draft-ietf-drinks-spp-framework-12.txt   rfc7877.txt 
DRINKS K. Cartwright Internet Engineering Task Force (IETF) K. Cartwright
Internet-Draft V. Bhatia Request for Comments: 7877 V. Bhatia
Intended status: Standards Track TNS Category: Standards Track TNS
Expires: February 13, 2016 S. Ali ISSN: 2070-1721 S. Ali
NeuStar NeuStar
D. Schwartz D. Schwartz
XConnect XConnect
August 12, 2015 August 2016
Session Peering Provisioning Framework (SPPF) Session Peering Provisioning Framework (SPPF)
draft-ietf-drinks-spp-framework-12
Abstract Abstract
This document specifies the data model and the overall structure for This document specifies the data model and the overall structure for
a framework to provision session establishment data into Session Data a framework to provision Session Establishment Data (SED) into
Registries and SIP Service Provider data stores. The framework is Session Data Registries and SIP Service Provider (SSP) data stores.
called the Session Peering Provisioning Framework (SPPF). The The framework is called the "Session Peering Provisioning Framework"
provisioned data is typically used by network elements for session (SPPF). The provisioned data is typically used by network elements
establishment. for session establishment.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on February 13, 2016. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7877.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Framework High Level Design . . . . . . . . . . . . . . . . . 7 3. Framework High-Level Design . . . . . . . . . . . . . . . . . 7
3.1. Framework Data Model . . . . . . . . . . . . . . . . . . 7 3.1. Framework Data Model . . . . . . . . . . . . . . . . . . 7
3.2. Time Value . . . . . . . . . . . . . . . . . . . . . . . 10 3.2. Time Value . . . . . . . . . . . . . . . . . . . . . . . 10
3.3. Extensibility . . . . . . . . . . . . . . . . . . . . . . 10 3.3. Extensibility . . . . . . . . . . . . . . . . . . . . . . 10
4. Transport Substrate Protocol Requirements . . . . . . . . . . 11 4. Substrate Protocol Requirements . . . . . . . . . . . . . . . 11
4.1. Mandatory Substrate . . . . . . . . . . . . . . . . . . . 11 4.1. Mandatory Substrate . . . . . . . . . . . . . . . . . . . 11
4.2. Connection Oriented . . . . . . . . . . . . . . . . . . . 11 4.2. Connection Oriented . . . . . . . . . . . . . . . . . . . 11
4.3. Request and Response Model . . . . . . . . . . . . . . . 11 4.3. Request and Response Model . . . . . . . . . . . . . . . 11
4.4. Connection Lifetime . . . . . . . . . . . . . . . . . . . 11 4.4. Connection Lifetime . . . . . . . . . . . . . . . . . . . 11
4.5. Authentication . . . . . . . . . . . . . . . . . . . . . 12 4.5. Authentication . . . . . . . . . . . . . . . . . . . . . 12
4.6. Authorization . . . . . . . . . . . . . . . . . . . . . . 12 4.6. Authorization . . . . . . . . . . . . . . . . . . . . . . 12
4.7. Confidentiality and Integrity . . . . . . . . . . . . . . 12 4.7. Confidentiality and Integrity . . . . . . . . . . . . . . 12
4.8. Near Real Time . . . . . . . . . . . . . . . . . . . . . 12 4.8. Near Real Time . . . . . . . . . . . . . . . . . . . . . 12
4.9. Request and Response Sizes . . . . . . . . . . . . . . . 12 4.9. Request and Response Sizes . . . . . . . . . . . . . . . 12
4.10. Request and Response Correlation . . . . . . . . . . . . 13 4.10. Request and Response Correlation . . . . . . . . . . . . 13
4.11. Request Acknowledgement . . . . . . . . . . . . . . . . . 13 4.11. Request Acknowledgement . . . . . . . . . . . . . . . . . 13
5. Base Framework Data Structures and Response Codes . . . . . . 13 5. Base Framework Data Structures and Response Codes . . . . . . 13
5.1. Basic Object Type and Organization Identifiers . . . . . 13 5.1. Basic Object Type and Organization Identifiers . . . . . 13
5.2. Various Object Key Types . . . . . . . . . . . . . . . . 14 5.2. Various Object Key Types . . . . . . . . . . . . . . . . 14
5.2.1. Generic Object Key Type . . . . . . . . . . . . . . . 14 5.2.1. Generic Object Key Type . . . . . . . . . . . . . . . 14
5.2.2. Derived Object Key Types . . . . . . . . . . . . . . 15 5.2.2. Derived Object Key Types . . . . . . . . . . . . . . 15
5.3. Response Message Types . . . . . . . . . . . . . . . . . 16 5.3. Response Message Types . . . . . . . . . . . . . . . . . 16
6. Framework Data Model Objects . . . . . . . . . . . . . . . . 18 6. Framework Data Model Objects . . . . . . . . . . . . . . . . 18
6.1. Destination Group . . . . . . . . . . . . . . . . . . . . 18 6.1. Destination Group . . . . . . . . . . . . . . . . . . . . 18
6.2. Public Identifier . . . . . . . . . . . . . . . . . . . . 19 6.2. Public Identifier . . . . . . . . . . . . . . . . . . . . 19
6.3. SED Group . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3. SED Group . . . . . . . . . . . . . . . . . . . . . . . . 25
6.4. SED Record . . . . . . . . . . . . . . . . . . . . . . . 28 6.4. SED Record . . . . . . . . . . . . . . . . . . . . . . . 29
6.5. SED Group Offer . . . . . . . . . . . . . . . . . . . . . 32 6.5. SED Group Offer . . . . . . . . . . . . . . . . . . . . . 33
6.6. Egress Route . . . . . . . . . . . . . . . . . . . . . . 34 6.6. Egress Route . . . . . . . . . . . . . . . . . . . . . . 35
7. Framework Operations . . . . . . . . . . . . . . . . . . . . 36 7. Framework Operations . . . . . . . . . . . . . . . . . . . . 36
7.1. Add Operation . . . . . . . . . . . . . . . . . . . . . . 36 7.1. Add Operation . . . . . . . . . . . . . . . . . . . . . . 37
7.2. Delete Operation . . . . . . . . . . . . . . . . . . . . 36 7.2. Delete Operation . . . . . . . . . . . . . . . . . . . . 37
7.3. Get Operations . . . . . . . . . . . . . . . . . . . . . 37 7.3. Get Operations . . . . . . . . . . . . . . . . . . . . . 38
7.4. Accept Operations . . . . . . . . . . . . . . . . . . . . 38 7.4. Accept Operations . . . . . . . . . . . . . . . . . . . . 38
7.5. Reject Operations . . . . . . . . . . . . . . . . . . . . 38 7.5. Reject Operations . . . . . . . . . . . . . . . . . . . . 39
7.6. Get Server Details Operation . . . . . . . . . . . . . . 39 7.6. Get Server Details Operation . . . . . . . . . . . . . . 39
8. XML Considerations . . . . . . . . . . . . . . . . . . . . . 39 8. XML Considerations . . . . . . . . . . . . . . . . . . . . . 40
8.1. Namespaces . . . . . . . . . . . . . . . . . . . . . . . 39 8.1. Namespaces . . . . . . . . . . . . . . . . . . . . . . . 40
8.2. Versioning and Character Encoding . . . . . . . . . . . . 39 8.2. Versioning and Character Encoding . . . . . . . . . . . . 40
9. Security Considerations . . . . . . . . . . . . . . . . . . . 40 9. Security Considerations . . . . . . . . . . . . . . . . . . . 41
9.1. Confidentiality and Authentication . . . . . . . . . . . 40 9.1. Confidentiality and Authentication . . . . . . . . . . . 41
9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 40 9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 41
9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 40 9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 41
9.3.1. DoS Issues Inherited from Substrate Mechanism . . . . 41 9.3.1. DoS Issues Inherited from the Substrate Mechanism . . 42
9.3.2. DoS Issues Specific to SPPF . . . . . . . . . . . . . 41 9.3.2. DoS Issues Specific to SPPF . . . . . . . . . . . . . 42
9.4. Information Disclosure . . . . . . . . . . . . . . . . . 42 9.4. Information Disclosure . . . . . . . . . . . . . . . . . 43
9.5. Non-repudiation . . . . . . . . . . . . . . . . . . . . . 42 9.5. Non-repudiation . . . . . . . . . . . . . . . . . . . . . 43
9.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 42 9.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 43
9.7. Compromised or Malicious Intermediary . . . . . . . . . . 43 9.7. Compromised or Malicious Intermediary . . . . . . . . . . 44
10. Internationalization Considerations . . . . . . . . . . . . . 43 10. Internationalization Considerations . . . . . . . . . . . . . 44
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 44
11.1. URN Assignments . . . . . . . . . . . . . . . . . . . . 43 11.1. URN Assignments . . . . . . . . . . . . . . . . . . . . 44
11.2. Organization Identifier Namespace Registry . . . . . . . 44 11.2. Organization Identifier Namespace Registry . . . . . . . 45
12. Formal Specification . . . . . . . . . . . . . . . . . . . . 44 12. Formal Specification . . . . . . . . . . . . . . . . . . . . 45
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 52 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 54
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 13.1. Normative References . . . . . . . . . . . . . . . . . . 54
14.1. Normative References . . . . . . . . . . . . . . . . . . 53 13.2. Informative References . . . . . . . . . . . . . . . . . 55
14.2. Informative References . . . . . . . . . . . . . . . . . 54 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 57
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57
1. Introduction 1. Introduction
Service providers and enterprises use routing databases known as Service Providers (SPs) and enterprises use routing databases known
Registries to make session routing decisions for Voice over IP, SMS as Registries to make session routing decisions for Voice over IP,
and MMS traffic exchanges. This document is narrowly focused on the SMS, and Multimedia Messaging Service (MMS) traffic exchanges. This
provisioning framework for these registries. This framework document is narrowly focused on the provisioning framework for these
prescribes a way for an entity to provision session-related data into Registries. This framework prescribes a way for an entity to
a SPPP Registry (or "Registry"). The data being provisioned can be provision session-related data into a Session Peering Provisioning
optionally shared with other participating peering entities. The Protocol (SPPP) Registry (or "Registry"). The data being provisioned
requirements and use cases driving this framework have been can be optionally shared with other participating peering entities.
The requirements and use cases driving this framework have been
documented in [RFC6461]. documented in [RFC6461].
Three types of provisioning flows have been described in the use case Three types of provisioning flows have been described in the use case
document: client to Registry, Registry to local data repository and document: client to Registry, Registry to local data repository, and
Registry to Registry. This document addresses client to Registry Registry to Registry. This document addresses client-to-Registry
flow enabling the ability to provision Session Establishment Data flow enabling the ability to provision Session Establishment Data
(SED). The framework that supports flow of messages to facilitate (SED). The framework that supports the flow of messages to
client to Registry provisioning is referred to as Session Peering facilitate client-to-Registry provisioning is referred to as the
Provisioning Framework (SPPF). "Session Peering Provisioning Framework" (SPPF).
The roles of the "client" and the "server" only apply to the The roles of the "client" and the "server" only apply to the
connection, and those roles are not related in any way to the type of connection, and those roles are not related in any way to the type of
entity that participates in a protocol exchange. For example, a entity that participates in a protocol exchange. For example, a
Registry might also include a "client" when such a Registry initiates Registry might also include a "client" when such a Registry initiates
a connection (for example, for data distribution to SSP). a connection (for example, for data distribution to an SSP).
*--------* *------------* *------------* *--------* *------------* *------------*
| | (1). Client | | (3).Registry | | | | (1) Client | | (3) Registry | |
| Client | ------------> | Registry |<------------->| Registry | | Client | ------------> | Registry |<------------->| Registry |
| | to Registry | | to Registry | | | | to Registry | | to Registry | |
*--------* *------------* *------------* *--------* *------------* *------------*
/ \ \ / \ \
/ \ \ / \ \
/ \ \ / \ \
/ \ v / \ v
/ \ ... / \ ...
