request and Response Model . . . . . . . . . . . . . . . . 13 4.1. Connection Oriented . . . . . . . . . . . . . . . . . . . 14
4.3. Connection Lifetime . . . . . . . . . . . . . . . . . . . 13 4.2. Request and Response Model . . . . . . . . . . . . . . . . 14
4.4. Authentication . . . . . . . . . . . . . . . . . . . . . . 13 4.3. Connection Lifetime . . . . . . . . . . . . . . . . . . . 14
4.5. Authorization . . . . . . . . . . . . . . . . . . . . . . 14 4.4. Authentication . . . . . . . . . . . . . . . . . . . . . . 14
4.6. Confidentiality and Integrity . . . . . . . . . . . . . . 14 4.5. Authorization . . . . . . . . . . . . . . . . . . . . . . 15
4.7. Near Real Time . . . . . . . . . . . . . . . . . . . . . . 14 4.6. Confidentiality and Integrity . . . . . . . . . . . . . . 15
4.8. Request and Response Sizes . . . . . . . . . . . . . . . . 14 4.7. Near Real Time . . . . . . . . . . . . . . . . . . . . . . 15
4.9. Request and Response Correlation . . . . . . . . . . . . . 14 4.8. Request and Response Sizes . . . . . . . . . . . . . . . . 15
4.10. Request Acknowledgement . . . . . . . . . . . . . . . . . 14 4.9. Request and Response Correlation . . . . . . . . . . . . . 15
4.11. Mandatory Transport . . . . . . . . . . . . . . . . . . . 15 4.10. Request Acknowledgement . . . . . . . . . . . . . . . . . 15
5. Base Framework Data Structures and Response Codes . . . . . . 16 4.11. Mandatory Transport . . . . . . . . . . . . . . . . . . . 16
5.1. Basic Object Type and Organization Identifiers . . . . . . 16 5. Base Framework Data Structures and Response Codes . . . . . . 17
5.2. Various Object Key Types . . . . . . . . . . . . . . . . . 16 5.1. Basic Object Type and Organization Identifiers . . . . . . 17
5.2.1. Generic Object Key Type . . . . . . . . . . . . . . . 17 5.2. Various Object Key Types . . . . . . . . . . . . . . . . . 17
5.2.2. Derived Object Key Types . . . . . . . . . . . . . . . 17 5.2.1. Generic Object Key Type . . . . . . . . . . . . . . . 18
5.3. Response Message Types . . . . . . . . . . . . . . . . . . 19 5.2.2. Derived Object Key Types . . . . . . . . . . . . . . . 18
6. Framework Data Model Objects . . . . . . . . . . . . . . . . . 22 5.3. Response Message Types . . . . . . . . . . . . . . . . . . 20
6.1. Destination Group . . . . . . . . . . . . . . . . . . . . 22 6. Framework Data Model Objects . . . . . . . . . . . . . . . . . 23
6.2. Public Identifier . . . . . . . . . . . . . . . . . . . . 23 6.1. Destination Group . . . . . . . . . . . . . . . . . . . . 23
6.3. SED Group . . . . . . . . . . . . . . . . . . . . . . . . 28 6.2. Public Identifier . . . . . . . . . . . . . . . . . . . . 24
6.4. SED Record . . . . . . . . . . . . . . . . . . . . . . . . 32 6.3. SED Group . . . . . . . . . . . . . . . . . . . . . . . . 29
6.5. SED Group Offer . . . . . . . . . . . . . . . . . . . . . 36 6.4. SED Record . . . . . . . . . . . . . . . . . . . . . . . . 33
6.6. Egress Route . . . . . . . . . . . . . . . . . . . . . . . 38 6.5. SED Group Offer . . . . . . . . . . . . . . . . . . . . . 37
6.6. Egress Route . . . . . . . . . . . . . . . . . . . . . . . 39
7. Framework Operations . . . . . . . . . . . . . . . . . . . . . 41 7. Framework Operations . . . . . . . . . . . . . . . . . . . . . 41
7.1. Add Operation . . . . . . . . . . . . . . . . . . . . . . 41 7.1. Add Operation . . . . . . . . . . . . . . . . . . . . . . 41
7.2. Delete Operation . . . . . . . . . . . . . . . . . . . . . 41 7.2. Delete Operation . . . . . . . . . . . . . . . . . . . . . 41
7.3. Get Operations . . . . . . . . . . . . . . . . . . . . . . 42 7.3. Get Operations . . . . . . . . . . . . . . . . . . . . . . 42
7.4. Accept Operations . . . . . . . . . . . . . . . . . . . . 42 7.4. Accept Operations . . . . . . . . . . . . . . . . . . . . 42
7.5. Reject Operations . . . . . . . . . . . . . . . . . . . . 43 7.5. Reject Operations . . . . . . . . . . . . . . . . . . . . 43
7.6. Get Server Details Operation . . . . . . . . . . . . . . . 43 7.6. Get Server Details Operation . . . . . . . . . . . . . . . 43
8. XML Considerations . . . . . . . . . . . . . . . . . . . . . . 44 8. XML Considerations . . . . . . . . . . . . . . . . . . . . . . 45
8.1. Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 44 8.1. Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 45
8.2. Versioning and Character Encoding . . . . . . . . . . . . 44 8.2. Versioning and Character Encoding . . . . . . . . . . . . 45
9. Security Considerations . . . . . . . . . . . . . . . . . . . 45 9. Security Considerations . . . . . . . . . . . . . . . . . . . 46
9.1. Confidentiality and Authentication . . . . . . . . . . . . 45 9.1. Confidentiality and Authentication . . . . . . . . . . . . 46
9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 45 9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 46
9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 45 9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 46
9.3.1. DoS Issues Inherited from Transport Mechanism . . . . 45 9.3.1. DoS Issues Inherited from Transport Mechanism . . . . 46
9.3.2. DoS Issues Specific to SPPF . . . . . . . . . . . . . 46 9.3.2. DoS Issues Specific to SPPF . . . . . . . . . . . . . 47
9.4. Information Disclosure . . . . . . . . . . . . . . . . . . 47 9.4. Information Disclosure . . . . . . . . . . . . . . . . . . 48
9.5. Non Repudiation . . . . . . . . . . . . . . . . . . . . . 47 9.5. Non Repudiation . . . . . . . . . . . . . . . . . . . . . 48
9.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . . 47 9.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . . 48
9.7. Man in the Middle . . . . . . . . . . . . . . . . . . . . 47 9.7. Man in the Middle . . . . . . . . . . . . . . . . . . . . 48
10. Internationalization Considerations . . . . . . . . . . . . . 49 10. Internationalization Considerations . . . . . . . . . . . . . 50
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 51
12. Formal Specification . . . . . . . . . . . . . . . . . . . . . 51 12. Formal Specification . . . . . . . . . . . . . . . . . . . . . 52
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 60 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 61
14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 61 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 62
14.1. Normative References . . . . . . . . . . . . . . . . . . . 61 14.1. Normative References . . . . . . . . . . . . . . . . . . . 62
14.2. Informative References . . . . . . . . . . . . . . . . . . 61 14.2. Informative References . . . . . . . . . . . . . . . . . . 62
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 64
1. Introduction 1. Introduction
Service providers and enterprises use registries to make session Service providers and enterprises use routing databases known as
routing decisions for Voice over IP, SMS and MMS traffic exchanges. registries to make session routing decisions for Voice over IP, SMS
This document is narrowly focused on the provisioning framework for and MMS traffic exchanges. This document is narrowly focused on the
these registries. This framework prescribes a way for an entity to provisioning framework for these registries. This framework
provision session-related data into a registry. The data being prescribes a way for an entity to provision session-related data into
provisioned can be optionally shared with other participating peering a Registry. The data being provisioned can be optionally shared with
entities. The requirements and use cases driving this framework have other participating peering entities. The requirements and use cases
been documented in [RFC6461]. The reader is expected to be familiar driving this framework have been documented in [RFC6461].
with the terminology defined in the previously mentioned document.
Three types of provisioning flows have been described in the use case Three types of provisioning flows have been described in the use case
document: client to registry provisioning, registry to local data document: client to Registry, Registry to local data repository and
repository and registry to registry. This document addresses client Registry to Registry. This document addresses client to Registry
to registry aspect to fulfill the need to provision Session flow enabling the need to provision Session Establishment Data (SED).
Establishment Data (SED). The framework that supports flow of The framework that supports flow of messages to facilitate client to
messages to facilitate client to registry provisioning is referred to Registry provisioning is referred to as Session Peering Provisioning
as Session Peering Provisioning Framework (SPPF). Framework (SPPF).
Please note that the role of the "client" and the "server" only The role of the "client" and the "server" only applies to the
applies to the connection, and those roles are not related in any way connection, and those roles are not related in any way to the type of
to the type of entity that participates in a protocol exchange. For entity that participates in a protocol exchange. For example, a
example, a registry might also include a "client" when such a Registry might also include a "client" when such a Registry initiates
registry initiates a connection (for example, for data distribution a connection (for example, for data distribution to SSP).
to SSP).
*--------* *------------* *------------* *--------* *------------* *------------*
| | (1). Client | | (3).Registry | | | | (1). Client | | (3).Registry | |
| Client | ------------> | Registry |<------------->| Registry | | Client | ------------> | Registry |<------------->| Registry |
| | to Registry | | to Registry | | | | to Registry | | to Registry | |
*--------* *------------* *------------* *--------* *------------* *------------*
/ \ \ / \ \
/ \ \ / \ \
/ \ \ / \ \
/ \ v / \ v
skipping to change at page 5, line 29 skipping to change at page 5, line 29
V store V V store V
+----------+ +----------+ +----------+ +----------+
|Local Data| |Local Data| |Local Data| |Local Data|
|Repository| |Repository| |Repository| |Repository|
+----------+ +----------+ +----------+ +----------+
Three Registry Provisioning Flows Three Registry Provisioning Flows
Figure 1 Figure 1
The data provisioned for session establishment is typically used by A "terminating" SIP Service Provider (SSP) provisions Session
various downstream SIP signaling systems to route a call to the next Establishment Data or SED into the Registry to be selectively shared
hop associated with the called domain. These systems typically use a with other peer SSPs.
local data store ("Local Data Repository") as their source of session
routing information. More specifically, the SED data is the set of
parameters that the outgoing signaling path border elements (SBEs)
need to initiate the session. See [RFC5486] for more details.
A "terminating" SIP Service Provider (SSP) provisions SED into the SED is typically used by various downstream SIP signaling systems to
registry to be selectively shared with other peer SSPs. route a call to the next hop associated with the called domain.
Subsequently, a registry may distribute the provisioned data into These systems typically use a local data store ("Local Data
local data repositories used for look-up queries (identifier -> URI) Repository") as their source of session routing information. More
or for lookup and location resolution (identifier -> URI -> ingress specifically, the SED data is the set of parameters that the outgoing
SBE of terminating SSP). In some cases, the registry may signaling path border elements (SBEs) need to initiate the session.
additionally offer a central query resolution service (not shown in See [RFC5486] for more details.
the above figure).
A Registry may distribute the provisioned data into local data
repositories or may additionally offer a central query resolution
service (not shown in the above figure) for query purposes.
A key requirement for the SPPF is to be able to accommodate two basic A key requirement for the SPPF is to be able to accommodate two basic
deployment scenarios: deployment scenarios:
1. A resolution system returns a Look-Up Function (LUF) that 1. A resolution system returns a Look-Up Function (LUF) that
comprises the target domain to assist in call routing (as comprises the target domain to assist in call routing (as
described in [RFC5486]). In this case, the querying entity may described in [RFC5486]). In this case, the querying entity may
use other means to perform the Location Routing Function (LRF) use other means to perform the Location Routing Function (LRF)
which in turn helps determine the actual location of the which in turn helps determine the actual location of the
Signaling Function in that domain. Signaling Function in that domain.
skipping to change at page 6, line 19 skipping to change at page 6, line 18
in the target domain (as described in [RFC5486]). in the target domain (as described in [RFC5486]).
In terms of framework design, SPPF is agnostic to the transport In terms of framework design, SPPF is agnostic to the transport
protocol. This document includes the specification of the data model protocol. This document includes the specification of the data model
and identifies, but does not specify, the means to enable protocol and identifies, but does not specify, the means to enable protocol
operations within a request and response structure. That aspect of operations within a request and response structure. That aspect of
the specification has been delegated to the "protocol" specification the specification has been delegated to the "protocol" specification
for the framework. To encourage interoperability, the framework for the framework. To encourage interoperability, the framework
supports extensibility aspects. supports extensibility aspects.
Transport requirements are provided in this document to help with the In this document, XML schema is used to describe the building blocks
selection of the optimum transport mechanism. The SPP Protocol over of the SPPF and to express the data types, the semantic relationships
SOAP document identifies a protocol for SPPF that uses SOAP/HTTP as between the various data types, and the various constraints as a
the transport mechanism. binding construct. However, the "protocol" specification is free to
choose any data representation format as long as it meets the
requirements laid out in the SPPF XML schema definition. As an
example, XML and JSON are two widely used data representation
formats.
This document is organized as follows: This document is organized as follows:
o Section 2 provides the terminology; o Section 2 provides the terminology
o Section 3 provides an overview of SPPF, including functional o Section 3 provides an overview of SPPF, including functional
entities and data model; entities and data model
o Section 4 specifies requirements for SPPF transport protocols; o Section 4 specifies requirements for SPPF transport protocols
o Section 5 describes the base framework data structures, the o Section 5 describes the base framework data structures, the
generic response types that MUST be supported by a conforming generic response types that MUST be supported by a conforming
"protocol" specification, and the basic object type most first transport "protocol" specification, and the basic object type
class objects extend from; most first class objects extend from
o Section 6 detailed description of the data model object o Section 6 provides a detailed description of the data model
specifications; object specifications
o Section 8 defines XML considerations XML parsers must meet to o Section 8 defines XML considerations XML parsers must meet to
conform to this specification; conform to this specification
o Section 7 describes the operations that are supported by the
data model
o Section 7 describes the operations that are supported by the
data model
o Sections 9 - 11 discuss security, internationalization and IANA
considerations
o Section 12 normatively defines the SPPF using its XML Schema o Section 12 normatively defines the SPPF using its XML Schema
Definition. Definition.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
skipping to change at page 7, line 22 skipping to change at page 8, line 22
requirements documented in [RFC6461] and the ENUM Validation requirements documented in [RFC6461] and the ENUM Validation
Architecture [RFC4725]. Architecture [RFC4725].
In addition, this document specifies the following additional terms: In addition, this document specifies the following additional terms:
SPPF: Session Peering Provisioning Framework, the framework used by SPPF: Session Peering Provisioning Framework, the framework used by
a transport protocol to provision data into a Registry (see arrow a transport protocol to provision data into a Registry (see arrow
labeled "1." in Figure 1 of [RFC6461]). It is the primary scope labeled "1." in Figure 1 of [RFC6461]). It is the primary scope
of this document. of this document.
SPDP: Session Peering Distribution Protocol, the protocol used to Client: In the context of SPPF, this is an application that
distribute data to Local Data Repository (see arrow labeled "2." initiates a provisioning request. It is sometimes referred to as
in Figure 1 of [RFC6461]). a "Registry client".
Client: An application that supports an SPPF client; it is Server: In the context of SPPF, this is an application that
sometimes referred to as a "registry client". receives a provisioning request and responds accordingly. It is
sometimes referred to as a Registry.
Registry: The Registry operates a master database of Session Registry: The Registry operates a master database of Session
Establishment Data for one or more Registrants. Establishment Data for one or more Registrants.
A Registry acts as an SPPF server. Registrant: The definition of a Registrant is based on [RFC4725].
It is the end-user, the person or organization that is the
Registrant: In this document we extend the definition of a "holder" of the Session Establishment Data being provisioned into
Registrant based on [RFC4725]. The Registrant is the end-user, the Registry by a Registrar. For example, in [RFC6461], a
the person or organization that is the "holder" of the Session Registrant is pictured as a SIP Service Provider in Figure 2.
Establishment Data being provisioned into the Registry by a
Registrar. For example, in [RFC6461], a Registrant is pictured as
a SIP Service Provider in Figure 2.
Within the confines of a Registry, a Registrant is uniquely Within the confines of a Registry, a Registrant is uniquely
identified by a well-known ID. identified by a well-known ID.
Registrar: In this document we extend the definition of a Registrar Registrar: The definition of a Registrar is based on [RFC4725]. It
from [RFC4725]. A Registrar is an entity that performs is an entity that performs provisioning operations on behalf of a
provisioning operations on behalf of a Registrant by interacting Registrant by interacting with the Registry via SPPF operations.
with the Registry via SPPF operations. In other words the In other words the Registrar is the SPPF Client. The Registrar
Registrar is the SPPF Client. The Registrar and Registrant roles and Registrant roles are logically separate to allow, but not
are logically separate to allow, but not require, a single require, a single Registrar to perform provisioning operations on
Registrar to perform provisioning operations on behalf of more behalf of more than one Registrant.
than one Registrant.
Peering Organization: A Peering Organization is an entity to which Peering Organization: A Peering Organization is an entity to which
a Registrant's SED Groups are made visible using the operations of a Registrant's SED Groups are made visible using the operations of
SPPF. SPPF.
3. Framework High Level Design 3. Framework High Level Design
This section introduces the structure of the data model and provides This section introduces the structure of the data model and provides
the information framework for the SPPF. The data model is defined the information framework for the SPPF. The data model is defined
along with all the objects manipulated by the protocol and their along with all the objects manipulated by a conforming transport
relationships. protocol and their relationships.
3.1. Framework Data Model 3.1. Framework Data Model
The data model illustrated and described in Figure 2 defines the The data model illustrated and described in Figure 2 defines the
logical objects and the relationships between these objects that the logical objects and the relationships between these objects supported
SPPF protocol supports. SPPF defines the protocol operations through by SPPF. SPPF defines protocol operations through which an SPPF
which an SPPF client populates a registry with these logical objects. client populates a Registry with these logical objects. SPPF clients
Various clients belonging to different registrars may use the belonging to different Registrars may provision data into the
protocol for populating the registry's data. Registry using a conforming transport protocol that implements these
operations
The logical structure presented below is consistent with the The logical structure presented below is consistent with the
terminology and requirements defined in [RFC6461]. terminology and requirements defined in [RFC6461].
+-------------+ +-----------------+ +-------------+ +-----------------+
| all object | |Egress Route: | | all object | |Egress Route: |
| types | 0..n | rant, | | types | 0..n | rant, |
+-------------+ +--| egrRteName, | +-------------+ +--| egrRteName, |
|0..n / | pref, | |0..n / | pref, |
| / | regxRewriteRule,| | / | regxRewriteRule,|
skipping to change at page 10, line 42 skipping to change at page 11, line 42
| sourceIdent, | +-----+------------+ | | sourceIdent, | +-----+------------+ |
| priority, | | | | | | priority, | | | | |
| dgName | +----+ +-------+ +----+ | | dgName | +----+ +-------+ +----+ |
+-----------------------+ | URI| | NAPTR | | NS | | +-----------------------+ | URI| | NAPTR | | NS | |
|0..n +----+ +-------+ +----+ | |0..n +----+ +-------+ +----+ |
| | | |
| +-----[abstract]------+ | | +-----[abstract]------+ |
| |Public Identifier: | | | |Public Identifier: | |
|0..n | rant, | | |0..n | rant, | |
+----------------------+0..n 0..n| publicIdentifier, | | +----------------------+0..n 0..n| publicIdentifier, | |
| Dest Group: |--------------| destGrpRef, | | | Dest Group: |--------------| destGrpRef | |
| rant, | | sedRecRef | | | rant, | | | |
| dgName | +---------------------+ | | dgName | +---------------------+ |
+----------------------+ ^Various types | +----------------------+ ^Various types |
|of Public | |of Public |
|Identifiers | |Identifiers |
+---------+-------+------+----------+ | +---------+-------+------+----------+ |
| | | | | | | | | | | |
+------+ +-----+ +-----+ +-----+ +------+ | +------+ +-----+ +-----+ +-----+ +------+ |
| URI | | TNP | | TNR | | RN | |TN |----------| | URI | | TNP | | TNR | | RN | |TN |----------|
+------+ +-----+ +-----+ +-----+ +------+ 0..n +------+ +-----+ +-----+ +-----+ +------+ 0..n
Figure 2 Figure 2
skipping to change at page 11, line 45 skipping to change at page 12, line 45
Destination Group references, and a set of peering organization Destination Group references, and a set of peering organization
identifiers. This is used to establish a three part relationships identifiers. This is used to establish a three part relationships
between a set of Public Identifiers, the session establishment between a set of Public Identifiers, the session establishment
information (SED) shared across these Public Identifiers, and the information (SED) shared across these Public Identifiers, and the
list of peering organizations whose query responses from the list of peering organizations whose query responses from the
resolution system may include the session establishment resolution system may include the session establishment
information contained in a given SED group. In addition, the information contained in a given SED group. In addition, the
sourceIdent element within a SED Group, in concert with the set of sourceIdent element within a SED Group, in concert with the set of
peering organization identifiers, enables fine-grained source peering organization identifiers, enables fine-grained source
based routing. For further details about the SED Group and source based routing. For further details about the SED Group and source
based routing, refer to the definitions and descriptions of the based routing, refer to the definitions and descriptions in
SED Group operations found later in this document. Section 6.1.
o SED Record: o SED Record:
A SED Record contains the data that a resolution system returns in A SED Record contains the data that a resolution system returns in
response to a successful query for a Public Identifier. SED response to a successful query for a Public Identifier. SED
Records are generally associated with a SED Group when the SED Records are generally associated with a SED Group when the SED
within is not specific to a Public Identifier. within is not specific to a Public Identifier.
To support the use cases defined in [RFC6461], SPPF framework To support the use cases defined in [RFC6461], SPPF framework
defines three type of SED Records: URIType, NAPTRType, and NSType. defines three type of SED Records: URIType, NAPTRType, and NSType.
These SED Records extend the abstract type SedRecType and inherit These SED Records extend the abstract type SedRecType and inherit
the common attribute 'priority' that is meant for setting the common attribute 'priority' that is meant for setting
skipping to change at page 12, line 23 skipping to change at page 13, line 23
In a high-availability environment, the originating SSP likely has In a high-availability environment, the originating SSP likely has
more than one egress paths to the ingress SBE of the target SSP. more than one egress paths to the ingress SBE of the target SSP.
The Egress Route allows the originating SSP to choose a specific The Egress Route allows the originating SSP to choose a specific
egress SBE to be associated with the target ingress SBE. the egress SBE to be associated with the target ingress SBE. the
'svcs' element identifies the SED records associated with the SED 'svcs' element identifies the SED records associated with the SED
Group that will be modified by the originating SSP. Group that will be modified by the originating SSP.
o Organization: o Organization:
An Organization is an entity that may fulfill any combination of An Organization is an entity that may fulfill any combination of
three roles: Registrant, Registrar, and Peering Organization. All three roles: Registrant, Registrar, and Peering Organization. All
objects in SPPF framework are associated with two organization objects in SPPF are associated with two organization identifiers
identifiers to identify each object's registrant and registrar. A to identify each object's Registrant and Registrar. A SED Group
SED Group object is also associated with a set of zero or more object is also associated with a set of zero or more organization
organization identifiers that identify the peering organization(s) identifiers that identify the peering organization(s) whose
whose resolution query responses may include the session resolution query responses may include the session establishment
establishment information (SED) defined in the SED Records within information (SED) defined in the SED Records within that SED
that SED Group. A peering organization is an entity that the Group. A peering organization is an entity that the Registrant
registrant intends to share the SED data with. intends to share the SED data with.
3.2. Time Value 3.2. Time Value
Some request and response messages in SPPF framework include time Some request and response messages in SPPF include time value(s)
value(s) defined as type xs:dateTime, a built-in W3C XML Schema defined as type xs:dateTime, a built-in W3C XML Schema Datatype. Use
Datatype. Use of unqualified local time value is discouraged as it of unqualified local time value is disallowed as it can lead to
can lead to interoperability issues. The value of time attribute interoperability issues. The value of time attribute MUST be
MUST BE expressed in Coordinated Universal Time (UTC) format without expressed in Coordinated Universal Time (UTC) format without the
the timezone digits. timezone digits.
"2010-05-30T09:30:10Z" is an example of an acceptable time value for "2010-05-30T09:30:10Z" is an example of an acceptable time value for
use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC time, use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC time,
but it is not approved for use in SPPF messages. but it is not approved for use in SPPF messages.