/ \ / \
/ (2). Distrib \ / (2) Distrib \
/ Registry data \ / Registry data \
/ to local data \ / to local data \
V store V V store V
+----------+ +----------+ +----------+ +----------+
|Local Data| |Local Data| |Local Data| |Local Data|
|Repository| |Repository| |Repository| |Repository|
+----------+ +----------+ +----------+ +----------+
Three Registry Provisioning Flows Figure 1: Three Registry Provisioning Flows
Figure 1
A "terminating" SIP Service Provider (SSP) provisions Session A "terminating" SSP provisions SED into the Registry to be
Establishment Data or SED into the Registry to be selectively shared selectively shared with other peer SSPs.
with other peer SSPs.
SED is typically used by various downstream SIP signaling systems to SED is typically used by various downstream SIP-signaling systems to
route a call to the next hop associated with the called domain. route a call to the next hop associated with the called domain.
These systems typically use a local data store ("Local Data These systems typically use a local data store ("Local Data
Repository") as their source of session routing information. More Repository") as their source of session routing information. More
specifically, the SED data is the set of parameters that the outgoing specifically, the SED is the set of parameters that the outgoing
signaling path border elements (SBEs) need to initiate the session. Signaling Path Border Elements (SBEs) need to initiate the session.
See [RFC5486] for more details. See [RFC5486] for more details.
A Registry may distribute the provisioned data into local data A Registry may distribute the provisioned data into local data
repositories or may additionally offer a central query resolution repositories or may additionally offer a central query-resolution
service (not shown in the above figure) for query purposes. service (not shown in the above figure) for query purposes.
A key requirement for the SPPF is to be able to accommodate two basic A key requirement for the SPPF is to be able to accommodate two basic
deployment scenarios: deployment scenarios:
1. A resolution system returns a Look-Up Function (LUF) that 1. A resolution system returns a Lookup Function (LUF) that
identifies the target domain to assist in call routing (as identifies the target domain to assist in call routing (as
described in Section 4.3.3 of [RFC5486]). In this case, the described in Section 4.3.3 of [RFC5486]). In this case, the
querying entity may use other means to perform the Location querying entity may use other means to perform the Location
Routing Function (LRF) which in turn helps determine the actual Routing Function (LRF), which in turn helps determine the actual
location of the Signaling Function in that domain. location of the Signaling Function in that domain.
2. A resolution system returns a Location Routing Function (LRF) 2. A resolution system returns an LRF that comprises the location
that comprises the location (address) of the signaling function (address) of the Signaling Function in the target domain (as
in the target domain (as described in [RFC5486]). described in [RFC5486]).
In terms of framework design, SPPF is agnostic to the substrate In terms of framework design, SPPF is agnostic to the substrate
protocol. This document includes the specification of the data model protocol. This document includes the specification of the data model
and identifies, but does not specify, the means to enable protocol and identifies, but does not specify, the means to enable protocol
operations within a request and response structure. That aspect of operations within a request and response structure. That aspect of
the specification has been delegated to the "protocol" specification the specification has been delegated to the "protocol" specification
for the framework. To encourage interoperability, the framework for the framework. To encourage interoperability, the framework
supports extensibility aspects. supports extensibility aspects.
In this document, XML schema is used to describe the building blocks In this document, an XML Schema is used to describe the building
of the SPPF and to express the data types, the semantic relationships blocks of the SPPF and to express the data types, semantic
between the various data types, and the various constraints as a relationships between the various data types, and various constraints
binding construct. However, the "protocol" specification is free to as a binding construct. However, a "protocol" specification is free
choose any data representation format as long as it meets the to choose any data representation format as long as it meets the
requirements laid out in the SPPF XML schema definition. As an requirements laid out in the SPPF XML Schema Definition (XSD). As an
example, XML and JSON are two widely used data representation example, XML and JSON are two widely used data representation
formats. formats.
This document is organized as follows: This document is organized as follows:
o Section 2 provides the terminology o Section 2 provides the terminology
o Section 3 provides an overview of SPPF, including functional o Section 3 provides an overview of SPPF, including functional
entities and data model entities and a data model
o Section 4 specifies requirements for SPPF substrate protocols o Section 4 specifies requirements for SPPF substrate protocols
o Section 5 describes the base framework data structures, the o Section 5 describes the base framework data structures, the
generic response types that MUST be supported by a conforming generic response types that MUST be supported by a conforming
substrate "protocol" specification, and the basic object type most substrate "protocol" specification, and the basic object type from
first class objects extend from which most first-class objects extend
o Section 6 provides a detailed description of the data model object o Section 6 provides a detailed description of the data model object
specifications specifications
o Section 7 describes the operations that are supported by the data o Section 7 describes the operations that are supported by the data
model model
o Section 8 defines XML considerations XML parsers must meet to o Section 8 defines XML considerations XML parsers must meet to
conform to this specification conform to this specification
o Sections 9 - 11 discuss security, internationalization and IANA o Sections 9 - 11 discuss security, internationalization, and IANA
considerations considerations, respectively
o Section 12 normatively defines the SPPF using its XML Schema o Section 12 normatively defines the SPPF using its XSD.
Definition.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
[RFC2119]. [RFC2119].
This document reuses terms from [RFC3261], [RFC5486], use cases and This document reuses terms from [RFC3261], [RFC5486], use cases and
requirements documented in [RFC6461] and the ENUM Validation requirements documented in [RFC6461], and the ENUM Validation
Architecture [RFC4725]. Architecture [RFC4725].
This document defines the following additional terms: This document defines the following additional terms:
SPPF: Session Peering Provisioning Framework, the framework used by SPPF: Session Peering Provisioning Framework, which is the
a substrate protocol to provision data into a Registry (see arrow framework used by a substrate protocol to provision data into a
labeled "1." in Figure 1 of [RFC6461]). It is the primary scope Registry (see arrow labeled "1" in Figure 1 of [RFC6461]). It is
of this document. the primary scope of this document.
Client: In the context of SPPF, this is an application that Client: In the context of SPPF, this is an application that
initiates a provisioning request. It is sometimes referred to as initiates a provisioning request. It is sometimes referred to as
a "Registry client". a "Registry client".
Server: In the context of SPPF, this is an application that Server: In the context of SPPF, this is an application that
receives a provisioning request and responds accordingly. receives a provisioning request and responds accordingly.
Registry: The Registry operates a master database of Session Registry: The Registry operates a master database of SED for one or
Establishment Data for one or more Registrants. more Registrants.
Registrant: The definition of a Registrant is based on [RFC4725]. Registrant: The definition of a Registrant is based on [RFC4725].
It is the end-user, the person or organization that is the It is the end user, person, or organization that is the "holder"
"holder" of the Session Establishment Data being provisioned into of the SED being provisioned into the Registry by a Registrar.
the Registry by a Registrar. For example, in [RFC6461], a For example, in [RFC6461], a Registrant is pictured as an SP in
Registrant is pictured as a Service Provider in Figure 2. Figure 2.
Within the confines of a Registry, a Registrant is uniquely Within the confines of a Registry, a Registrant is uniquely
identified by the 'rant' element. identified by the "rant" element.
Registrar: The definition of a Registrar is based on [RFC4725]. It Registrar: The definition of a Registrar is based on [RFC4725]. It
is an entity that performs provisioning operations on behalf of a is an entity that performs provisioning operations on behalf of a
Registrant by interacting with the Registry via SPPF operations. Registrant by interacting with the Registry via SPPF operations.
In other words the Registrar is the SPPF Client. The Registrar In other words, the Registrar is the SPPF client. The Registrar
and Registrant roles are logically separate to allow, but not and Registrant roles are logically separate to allow, but not
require, a single Registrar to perform provisioning operations on require, a single Registrar to perform provisioning operations on
behalf of more than one Registrant. behalf of more than one Registrant.
Peering Organization: A Peering Organization is an entity to which Peering Organization: A peering organization is an entity to which
a Registrant's SED Groups are made visible using the operations of a Registrant's SED Groups are made visible using the operations of
SPPF. SPPF.
3. Framework High Level Design 3. Framework High-Level Design
This section introduces the structure of the data model and provides This section introduces the structure of the data model and provides
the information framework for the SPPF. The data model is defined the information framework for the SPPF. The data model is defined
along with all the objects manipulated by a conforming substrate along with all the objects manipulated by a conforming substrate
protocol and their relationships. protocol and their relationships.
3.1. Framework Data Model 3.1. Framework Data Model
The data model illustrated and described in Figure 2 defines the The data model illustrated and described in Figure 2 defines the
logical objects and the relationships between these objects supported logical objects and the relationships between these objects supported
by SPPF. SPPF defines protocol operations through which an SPPF by SPPF. SPPF defines protocol operations through which an SPPF
client populates a Registry with these logical objects. SPPF clients client populates a Registry with these logical objects. SPPF clients
belonging to different Registrars may provision data into the belonging to different Registrars may provision data into the
Registry using a conforming substrate protocol that implements these Registry using a conforming substrate protocol that implements these
operations operations
The logical structure presented below is consistent with the The logical structure presented below is consistent with the
terminology and requirements defined in [RFC6461]. terminology and requirements defined in [RFC6461].
+-------------+ +-----------------+ +-------------+ +-----------------+
| all object | |Egress Route: | | All object | |Egress Route: |
| types | 0..n | rant, | | types | 0..n | rant, |
+-------------+ +--| egrRteName, | +-------------+ +--| egrRteName, |
|0..n / | pref, | |0..n / | pref, |
| / | regxRewriteRule,| | / | regxRewriteRule,|
|2 / | ingrSedGrp, | |2 / | ingrSedGrp, |
+----------------------+ / | svcs | +----------------------+ / | svcs |
|Organization: | / +-----------------+ |Organization: | / +-----------------+
| orgId | / | orgId | /
+----------------------+ / +----------------------+ /
|0..n / |0..n /
| / ("rant" = Registrant) | / ("rant" = Registrant)
|A SED Group is / |A SED Group is /
|associated with / |associated with /
|zero or more / +---[abstract]----+ |zero or more / +---[abstract]----+
|Peering / | SED Record: | |peering / | SED Record: |
|Organizations / | rant, | |organizations / | rant, |
| / | sedName, |0..n | / | sedName, |0..n
|0..n / | sedFunction, |------| |0..n / | sedFunction, |------|
+--------+--------------+0..n 0..n| isInSvc, | | +--------+--------------+0..n 0..n| isInSvc, | |
|SED Group: |------------------| ttl | | |SED Group: |------------------| ttl | |
| rant, | +-----------------+ | | rant, | +-----------------+ |
| sedGrpName, | ^ Various types | | sedGrpName, | ^ Various types |
| isInSvc, | | of SED Records | | isInSvc, | | of SED Records |
| sedRecRef, | | | | sedRecRef, | | |
| peeringOrg, | +-----+------------+ | | peeringOrg, | +-----+------------+ |
| sourceIdent, | | | | | | sourceIdent, | | | | |
skipping to change at page 8, line 51 skipping to change at page 8, line 51
| rant, | | dgName | | | rant, | | dgName | |
| dgName | | | | | dgName | | | |
+----------------------+ +---------------------+ | +----------------------+ +---------------------+ |
^ Various types | ^ Various types |
+---------+-------+------+----------+ of Public | +---------+-------+------+----------+ of Public |
| | | | | Identifiers | | | | | | Identifiers |
+------+ +-----+ +-----+ +-----+ +------+ | +------+ +-----+ +-----+ +-----+ +------+ |
| URI | | TNP | | TNR | | RN | | TN |-------------| | URI | | TNP | | TNR | | RN | | TN |-------------|
+------+ +-----+ +-----+ +-----+ +------+ 0..n +------+ +-----+ +-----+ +-----+ +------+ 0..n
Figure 2 Figure 2: Framework Data Model
The objects and attributes that comprise the data model can be The objects and attributes that comprise the data model can be
described as follows (objects listed from the bottom up): described as follows (objects listed from the bottom up):
o Public Identifier: o Public Identifier:
From a broad perspective a public identifier is a well-known From a broad perspective, a Public Identifier is a well-known
attribute that is used as the key to perform resolution lookups. attribute that is used as the key to perform resolution lookups.