3.3. Extensibility
The framework contains various points of extensiblity in form of the
"ext" elements. Extensions used beyond the scope of privat e SPPF
installations MUST be documented in an RFC level document, and the
first such extension SHOULD define an IANA registry, holding a list
of documented extensions.
4. Transport Protocol Requirements 4. Transport Protocol Requirements
This section provides requirements for transport protocols suitable This section provides requirements for transport protocols suitable
for SPPF framework. More specifically, this section specifies the for SPPF. More specifically, this section specifies the services,
services, features, and assumptions that SPPF framework delegates to features, and assumptions that SPPF framework delegates to the chosen
the chosen transport and envelope technologies. transport and envelope technologies.
4.1. Connection Oriented 4.1. Connection Oriented
The SPPF follows a model where a client establishes a connection to a The SPPF follows a model where a client establishes a connection to a
server in order to further exchange SPPF messages over such point-to- server in order to further exchange SPPF messages over such point-to-
point connection. A transport protocol for SPPF MUST therefore be point connection. A transport protocol for SPPF MUST therefore be
connection oriented. connection oriented.
4.2. Request and Response Model 4.2. Request and Response Model
skipping to change at page 13, line 45 skipping to change at page 14, line 45
short-lived, and may be established only on demand. Other use cases short-lived, and may be established only on demand. Other use cases
involve either provisioning a large dataset, or a constant stream of involve either provisioning a large dataset, or a constant stream of
small updates, either of which would likely require long-lived small updates, either of which would likely require long-lived
connections. connections.
Therefore, a protocol suitable for SPPF SHOULD be able to support Therefore, a protocol suitable for SPPF SHOULD be able to support
both short-lived as well as long-lived connections. both short-lived as well as long-lived connections.
4.4. Authentication 4.4. Authentication
All SPPF objects are associated with a registrant identifier. SPPF All SPPF objects are associated with a Registrant identifier. SPPF
Clients provisions SPPF objects on behalf of registrants. An Clients provisions SPPF objects on behalf of Registrants. An
authenticated SPP Client is a registrar. Therefore, the SPPF authenticated SPP Client is a Registrar. Therefore, the SPPF
transport protocol MUST provide means for an SPPF server to transport protocol MUST provide means for an SPPF server to
authenticate an SPPF Client. authenticate an SPPF Client.
4.5. Authorization 4.5. Authorization
After successful authentication of the SPPF client as a registrar the After successful authentication of the SPPF client as a Registrar the
registry performs authorization checks to determine if the registrar Registry performs authorization checks to determine if the Registrar
is authorized to act on behalf of the Registrant whose identifier is is authorized to act on behalf of the Registrant whose identifier is
included in the SPPF request. Refer to the Security Considerations included in the SPPF request. Refer to the Security Considerations
section for further guidance. section for further guidance.
4.6. Confidentiality and Integrity 4.6. Confidentiality and Integrity
In some deployments, the SPPF objects that an SPPF registry manages SPPF objects that the Registry manages can be private in nature.
can be private in nature. As a result it MAY NOT be appropriate to Therefore, the transport protocol MUST provide means for end-to-end
for transmission in plain text over a connection to the SPPF encryption between the SPPF client and Registry.
registry. Therefore, the transport protocol SHOULD provide means for
end-to-end encryption between the SPPF client and server.
For some SPPF implementations, it may be acceptable for the data to If the data is compromised in-flight between the SPPF client and
be transmitted in plain text, but the failure to detect a change in Registry, it will seriously affect the stability and integrity of the
data after it leaves the SPPF client and before it is received at the system. Therefore, the transport protocol MUST provide means for
server, either by accident or with a malicious intent, will adversely data integrity protection.
affect the stability and integrity of the registry. Therefore, the
transport protocol SHOULD provide means for data integrity
protection.
4.7. Near Real Time 4.7. Near Real Time
Many use cases require near real-time responses from the server. Many use cases require near real-time responses from the server.
Therefore, a DRINKS transport protocol MUST support near real-time Therefore, a DRINKS transport protocol MUST support near real-time
response to requests submitted by the client. response to requests submitted by the client.
4.8. Request and Response Sizes 4.8. Request and Response Sizes
Use of SPPF may involve simple updates that may consist of small Use of SPPF may involve simple updates that may consist of small
number of bytes, such as, update of a single public identifier. number of bytes, such as, update of a single public identifier.
Other provisioning operations may constitute large number of dataset Other provisioning operations may constitute large number of dataset
as in adding millions records to a registry. As a result, a suitable as in adding millions records to a Registry. As a result, a suitable
transport protocol for SPPF SHOULD accommodate dataset of various transport protocol for SPPF SHOULD accommodate dataset of various
sizes. sizes.
4.9. Request and Response Correlation 4.9. Request and Response Correlation
A transport protocol suitable for SPPF MUST allow responses to be A transport protocol suitable for SPPF MUST allow responses to be
correlated with requests. correlated with requests.
4.10. Request Acknowledgement 4.10. Request Acknowledgement
Data transported in the SPPF is likely crucial for the operation of Data transported in the SPPF is likely crucial for the operation of
the communication network that is being provisioned. A SPPF client the communication network that is being provisioned. A SPPF client
responsible for provisioning SED to the registry has a need to know responsible for provisioning SED to the Registry has a need to know
if the submitted requests have been processed correctly. if the submitted requests have been processed correctly.
Failed transactions can lead to situations where a subset of public Failed transactions can lead to situations where a subset of public
identifiers or even SSPs might not be reachable, or the provisioning identifiers or even SSPs might not be reachable, or the provisioning
state of the network is inconsistent. state of the network is inconsistent.
Therefore, a transport protocol for SPPF MUST provide a response for Therefore, a transport protocol for SPPF MUST provide a response for
each request, so that a client can identify whether a request each request, so that a client can identify whether a request
succeeded or failed. succeeded or failed.
skipping to change at page 16, line 12 skipping to change at page 17, line 12
layer choices may surface that agree with the requirements discussed layer choices may surface that agree with the requirements discussed
above. above.
5. Base Framework Data Structures and Response Codes 5. Base Framework Data Structures and Response Codes
SPPF contains some common data structures for most of the supported SPPF contains some common data structures for most of the supported
object types. This section describes these common data structures. object types. This section describes these common data structures.
5.1. Basic Object Type and Organization Identifiers 5.1. Basic Object Type and Organization Identifiers
This section introduces the basic object type that most first class All first class objects extend the type BasicObjType. It consists of
objects derive from. the Registrant organization, the Registrar organization, the date and
time of object creation, and the last date and time the object was
All first class objects extend the basic object type BasicObjType updated. The Registry MUST date and time of the object creation and
that contains the identifier of the registrant organization that owns update, if applicable, for all Get operations (see Section 7). If
this object, the identifier of the registrar organization that the client passed in either date and time values, the Registry MUST
created this object, the date and time that the object was created by ignore it. The Registrar performs the SPPF operations on behalf of
the server, and the date and time that the object was last modified. the Registrant, the organization that owns the object.
<complexType name="BasicObjType" abstract="true"> <complexType name="BasicObjType" abstract="true">
<sequence> <sequence>
<element name="rant" type="sppfb:OrgIdType"/> <element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/> <element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/> <element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/> <element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</complexType> </complexType>
The identifiers used for registrants (rant), registrars (rar), and The identifiers used for Registrants (rant) and Registrars (rar) are
peering organizations (peeringOrg) are instances of OrgIdType. The instances of OrgIdType. The OrgIdType is defined as a string and all
OrgIdType is defined as a string and all OrgIdType instances SHOULD OrgIdType instances MUST follow the textual convention: "namespace:
follow the textual convention: "namespace:value" (for example "iana- value" (for example "iana-en:32473"). See the IANA Consideration
en:32473"). See the IANA Consideration section for more details. section for more details.
5.2. Various Object Key Types 5.2. Various Object Key Types
The SPPF data model contains various object relationships. In some The SPPF data model contains various object relationships. In some
cases, these object relationships are established by embedding the cases, these object relationships are established by embedding the
unique identity of the related object inside the relating object. In unique identity of the related object inside the relating object.
addition, an object's unique identity is required to Delete or Get Note that an object's unique identity is required to Delete or Get
the details of an object. The following sub-sections normatively the details of an object. The following sub-sections normatively
define the various object keys in SPPF and the attributes of those define the various object keys in SPPF and the attributes of those
keys . keys .
"Name" attributes that are used as components of object key types "Name" attributes that are used as components of object key types
MUST be treated case insensitive. MUST be treated case insensitive, more specifically, comparison
operations MUST use the toNFKC_Casefold() function, as specified in
Section 3.13 of [reference to Unicode 6.1]
5.2.1. Generic Object Key Type 5.2.1. Generic Object Key Type
Most objects in SPPF are uniquely identified by an object key that Most objects in SPPF are uniquely identified by an object key that
has the object's name, object's type and its registrant's has the object's name, object's type and its Registrant's
organization ID as its attributes. The abstract type called organization ID as its attributes. The abstract type called
ObjKeyType is where this unique identity is housed. Any concrete ObjKeyType is where this unique identity is housed. Any concrete
representation of the ObjKeyType MUST contain the following: representation of the ObjKeyType MUST contain the following:
Object Name: The name of the object. Object Name: The name of the object.
Registrant Id: The unique organization ID that identifies the Registrant Id: The unique organization ID that identifies the
Registrant. Registrant.
Type: The value that represents the type of SPPF object that. Type: The value that represents the type of SPPF object that.
This is required as different types of objects in SPPF, that This is required as different types of objects in SPPF, that
belong to the same registrant, can have the same name. belong to the same Registrant, can have the same name.
The structure of abstract ObjKeyType is as follows: The structure of abstract ObjKeyType is as follows:
<complexType name="ObjKeyType" abstract="true"> <complexType name="ObjKeyType" abstract="true">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents the ---- Generic type that represents the
key for various objects in SPPF. ---- key for various objects in SPPF. ----
</documentation> </documentation>
</annotation> </annotation>
</complexType> </complexType>
5.2.2. Derived Object Key Types 5.2.2. Derived Object Key Types
The SPPF data model contains certain objects that are uniquely The SPPF data model contains certain objects that are uniquely
identified by attributes, different from or in addition to, the identified by attributes, different from or in addition to, the
attributes in the generic object key described in previous section. attributes in the generic object key described in previous section.
These kind of object keys are derived from the abstract ObjKeyType These kind of object keys are derived from the abstract ObjKeyType
and defined in there own abstract key types. Because these object and defined in there own abstract key types. Because these object
key types are abstract, these MUST be specified in a concrete form in key types are abstract, these MUST be specified in a concrete form in
any conforming SPPF "protocol" specification. These are used in any SPPF conforming transport protocol specification. These are used
Delete and Get operations, and may also be used in Accept and Reject in Delete and Get operations, and may also be used in Accept and
operations. Reject operations.
Following are the derived object keys in SPPF data model: Following are the derived object keys in SPPF data model:
o SedGrpOfferKeyType: This uniquely identifies a SED Group object o SedGrpOfferKeyType: This uniquely identifies a SED Group object
offer. This key type extends from ObjKeyType and MUST also have offer. This key type extends from ObjKeyType and MUST also have
the organization ID of the Registrant to whom the object is the organization ID of the Registrant to whom the object is
being offered, as one of its attributes. In addition to the being offered, as one of its attributes. In addition to the
Delete and Get operations, these key types are used in Accept Delete and Get operations, these key types are used in Accept
and Reject operations on a SED Group Offer object. The and Reject operations on a SED Group Offer object. The
structure of abstract SedGrpOfferKeyType is as follows: structure of abstract SedGrpOfferKeyType is as follows:
skipping to change at page 18, line 31 skipping to change at page 19, line 31
A SED Group Offer object MUST use SedGrpOfferKeyType. Refer the A SED Group Offer object MUST use SedGrpOfferKeyType. Refer the
"Framework Data Model Objects" section of this document for "Framework Data Model Objects" section of this document for
description of SED Group Offer object. description of SED Group Offer object.
o PubIdKeyType: This uniquely identifies a Public Identity object. o PubIdKeyType: This uniquely identifies a Public Identity object.