Within the context of SPPF, a public identifier object can be a Within the context of SPPF, a Public Identifier object can be a
Telephone Number (TN), a range of Telephone Numbers, a PSTN Telephone Number (TN), a range of TNs, a Public Switched Telephone
Routing Number (RN), a TN prefix, or a URI. Network (PSTN) Routing Number (RN), a TN prefix, or a URI.
An SPPF Public Identifier may be a member of zero or more An SPPF Public Identifier may be a member of zero or more
Destination Groups to create logical groupings of Public Destination Groups to create logical groupings of Public
Identifiers that share a common set of Session Establishment Data Identifiers that share a common set of SED (e.g., routes).
(e.g., routes).
A TN Public Identifier may optionally be associated with zero or A TN Public Identifier may optionally be associated with zero or
more individual SED Records. This ability for a Public Identifier more individual SED Records. This ability for a Public Identifier
to be directly associated with a SED Record, as opposed to forcing to be directly associated with a SED Record, as opposed to forcing
membership in one or more Destination Groups, supports use cases membership in one or more Destination Groups, supports use cases
where the SED Record contains data specifically tailored to an where the SED Record contains data specifically tailored to an
individual TN Public Identifier. individual TN Public Identifier.
o Destination Group: o Destination Group:
A named logical grouping of zero or more Public Identifiers that A named logical grouping of zero or more Public Identifiers that
can be associated with one or more SED Groups for the purpose of can be associated with one or more SED Groups for the purpose of
facilitating the management of their common session establishment facilitating the management of their common SED.
information.
o SED Group: o SED Group:
A SED Group contains a set of SED Record references, a set of A SED Group contains a set of SED Record references, a set of
Destination Group references, and a set of peering organization Destination Group references, and a set of peering organization
identifiers. This is used to establish a three part relationships identifiers. This is used to establish a three-part relationship
between a set of Public Identifiers, the session establishment between a set of Public Identifiers, the SED shared across these
information (SED) shared across these Public Identifiers, and the Public Identifiers, and the list of peering organizations whose
list of peering organizations whose query responses from the query responses from the resolution system may include the SED
resolution system may include the session establishment contained in a given SED Group. In addition, the sourceIdent
information contained in a given SED group. In addition, the element within a SED Group, in concert with the set of peering
sourceIdent element within a SED Group, in concert with the set of organization identifiers, enables fine-grained source-based
peering organization identifiers, enables fine-grained source- routing. For further details about the SED Group and source-based
based routing. For further details about the SED Group and routing, refer to the definitions and descriptions in Section 6.1.
source-based routing, refer to the definitions and descriptions in
Section 6.1.
o SED Record: o SED Record:
A SED Record contains the data that a resolution system returns in A SED Record contains the data that a resolution system returns in
response to a successful query for a Public Identifier. SED response to a successful query for a Public Identifier. SED
Records are generally associated with a SED Group when the SED Records are generally associated with a SED Group when the SED
within is not specific to a Public Identifier. within is not specific to a Public Identifier.
To support the use cases defined in [RFC6461], SPPF framework To support the use cases defined in [RFC6461], the SPPF defines
defines three type of SED Records: URIType, NAPTRType, and NSType. three types of SED Records: URIType, NAPTRType, and NSType. These
These SED Records extend the abstract type SedRecType and inherit SED Records extend the abstract type SedRecType and inherit the
the common attribute 'priority' that is meant for setting common attribute "priority" that is meant for setting precedence
precedence across the SED records defined within a SED Group in a across the SED Records defined within a SED Group in a protocol-
protocol agnostic fashion. agnostic fashion.
o Egress Route: o Egress Route:
In a high-availability environment, the originating SSP likely has In a high-availability environment, the originating SSP likely has
more than one egress paths to the ingress SBE of the target SSP. more than one egress path to the ingress SBE of the target SSP.
The Egress Route allows the originating SSP to choose a specific The Egress Route allows the originating SSP to choose a specific
egress SBE to be associated with the target ingress SBE. the egress SBE to be associated with the target ingress SBE. The
'svcs' element specifies ENUM services ((e.g.,E2U+pstn:sip+sip) "svcs" element specifies ENUM services (e.g., E2U+pstn:sip+sip)
that are used to identify the SED records associated with the SED that are used to identify the SED Records associated with the SED
Group that will be modified by the originating SSP. Group that will be modified by the originating SSP.
o Organization: o Organization:
An Organization is an entity that may fulfill any combination of An Organization is an entity that may fulfill any combination of
three roles: Registrant, Registrar, and Peering Organization. All three roles: Registrant, Registrar, and peering organization. All
objects in SPPF are associated with two organization identifiers objects in SPPF are associated with two organization identifiers
to identify each object's Registrant and Registrar. A SED Group to identify each object's Registrant and Registrar. A SED Group
object is also associated with a set of zero or more organization object is also associated with a set of zero or more organization
identifiers that identify the peering organization(s) whose identifiers that identify the peering organization(s) whose
resolution query responses may include the session establishment resolution query responses may include the SED defined in the SED
information (SED) defined in the SED Records within that SED Records within that SED Group. A peering organization is an
Group. A peering organization is an entity that the Registrant entity with which the Registrant intends to share the SED data.
intends to share the SED data with.
3.2. Time Value 3.2. Time Value
Some request and response messages in SPPF include time value(s) Some request and response messages in SPPF include a time value or
defined as type xs:dateTime, a built-in W3C XML Schema Datatype. Use values defined as type xs:dateTime, a built-in W3C XML Schema
of unqualified local time value is disallowed as it can lead to Datatype. Use of an unqualified local time value is disallowed as it
interoperability issues. The value of a time attribute MUST be can lead to interoperability issues. The value of a time attribute
expressed in Coordinated Universal Time (UTC) format without the MUST be expressed in Coordinated Universal Time (UTC) format without
timezone digits. the time-zone digits.
"2010-05-30T09:30:10Z" is an example of an acceptable time value for "2010-05-30T09:30:10Z" is an example of an acceptable time value for
use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC time
time, but not acceptable for use in SPPF messages. but is not acceptable for use in SPPF messages.
3.3. Extensibility 3.3. Extensibility
The framework contains various points of extensibility in form of the The framework contains various points of extensibility in the form of
"ext" elements. Extensions used beyond the scope of private SPPF the "ext" elements. Extensions used beyond the scope of private SPPF
installations need to be documented in an RFC, and the first such installations need to be documented in an RFC, and the first such
extension is expected to define an IANA registry, holding a list of extension is expected to define an IANA registry, holding a list of
documented extensions. documented extensions.
4. Transport Substrate Protocol Requirements 4. Substrate Protocol Requirements
This section provides requirements for substrate protocols suitable This section provides requirements for substrate protocols suitable
to carry SPPF. More specifically, this section specifies the to carry SPPF. More specifically, this section specifies the
services, features, and assumptions that SPPF framework delegates to services, features, and assumptions that SPPF delegates to the chosen
the chosen substrate and envelope technologies. substrate and envelope technologies.
4.1. Mandatory Substrate 4.1. Mandatory Substrate
None of the existing transport protocols carried directly over IP, None of the existing transport protocols carried directly over IP,
appearing as "Protocol" in the IPv4 headers, or "Next Header" in the appearing as "Protocol" in the IPv4 headers or "Next Header" in the
IPv6 headers, meet the requirements listed in this section to carry IPv6 headers, meet the requirements listed in this section to carry
SPPF. SPPF.
Therefore, one choice to carry SPPF has been provided in the SPP Therefore, one choice to carry SPPF has been provided in "Session
Protocol over SOAP document [I-D.ietf-drinks-spp-protocol-over-soap], Peering Provisioning (SPP) Protocol over SOAP" [RFC7878], using SOAP
using SOAP as the substrate. To encourage interoperability, the SPPF as the substrate. To encourage interoperability, the SPPF server
server MUST provide support for this protocol. With time, it is MUST provide support for this protocol. With time, it is possible
possible that other choices may surface that comply with with the that other choices may surface that comply with the requirements
requirements discussed above. discussed above.
4.2. Connection Oriented 4.2. Connection Oriented
The SPPF follows a model where a client establishes a connection to a The SPPF follows a model where a client establishes a connection to a
server in order to further exchange SPPF messages over such a point- server in order to further exchange SPPF messages over such a point-
to-point connection. A substrate protocol for SPPF will therefore be to-point connection. Therefore, a substrate protocol for SPPF will
connection oriented. be connection oriented.
4.3. Request and Response Model 4.3. Request and Response Model
Provisioning operations in SPPF follow the request-response model, Provisioning operations in SPPF follow the request-response model,
where a client sends a request message to initiate a transaction and where a client sends a request message to initiate a transaction and
the server responds with a response. Multiple subsequent request- the server sends a response. Multiple subsequent request-response
response exchanges MAY be performed over a single persistent exchanges MAY be performed over a single persistent connection.
connection.
Therefore, a substrate protocol for SPPF will follow the request- Therefore, a substrate protocol for SPPF will follow the request-
response model by ensuring a response is sent to the request response model by ensuring a response is sent to the request
initiator. initiator.
4.4. Connection Lifetime 4.4. Connection Lifetime
Some use cases involve provisioning a single request to a network Some use cases involve provisioning a single request to a network
element. Connections supporting such provisioning requests might be element. Connections supporting such provisioning requests might be
short-lived, and may be established only on demand, for the duration short-lived, and may be established only on demand, for the duration
of a few seconds. Other use cases involve either provisioning a of a few seconds. Other use cases involve provisioning either a
large dataset, or a constant stream of small updates, either of which large dataset or a constant stream of small updates, both of which
would likely require long-lived connections, spanning multiple hours would likely require long-lived connections, spanning multiple hours
or even days. or even days.
Therefore, a protocol suitable for SPPF SHOULD be able to support Therefore, a protocol suitable for SPPF SHOULD be able to support
both short-lived as well as long-lived connections. both short-lived and long-lived connections.
4.5. Authentication 4.5. Authentication
All SPPF objects are associated with a Registrant identifier. An All SPPF objects are associated with a Registrant identifier. An
SPPF Client provisions SPPF objects on behalf of Registrants. An SPPF client provisions SPPF objects on behalf of Registrants. An
authenticated SPP Client is a Registrar. Therefore, the SPPF authenticated SPP client is a Registrar. Therefore, the SPPF
substrate protocol MUST provide means for an SPPF server to substrate protocol MUST provide means for an SPPF server to
authenticate an SPPF Client. authenticate an SPPF client.
4.6. Authorization 4.6. Authorization
After successful authentication of the SPPF client as a Registrar the After successful authentication of the SPPF client as a Registrar,
Registry performs authorization checks to determine if the Registrar the Registry performs authorization checks to determine if the
is authorized to act on behalf of the Registrant whose identifier is Registrar is authorized to act on behalf of the Registrant whose
included in the SPPF request. Refer to Section 9 for further identifier is included in the SPPF request. Refer to Section 9 for
guidance. further guidance.
4.7. Confidentiality and Integrity 4.7. Confidentiality and Integrity
SPPF objects that the Registry manages can be private in nature. SPPF objects that the Registry manages can be private in nature.
Therefore, the substrate protocol MUST provide means for data Therefore, the substrate protocol MUST provide means for data
integrity protection. integrity protection.
If the data is compromised in-flight between the SPPF client and If the data is compromised in-flight between the SPPF client and
Registry, it will seriously affect the stability and integrity of the Registry, it will seriously affect the stability and integrity of the
system. Therefore, the substrate protocol MUST provide means for system. Therefore, the substrate protocol MUST provide means for
data integrity protection. data integrity protection.