This key type extends from abstract ObjKeyType. Any concrete This key type extends from abstract ObjKeyType. Any concrete
definition of PubIdKeyType MUST contain the elements that definition of PubIdKeyType MUST contain the elements that
identify the value and type of Public Identity and also contain identify the value and type of Public Identity and also contain
the organization ID of the Registrant that is the owner of the the organization ID of the Registrant that is the owner of the
Public Identity object. A Public Identity object key in SPPF is Public Identity object. A Public Identity object key in SPPF is
uniquely identified by the the registrant's organization ID, the uniquely identified by the the Registrant's organization ID, the
value of the public identity, and, optionally, the Destination value of the public identity, and, optionally, the Destination
Group name the public identity belongs to. Consequently, any Group name the public identity belongs to. Consequently, any
concrete representation of the PubIdKeyType MUST contain the concrete representation of the PubIdKeyType MUST contain the
following attributes: following attributes:
* Registrant Id: The unique organization ID that identifies * Registrant Id: The unique organization ID that identifies
the Registrant. the Registrant.
* Destination Group name: The name of the Destination Group * Destination Group name: The name of the Destination Group
the Public Identity is associated with. This is an the Public Identity is associated with. This is an
optional attribute. optional attribute.
* Type: The type of Public Identity. * Type: The type of Public Identity.
* Value: The value of the Public Identity. * Value: The value of the Public Identity.
The .PubIdKeyType is used in Delete and Get operations on a The PubIdKeyType is used in Delete and Get operations on a
Public Identifier object. Public Identifier object.
o The structure of abstract PubIdKeyType is as follows: o The structure of abstract PubIdKeyType is as follows:
<complexType name="PubIdKeyType" abstract="true"> <complexType name="PubIdKeyType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:ObjKeyType"> <extension base="sppfb:ObjKeyType">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents the key for a Pub Id. ---- ---- Generic type that represents the key for a Pub Id. ----
</documentation> </documentation>
</annotation> </annotation>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
A Public Identity object MUST use attributes of PubIdKeyType for its A Public Identity object MUST use attributes of PubIdKeyType for its
unique identification . Refer the "Framework Data Model Objects" unique identification . Refer to Section 6 for a description of
section of this document for a description of Public Identity object. Public Identity object.
5.3. Response Message Types 5.3. Response Message Types
This section contains the listing of response types that MUST be This section contains the listing of response types that MUST be
defined by the conforming "protocol" specification and implemented by defined by the SPPF conforming transport protocol specification and
a conforming SPPF server. implemented by a conforming SPPF server.
+---------------------+---------------------------------------------+ +---------------------+---------------------------------------------+
| Response Type | Description | | Response Type | Description |
+---------------------+---------------------------------------------+ +---------------------+---------------------------------------------+
| Request Succeeded | Any conforming specification MUST define a | | Request Succeeded | Any conforming specification MUST define a |
| | response to indicate that a given request | | | response to indicate that a given request |
| | succeeded. | | | succeeded. |
| | | | | |
| Request syntax | Any conforming specification MUST define a | | Request syntax | Any conforming specification MUST define a |
| invalid | response to indicate that a syntax of a | | invalid | response to indicate that a syntax of a |
skipping to change at page 21, line 17 skipping to change at page 22, line 17
adhere to the following rules: adhere to the following rules:
o Any value provided for the Attribute Name parameter MUST be an o Any value provided for the Attribute Name parameter MUST be an
exact XSD element name of the protocol data element that the exact XSD element name of the protocol data element that the
response message is referring to. For example, valid values for response message is referring to. For example, valid values for
"attribute name" are "dgName", "sedGrpName", "sedRec", etc. "attribute name" are "dgName", "sedGrpName", "sedRec", etc.
o The value for Attribute Value MUST be the value of the data o The value for Attribute Value MUST be the value of the data
element to which the preceding Attribute Name refers. element to which the preceding Attribute Name refers.
o Response type "Attribute value invalid" SHOULD be used whenever o Response type "Attribute value invalid" MUST be used whenever an
an element value does not adhere to data validation rules. element value does not adhere to data validation rules.
o Response types "Attribute value invalid" and "Object does not o Response types "Attribute value invalid" and "Object does not
exist" MUST NOT be used interchangeably. Response type "Object exist" MUST not be used interchangeably. Response type "Object
does not exist" SHOULD be returned by an Add/Del/Accept/Reject does not exist" MUST be returned by an Update/Del/Accept/Reject
operation when the data element(s) used to uniquely identify a operation when the data element(s) used to uniquely identify a
pre-existing object do not exist. If the data elements used to pre-existing object do not exist. If the data elements used to
uniquely identify an object are malformed, then response type uniquely identify an object are malformed, then response type
"Attribute value invalid" SHOULD be returned. "Attribute value invalid" MUST be returned.
6. Framework Data Model Objects 6. Framework Data Model Objects
This section provides a description of the specification of each This section provides a description of the specification of each
supported data model object (the nouns) and identifies the commands supported data model object (the nouns) and identifies the commands
(the verbs) that MUST be supported for each data model object. (the verbs) that MUST be supported for each data model object.
However, the specification of the data structures necessary to However, the specification of the data structures necessary to
support each command is delegated to the "protocol" specification. support each command is delegated to an SPPF conforming transport
protocol specification.
6.1. Destination Group 6.1. Destination Group
As described in the introductory sections, a Destination Group Destination Group represents a set of Public Identifiers with common
represents a set of Public Identifiers with common session session establishment information. The transport protocol MUST
establishment information. The transport protocol MUST support the support the ability to Create, Modify, Get, and Delete Destination
ability to Create, Modify, Get, and Delete Destination Groups (refer Groups (refer the "Framework Operations" section of this document for
the "Framework Operations" section of this document for a generic a generic description of various operations).
description of various operations).
A Destination Group object MUST be uniquely identified by attributes A Destination Group object MUST be uniquely identified by attributes
as defined in the description of "ObjKeyType" in the section "Generic as defined in the description of "ObjKeyType" in the section "Generic
Object Key Type" of this document. Object Key Type" of this document.
The DestGrpType object structure is defined as follows: The DestGrpType object structure is defined as follows:
<complexType name="DestGrpType"> <complexType name="DestGrpType">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="dgName" type="sppfb:ObjNameType"/> <element name="dgName" type="sppfb:ObjNameType"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
The DestGrpType object is composed of the following elements: The DestGrpType object is composed of the following elements:
o base: All first class objects extend BasicObjType that contains o base: All first class objects extend BasicObjType (see
the ID of the registrant organization that owns this object, Section 5.1).
registrar organization that provisioned this object on behalf of
the registrant, the date and time that the object was created by
the server, and the date and time that the object was last
modified. If the client passed in either the created date or
the modification date, the server will ignore them. The server
sets these two date/time values.
o dgName: The character string that contains the name of the o dgName: The character string that contains the name of the
Destination Group. Destination Group.
o ext: Point of extensibility described in a previous section of o ext: Point of extensibility described in Section 3.3.
this document.
6.2. Public Identifier 6.2. Public Identifier
A Public Identifier is the search key used for locating the session A Public Identifier is the search key used for locating the session
establishment data (SED). In many cases, a Public Identifier is establishment data (SED). In many cases, a Public Identifier is
attributed to the end user who has a retail relationship with the attributed to the end user who has a retail relationship with the
service provider or registrant organization. SPPF supports the service provider or Registrant organization. SPPF supports the
notion of the carrier-of-record as defined in [RFC5067]. Therefore, notion of the carrier-of-record as defined in [RFC5067]. Therefore,
the registrant under whom the Public Identity is being created can the Registrant under whom the Public Identity is being created can
optionally claim to be a carrier-of-record. optionally claim to be a carrier-of-record.
SPPF identifies three types of Public Identifiers: telephone numbers SPPF identifies three types of Public Identifiers: telephone numbers
(TN), routing numbers (RN), and URI type of Public Identifiers (like (TN), routing numbers (RN), and URI type of Public Identifiers. SPPF
an email address). SPPF provides structures to manage a single TN, a provides structures to manage a single TN, a contiguous range of TNs,
contiguous range of TNs, and a TN prefix. The transport protocol and a TN prefix. The transport protocol MUST support the ability to
MUST support the ability to Create, Modify, Get, and Delete Public Create, Modify, Get, and Delete Public Identifiers (refer the
Identifiers (refer the "Framework Operations" section of this "Framework Operations" section of this document for a generic
document for a generic description of various operations). description of various operations).
A Public Identity object MUST be uniquely identified by attributes as A Public Identity object MUST be uniquely identified by attributes as
defined in the description of "PubIdKeyType" in the section "Derived defined in the description of "PubIdKeyType" in the section
Object Key Types" of this document. Section 5.2.2.
The abstract XML schema type definition PubIDType is a generalization The abstract XML schema type definition PubIDType is a generalization
for the concrete Public Identifier schema types. PubIDType element for the concrete Public Identifier schema types. PubIDType element
'dgName' represents the name of the destination group that a given 'dgName' represents the name of the destination group that a given
Public Identifier MAY be a member of. The PubIDType object structure Public Identifier may be a member of. The PubIDType object structure
is defined as follows: is defined as follows:
<complexType name="PubIdType" abstract="true"> <complexType name="PubIdType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="dgName" type="sppfb:ObjNameType" minOccurs="0"/> <element name="dgName" type="sppfb:ObjNameType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
skipping to change at page 24, line 16 skipping to change at page 25, line 14
A telephone number is provisioned using the TNType, an extension of A telephone number is provisioned using the TNType, an extension of
PubIDType. When a Public Identifier is provisioned as a member of a PubIDType. When a Public Identifier is provisioned as a member of a
Destination Group, each TNType object is uniquely identified by the Destination Group, each TNType object is uniquely identified by the
combination of its value contained within <tn> element, and the combination of its value contained within <tn> element, and the
unique key of its parent Destination Group (dgName and rantId). In unique key of its parent Destination Group (dgName and rantId). In
other words a given telephone number string may exist within one or other words a given telephone number string may exist within one or
more Destination Groups, but must not exist more than once within a more Destination Groups, but must not exist more than once within a
Destination Group. A Public Identifier that is not provisioned as a Destination Group. A Public Identifier that is not provisioned as a
member of a Destination Group is uniquely identified by the member of a Destination Group is uniquely identified by the
combination of its value, and its registrant ID. TNType is defined combination of its value, and its Registrant ID. TNType is defined
as follows: as follows:
<complexType name="TNType"> <complexType name="TNType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="tn" type="sppfb:NumberValType"/> <element name="tn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
<element name="sedRecRef" type="sppfb:SedRecRefType" <element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
<complexType name="CORInfoType">
<sequence>
<element name="corClaim" type="boolean" default="true"/>
<element name="cor" type="boolean" default="false" minOccurs="0"/>
<element name="corDate" type="dateTime" minOccurs="0"/>
</sequence>
</complexType>
<simpleType name="NumberValType"> <simpleType name="NumberValType">
<restriction base="token"> <restriction base="token">
<maxLength value="20"/> <maxLength value="20"/>
<pattern value="\+?\d\d*"/> <pattern value="\+?\d\d*"/>
</restriction> </restriction>
</simpleType> </simpleType>
TNType consists of the following attributes: TNType consists of the following attributes:
o tn: Telephone number to be added to the registry. o tn: Telephone number to be added to the Registry.
o sedRecRef: Optional reference to SED records that are directly o sedRecRef: Optional reference to SED records that are directly
associated with the TN Public Identifier. Following the SPPF associated with the TN Public Identifier. Following the SPPF
data model, the SED record could be a protocol agnostic URIType data model, the SED record could be a protocol agnostic URIType
or another type. or another type.
o corInfo: corInfo is an optional parameter of type CORInfoType o corInfo: corInfo is an optional parameter of type CORInfoType
that allows the registrant organization to set forth a claim to that allows the Registrant organization to set forth a claim to
be the carrier-of-record (see [RFC5067]). This is done by be the carrier-of-record (see [RFC5067]). This is done by
setting the value of <corClaim> element of the CORInfoType setting the value of <corClaim> element of the CORInfoType
object structure to "true". The other two parameters of the object structure to "true". The other two parameters of the
CORInfoType, <cor> and <corDate> are set by the registry to CORInfoType, <cor> and <corDate> are set by the Registry to
describe the outcome of the carrier-of-record claim by the describe the outcome of the carrier-of-record claim by the
registrant. In general, inclusion of <corInfo> parameter is Registrant. In general, inclusion of <corInfo> parameter is
useful if the registry has the authority information, such as, useful if the Registry has the authority information, such as,
the number portability data, etc., in order to qualify whether the number portability data, etc., in order to qualify whether
the registrant claim can be satisfied. If the carrier-of-record the Registrant claim can be satisfied. If the carrier-of-record
claim disagrees with the authority data in the registry, whether claim disagrees with the authority data in the Registry, whether
the TN add operation fails or not is a matter of policy and it the TN add operation fails or not is a matter of policy and it
is beyond the scope of this document. is beyond the scope of this document.
A routing number is provisioned using the RNType, an extension of A routing number is provisioned using the RNType, an extension of
PubIDType. SSPs that possess the number portability data may be able PubIDType. The Registrant organization can add the RN and associate
to leverage the RN search key to discover the ingress routes for it with the appropriate destination group to share the route
session establishment. Therefore, the registrant organization can information. This allows SSPs to use the RN search key to derive the
add the RN and associate it with the appropriate destination group to ingress routes for session establishment at the runtime resolution
share the route information. Each RNType object is uniquely process (see [RFC3761]. Each RNType object is uniquely identified by
identified by the combination of its value inside the <rn> element, the combination of its value inside the <rn> element, and the unique
and the unique key of its parent Destination Group (dgName and key of its parent Destination Group (dgName and rantId). In other
rantId). In other words a given routing number string may exist words a given routing number string may exist within one or more
within one or more Destination Groups, but must not exist more than Destination Groups, but must not exist more than once within a
once within a Destination Group. RNType is defined as follows: Destination Group. RNType is defined as follows:
<complexType name="RNType"> <complexType name="RNType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="rn" type="sppfb:NumberValType"/> <element name="rn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
RNType has the following attributes: RNType has the following attributes:
o rn: Routing Number used as the search key. o rn: Routing Number used as the search key.
o corInfo: Optional <corInfo> element of type CORInfoType. o corInfo: corInfo is an optional parameter of type CORInfoType
that allows the Registrant organization to set forth a claim to
be the carrier-of-record (see [RFC5067])
TNRType structure is used to provision a contiguous range of TNRType structure is used to provision a contiguous range of
telephone numbers. The object definition requires a starting TN and telephone numbers. The object definition requires a starting TN and
an ending TN that together define the span of the TN range. Use of an ending TN that together define the span of the TN range. Use of
TNRType is particularly useful when expressing a TN range that does TNRType is particularly useful when expressing a TN range that does
not include all the TNs within a TN block or prefix. The TNRType not include all the TNs within a TN block or prefix. The TNRType
definition accommodates the open number plan as well such that the definition accommodates the open number plan as well such that the
TNs that fall between the start and end TN range may include TNs with TNs that fall between the start and end TN range may include TNs with
different length variance. Whether the registry can accommodate the different length variance. Whether the Registry can accommodate the
open number plan semantics is a matter of policy and is beyond the open number plan semantics is a matter of policy and is beyond the
scope of this document. Each TNRType object is uniquely identified scope of this document. Each TNRType object is uniquely identified
by the combination of its value that in turn is a combination of the by the combination of its value that in turn is a combination of the
<startTn> and <endTn> elements, and the unique key of its parent <startTn> and <endTn> elements, and the unique key of its parent
Destination Group (dgName and rantId). In other words a given TN Destination Group (dgName and rantId). In other words a given TN
Range may exist within one or more Destination Groups, but must not Range may exist within one or more Destination Groups, but must not
exist more than once within a Destination Group. TNRType object exist more than once within a Destination Group. TNRType object
structure definition is as follows: structure definition is as follows:
<complexType name="TNRType"> <complexType name="TNRType">
skipping to change at page 26, line 40 skipping to change at page 27, line 47
<element name="endTn" type="sppfb:NumberValType"/> <element name="endTn" type="sppfb:NumberValType"/>
</sequence> </sequence>
</complexType> </complexType>
TNRType has the following attributes: TNRType has the following attributes:
o startTn: Starting TN in the TN range o startTn: Starting TN in the TN range
o endTn: The last TN in the TN range o endTn: The last TN in the TN range
o corInfo: Optional <corInfo> element of type CORInfoType o corInfo: corInfo is an optional parameter of type CORInfoType
that allows the Registrant organization to set forth a claim to
be the carrier-of-record (see [RFC5067])
In some cases, it is useful to describe a set of TNs with the help of In some cases, it is useful to describe a set of TNs with the help of
the first few digits of the telephone number, also referred to as the the first few digits of the telephone number, also referred to as the
telephone number prefix or a block. A given TN prefix may include telephone number prefix or a block. A given TN prefix may include
TNs with different length variance in support of open number plan. TNs with different length variance in support of open number plan.
Once again, whether the registry supports the open number plan Once again, whether the Registry supports the open number plan
semantics is a matter of policy and it is beyond the scope of this semantics is a matter of policy and it is beyond the scope of this
document. The TNPType data structure is used to provision a TN document. The TNPType data structure is used to provision a TN
prefix. Each TNPType object is uniquely identified by the prefix. Each TNPType object is uniquely identified by the
combination of its value in the <tnPrefix> element, and the unique combination of its value in the <tnPrefix> element, and the unique
key of its parent Destination Group (dgName and rantId). TNPType is key of its parent Destination Group (dgName and rantId). TNPType is
defined as follows: defined as follows:
<complexType name="TNPType"> <complexType name="TNPType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
skipping to change at page 27, line 22 skipping to change at page 28, line 32
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
TNPType consists of the following attributes: TNPType consists of the following attributes:
o tnPrefix: The telephone number prefix o tnPrefix: The telephone number prefix
o corInfo: Optional <corInfo> element of type CORInfoType. o corInfo: corInfo is an optional parameter of type CORInfoType
that allows the Registrant organization to set forth a claim to
be the carrier-of-record (see [RFC5067])
In some cases, a Public Identifier may be a URI, such as an email In some cases, a Public Identifier may be a URI, such as an email
address. The URIPubIdType object is comprised of the data element address. The URIPubIdType object is comprised of the data element
necessary to house such Public Identifiers. Each URIPubIdType object necessary to house such Public Identifiers. Each URIPubIdType object
is uniquely identified by the combination of its value in the <uri> is uniquely identified by the combination of its value in the <uri>
element, and the unique key of its parent Destination Group (dgName element, and the unique key of its parent Destination Group (dgName
and rantId). URIPubIdType is defined as follows: and rantId). URIPubIdType is defined as follows:
<complexType name="URIPubIdType"> <complexType name="URIPubIdType">
<complexContent> <complexContent>
skipping to change at page 27, line 46 skipping to change at page 29, line 20
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
URIPubIdType consists of the following attributes: URIPubIdType consists of the following attributes:
o uri: The value that acts a Public Identifier. o uri: The value that acts a Public Identifier.
o ext: Point of extensibility. o ext: Point of extensibility described in Section 3.3.
6.3. SED Group 6.3. SED Group
As described in the introductory sections, a SED Group represents a SED Group is a grouping of one or more Destination Group, the common
combined grouping of Destination Groups containing a set of Public SED Records, and the list of peer organizations with access to the
Identifiers with common Session Establishment Data(SED), The common SED Records associated with a given SED Group. It is this indirect
Session Establishment Data Records, and the list of peer linking of public identifiers to their Session Establishment Data
organizations that have access to these public identifiers using the that significantly improves the scalability and manageability of the
associated SED information. It is this indirect linking of public peering data. Additions and changes to SED information are reduced
identifiers to their Session Establishment Data that significantly to a single operation on a SED Group or SED Record , rather than
improves the scalability and manageability of the peering data. millions of data updates to individual public identifier records that
Additions and changes to SED information are reduced to a single individually contain their peering data. The transport protocol MUST
operation on a SED Group or SED Record , rather than millions of data support the ability to Create, Modify, Get, and Delete SED Groups
updates to individual public identifier records that individually (refer the "Framework Operations" section of this document for a
contain their peering data. The transport protocol MUST support the generic description of various operations).
ability to Create, Modify, Get, and Delete SED Groups (refer the
"Framework Operations" section of this document for a generic
description of various operations).
A SED Group object MUST be uniquely identified by attributes as A SED Group object MUST be uniquely identified by attributes as
defined in the description of "ObjKeyType" in the section "Generic defined in the description of "ObjKeyType" in the section "Generic
Object Key Type" of this document. Object Key Type" of this document.
The SedGrpType object structure is defined as follows: The SedGrpType object structure is defined as follows:
<complexType name="SedGrpType"> <complexType name="SedGrpType">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
skipping to change at page 29, line 36 skipping to change at page 30, line 36
<complexType name="SedRecRefType"> <complexType name="SedRecRefType">
<sequence> <sequence>
<element name="sedKey" type="sppfb:ObjKeyType"/> <element name="sedKey" type="sppfb:ObjKeyType"/>
<element name="priority" type="unsignedShort"/> <element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</complexType> </complexType>
The SedGrpType object is composed of the following elements: The SedGrpType object is composed of the following elements:
o base: All first class objects extend BasicObjType that contains o base: All first class objects extend BasicObjType (see
the ID of the registrant organization that owns this object, the Section 5.1).
date and time that the object was created by the server, and the
date and time that the object was last modified. If the client
passes in either the created date or the modification date, the
server will ignore them. The server sets these two date/time
values.
o sedGrpName: The character string that contains the name of the o sedGrpName: The character string that contains the name of the
SED Group. It uniquely identifies this object within the SED Group. It uniquely identifies this object within the
context of the registrant ID (a child element of the base context of the Registrant ID (a child element of the base
element as described above). element as described above).
o sedRecRef: Set of zero or more objects of type SedRecRefType o sedRecRef: Set of zero or more objects of type SedRecRefType
that house the unique keys of the SED Records (containing the that house the unique keys of the SED Records (containing the
session establishment data) that the SedGrpType object refers to session establishment data) that the SedGrpType object refers to
and their relative priority within the context of this SED and their relative priority within the context of this SED
Group. Group.
o dgName: Set of zero or more names of DestGrpType object o dgName: Set of zero or more names of DestGrpType object
instances. Each dgName name, in association with this SED instances. Each dgName name, in association with this SED
Group's registrant ID, uniquely identifies a DestGrpType object Group's Registrant ID, uniquely identifies a DestGrpType object
instance whose public identifiers are reachable using the instance whose public identifiers are reachable using the
session establishment information housed in this SED Group. An session establishment information housed in this SED Group. An
intended side affect of this is that a SED Group cannot provide intended side affect of this is that a SED Group cannot provide
session establishment information for a Destination Group session establishment information for a Destination Group
belonging to another registrant. belonging to another Registrant.
o peeringOrg: Set of zero or more peering organization IDs that o peeringOrg: Set of zero or more peering organization IDs that
have accepted an offer to receive this SED Group's information. have accepted an offer to receive this SED Group's information.
The set of peering organizations in this list is not directly Note that this identifier "peeringOrg" is an instance of
settable or modifiable using the addSedGrpsRqst operation. This OrgIdType. The set of peering organizations in this list is not
set is instead controlled using the SED offer and accept directly settable or modifiable using the addSedGrpsRqst
operations. operation. This set is instead controlled using the SED offer
and accept operations.
o sourceIdent: Set of zero or more SourceIdentType object o sourceIdent: Set of zero or more SourceIdentType object
instances. These objects, described further below, house the instances. These objects, described further below, house the
source identification schemes and identifiers that are applied source identification schemes and identifiers that are applied
at resolution time as part of source based routing algorithms at resolution time as part of source based routing algorithms
for the SED Group. for the SED Group.
o isInSvc: A boolean element that defines whether this SED Group o isInSvc: A boolean element that defines whether this SED Group
is in service. The session establishment information contained is in service. The session establishment information contained
in a SED Group that is in service is a candidate for inclusion in a SED Group that is in service is a candidate for inclusion
skipping to change at page 30, line 42 skipping to change at page 31, line 38
Destination Group associated with this SED Group. The session Destination Group associated with this SED Group. The session
establishment information contained in a SED Group that is not establishment information contained in a SED Group that is not
in service is not a candidate for inclusion in resolution in service is not a candidate for inclusion in resolution
responses. responses.
o priority: Zero or one priority value that can be used to provide o priority: Zero or one priority value that can be used to provide
a relative value weighting of one SED Group over another. The a relative value weighting of one SED Group over another. The
manner in which this value is used, perhaps in conjunction with manner in which this value is used, perhaps in conjunction with
other factors, is a matter of policy. other factors, is a matter of policy.
o ext: Point of extensibility described in a previous section of o ext: Point of extensibility described in Section 3.3.
this document.