4.8. Near Real Time 4.8. Near Real Time
Many use cases require near real-time responses from the server (in Many use cases require responses in near real time from the server
the range of a few multiples of round-trip-time between server and (in the range of a few multiples of round-trip time between the
client). Therefore, a DRINKS substrate protocol MUST support near server and client). Therefore, a Data for Reachability of
real-time response to requests submitted by the client. Inter-/Intra-NetworK SIP (DRINKS) substrate protocol MUST support
near real-time responses to requests submitted by the client.
4.9. Request and Response Sizes 4.9. Request and Response Sizes
Use of SPPF may involve simple updates that may consist of small Use of SPPF may involve simple updates that may consist of a small
number of bytes, such as, update of a single public identifier. number of bytes, such as the update of a single Public Identifier.
Other provisioning operations may constitute large dataset as in Other provisioning operations may constitute a large dataset, as in
adding millions of records to a Registry. As a result, a suitable adding millions of records to a Registry. As a result, a suitable
substrate protocol for SPPF SHOULD accommodate datasets of various substrate protocol for SPPF SHOULD accommodate datasets of various
sizes. sizes.
4.10. Request and Response Correlation 4.10. Request and Response Correlation
A substrate protocol suitable for SPPF MUST allow responses to be A substrate protocol suitable for SPPF MUST allow responses to be
correlated with requests. correlated with requests.
4.11. Request Acknowledgement 4.11. Request Acknowledgement
Data transported in the SPPF is likely crucial for the operation of Data transported in the SPPF is likely crucial for the operation of
the communication network that is being provisioned. An SPPF client the communication network that is being provisioned. An SPPF client
responsible for provisioning SED to the Registry has a need to know responsible for provisioning SED to the Registry has a need to know
if the submitted requests have been processed correctly. if the submitted requests have been processed correctly.
Failed transactions can lead to situations where a subset of public Failed transactions can lead to situations where a subset of Public
identifiers or even SSPs might not be reachable, or the provisioning Identifiers or even SSPs might not be reachable or the provisioning
state of the network is inconsistent. state of the network is inconsistent.
Therefore, a substrate protocol for SPPF MUST provide a response for Therefore, a substrate protocol for SPPF MUST provide a response for
each request, so that a client can identify whether a request each request, so that a client can identify whether a request
succeeded or failed. succeeded or failed.
5. Base Framework Data Structures and Response Codes 5. Base Framework Data Structures and Response Codes
SPPF contains some common data structures for most of the supported SPPF contains some common data structures for most of the supported
object types. This section describes these common data structures. object types. This section describes these common data structures.
5.1. Basic Object Type and Organization Identifiers 5.1. Basic Object Type and Organization Identifiers
All first class objects extend the type BasicObjType. It consists of All first-class objects extend the type BasicObjType. It consists of
the Registrant organization, the Registrar organization, the date and the Registrant organization, the Registrar organization, the date and
time of object creation, and the last date and time the object was time of object creation, and the last date and time the object was
modified. The Registry MUST store the date and time of the object modified. The Registry MUST store the date and time of the object
creation and modification, if applicable, for all Get operations (see creation and modification, if applicable, for all Get operations (see
Section 7). If the client passed in either date and time values, the Section 7). If the client passed in either date or time values, the
Registry MUST ignore it. The Registrar performs the SPPF operations Registry MUST ignore it. The Registrar performs the SPPF operations
on behalf of the Registrant, the organization that owns the object. on behalf of the Registrant, the organization that owns the object.
<complexType name="BasicObjType" abstract="true"> <complexType name="BasicObjType" abstract="true">
<sequence> <sequence>
<element name="rant" type="sppfb:OrgIdType"/> <element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/> <element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/> <element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/> <element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
skipping to change at page 13, line 50 skipping to change at page 14, line 4
<complexType name="BasicObjType" abstract="true"> <complexType name="BasicObjType" abstract="true">
<sequence> <sequence>
<element name="rant" type="sppfb:OrgIdType"/> <element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/> <element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/> <element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/> <element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</complexType> </complexType>
The identifiers used for Registrants (rant) and Registrars (rar) are The identifiers used for Registrants (rant) and Registrars (rar) are
instances of OrgIdType. The OrgIdType is defined as a string and all instances of OrgIdType. The OrgIdType is defined as a string and all
OrgIdType instances MUST follow the textual convention: OrgIdType instances MUST follow the textual convention:
"namespace:value" (for example "iana-en:32473"). Specifically: "namespace:value" (for example, "iana-en:32473"). Specifically:
Strings used as OrgIdType Namespace identifiers MUST conform to the Strings used as OrgIdType Namespace identifiers MUST conform to the
following syntax in the Augmented Backus-Naur Form (ABNF) [RFC5234] following syntax in the Augmented Backus-Naur Form (ABNF) [RFC5234].
namespace = ALPHA * (ALPHA/DIGIT/"-") namespace = ALPHA *(ALPHA/DIGIT/"-")
See Section 11 for the corresponding IANA Registry definition. See Section 11 for the corresponding IANA registry definition.
5.2. Various Object Key Types 5.2. Various Object Key Types
The SPPF data model contains various object relationships. In some The SPPF data model contains various object relationships. In some
cases, these object relationships are established by embedding the cases, these object relationships are established by embedding the
unique identity of the related object inside the relating object. unique identity of the related object inside the relating object.
Note that an object's unique identity is required to Delete or Get Note that an object's unique identity is required to Delete or Get
the details of an object. The following sub-sections normatively the details of an object. The following subsections normatively
define the various object keys in SPPF and the attributes of those define the various object keys in SPPF and the attributes of those
keys. keys.
"Name" attributes that are used as components of object key types "Name" attributes that are used as components of object key types
MUST be compared unsing the toCasefold() function, as specified in MUST be compared using the toCasefold() function, as specified in
Section 3.13 of [Unicode6.1] (or a newer version of Unicode). This Section 3.13 of [Unicode6.1] (or a newer version of Unicode). This
function performs case-insensitive comparisons. function performs case-insensitive comparisons.
5.2.1. Generic Object Key Type 5.2.1. Generic Object Key Type
Most objects in SPPF are uniquely identified by an object key that Most objects in SPPF are uniquely identified by an object key that
has the object's name, object's type and its Registrant's has the object's name, type, and Registrant's organization ID as
organization ID as its attributes. The abstract type called attributes. The abstract type called ObjKeyType is where this unique
ObjKeyType is where this unique identity is housed. Any concrete identity is housed. Any concrete representation of the ObjKeyType
representation of the ObjKeyType MUST contain the following: MUST contain the following:
Object Name: The name of the object. Object Name: The name of the object.
Registrant Id: The unique organization ID that identifies the Registrant ID: The unique organization ID that identifies the
Registrant. Registrant.
Type: The value that represents the type of SPPF object. This is Type: The value that represents the type of SPPF object. This is
required as different types of objects in SPPF, that belong to the required as different types of objects in SPPF, that belong to the
same Registrant, can have the same name. same Registrant, can have the same name.
The structure of abstract ObjKeyType is as follows: The structure of abstract ObjKeyType is as follows:
<complexType name="ObjKeyType" abstract="true"> <complexType name="ObjKeyType" abstract="true">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents the ---- Generic type that represents the
key for various objects in SPPF. ---- key for various objects in SPPF. ----
</documentation> </documentation>
</annotation> </annotation>
</complexType> </complexType>
5.2.2. Derived Object Key Types 5.2.2. Derived Object Key Types
The SPPF data model contains certain objects that are uniquely The SPPF data model contains certain objects that are uniquely
identified by attributes, different from or in addition to, the identified by attributes, different from or in addition to the
attributes in the generic object key described in previous section. attributes in the generic object key described in the previous
These kind of object keys are derived from the abstract ObjKeyType section. Object keys of this kind are derived from the abstract
and defined in their own abstract key types. Because these object ObjKeyType and defined in their own abstract key types. Because
key types are abstract, they MUST be specified in a concrete form in these object key types are abstract, they MUST be specified in a
any SPPF conforming substrate protocol specification. These are used concrete form in any SPPF-conforming substrate "protocol"
in Delete and Get operations, and may also be used in Accept and specification. These are used in Delete and Get operations and may
Reject operations. also be used in Accept and Reject operations.
Following are the derived object keys in SPPF data model: Following are the derived object keys in an SPPF data model:
o SedGrpOfferKeyType: This uniquely identifies an SED Group object o SedGrpOfferKeyType: This uniquely identifies a SED Group object
offer. This key type extends from ObjKeyType and MUST also have offer. This key type extends from ObjKeyType and MUST also have
the organization ID of the Registrant to whom the object is being the organization ID of the Registrant to whom the object is being
offered, as one of its attributes. In addition to the Delete and offered as one of its attributes. In addition to the Delete and
Get operations, these key types are used in Accept and Reject Get operations, these key types are used in Accept and Reject
operations on an SED Group Offer object. The structure of operations on a SED Group Offer object. The structure of abstract
abstract SedGrpOfferKeyType is as follows: SedGrpOfferKeyType is as follows:
<complexType name="SedGrpOfferKeyType" <complexType name="SedGrpOfferKeyType"
abstract="true"> abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:ObjKeyType"> <extension base="sppfb:ObjKeyType">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents ---- Generic type that represents
the key for an object offer. ---- the key for an object offer. ----
</documentation> </documentation>
skipping to change at page 16, line 12 skipping to change at page 16, line 14
A SED Group Offer object MUST use SedGrpOfferKeyType. Refer to A SED Group Offer object MUST use SedGrpOfferKeyType. Refer to
Section 6.5 for a description of the SED Group Offer object. Section 6.5 for a description of the SED Group Offer object.
o PubIdKeyType: This uniquely identifies a Public Identity object. o PubIdKeyType: This uniquely identifies a Public Identity object.
This key type extends from the abstract ObjKeyType. Any concrete This key type extends from the abstract ObjKeyType. Any concrete
definition of PubIdKeyType MUST contain the elements that identify definition of PubIdKeyType MUST contain the elements that identify
the value and type of Public Identity and also contain the the value and type of Public Identity and also contain the
organization ID of the Registrant that is the owner of the Public organization ID of the Registrant that is the owner of the Public
Identity object. A Public Identity object in SPPF is uniquely Identity object. A Public Identity object in SPPF is uniquely
identified by the Registrant's organization ID, the value of the identified by the Registrant's organization ID, the value of the
public identity, and the type of the public identity object. Public Identity, and the type of the Public Identity object.
Consequently, any concrete representation of the PubIdKeyType MUST Consequently, any concrete representation of the PubIdKeyType MUST
contain the following attributes: contain the following attributes:
* Registrant Id: The unique organization ID that identifies the * Registrant ID: The unique organization ID that identifies the
Registrant. Registrant.
* Value: The value of the Public Identity. * Value: The value of the Public Identity.
* Type: The type of the Public Identity Object. * Type: The type of the Public Identity object.
The PubIdKeyType is used in Delete and Get operations on a Public The PubIdKeyType is used in Delete and Get operations on a Public
Identifier object. Identifier object.
o The structure of abstract PubIdKeyType is as follows: o The structure of abstract PubIdKeyType is as follows:
<complexType name="PubIdKeyType" abstract="true"> <complexType name="PubIdKeyType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:ObjKeyType"> <extension base="sppfb:ObjKeyType">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents the key for a Pub Id. ---- ---- Generic type that represents the key for a Pub ID. ----
</documentation> </documentation>
</annotation> </annotation>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
A Public Identity object MUST use attributes of PubIdKeyType for its A Public Identity object MUST use attributes of PubIdKeyType for its
unique identification . Refer to Section 6 for a description of unique identification. Refer to Section 6 for a description of a
Public Identity object. Public Identity object.
5.3. Response Message Types 5.3. Response Message Types
The following table contains the list of response types which MUST by The following table contains the list of response types that MUST be
defined for a substrate protocol used to carry SPPF. An SPPF server defined for a substrate protocol used to carry SPPF. An SPPF server
MUST implement all of the following at minimum. MUST implement all of the following at minimum.