As described above, the SED Group contains a set of references to SED As described above, the SED Group contains a set of references to SED
record objects. A SED record object is based on an abstract type: record objects. A SED record object is based on an abstract type:
SedRecType. The concrete types that use SedRecType as an extension SedRecType. The concrete types that use SedRecType as an extension
base are NAPTRType, NSType, and URIType. The definitions of these base are NAPTRType, NSType, and URIType. The definitions of these
types are included the SED Record section of this document. types are included the SED Record section of this document.
The SedGrpType object provides support for source-based routing via The SedGrpType object provides support for source-based routing via
the peeringOrg data element and more granular source base routing via the peeringOrg data element and more granular source base routing via
the source identity element. The source identity element provides the source identity element. The source identity element provides
skipping to change at page 32, line 5 skipping to change at page 32, line 47
elements: elements:
o sourceIdentScheme: The source identification scheme that this o sourceIdentScheme: The source identification scheme that this
source identification criteria applies to and that the source identification criteria applies to and that the
associated sourceIdentRegex should be matched against. associated sourceIdentRegex should be matched against.
o sourceIdentRegex: The regular expression that should be used to o sourceIdentRegex: The regular expression that should be used to
test for a match against the portion of the resolution request test for a match against the portion of the resolution request
that is dictated by the associated sourceIdentScheme. that is dictated by the associated sourceIdentScheme.
o ext: Point of extensibility described in a previous section of o ext: Point of extensibility described in Section 3.3.
this document.
6.4. SED Record 6.4. SED Record
As described in the introductory sections, a SED Group represents a SED Group represents a combined grouping of SED Records that define
combined grouping of SED Records that define session establishment session establishment information. However, SED Records need not be
information. However, SED Records need not be created to just serve created to just serve a single SED Group. SED Records can be created
a single SED Group. SED Records can be created and managed to serve and managed to serve multiple SED Groups. As a result, a change for
multiple SED Groups. As a result, a change for example to the example to the properties of a network node used for multiple routes,
properties of a network node used for multiple routes, would would necessitate just a single update operation to change the
necessitate just a single update operation to change the properties properties of that node. The change would then be reflected in all
of that node. The change would then be reflected in all the SED the SED Groups whose SED record set contains a reference to that
Groups whose SED record set contains a reference to that node. The node. The transport protocol MUST support the ability to Create,
transport protocol MUST support the ability to Create, Modify, Get, Modify, Get, and Delete SED Records (refer the "Framework Operations"
and Delete SED Records (refer the "Framework Operations" section of section of this document for a generic description of various
this document for a generic description of various operations). operations).
A SED Record object MUST be uniquely identified by attributes as A SED Record object MUST be uniquely identified by attributes as
defined in the description of "ObjKeyType" in the section "Generic defined in the description of "ObjKeyType" in the section "Generic
Object Key Type" of this document. Object Key Type" of this document.
The SedRecType object structure is defined as follows: The SedRecType object structure is defined as follows:
<complexType name="SedRecType" abstract="true"> <complexType name="SedRecType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
skipping to change at page 33, line 5 skipping to change at page 33, line 49
<simpleType name="SedFunctionType"> <simpleType name="SedFunctionType">
<restriction base="token"> <restriction base="token">
<enumeration value="routing"/> <enumeration value="routing"/>
<enumeration value="lookup"/> <enumeration value="lookup"/>
</restriction> </restriction>
</simpleType> </simpleType>
The SedRecType object is composed of the following elements: The SedRecType object is composed of the following elements:
o base: All first class objects extend BasicObjType that contains o base: All first class objects extend BasicObjType (see
the ID of the registrant organization that owns this object, the Section 5.1).
date and time that the object was created by the server, and the
date and time that the object was last modified. If the client
passes in either the created date or the modification date, the
server will ignore them. The server sets these two date/time
values.
o sedName: The character string that contains the name of the SED o sedName: The character string that contains the name of the SED
Record. It uniquely identifies this object within the context Record. It uniquely identifies this object within the context
of the registrant ID (a child element of the base element as of the Registrant ID (a child element of the base element as
described above). described above).
o sedFunction: As described in [RFC6461], SED or Session o sedFunction: As described in [RFC6461], SED or Session
Establishment Data falls primarily into one of two categories or Establishment Data falls primarily into one of two categories or
functions, LUF and LRF. To remove any ambiguity as to the functions, LUF and LRF. To remove any ambiguity as to the
function a SED record is intended to provide, this optional function a SED record is intended to provide, this optional
element allows the provisioning party to make his or her element allows the provisioning party to make his or her
intentions explicit. intentions explicit.
o isInSvc: A boolean element that defines whether this SED Record o isInSvc: A boolean element that defines whether this SED Record
skipping to change at page 33, line 40 skipping to change at page 34, line 32
Identities residing in a Destination Group that is associated to Identities residing in a Destination Group that is associated to
a SED Group which in turn has an association to this SED Record. a SED Group which in turn has an association to this SED Record.
o ttl: Number of seconds that an addressing server may cache a o ttl: Number of seconds that an addressing server may cache a
particular SED Record. particular SED Record.
As described above, SED records are based on an abstract type: As described above, SED records are based on an abstract type:
SedRecType. The concrete types that use SedRecType as an extension SedRecType. The concrete types that use SedRecType as an extension
base are NAPTRType, NSType, and URIType. The definitions of these base are NAPTRType, NSType, and URIType. The definitions of these
types are included below. The NAPTRType object is comprised of the types are included below. The NAPTRType object is comprised of the
data elements necessary for a NAPTR that contains routing information data elements necessary for a NAPTR (see [RFC3403]that contains
for a SED Group. The NSType object is comprised of the data elements routing information for a SED Group. The NSType object is comprised
necessary for a DNS name server that points to another DNS server of the data elements necessary for a DNS name server that points to
that contains the desired routing information. The NSType is another DNS server that contains the desired routing information.
relevant only when the resolution protocol is ENUM. The URIType The NSType is relevant only when the resolution protocol is ENUM (see
object is comprised of the data elements necessary to house a URI. [RFC3761]). The URIType object is comprised of the data elements
necessary to house a URI.
The data provisioned in a registry can be leveraged for many purposes The data provisioned in a Registry can be leveraged for many purposes
and queried using various protocols including SIP, ENUM and others. and queried using various protocols including SIP, ENUM and others.
As such, the resolution data represented by the SedRecords must be in As such, the resolution data represented by the Sed records must be
a form suitable for transport using one of these protocols. In the in a form suitable for transport using one of these protocols. In
NPATRType for example, if the URI is associated with a destination the NPATRType for example, if the URI is associated with a
group, the user part of the replacement string <uri> that may require destination group, the user part of the replacement string <uri> that
the Public Identifier cannot be preset. As a SIP Redirect, the may require the Public Identifier cannot be preset. As a SIP
resolution server will apply <ere> pattern on the input Public Redirect, the resolution server will apply <ere> pattern on the input
Identifier in the query and process the replacement string by Public Identifier in the query and process the replacement string by
substituting any back reference(s) in the <uri> to arrive at the substituting any back reference(s) in the <uri> to arrive at the
final URI that is returned in the SIP Contact header. For an ENUM final URI that is returned in the SIP Contact header. For an ENUM
query, the resolution server will simply return the values of the query, the resolution server will simply return the values of the
<ere> and <uri> members of the URI. <ere> and <uri> members of the URI.
<complexType name="NAPTRType"> <complexType name="NAPTRType">
<complexContent> <complexContent>
<extension base="sppfb:SedRecType"> <extension base="sppfb:SedRecType">
<sequence> <sequence>
<element name="order" type="unsignedShort"/> <element name="order" type="unsignedShort"/>
skipping to change at page 35, line 43 skipping to change at page 36, line 34
value must be of the form specified in [RFC6116] (e.g., E2U+ value must be of the form specified in [RFC6116] (e.g., E2U+
pstn:sip+sip). The allowable values are a matter of policy and pstn:sip+sip). The allowable values are a matter of policy and
not limited by this protocol. not limited by this protocol.
o regx: NAPTR's regular expression field. If this is not included o regx: NAPTR's regular expression field. If this is not included
then the Repl field must be included. then the Repl field must be included.
o repl: NAPTR replacement field, should only be provided if the o repl: NAPTR replacement field, should only be provided if the
Regex field is not provided, otherwise the server will ignore it Regex field is not provided, otherwise the server will ignore it
o ext: Point of extensibility described in a previous section of o ext: Point of extensibility described in Section 3.3.
this document.
The NSType object is composed of the following elements: The NSType object is composed of the following elements:
o hostName: Fully qualified host name of the name server. o hostName: Root-relative host name of the name server.
o ipAddr: Zero or more objects of type IpAddrType. Each object o ipAddr: Zero or more objects of type IpAddrType. Each object
holds an IP Address and the IP Address type, IPv4 or IP v6. holds an IP Address and the IP Address type, IPv4 or IP v6.
o ext: Point of extensibility described in a previous section of o ext: Point of extensibility described in Section 3.3.
this document.
The URIType object is composed of the following elements: The URIType object is composed of the following elements:
o ere: The POSIX Extended Regular Expression (ere) as defined in o ere: The POSIX Extended Regular Expression (ere) as defined in
[RFC3986]. [RFC3986].
o uri: the URI as defined in [RFC3986]. In some cases, this will o uri: the URI as defined in [RFC3986]. In some cases, this will
serve as the replacement string and it will be left to the serve as the replacement string and it will be left to the
resolution server to arrive at the final usable URI. resolution server to arrive at the final usable URI.
6.5. SED Group Offer 6.5. SED Group Offer
The list of peer organizations whose resolution responses can include The list of peer organizations whose resolution responses can include
the session establishment information contained in a given SED Group the session establishment information contained in a given SED Group
is controlled by the organization to which a SED Group object belongs is controlled by the organization to which a SED Group object belongs
(its registrant), and the peer organization that submits resolution (its Registrant), and the peer organization that submits resolution
requests (a data recipient, also know as a peering organization). requests (a data recipient, also know as a peering organization).
The registrant offers access to a SED Group by submitting a SED Group The Registrant offers access to a SED Group by submitting a SED Group
Offer. The data recipient can then accept or reject that offer. Not Offer. The data recipient can then accept or reject that offer. Not
until access to a SED Group has been offered and accepted will the until access to a SED Group has been offered and accepted will the
data recipient's organization ID be included in the peeringOrg list data recipient's organization ID be included in the peeringOrg list
in a SED Group object, and that SED Group's peering information in a SED Group object, and that SED Group's peering information
become a candidate for inclusion in the responses to the resolution become a candidate for inclusion in the responses to the resolution
requests submitted by that data recipient. The transport protocol requests submitted by that data recipient. The transport protocol
MUST support the ability to Create, Modify, Get, Delete, Accept and MUST support the ability to Create, Modify, Get, Delete, Accept and
Reject SED Group Offers (refer the "Framework Operations" section of Reject SED Group Offers (refer the "Framework Operations" section of
this document for a generic description of various operations). this document for a generic description of various operations).
skipping to change at page 37, line 37 skipping to change at page 38, line 37
<simpleType name="SedGrpOfferStatusType"> <simpleType name="SedGrpOfferStatusType">
<restriction base="token"> <restriction base="token">
<enumeration value="offered"/> <enumeration value="offered"/>
<enumeration value="accepted"/> <enumeration value="accepted"/>
</restriction> </restriction>
</simpleType> </simpleType>
The SedGrpOfferType object is composed of the following elements: The SedGrpOfferType object is composed of the following elements:
o base: All first class objects extend BasicObjType that contains o base: All first class objects extend BasicObjType (see
the ID of the registrant organization that owns this object, the Section 5.1).
date and time that the object was created by the server, and the
date and time that the object was last modified. If the client
passed in either the created date or the modification date, the
will ignore them. The server sets these two date/time values.
o sedGrpOfferKey: The object that identifies the SED that is or o sedGrpOfferKey: The object that identifies the SED that is or
has been offered and the organization that it is or has been has been offered and the organization that it is or has been
offered to. offered to.
o status: The status of the offer, offered or accepted. The o status: The status of the offer, offered or accepted. The
server controls the status. It is automatically set to server controls the status. It is automatically set to
"offered" when ever a new SED Group Offer is added, and is "offered" when ever a new SED Group Offer is added, and is
automatically set to "accepted" if and when that offer is automatically set to "accepted" if and when that offer is
accepted. The value of the element is ignored when passed in by accepted. The value of the element is ignored when passed in by
skipping to change at page 38, line 15 skipping to change at page 39, line 11
o offerDateTime: Date and time in UTC when the SED Group Offer was o offerDateTime: Date and time in UTC when the SED Group Offer was
added. added.
o acceptDateTime: Date and time in UTC when the SED Group Offer o acceptDateTime: Date and time in UTC when the SED Group Offer
was accepted. was accepted.