+---------------------+---------------------------------------------+ +---------------------+---------------------------------------------+
| Response Type | Description | | Response Type | Description |
+---------------------+---------------------------------------------+ +---------------------+---------------------------------------------+
| Request Succeeded | A given request succeeded. | | Request succeeded | A given request succeeded. |
| | | | Request syntax | The syntax of a given request was found to |
| Request syntax | The syntax of a given request was found | | invalid | be invalid. |
| invalid | invalid. |
| | |
| Request too large | The count of entities in the request is | | Request too large | The count of entities in the request is |
| | larger than the server is willing or able | | | larger than the server is willing or able |
| | to process. | | | to process. |
| | |
| Version not | The server does not support the version of | | Version not | The server does not support the version of |
| supported | the SPPF protocol specified in the request. | | supported | the SPPF protocol specified in the request. |
| | |
| Command invalid | The operation and/or command being | | Command invalid | The operation and/or command being |
| | requested by the client is invalid and/or | | | requested by the client is invalid and/or |
| | not supported by the server. | | | not supported by the server. |
| | |
| System temporarily | The SPPF server is temporarily not | | System temporarily | The SPPF server is temporarily not |
| unavailable | available to serve the client request. | | unavailable | available to serve the client request. |
| | |
| Unexpected internal | The SPPF server encountered an unexpected | | Unexpected internal | The SPPF server encountered an unexpected |
| system or server | error that prevented the server from | | system or server | error that prevented the server from |
| error. | fulfilling the request. | | error | fulfilling the request. |
| | |
| Attribute value | The SPPF server encountered an attribute or | | Attribute value | The SPPF server encountered an attribute or |
| invalid | property in the request that had an | | invalid | property in the request that had an |
| | invalid/bad value. Optionally, the | | | invalid/bad value. Optionally, the |
| | specification MAY provide a way to indicate | | | specification MAY provide a way to indicate |
| | the Attribute Name and the Attribute Value | | | the Attribute Name and the Attribute Value |
| | to identify the object that was found to be | | | to identify the object that was found to be |
| | invalid. | | | invalid. |
| | |
| Object does not | An object present in the request does not | | Object does not | An object present in the request does not |
| exist | exist on the SPPF server. Optionally, the | | exist | exist on the SPPF server. Optionally, the |
| | specification MAY provide a way to indicate | | | specification MAY provide a way to indicate |
| | the Attribute Name and the Attribute Value | | | the Attribute Name and the Attribute Value |
| | that identifies the non-existent object. | | | that identifies the nonexistent object. |
| | |
| Object status or | The operation requested on an object | | Object status or | The operation requested on an object |
| ownership does not | present in the request cannot be performed | | ownership does not | present in the request cannot be performed |
| allow for | because the object is in a status that does | | allow for operation | because the object is in a status that does |
| operation. | not allow said operation, or the user | | | not allow said operation, or the user |
| | requesting the operation is not authorized | | | requesting the operation is not authorized |
| | to perform said operation on the object. | | | to perform said operation on the object. |
| | Optionally, the specification MAY provide a | | | Optionally, the specification MAY provide a |
| | way to indicate the Attribute Name and the | | | way to indicate the Attribute Name and the |
| | Attribute Value that identifies the object. | | | Attribute Value that identifies the object. |
+---------------------+---------------------------------------------+ +---------------------+---------------------------------------------+
Table 1: Response Types Table 1: Response Types
When the response messages are "parameterized" with the Attribute When the response messages are "parameterized" with the Attribute
Name and Attribute Value, then the use of these parameters MUST Name and Attribute Value, then the use of these parameters MUST
adhere to the following rules: adhere to the following rules:
o Any value provided for the Attribute Name parameter MUST be an o Any value provided for the Attribute Name parameter MUST be an
exact XSD element name of the protocol data element that the exact XSD element name of the protocol data element to which the
response message is referring to. For example, valid values for response message is referring. For example, valid values for
"attribute name" are "dgName", "sedGrpName", "sedRec", etc. "attribute name" are "dgName", "sedGrpName", "sedRec", etc.
o The value for Attribute Value MUST be the value of the data o The value for Attribute Value MUST be the value of the data
element to which the preceding Attribute Name refers. element to which the preceding Attribute Name refers.
o Response type "Attribute value invalid" MUST be used whenever an o Response type "Attribute value invalid" MUST be used whenever an
element value does not adhere to data validation rules. element value does not adhere to data validation rules.
o Response types "Attribute value invalid" and "Object does not o Response types "Attribute value invalid" and "Object does not
exist" MUST NOT be used interchangeably. Response type "Object exist" MUST NOT be used interchangeably. Response type "Object
does not exist" MUST be returned by an Update/Del/Accept/Reject does not exist" MUST be returned by an Update/Del/Accept/Reject
operation when the data element(s) used to uniquely identify a operation when the data element(s) used to uniquely identify a
pre-existing object do not exist. If the data elements used to preexisting object does not exist. If the data elements used to
uniquely identify an object are malformed, then response type uniquely identify an object are malformed, then response type
"Attribute value invalid" MUST be returned. "Attribute value invalid" MUST be returned.
6. Framework Data Model Objects 6. Framework Data Model Objects
This section provides a description of the specification of each This section provides a description of the specification of each
supported data model object (the nouns) and identifies the commands supported data model object (the nouns) and identifies the commands
(the verbs) that MUST be supported for each data model object. (the verbs) that MUST be supported for each data model object.
However, the specification of the data structures necessary to However, the specification of the data structures necessary to
support each command is delegated to an SPPF conforming substrate support each command is delegated to an SPPF-conforming substrate
protocol specification. "protocol" specification.
6.1. Destination Group 6.1. Destination Group
Destination Group represents a logical grouping of Public Identifiers A Destination Group represents a logical grouping of Public
with common session establishment information. The substrate Identifiers with common SED. The substrate protocol MUST support the
protocol MUST support the ability to Add, Get, and Delete Destination ability to Add, Get, and Delete Destination Groups (refer to
Groups (refer to Section 7 for a generic description of various Section 7 for a generic description of various operations).
operations).
A Destination Group object MUST be uniquely identified by attributes A Destination Group object MUST be uniquely identified by attributes
as defined in the description of "ObjKeyType" in the section "Generic as defined in the description of "ObjKeyType" in "Generic Object Key
Object Key Type" of this document. Type" (Section 5.2.1 of this document).
The DestGrpType object structure is defined as follows: The DestGrpType object structure is defined as follows:
<complexType name="DestGrpType"> <complexType name="DestGrpType">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="dgName" type="sppfb:ObjNameType"/> <element name="dgName" type="sppfb:ObjNameType"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
The DestGrpType object is composed of the following elements: The DestGrpType object is composed of the following elements:
o base: All first class objects extend BasicObjType (see o base: All first-class objects extend BasicObjType (see
Section 5.1). Section 5.1).
o dgName: The character string that contains the name of the o dgName: The character string that contains the name of the
Destination Group. Destination Group.
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
6.2. Public Identifier 6.2. Public Identifier
A Public Identifier is the search key used for locating the session A Public Identifier is the search key used for locating the SED. In
establishment data (SED). In many cases, a Public Identifier is many cases, a Public Identifier is attributed to the end user who has
attributed to the end user who has a retail relationship with the a retail relationship with the SP or Registrant organization. SPPF
service provider or Registrant organization. SPPF supports the supports the notion of the carrier-of-record as defined in [RFC5067].
notion of the carrier-of-record as defined in [RFC5067]. Therefore, Therefore, the Registrant under which the Public Identifier is being
the Registrant under which the Public Identifier is being created can created can optionally claim to be a carrier-of-record.
optionally claim to be a carrier-of-record.
SPPF identifies three types of Public Identifiers: telephone numbers SPPF identifies three types of Public Identifiers: TNs, RNs, and
(TN), routing numbers (RN), and URIs. SPPF provides structures to URIs. SPPF provides structures to manage a single TN, a contiguous
manage a single TN, a contiguous range of TNs, and a TN prefix. The range of TNs, and a TN prefix. The substrate protocol MUST support
substrate protocol MUST support the ability to Add, Get, and Delete the ability to Add, Get, and Delete Public Identifiers (refer to
Public Identifiers (refer to Section 7 for a generic description of Section 7 for a generic description of various operations).
various operations).
A Public Identity object MUST be uniquely identified by attributes as A Public Identity object MUST be uniquely identified by attributes as
defined in the description of "PubIdKeyType" in Section 5.2.2. defined in the description of "PubIdKeyType" in Section 5.2.2.
The abstract XML schema type definition PubIdType is a generalization The abstract XSD type PubIdType is a generalization for the concrete
for the concrete Public Identifier schema types. The PubIdType Public Identifier schema types. The PubIdType element "dgName"
element 'dgName' represents the name of a destination group that a represents the name of a Destination Group of which a given Public
given Public Identifier may be a member of. Note that this element Identifier may be a member. Note that this element may be present
may be present multiple times so that a given Public Identifier may multiple times so that a given Public Identifier may be a member of
be a member of multiple destination groups. The PubIdType object multiple Destination Groups. The PubIdType object structure is
structure is defined as follows: defined as follows:
<complexType name="PubIdType" abstract="true"> <complexType name="PubIdType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="dgName" type="sppfb:ObjNameType" <element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
A Public Identifier may be a member of zero or more Destination A Public Identifier may be a member of zero or more Destination
Groups. When a Public Identifier is a member of a Destination Group, Groups. When a Public Identifier is a member of a Destination Group,
it is intended to be associated with SED through the SED Group(s) it is intended to be associated with SED through the SED Group(s)
that are associated with the Destination Group. When a Public that is associated with the Destination Group. When a Public
Identifier is not member of any Destination Group, it is intended to Identifier is not member of any Destination Group, it is intended to
be associated with SED through the SED Records that are directly be associated with SED through the SED Records that are directly
associated with the Public Identifier. associated with the Public Identifier.
A telephone number is provisioned using the TNType, an extension of A TN is provisioned using the TNType, an extension of PubIdType.
PubIdType. Each TNType object is uniquely identified by the Each TNType object is uniquely identified by the combination of its
combination of its value contained within the <tn> element, and its value contained within the <tn> element and its Registrant ID.
Registrant ID. TNType is defined as follows: TNType is defined as follows:
<complexType name="TNType"> <complexType name="TNType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="tn" type="sppfb:NumberValType"/> <element name="tn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
<element name="sedRecRef" type="sppfb:SedRecRefType" <element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
</sequence> </sequence>
skipping to change at page 21, line 37 skipping to change at page 21, line 42
<restriction base="token"> <restriction base="token">
<maxLength value="20"/> <maxLength value="20"/>
<pattern value="\+?\d\d*"/> <pattern value="\+?\d\d*"/>
</restriction> </restriction>
</simpleType> </simpleType>
TNType consists of the following attributes: TNType consists of the following attributes:
o tn: Telephone number to be added to the Registry. o tn: Telephone number to be added to the Registry.
o sedRecRef: Optional reference to SED records that are directly o sedRecRef: Optional reference to SED Records that are directly
associated with the TN Public Identifier. Following the SPPF data associated with the TN Public Identifier. Following the SPPF data
model, the SED record could be a protocol agnostic URIType or model, the SED Record could be a protocol-agnostic URIType or
another type. another type.
o corInfo: corInfo is an optional parameter of type CORInfoType that o corInfo: corInfo is an optional parameter of type CORInfoType that
allows the Registrant organization to set forth a claim to be the allows the Registrant organization to set forth a claim to be the
carrier-of-record (see [RFC5067]). This is done by setting the carrier-of-record (see [RFC5067]). This is done by setting the
value of the <corClaim> element of the CORInfoType object value of the <corClaim> element of the CORInfoType object
structure to "true". The other two parameters of the CORInfoType, structure to "true". The other two parameters of the CORInfoType,
<cor> and <corDate> are set by the Registry to describe the <cor> and <corDate>, are set by the Registry to describe the
outcome of the carrier-of-record claim by the Registrant. In outcome of the carrier-of-record claim by the Registrant. In
general, inclusion of <corInfo> parameter is useful if the general, inclusion of the <corInfo> parameter is useful if the
Registry has the authority information, such as, the number Registry has the authority information, such as the number
portability data, etc., in order to qualify whether the Registrant portability data, etc., in order to qualify whether the Registrant
claim can be satisfied. If the carrier-of-record claim disagrees claim can be satisfied. If the carrier-of-record claim disagrees
with the authority data in the Registry, whether a TN Add with the authority data in the Registry, whether or not a TN Add
operation fails or not is a matter of policy and is beyond the operation fails is a matter of policy and is beyond the scope of
scope of this document. this document.
A routing number is provisioned using the RNType, an extension of An RN is provisioned using the RNType, an extension of PubIDType.
PubIDType. The Registrant organization can add the RN and associate The Registrant organization can add the RN and associate it with the
it with the appropriate destination group(s) to share the route appropriate Destination Group(s) to share the route information.
information. This allows SSPs to use the RN search key to derive the This allows SSPs to use the RN search key to derive the Ingress
ingress routes for session establishment at the runtime resolution Routes for session establishment at the runtime resolution process
process (see [RFC6116]. Each RNType object is uniquely identified by (see [RFC6116]). Each RNType object is uniquely identified by the
the combination of its value inside the <rn> element, and its combination of its value inside the <rn> element and its Registrant
Registrant ID. RNType is defined as follows: ID. RNType is defined as follows:
<complexType name="RNType"> <complexType name="RNType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="rn" type="sppfb:NumberValType"/> <element name="rn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
RNType has the following attributes: RNType has the following attributes:
o rn: Routing Number used as the search key. o rn: The RN used as the search key.
o corInfo: corInfo is an optional parameter of type CORInfoType that o corInfo: corInfo is an optional parameter of type CORInfoType that
allows the Registrant organization to set forth a claim to be the allows the Registrant organization to set forth a claim to be the
carrier-of-record (see [RFC5067]) carrier-of-record (see [RFC5067]).
TNRType structure is used to provision a contiguous range of TNRType structure is used to provision a contiguous range of TNs.
telephone numbers. The object definition requires a starting TN and The object definition requires a starting TN and an ending TN that
an ending TN that together define the span of the TN range, including together define the span of the TN range, including the starting and
the starting and ending TN. Use of TNRType is particularly useful ending TN. Use of TNRType is particularly useful when expressing a
when expressing a TN range that does not include all the TNs within a TN range that does not include all the TNs within a TN block or
TN block or prefix. The TNRType definition accommodates the open prefix. The TNRType definition accommodates the open number plan as
number plan as well such that the TNs that fall between the start and well such that the TNs that fall in the range between the start and
end TN range may include TNs with different length variance. Whether end TN may include TNs with different length variance. Whether the
the Registry can accommodate the open number plan semantics is a Registry can accommodate the open number plan semantics is a matter
matter of policy and is beyond the scope of this document. Each of policy and is beyond the scope of this document. Each TNRType
TNRType object is uniquely identified by the combination of its value object is uniquely identified by the combination of its value that,
that in turn is a combination of the <startTn> and <endTn> elements, in turn, is a combination of the <startTn> and <endTn> elements and
and its Registrant ID. The TNRType object structure definition is as its Registrant ID. The TNRType object structure definition is as
follows: follows:
<complexType name="TNRType"> <complexType name="TNRType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="range" type="sppfb:NumberRangeType"/> <element name="range" type="sppfb:NumberRangeType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
skipping to change at page 23, line 25 skipping to change at page 23, line 28
<complexType name="NumberRangeType"> <complexType name="NumberRangeType">
<sequence> <sequence>
<element name="startTn" type="sppfb:NumberValType"/> <element name="startTn" type="sppfb:NumberValType"/>
<element name="endTn" type="sppfb:NumberValType"/> <element name="endTn" type="sppfb:NumberValType"/>
</sequence> </sequence>
</complexType> </complexType>
TNRType has the following attributes: TNRType has the following attributes:
o startTn: Starting TN in the TN range o startTn: The starting TN in the TN range.
o endTn: The last TN in the TN range o endTn: The last TN in the TN range.
o corInfo: corInfo is an optional parameter of type CORInfoType that o corInfo: corInfo is an optional parameter of type CORInfoType that
allows the Registrant organization to set forth a claim to be the allows the Registrant organization to set forth a claim to be the
carrier-of-record (see [RFC5067]) carrier-of-record (see [RFC5067]).
In some cases, it is useful to describe a set of TNs with the help of In some cases, it is useful to describe a set of TNs with the help of
the first few digits of the telephone number, also referred to as the the first few digits of the TN, also referred to as the TN prefix or
telephone number prefix or a block. A given TN prefix may include a block. A given TN prefix may include TNs with different length
TNs with different length variance in support of the open number variance in support of the open number plan. Once again, whether the
plan. Once again, whether the Registry supports the open number plan Registry supports the open number plan semantics is a matter of
semantics is a matter of policy and it is beyond the scope of this policy, and it is beyond the scope of this document. The TNPType
document. The TNPType data structure is used to provision a TN data structure is used to provision a TN prefix. Each TNPType object
prefix. Each TNPType object is uniquely identified by the is uniquely identified by the combination of its value in the
combination of its value in the <tnPrefix> element, and its <tnPrefix> element and its Registrant ID. TNPType is defined as
Registrant ID. TNPType is defined as follows: follows:
<complexType name="TNPType"> <complexType name="TNPType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="tnPrefix" type="sppfb:NumberValType"/> <element name="tnPrefix" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/> <element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
TNPType consists of the following attributes: TNPType consists of the following attributes:
o tnPrefix: The telephone number prefix o tnPrefix: The TN prefix.
o corInfo: corInfo is an optional parameter of type CORInfoType that o corInfo: corInfo is an optional parameter of type CORInfoType that
allows the Registrant organization to set forth a claim to be the allows the Registrant organization to set forth a claim to be the
carrier-of-record (see [RFC5067]) carrier-of-record (see [RFC5067]).
In some cases, a Public Identifier may be a URI, such as an email In some cases, a Public Identifier may be a URI, such as an email
address. The URIPubIdType object is comprised of the data element address. The URIPubIdType object is comprised of the data element
necessary to house such Public Identifiers. Each URIPubIdType object necessary to house such Public Identifiers. Each URIPubIdType object
is uniquely identified by the combination of its value in the <uri> is uniquely identified by the combination of its value in the <uri>
element, and its Registrant ID. URIPubIdType is defined as follows: element and its Registrant ID. URIPubIdType is defined as follows:
<complexType name="URIPubIdType"> <complexType name="URIPubIdType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="uri" type="anyURI"/> <element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
skipping to change at page 24, line 40 skipping to change at page 25, line 4
<complexType name="URIPubIdType"> <complexType name="URIPubIdType">
<complexContent> <complexContent>
<extension base="sppfb:PubIdType"> <extension base="sppfb:PubIdType">
<sequence> <sequence>
<element name="uri" type="anyURI"/> <element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
URIPubIdType consists of the following attributes: URIPubIdType consists of the following attributes:
o uri: The value that acts as Public Identifier. o uri: The value that acts as the Public Identifier.
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
6.3. SED Group 6.3. SED Group
SED Group is a grouping of one or more Destination Group, the common SED Group is a grouping of one or more Destination Groups, the common
SED Records, and the list of peer organizations with access to the SED Records, and the list of peer organizations with access to the
SED Records associated with a given SED Group. It is this indirect SED Records associated with a given SED Group. It is this indirect
linking of public identifiers to their Session Establishment Data linking of Public Identifiers to their SED that significantly
that significantly improves the scalability and manageability of the improves the scalability and manageability of the peering data.
peering data. Additions and changes to SED information are reduced Additions and changes to SED information are reduced to a single
to a single operation on a SED Group or SED Record, rather than operation on a SED Group or SED Record rather than millions of data
millions of data updates to individual public identifier records that updates to individual Public Identifier records that individually
individually contain their peering data. The substrate protocol MUST contain their peering data. The substrate protocol MUST support the
support the ability to Add, Get, and Delete SED Groups (refer to ability to Add, Get, and Delete SED Groups (refer to Section 7 for a
Section 7 for a generic description of various operations). generic description of various operations).
A SED Group object MUST be uniquely identified by attributes as A SED Group object MUST be uniquely identified by attributes as
defined in the description of "ObjKeyType" in the section "Generic defined in the description of "ObjKeyType" in "Generic Object Key
Object Key Type" of this document. Type" (Section 5.2.1 of this document).
The SedGrpType object structure is defined as follows: The SedGrpType object structure is defined as follows:
<complexType name="SedGrpType"> <complexType name="SedGrpType">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="sedGrpName" type="sppfb:ObjNameType"/> <element name="sedGrpName" type="sppfb:ObjNameType"/>
<element name="sedRecRef" type="sppfb:SedRecRefType" <element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
skipping to change at page 25, line 49 skipping to change at page 26, line 38
<complexType name="SedRecRefType"> <complexType name="SedRecRefType">
<sequence> <sequence>
<element name="sedKey" type="sppfb:ObjKeyType"/> <element name="sedKey" type="sppfb:ObjKeyType"/>
<element name="priority" type="unsignedShort"/> <element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</complexType> </complexType>
The SedGrpType object is composed of the following elements: The SedGrpType object is composed of the following elements:
o base: All first class objects extend BasicObjType (see o base: All first-class objects extend BasicObjType (see
Section 5.1). Section 5.1).
o sedGrpName: The character string that contains the name of the SED o sedGrpName: The character string that contains the name of the SED
Group. It uniquely identifies this object within the context of Group. It uniquely identifies this object within the context of
the Registrant ID (a child element of the base element as the Registrant ID (a child element of the base element as
described above). described above).
o sedRecRef: Set of zero or more objects of type SedRecRefType that o sedRecRef: Set of zero or more objects of type SedRecRefType that
house the unique keys of the SED Records (containing the session house the unique keys of the SED Records (containing the SED) that
establishment data) that the SedGrpType object refers to and their the SedGrpType object refers to and their relative priority within
relative priority within the context of this SED Group. the context of this SED Group.
o dgName: Set of zero or more names of DestGrpType object instances. o dgName: Set of zero or more names of DestGrpType object instances.
Each dgName name, in association with this SED Group's Registrant Each dgName name, in association with this SED Group's Registrant
ID, uniquely identifies a DestGrpType object instance whose ID, uniquely identifies a DestGrpType object instance whose
associated public identifiers are reachable using the session associated Public Identifiers are reachable using the SED housed
establishment information housed in this SED Group. An intended in this SED Group. An intended side effect of this is that a SED
side effect of this is that a SED Group cannot provide session Group cannot provide session establishment information for a
establishment information for a Destination Group belonging to Destination Group belonging to another Registrant.
another Registrant.
o peeringOrg: Set of zero or more peering organization IDs that have o peeringOrg: Set of zero or more peering organization IDs that have
accepted an offer to receive this SED Group's information. Note accepted an offer to receive this SED Group's information. Note
that this identifier "peeringOrg" is an instance of OrgIdType. that this identifier "peeringOrg" is an instance of OrgIdType.
The set of peering organizations in this list is not directly The set of peering organizations in this list is not directly
settable or modifiable using the addSedGrpsRqst operation. This settable or modifiable using the addSedGrpsRqst operation. This
set is instead controlled using the SED offer and accept set is instead controlled using the SED Offer and Accept
operations. operations.
o sourceIdent: Set of zero or more SourceIdentType object instances. o sourceIdent: Set of zero or more SourceIdentType object instances.