6.6. Egress Route 6.6. Egress Route
In a high-availability environment, the originating SSP likely has In a high-availability environment, the originating SSP likely has
more than one egress paths to the ingress SBE of the target SSP. If more than one egress path to the ingress SBE of the target SSP. If
the originating SSP wants to exercise greater control and choose a the originating SSP wants to exercise greater control and choose a
specific egress SBE to be associated to the target ingress SBE, it specific egress SBE to be associated to the target ingress SBE, it
can do so using the EgrRteType object. can do so using the EgrRteType object.
A Egress Route object MUST be uniquely identified by attributes as An Egress Route object MUST be uniquely identified by attributes as
defined in the description of "ObjKeyType" in the section "Generic defined in the description of "ObjKeyType" in the section "Generic
Object Key Type" of this document. Object Key Type" of this document.
Lets assume that the target SSP has offered as part of his session Lets assume that the target SSP has offered as part of his session
establishment data, to share one or more ingress routes and that the establishment data, to share one or more ingress routes and that the
originating SSP has accepted the offer. In order to add the egress originating SSP has accepted the offer. In order to add the egress
route to the registry, the originating SSP uses a valid regular route to the Registry, the originating SSP uses a valid regular
expression to rewrite ingress route in order to include the egress expression to rewrite ingress route in order to include the egress
SBE information. Also, more than one egress route can be associated SBE information. Also, more than one egress route can be associated
with a given ingress route in support of fault-tolerant with a given ingress route in support of fault-tolerant
configurations. The supporting SPPF structure provides a way to configurations. The supporting SPPF structure provides a way to
include route precedence information to help manage traffic to more include route precedence information to help manage traffic to more
than one outbound egress SBE. than one outbound egress SBE.
The transport protocol MUST support the ability to Add, Modify, Get, The transport protocol MUST support the ability to Add, Modify, Get,
and Delete Egress Routes (refer the "Framework Operations" section of and Delete Egress Routes (refer the "Framework Operations" section of
this document for a generic description of various operations). The this document for a generic description of various operations). The
skipping to change at page 39, line 20 skipping to change at page 40, line 4
<element name="pref" type="unsignedShort"/> <element name="pref" type="unsignedShort"/>
<element name="regxRewriteRule" type="sppfb:RegexParamType"/> <element name="regxRewriteRule" type="sppfb:RegexParamType"/>
<element name="ingrSedGrp" type="sppfb:ObjKeyType" <element name="ingrSedGrp" type="sppfb:ObjKeyType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
<element name="svcs" type="sppfb:SvcType" minOccurs="0"/> <element name="svcs" type="sppfb:SvcType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
The EgrRteType object is composed of the following elements: The EgrRteType object is composed of the following elements:
o base: All first class objects extend BasicObjType that contains o base: All first class objects extend BasicObjType (see
the ID of the registrant organization that owns this object, the Section 5.1).
date and time that the object was created by the server, and the
date and time that the object was last modified. If the client
passes in either the created date or the modification date, the
server will ignore them. The server sets these two date/time
values.
o egrRteName: The name of the egress route. o egrRteName: The name of the egress route.
o pref: The preference of this egress route relative to other o pref: The preference of this egress route relative to other
egress routes that may get selected when responding to a egress routes that may get selected when responding to a
resolution request. resolution request.
o regxRewriteRule: The regular expression re-write rule that o regxRewriteRule: The regular expression re-write rule that
should be applied to the regular expression of the ingress should be applied to the regular expression of the ingress
NAPTR(s) that belong to the ingress route. NAPTR(s) that belong to the ingress route.
skipping to change at page 40, line 5 skipping to change at page 40, line 32
o svcs: ENUM service(s) that are served by an Egress Route. This o svcs: ENUM service(s) that are served by an Egress Route. This
element is used to identify the ingress NAPTRs associated with element is used to identify the ingress NAPTRs associated with
the SED Group to which an Egress Route's regxRewriteRule should the SED Group to which an Egress Route's regxRewriteRule should
be applied. If no ENUM service(s) are associated with an Egress be applied. If no ENUM service(s) are associated with an Egress
Route, then the Egress Route's regxRewriteRule should be applied Route, then the Egress Route's regxRewriteRule should be applied
to all the NAPTRs associated with the SED Group. This field's to all the NAPTRs associated with the SED Group. This field's
value must be of the form specified in [RFC6116] (e.g., E2U+ value must be of the form specified in [RFC6116] (e.g., E2U+
pstn:sip+sip). The allowable values are a matter of policy and pstn:sip+sip). The allowable values are a matter of policy and
not limited by this protocol. not limited by this protocol.
o ext: Point of extensibility described in a previous section of o ext: Point of extensibility described in Section 3.3.
this document.
7. Framework Operations 7. Framework Operations
7.1. Add Operation 7.1. Add Operation
Any conforming "protocol" specification MUST provide a definition for Any conforming transport protocol specification MUST provide a
the operation that adds one or more SPPF objects into the registry. definition for the operation that adds one or more SPPF objects into
If the object, as identified by the request attributes that form part the Registry. If the object, as identified by the request attributes
of the object's key, does not exist, then the registry MUST create that form part of the object's key, does not exist, then the Registry
the object. If the object does exist, then the registry MUST replace MUST create the object. If the object does exist, then the Registry
the current properties of the object with the properties passed in as MUST replace the current properties of the object with the properties
part of the Add operation. passed in as part of the Add operation.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. section of the document.
7.2. Delete Operation 7.2. Delete Operation
Any conforming "protocol" specification MUST provide a definition for Any conforming transport protocol specification MUST provide a
the operation that deletes one or more SPPF objects from the registry definition for the operation that deletes one or more SPPF objects
using the object's key. from the Registry using the object's key.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. section of the document.
When an object is deleted, any references to that object must of When an object is deleted, any references to that object must of
course also be removed as the SPPF server implementation fulfills the course also be removed as the SPPF server implementation fulfills the
deletion request. Furthermore, the deletion of a composite object deletion request. Furthermore, the deletion of a composite object
must also result in the deletion of the objects it contains. As a must also result in the deletion of the objects it contains. As a
skipping to change at page 42, line 22 skipping to change at page 42, line 22
o Public Identifiers: When a public identifier is deleted any o Public Identifiers: When a public identifier is deleted any
references between that public identifier and its containing references between that public identifier and its containing
destination group must be removed by the SPPF implementation as destination group must be removed by the SPPF implementation as
part of fulfilling the deletion request. Any SED records part of fulfilling the deletion request. Any SED records
contained directly within that Public Identifier must be deleted contained directly within that Public Identifier must be deleted
by the SPPF implementation as part of fulfilling the deletion by the SPPF implementation as part of fulfilling the deletion
request. request.
7.3. Get Operations 7.3. Get Operations
At times, on behalf of the registrant, the registrar may need to have At times, on behalf of the Registrant, the Registrar may need to get
access to SPPF objects that were previously provisioned in the information about SPPF objects that were previously provisioned in
registry. A few examples include logging, auditing, and pre- the Registry. A few examples include logging, auditing, and pre-
provisioning dependency checking. This query mechanism is limited to provisioning dependency checking. This query mechanism is limited to
aid provisioning scenarios and should not be confused with query aid provisioning scenarios and should not be confused with query
protocols provided as part of the resolution system (e.g. ENUM and protocols provided as part of the resolution system (e.g. ENUM and
SIP). Any conforming "protocol" specification MUST provide a SIP).
definition for the operation that queries the details of one or more
SPPF objects from the registry using the object's key. If the entity Any conforming "protocol" specification MUST provide a definition for
that issued the command is not authorized to perform this operation the operation that queries the details of one or more SPPF objects
an appropriate error message MUST be returned from amongst the from the Registry using the object's key. If the entity that issued
response messages defined in "Response Message Types" section of the the command is not authorized to perform this operation an
document. appropriate error message MUST be returned from amongst the response
messages defined in Section 5.3.
If the response to the Get operation includes object(s) that extend
the BasicObjType, the Registry MUST include the 'cDate' and 'mDate',
if applicable.
7.4. Accept Operations 7.4. Accept Operations
In SPPF, a SED Group Offer can be accepted or rejected by, or on In SPPF, a SED Group Offer can be accepted or rejected by, or on
behalf of, the registrant to whom the SED Group has been offered behalf of, the Registrant to whom the SED Group has been offered
(refer "Framework Data Model Objects" section of this document for a (refer "Framework Data Model Objects" section of this document for a
description of the SED Group Offer object). The Accept operation is description of the SED Group Offer object). The Accept operation is
used to accept the SED Group Offers. Any conforming "protocol" used to accept the SED Group Offers. Any conforming transport
specification MUST provide a definition for the operation to accept protocol specification MUST provide a definition for the operation to
SED Group Offers by, or on behalf of the Registrant, using the SED accept SED Group Offers by, or on behalf of the Registrant, using the
Group Offer object key. SED Group Offer object key.
Not until access to a SED Group has been offered and accepted will Not until access to a SED Group has been offered and accepted will
the registrant's organization ID be included in the peeringOrg list the Registrant's organization ID be included in the peeringOrg list
in that SED Group object, and that SED Group's peering information in that SED Group object, and that SED Group's peering information
become a candidate for inclusion in the responses to the resolution become a candidate for inclusion in the responses to the resolution
requests submitted by that registrant. A SED Group Offer that is in requests submitted by that Registrant. A SED Group Offer that is in
the "offered" status is accepted by, or on behalf of, the registrant the "offered" status is accepted by, or on behalf of, the Registrant
to which it has been offered. When the SED Group Offer is accepted to which it has been offered. When the SED Group Offer is accepted
the the SED Group Offer is moved to the "accepted" status and adds the the SED Group Offer is moved to the "accepted" status and adds
that data recipient's organization ID into the list of peerOrgIds for that data recipient's organization ID into the list of peerOrgIds for
that SED Group. that SED Group.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. section of the document.
7.5. Reject Operations 7.5. Reject Operations
In SPPF, a SED Group Offer object can be accepted or rejected by, or In SPPF, a SED Group Offer object can be accepted or rejected by, or
on behalf of, the registrant to whom the SED Group has been offered on behalf of, the Registrant to whom the SED Group has been offered
(refer "Framework Data Model Objects" section of this document for a (refer "Framework Data Model Objects" section of this document for a
description of the SED Group Offer object). Furthermore, that offer description of the SED Group Offer object). Furthermore, that offer
may be rejected, regardless of whether or not it has been previously may be rejected, regardless of whether or not it has been previously
accepted. The Reject operation is used to reject the SED Group accepted. The Reject operation is used to reject the SED Group
Offers. When the SED Group Offer is rejected that SED Group Offer is Offers. When the SED Group Offer is rejected that SED Group Offer is
deleted, and, if appropriate, the data recipient's organization ID is deleted, and, if appropriate, the data recipient's organization ID is
removed from the list of peeringOrg IDs for that SED Group. Any removed from the list of peeringOrg IDs for that SED Group. Any
conforming "protocol" specification MUST provide a definition for the conforming transport protocol specification MUST provide a definition
operation to reject SED Group Offers by, or on behalf of the for the operation to reject SED Group Offers by, or on behalf of the
Registrant, using the SED Group Offer object key. Registrant, using the SED Group Offer object key.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. section of the document.