These objects, described further below, house the source These objects, described further below, house the source
identification schemes and identifiers that are applied at identification schemes and identifiers that are applied at
resolution time as part of source-based routing algorithms for the resolution time as part of source-based routing algorithms for the
SED Group. SED Group.
o isInSvc: A boolean element that defines whether this SED Group is o isInSvc: A boolean element that defines whether this SED Group is
in service. The session establishment information contained in a in service. The SED contained in a SED Group that is in service
SED Group that is in service is a candidate for inclusion in is a candidate for inclusion in resolution responses for Public
resolution responses for public identities residing in the Identities residing in the Destination Group associated with this
Destination Group associated with this SED Group. The session SED Group. The session establishment information contained in a
establishment information contained in a SED Group that is not in SED Group that is not in service is not a candidate for inclusion
service is not a candidate for inclusion in resolution responses. in resolution responses.
o priority: Priority value that can be used to provide a relative o priority: Priority value that can be used to provide a relative
value weighting of one SED Group over another. The manner in value weighting of one SED Group over another. The manner in
which this value is used, perhaps in conjunction with other which this value is used, perhaps in conjunction with other
factors, is a matter of policy. factors, is a matter of policy.
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
As described above, the SED Group contains a set of references to SED As described above, the SED Group contains a set of references to SED
record objects. A SED record object is based on an abstract type: Record objects. A SED Record object is based on an abstract type:
SedRecType. The concrete types that use SedRecType as an extension SedRecType. The concrete types that use SedRecType as an extension
base are NAPTRType, NSType, and URIType. The definitions of these base are NAPTRType, NSType, and URIType. The definitions of these
types are included the SED Record section of this document. types are included in "SED Record" (Section 6.4 of this document).
The SedGrpType object provides support for source-based routing via The SedGrpType object provides support for source-based routing via
the peeringOrg data element and more granular source base routing via the peeringOrg data element and more granular source-based routing
the source identity element. The source identity element provides via the source identity element. The source identity element
the ability to specify zero or more of the following in association provides the ability to specify zero or more of the following in
with a given SED Group: a regular expression that is matched against association with a given SED Group: a regular expression that is
the resolution client IP address, a regular expression that is matched against the resolution client IP address, a regular
matched against the root domain name(s), and/or a regular expression expression that is matched against the root domain name(s), and/or a
that is matched against the calling party URI(s). The result will be regular expression that is matched against the calling party URI(s).
that, after identifying the visible SED Groups whose associated The result will be that, after identifying the visible SED Groups
Destination Group(s) contain the lookup key being queried and whose whose associated Destination Group(s) contains the lookup key being
peeringOrg list contains the querying organization's organization ID, queried and whose peeringOrg list contains the querying
the resolution server will evaluate the characteristics of the Source organization's organization ID, the resolution server will evaluate
URI, and Source IP address, and root domain of the lookup key being the characteristics of the Source URI, Source IP address, and root
queried. The resolution server then compares these criteria against domain of the lookup key being queried. The resolution server then
the source identity criteria associated with the SED Groups. The compares these criteria against the source identity criteria
session establishment information contained in SED Groups that have associated with the SED Groups. The SED contained in SED Groups that
source-based routing criteria will only be included in the resolution have source-based routing criteria will only be included in the
response if one or more of the criteria matches the source criteria resolution response if one or more of the criteria matches the source
from the resolution request. The Source Identity data element is of criteria from the resolution request. The source identity data
type SourceIdentType, whose structure is defined as follows: element is of type SourceIdentType, whose structure is defined as
follows:
<complexType name="SourceIdentType"> <complexType name="SourceIdentType">
<sequence> <sequence>
<element name="sourceIdentRegex" type="sppfb:RegexType"/> <element name="sourceIdentRegex" type="sppfb:RegexType"/>
<element name="sourceIdentScheme" <element name="sourceIdentScheme"
type="sppfb:SourceIdentSchemeType"/> type="sppfb:SourceIdentSchemeType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</complexType> </complexType>
skipping to change at page 28, line 18 skipping to change at page 29, line 8
o sourceIdentRegex: The regular expression that should be used to o sourceIdentRegex: The regular expression that should be used to
test for a match against the portion of the resolution request test for a match against the portion of the resolution request
that is dictated by the associated sourceIdentScheme. that is dictated by the associated sourceIdentScheme.
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
6.4. SED Record 6.4. SED Record
SED Group represents a combined grouping of SED Records that define SED Group represents a combined grouping of SED Records that define
session establishment information. However, SED Records need not be SED. However, SED Records need not be created to just serve a single
created to just serve a single SED Group. SED Records can be created SED Group. SED Records can be created and managed to serve multiple
and managed to serve multiple SED Groups. As a result, a change for SED Groups. As a result, a change, for example, to the properties of
example to the properties of a network node used for multiple routes, a network node used for multiple routes would necessitate just a
would necessitate just a single update operation to change the single update operation to change the properties of that node. The
properties of that node. The change would then be reflected in all change would then be reflected in all the SED Groups whose SED Record
the SED Groups whose SED record set contains a reference to that set contains a reference to that node. The substrate protocol MUST
node. The substrate protocol MUST support the ability to Add, Get, support the ability to Add, Get, and Delete SED Records (refer to
and Delete SED Records (refer to Section 7 for a generic description Section 7 for a generic description of various operations).
of various operations).
A SED Record object MUST be uniquely identified by attributes as A SED Record object MUST be uniquely identified by attributes as
defined in the description of "ObjKeyType" in the section "Generic defined in the description of "ObjKeyType" in "Generic Object Key
Object Key Type" of this document. Type" (Section 5.2.1 of this document).
The SedRecType object structure is defined as follows: The SedRecType object structure is defined as follows:
<complexType name="SedRecType" abstract="true"> <complexType name="SedRecType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="sedName" type="sppfb:ObjNameType"/> <element name="sedName" type="sppfb:ObjNameType"/>
<element name="sedFunction" type="sppfb:SedFunctionType" <element name="sedFunction" type="sppfb:SedFunctionType"
minOccurs="0"/> minOccurs="0"/>
skipping to change at page 29, line 28 skipping to change at page 29, line 47
<simpleType name="SedFunctionType"> <simpleType name="SedFunctionType">
<restriction base="token"> <restriction base="token">
<enumeration value="routing"/> <enumeration value="routing"/>
<enumeration value="lookup"/> <enumeration value="lookup"/>
</restriction> </restriction>
</simpleType> </simpleType>
The SedRecType object is composed of the following elements: The SedRecType object is composed of the following elements:
o base: All first class objects extend BasicObjType (see o base: All first-class objects extend BasicObjType (see
Section 5.1). Section 5.1).
o sedName: The character string that contains the name of the SED o sedName: The character string that contains the name of the SED
Record. It uniquely identifies this object within the context of Record. It uniquely identifies this object within the context of
the Registrant ID (a child element of the base element as the Registrant ID (a child element of the base element as
described above). described above).
o sedFunction: As described in [RFC6461], SED or Session o sedFunction: As described in [RFC6461], SED falls primarily into
Establishment Data falls primarily into one of two categories or one of two categories or functions: LUF and LRF. To remove any
functions, LUF and LRF. To remove any ambiguity as to the ambiguity as to the function a SED Record is intended to provide,
function a SED record is intended to provide, this optional this optional element allows the provisioning party to make its
element allows the provisioning party to make its intentions intentions explicit.
explicit.
o isInSvc: A boolean element that defines whether this SED Record is o isInSvc: A boolean element that defines whether or not this SED
in service or not. The session establishment information Record is in service. The session establishment information
contained in a SED Record which is in service is a candidate for contained in a SED Record that is in service is a candidate for
inclusion in resolution responses for Telephone Numbers that are inclusion in resolution responses for TNs that are either directly
either directly associated to this SED Record, or for Public associated to this SED Record or for Public Identities residing in
Identities residing in a Destination Group that is associated to a a Destination Group that is associated to a SED Group, which, in
SED Group which in turn has an association to this SED Record. turn, has an association to this SED Record.
o ttl: Number of seconds that an addressing server may cache a o ttl: Number of seconds that an addressing server may cache a
particular SED Record. particular SED Record.
As described above, SED records are based on an abstract type: As described above, SED Records are based on abstract type
SedRecType. The concrete types that use SedRecType as an extension SedRecType. The concrete types that use SedRecType as an extension
base are NAPTRType, NSType, and URIType. The definitions of these base are NAPTRType, NSType, and URIType. The definitions of these
types are included below. The NAPTRType object is comprised of the types are included below. The NAPTRType object is comprised of the
data elements necessary for a NAPTR (see [RFC3403]that contains data elements necessary for a Naming Authority Pointer (NAPTR) (see
routing information for a SED Group. The NSType object is comprised [RFC3403]) that contains routing information for a SED Group. The
of the data elements necessary for a DNS name server that points to NSType object is comprised of the data elements necessary for a DNS
another DNS server that contains the desired routing information. name server that points to another DNS server that contains the
The NSType is relevant only when the resolution protocol is ENUM (see desired routing information. The NSType is relevant only when the
[RFC6116]). The URIType object is comprised of the data elements resolution protocol is ENUM (see [RFC6116]). The URIType object is
necessary to house a URI. comprised of the data elements necessary to house a URI.
The data provisioned in a Registry can be leveraged for many purposes The data provisioned in a Registry can be leveraged for many purposes
and queried using various protocols including SIP, ENUM and others. and queried using various protocols including SIP, ENUM, and others.
As such, the resolution data represented by the SED records must be As such, the resolution data represented by the SED Records must be
in a form suitable for transport using one of these protocols. In in a form suitable for transport using one of these protocols. In
the NAPTRType for example, if the URI is associated with a the NAPTRType, for example, if the URI is associated with a
destination group, the user part of the replacement string <uri> that Destination Group, the user part of the replacement string <uri> that
may require the Public Identifier cannot be preset. As a SIP may require the Public Identifier cannot be preset. As a SIP
Redirect, the resolution server will apply <ere> pattern on the input Redirect, the resolution server will apply <ere> pattern on the input
Public Identifier in the query and process the replacement string by Public Identifier in the query and process the replacement string by
substituting any back reference(s) in the <uri> to arrive at the substituting any back references in the <uri> to arrive at the final
final URI that is returned in the SIP Contact header. For an ENUM URI that is returned in the SIP Contact header. For an ENUM query,
query, the resolution server will simply return the values of the the resolution server will simply return the values of the <ere> and
<ere> and <uri> members of the URI. <uri> members of the URI.
<complexType name="NAPTRType"> <complexType name="NAPTRType">
<complexContent> <complexContent>
<extension base="sppfb:SedRecType"> <extension base="sppfb:SedRecType">
<sequence> <sequence>
<element name="order" type="unsignedShort"/> <element name="order" type="unsignedShort"/>
<element name="flags" type="sppfb:FlagsType" minOccurs="0"/> <element name="flags" type="sppfb:FlagsType" minOccurs="0"/>
<element name="svcs" type="sppfb:SvcType"/> <element name="svcs" type="sppfb:SvcType"/>
<element name="regx" type="sppfb:RegexParamType" minOccurs="0"/> <element name="regx" type="sppfb:RegexParamType" minOccurs="0"/>
<element name="repl" type="sppfb:ReplType" minOccurs="0"/> <element name="repl" type="sppfb:ReplType" minOccurs="0"/>
skipping to change at page 31, line 50 skipping to change at page 32, line 23
<length value="1"/> <length value="1"/>
<pattern value="[A-Z]|[a-z]|[0-9]"/> <pattern value="[A-Z]|[a-z]|[0-9]"/>
</restriction> </restriction>
</simpleType> </simpleType>
The NAPTRType object is composed of the following elements: The NAPTRType object is composed of the following elements:
o order: Order value in an ENUM NAPTR, relative to other NAPTRType o order: Order value in an ENUM NAPTR, relative to other NAPTRType
objects in the same SED Group. objects in the same SED Group.
o svcs: ENUM service(s) that are served by the SBE. This field's o svcs: ENUM service(s) that is served by the SBE. This field's
value must be of the form specified in [RFC6116] (e.g., value must be of the form specified in [RFC6116] (e.g.,
E2U+pstn:sip+sip). The allowable values are a matter of policy E2U+pstn:sip+sip). The allowable values are a matter of policy
and not limited by this protocol. and are not limited by this protocol.
o regx: NAPTR's regular expression field. If this is not included o regx: NAPTR's regular expression field. If this is not included,
then the repl field must be included. then the repl field must be included.
o repl: NAPTR replacement field, should only be provided if the regx o repl: NAPTR replacement field; it should only be provided if the
field is not provided, otherwise the server will ignore it regx field is not provided; otherwise, the server will ignore it.