7.6. Get Server Details Operation 7.6. Get Server Details Operation
In SPPF, Get Server Details operation can be used to request certain In SPPF, Get Server Details operation can be used to request certain
details about the SPPF server that include the SPPF server's current details about the SPPF server that include the SPPF server's current
status, the major/minor version of the SPPF protocol supported by the status, the major/minor version of the SPPF protocol supported by the
SPPF server. SPPF server.
Any conforming "protocol" specification MUST provide a definition for Any conforming transport protocol specification MUST provide a
the operation to request such details from the SPPF server. If the definition for the operation to request such details from the SPPF
entity that issued the command is not authorized to perform this server. If the entity that issued the command is not authorized to
operation an appropriate error message MUST be returned from amongst perform this operation an appropriate error message MUST be returned
the response messages defined in "Response Message Types" section of from amongst the response messages defined in "Response Message
the document. Types" section of the document.
8. XML Considerations 8. XML Considerations
XML serves as the encoding format for SPPF, allowing complex XML serves as the encoding format for SPPF, allowing complex
hierarchical data to be expressed in a text format that can be read, hierarchical data to be expressed in a text format that can be read,
saved, and manipulated with both traditional text tools and tools saved, and manipulated with both traditional text tools and tools
specific to XML. specific to XML.
XML is case sensitive. Unless stated otherwise, XML specifications XML is case sensitive. Unless stated otherwise, XML specifications
and examples provided in this document MUST be interpreted in the and examples provided in this document MUST be interpreted in the
skipping to change at page 45, line 9 skipping to change at page 46, line 9
though emitting a UTF-8 BOM is NOT RECOMMENDED. though emitting a UTF-8 BOM is NOT RECOMMENDED.
Example XML declarations: Example XML declarations:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
9. Security Considerations 9. Security Considerations
Many SPPF implementations manage data that is considered confidential Many SPPF implementations manage data that is considered confidential
and critical. Furthermore, SPPF implementations can support and critical. Furthermore, SPPF implementations can support
provisioning activities for multiple registrars and registrants. As provisioning activities for multiple Registrars and Registrants. As
a result any SPPF implementation must address the requirements for a result any SPPF implementation must address the requirements for
confidentiality, authentication, and authorization. confidentiality, authentication, and authorization.
9.1. Confidentiality and Authentication 9.1. Confidentiality and Authentication
With respect to confidentiality and authentication, the transport With respect to confidentiality and authentication, the transport
protocol requirements section of this document contains security protocol requirements section of this document contains security
properties that the transport protocol must provide so that properties that the transport protocol must provide so that
authenticated endpoints can exchange data confidentially and with authenticated endpoints can exchange data confidentially and with
integrity protection. Refer to that section and the resulting integrity protection. Refer to that section and the resulting
transport protocol specification document for the specific solutions transport protocol specification document for the specific solutions
to authentication and confidentiality. to authentication and confidentiality.
9.2. Authorization 9.2. Authorization
With respect to authorization, the SPPF server implementation must With respect to authorization, the SPPF server implementation must
define and implement a set of authorization rules that precisely define and implement a set of authorization rules that precisely
address (1) which registrars will be authorized to create/modify/ address (1) which Registrars will be authorized to create/modify/
delete each SPPF object type for given registrant(s) and (2) which delete each SPPF object type for given Registrant(s) and (2) which
registrars will be authorized to view/get each SPPF object type for Registrars will be authorized to view/get each SPPF object type for
given registrant(s). These authorization rules are a matter of given Registrant(s). These authorization rules are a matter of
policy and are not specified within the context of SPPF. However, policy and are not specified within the context of SPPF. However,
any SPPF implementation must specify these authorization rules in any SPPF implementation must specify these authorization rules in
order to function in a reliable and safe manner. order to function in a reliable and safe manner.
9.3. Denial of Service 9.3. Denial of Service
Guidance on Denial-of-Service (DoS) issues in general is given in Guidance on Denial-of-Service (DoS) issues in general is given in
[RFC4732], "Internet Denial of Service Considerations", which also [RFC4732], "Internet Denial of Service Considerations", which also
gives a general vocabulary for describing the DoS issue. gives a general vocabulary for describing the DoS issue.
skipping to change at page 46, line 12 skipping to change at page 47, line 12
SPPF implementation is in general dependent on the selection and SPPF implementation is in general dependent on the selection and
implementation of a lower-level transport protocol and a binding implementation of a lower-level transport protocol and a binding
between that protocol and SPPF. The archetypal SPPF implementation between that protocol and SPPF. The archetypal SPPF implementation
uses XML (http://www.w3.org/TR/xml/) representation in a SOAP uses XML (http://www.w3.org/TR/xml/) representation in a SOAP
(http://www.w3.org/TR/soap/) request/response framework over HTTP (http://www.w3.org/TR/soap/) request/response framework over HTTP
([RFC2616]), and probably also uses TLS ([RFC5246]) for on-the wire ([RFC2616]), and probably also uses TLS ([RFC5246]) for on-the wire
data integrity and participant authentication, and might use HTTP data integrity and participant authentication, and might use HTTP
Digest authentication ([RFC2609]). Digest authentication ([RFC2609]).
The typical deployment scenario for SPPF is to have servers in a The typical deployment scenario for SPPF is to have servers in a
managed facility, and therefor techniques such as Network Ingress managed facility, and therefore techniques such as Network Ingress
Filtering ([RFC2609]) are generally applicable. In short, any DoS Filtering ([RFC2609]) are generally applicable. In short, any DoS
mechanism affecting a typical HTTP implementation would affect such mechanism affecting a typical HTTP implementation would affect such
an SPPF implementation, and the mitigation tools for HTTP in general an SPPF implementation, and the mitigation tools for HTTP in general
also therefore apply to SPPF. also therefore apply to SPPF.
SPPF does not directly specify an authentication mechanism, instead SPPF does not directly specify an authentication mechanism, instead
relying on the lower-level transport protocol to provide for relying on the lower-level transport protocol to provide for
authentication. In general, authentication is an expensive authentication. In general, authentication is an expensive
operation, and one apparent attack vector is to flood an SPPF server operation, and one apparent attack vector is to flood an SPPF server
with repeated requests for authentication, thereby exhausting its with repeated requests for authentication, thereby exhausting its
skipping to change at page 47, line 46 skipping to change at page 48, line 46
later time doesn't affect the integrity of the system. SPPF provides later time doesn't affect the integrity of the system. SPPF provides
at least one mechanism to fight against replay attacks. Use of the at least one mechanism to fight against replay attacks. Use of the
optional client transaction identifier allows the SPPF client to optional client transaction identifier allows the SPPF client to
correlate the request message with the response and to be sure that correlate the request message with the response and to be sure that
it is not a replay of a server response from earlier exchanges. Use it is not a replay of a server response from earlier exchanges. Use
of unique values for the client transaction identifier is highly of unique values for the client transaction identifier is highly
encouraged to avoid chance matches to a potential replay message. encouraged to avoid chance matches to a potential replay message.
9.7. Man in the Middle 9.7. Man in the Middle
The SPPF client or registrar can be a separate entity acting on The SPPF client or Registrar can be a separate entity acting on
behalf of the registrant in facilitating provisioning transactions to behalf of the Registrant in facilitating provisioning transactions to
the registry. Further, the transport layer provides end-to-end the Registry. Further, the transport layer provides end-to-end
connection protection between SPPF client and the SPPF server. connection protection between SPPF client and the SPPF server.
Therefore, man-in-the-middle attack is a possibility that may affect Therefore, man-in-the-middle attack is a possibility that may affect
the integrity of the data that belongs to the registrant and/or the integrity of the data that belongs to the Registrant and/or
expose peer data to unintended actors in case well-established expose peer data to unintended actors in case well-established
peering relationships already exist. peering relationships already exist.
10. Internationalization Considerations 10. Internationalization Considerations
Character encodings to be used for SPPF elements are described in Character encodings to be used for SPPF elements are described in
Section 8.2. The use of time elements in the protocol is specified Section 8.2. The use of time elements in the protocol is specified
in Section 3.2. Where human-readable languages are used in the in Section 3.2. Where human-readable languages are used in the
protocol, those messages SHOULD be tagged according to [RFC5646], and protocol, those messages SHOULD be tagged according to [RFC5646], and
the transport protocol MUST support a respective mechanism to the transport protocol MUST support a respective mechanism to
transmit such tags together with those human-readable messages. If transmit such tags together with those human-readable messages. If
tags are absent, the language of the message defaults to "en" tags are absent, the language of the message defaults to "en"
(English). (English).
11. IANA Considerations 11. IANA Considerations
This document uses URNs to describe XML namespaces and XML schemas This document uses URNs to describe XML namespaces and XML schemas
conforming to a registry mechanism described in [RFC3688]. conforming to a Registry mechanism described in [RFC3688].
Two URI assignments are requested. Two URI assignments are requested.
Registration request for the SPPF XML namespace: Registration request for the SPPF XML namespace:
urn:ietf:params:xml:ns:sppf:base:1 urn:ietf:params:xml:ns:sppf:base:1
Registrant Contact: IESG Registrant Contact: IESG
XML: None. Namespace URIs do not represent an XML specification. XML: None. Namespace URIs do not represent an XML specification.
Registration request for the XML schema: Registration request for the XML schema:
URI: urn:ietf:params:xml:schema:sppf:1 URI: urn:ietf:params:xml:schema:sppf:1
Registrant Contact: IESG Registrant Contact: IESG
XML: See the "Formal Specification" section of this document XML: See the "Formal Specification" section of this document
(Section 12). (Section 12).
IANA is requested to create a new SPPF registry for Organization IANA is requested to create a new SPPF Registry for Organization
Identifiers that will indicate valid strings to be used for well- Identifiers that will indicate valid strings to be used for well-
known enterprise namespaces. known enterprise namespaces.
This document makes the following assignments for the OrgIdType This document makes the following assignments for the OrgIdType
namespaces: namespaces:
Namespace OrgIdType namespace string Namespace OrgIdType namespace string
---- ---------------------------- ---- ----------------------------
IANA Enterprise Numbers iana-en IANA Enterprise Numbers iana-en
12. Formal Specification 12. Formal Specification
skipping to change at page 60, line 12 skipping to change at page 61, line 12
</complexType> </complexType>
</schema> </schema>
13. Acknowledgments 13. Acknowledgments
This document is a result of various discussions held in the DRINKS This document is a result of various discussions held in the DRINKS
working group and within the DRINKS protocol design team, with working group and within the DRINKS protocol design team, with
contributions from the following individuals, in alphabetical order: contributions from the following individuals, in alphabetical order:
Alexander Mayrhofer, David Schwartz, Deborah A Guyton, Lisa Alexander Mayrhofer, David Schwartz, Deborah A Guyton, Lisa
Dusseault, Manjul Maharishi, Mickael Marrache, Otmar Lendl, Richard Dusseault, Manjul Maharishi, Mickael Marrache, Otmar Lendl, Richard
Shockey, Samuel Melloul, Sumanth Channabasappa, Syed Ali, and Vikas Shockey, Samuel Melloul, Sumanth Channabasappa, Syed Ali, Vikas
Bhatia . Bhatia, and Jeremy Barkan
14. References 14. References
14.1. Normative References 14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and
Languages", BCP 18, RFC 2277, January 1998. Languages", BCP 18, RFC 2277, January 1998.
skipping to change at page 61, line 48 skipping to change at page 62, line 48
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO [RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO
10646", RFC 2781, February 2000. 10646", RFC 2781, February 2000.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC3403] Mealling, M., "Dynamic Delegation Discovery System (DDDS)
Part Three: The Domain Name System (DNS) Database",
RFC 3403, October 2002.
[RFC3761] Faltstrom, P. and M. Mealling, "The E.164 to Uniform
Resource Identifiers (URI) Dynamic Delegation Discovery
System (DDDS) Application (ENUM)", RFC 3761, April 2004.
[RFC4725] Mayrhofer, A. and B. Hoeneisen, "ENUM Validation [RFC4725] Mayrhofer, A. and B. Hoeneisen, "ENUM Validation
Architecture", RFC 4725, November 2006. Architecture", RFC 4725, November 2006.
[RFC4732] Handley, M., Rescorla, E., and IAB, "Internet Denial-of- [RFC4732] Handley, M., Rescorla, E., and IAB, "Internet Denial-of-
Service Considerations", RFC 4732, December 2006. Service Considerations", RFC 4732, December 2006.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
 End of changes. 120 change blocks. 
399 lines changed or deleted 407 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/