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
The NSType object is composed of the following elements: The NSType object is composed of the following elements:
o hostName: Root-relative host name of the name server. o hostName: Root-relative host name of the name server.
o ipAddr: Zero or more objects of type IpAddrType. Each object o ipAddr: Zero or more objects of type IpAddrType. Each object
holds an IP Address and the IP Address type ("IPv4" or "IPv6"). holds an IP Address and the IP Address type ("IPv4" or "IPv6").
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
The URIType object is composed of the following elements: The URIType object is composed of the following elements:
o ere: The POSIX Extended Regular Expression (ere) as defined in o ere: The POSIX Extended Regular Expression (ere) as defined in
[RFC3986]. [RFC3986].
o uri: the URI as defined in [RFC3986]. In some cases, this will o uri: the URI as defined in [RFC3986]. In some cases, this will
serve as the replacement string and it will be left to the serve as the replacement string, and it will be left to the
resolution server to arrive at the final usable URI. resolution server to arrive at the final usable URI.
6.5. SED Group Offer 6.5. SED Group Offer
The list of peer organizations whose resolution responses can include The list of peer organizations whose resolution responses can include
the session establishment information contained in a given SED Group the SED contained in a given SED Group is controlled by the
is controlled by the organization to which a SED Group object belongs organization to which a SED Group object belongs (its Registrant) and
(its Registrant), and the peer organization that submits resolution the peer organization that submits resolution requests (a data
requests (a data recipient, also known as a peering organization). recipient, also known as a peering organization). The Registrant
The Registrant offers access to a SED Group by submitting a SED Group offers access to a SED Group by submitting a SED Group Offer. The
Offer. The data recipient can then accept or reject that offer. Not data recipient can then accept or reject that offer. Not until
until access to a SED Group has been offered and accepted will the access to a SED Group has been offered and accepted will the data
data recipient's organization ID be included in the peeringOrg list recipient's organization ID be included in the peeringOrg list in a
in a SED Group object, and that SED Group's peering information SED Group object, and that SED Group's peering information becomes a
become a candidate for inclusion in the responses to the resolution candidate for inclusion in the responses to the resolution requests
requests submitted by that data recipient. The substrate protocol submitted by that data recipient. The substrate protocol MUST
MUST support the ability to Add, Get, Delete, Accept and Reject SED support the ability to Add, Get, Delete, Accept, and Reject SED Group
Group Offers (refer to Section 7 for a generic description of various Offers (refer to Section 7 for a generic description of various
operations). operations).
A SED Group Offer object MUST be uniquely identified by attributes as A SED Group Offer object MUST be uniquely identified by attributes as
defined in the description of "SedGrpOfferKeyType" in the section defined in the description of "SedGrpOfferKeyType" in "Derived Object
"Derived Object Key Types" of this document. Key Types" (Section 5.2.2 of this document).
The SedGrpOfferType object structure is defined as follows: The SedGrpOfferType object structure is defined as follows:
<complexType name="SedGrpOfferType"> <complexType name="SedGrpOfferType">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
<element name="sedGrpOfferKey" type="sppfb:SedGrpOfferKeyType"/> <element name="sedGrpOfferKey" type="sppfb:SedGrpOfferKeyType"/>
<element name="status" type="sppfb:SedGrpOfferStatusType"/> <element name="status" type="sppfb:SedGrpOfferStatusType"/>
<element name="offerDateTime" type="dateTime"/> <element name="offerDateTime" type="dateTime"/>
<element name="acceptDateTime" type="dateTime" minOccurs="0"/> <element name="acceptDateTime" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
<complexType name="SedGrpOfferKeyType" abstract="true"> <complexType name="SedGrpOfferKeyType" abstract="true">
<annotation> <annotation>
<documentation> <documentation>
-- Generic type that represents the key for a SED group offer. Must -- Generic type that represents the key for a SED Group Offer. Must
be defined in concrete form in the substrate specification. -- be defined in concrete form in a substrate "protocol"
specification. --
</documentation> </documentation>
</annotation> </annotation>
</complexType> </complexType>
<simpleType name="SedGrpOfferStatusType"> <simpleType name="SedGrpOfferStatusType">
<restriction base="token"> <restriction base="token">
<enumeration value="offered"/> <enumeration value="offered"/>
<enumeration value="accepted"/> <enumeration value="accepted"/>
</restriction> </restriction>
</simpleType> </simpleType>
The SedGrpOfferType object is composed of the following elements: The SedGrpOfferType object is composed of the following elements:
o base: All first class objects extend BasicObjType (see o base: All first-class objects extend BasicObjType (see
Section 5.1). Section 5.1).
o sedGrpOfferKey: The object that identifies the SED that is or has o sedGrpOfferKey: The object that identifies the SED that is or has
been offered and the organization that it is or has been offered been offered and the organization to which it is or has been
to. offered.
o status: The status of the offer, offered or accepted. The server o status: The status of the offer, offered or accepted. The server
controls the status. It is automatically set to "offered" controls the status. It is automatically set to "offered"
whenever a new SED Group Offer is added, and is automatically set whenever a new SED Group Offer is added and is automatically set
to "accepted" if and when that offer is accepted. The value of to "accepted" if and when that offer is accepted. The value of
the element is ignored when passed in by the client. the element is ignored when passed in by the client.
o offerDateTime: Date and time in UTC when the SED Group Offer was o offerDateTime: Date and time in UTC when the SED Group Offer was
added. added.
o acceptDateTime: Date and time in UTC when the SED Group Offer was o acceptDateTime: Date and time in UTC when the SED Group Offer was
accepted. accepted.
6.6. Egress Route 6.6. Egress Route
In a high-availability environment, the originating SSP likely has In a high-availability environment, the originating SSP likely has
more than one egress path to the ingress SBE of the target SSP. If more than one egress path to the ingress SBE of the target SSP. If
the originating SSP wants to exercise greater control and choose a the originating SSP wants to exercise greater control and choose a
specific egress SBE to be associated to the target ingress SBE, it specific egress SBE to be associated to the target ingress SBE, it
can do so using the EgrRteType object. can do so using the EgrRteType object.
An Egress Route object MUST be uniquely identified by attributes as An Egress Route object MUST be uniquely identified by attributes as
defined in the description of "ObjKeyType" in the section "Generic defined in the description of "ObjKeyType" in "Generic Object Key
Object Key Type" of this document. Type" (Section 5.2.1 of this document).
Assume that the target SSP has offered as part of its session Assume that the target SSP has offered, as part of its SED, to share
establishment data, to share one or more ingress routes and that the one or more Ingress Routes and that the originating SSP has accepted
originating SSP has accepted the offer. In order to add the egress the offer. In order to add the Egress Route to the Registry, the
route to the Registry, the originating SSP uses a valid regular originating SSP uses a valid regular expression to rewrite the
expression to rewrite the ingress route in order to include the Ingress Route in order to include the egress SBE information. Also,
egress SBE information. Also, more than one egress route can be more than one Egress Route can be associated with a given Ingress
associated with a given ingress route in support of fault-tolerant Route in support of fault-tolerant configurations. The supporting
configurations. The supporting SPPF structure provides a way to SPPF structure provides a way to include route precedence information
include route precedence information to help manage traffic to more to help manage traffic to more than one outbound egress SBE.
than one outbound egress SBE.
The substrate protocol MUST support the ability to Add, Get, and The substrate protocol MUST support the ability to Add, Get, and
Delete Egress Routes (refer to Section 7 for a generic description of Delete Egress Routes (refer to Section 7 for a generic description of
various operations). The EgrRteType object structure is defined as various operations). The EgrRteType object structure is defined as
follows: follows:
<complexType name="EgrRteType"> <complexType name="EgrRteType">
<complexContent> <complexContent>
<extension base="sppfb:BasicObjType"> <extension base="sppfb:BasicObjType">
<sequence> <sequence>
skipping to change at page 35, line 20 skipping to change at page 36, line 4
<element name="pref" type="unsignedShort"/> <element name="pref" type="unsignedShort"/>
<element name="regxRewriteRule" type="sppfb:RegexParamType"/> <element name="regxRewriteRule" type="sppfb:RegexParamType"/>
<element name="ingrSedGrp" type="sppfb:ObjKeyType" <element name="ingrSedGrp" type="sppfb:ObjKeyType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
<element name="svcs" type="sppfb:SvcType" minOccurs="0"/> <element name="svcs" type="sppfb:SvcType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/> <element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence> </sequence>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
The EgrRteType object is composed of the following elements: The EgrRteType object is composed of the following elements:
o base: All first class objects extend BasicObjType (see o base: All first-class objects extend BasicObjType (see
Section 5.1). Section 5.1).
o egrRteName: The name of the egress route. o egrRteName: The name of the Egress Route.
o pref: The preference of this egress route relative to other egress o pref: The preference of this Egress Route relative to other Egress
routes that may get selected when responding to a resolution Routes that may get selected when responding to a resolution
request. request.
o regxRewriteRule: The regular expression re-write rule that should o regxRewriteRule: The regular expression rewrite rule that should
be applied to the regular expression of the ingress NAPTR(s) that be applied to the regular expression of the ingress NAPTR(s) that
belong to the ingress route. belongs to the Ingress Route.
o ingrSedGrp: The ingress SED group that the egress route should be o ingrSedGrp: The ingress SED Group that the Egress Route should be
used for. used for.
o svcs: ENUM service(s) that are served by an Egress Route. This o svcs: ENUM service(s) that is served by an Egress Route. This
element is used to identify the ingress NAPTRs associated with the element is used to identify the ingress NAPTRs associated with the
SED Group to which an Egress Route's regxRewriteRule should be SED Group to which an Egress Route's regxRewriteRule should be
applied. If no ENUM service(s) are associated with an Egress applied. If no ENUM service(s) is associated with an Egress
Route, then the Egress Route's regxRewriteRule should be applied Route, then the Egress Route's regxRewriteRule should be applied
to all the NAPTRs associated with the SED Group. This field's to all the NAPTRs associated with the SED Group. This field's
value must be of the form specified in [RFC6116] (e.g., value must be of the form specified in [RFC6116] (e.g.,
E2U+pstn:sip+sip). The allowable values are a matter of policy E2U+pstn:sip+sip). The allowable values are a matter of policy
and not limited by this protocol. and are not limited by this protocol.
o ext: Point of extensibility described in Section 3.3. o ext: Point of extensibility described in Section 3.3.
7. Framework Operations 7. Framework Operations
In addition to the operation-specific object types, all operations In addition to the operation-specific object types, all operations
MAY specify the minor version of the protocol that when used in MAY specify the minor version of the protocol that when used in
conjunction with the major version (which can be for instance conjunction with the major version (which can be, for instance,
specified in the protocol namespace) can serve to identify the specified in the protocol Namespace) can serve to identify the
version of the SPPF protocol that the client is using. If the minor version of the SPPF protocol that the client is using. If the minor
version is not specified, the latest minor version supported by the version is not specified, the latest minor version supported by the
SPPF server for the given major version will be used. Additionally, SPPF server for the given major version will be used. Additionally,
operations that may potentially modify persistent protocol objects operations that may potentially modify persistent protocol objects
SHOULD include a transaction ID as well. SHOULD include a transaction ID as well.
7.1. Add Operation 7.1. Add Operation
Any conforming substrate protocol specification MUST provide a Any conforming substrate "protocol" specification MUST provide a
definition for the operation that adds one or more SPPF objects into definition for the operation that adds one or more SPPF objects into
the Registry. If the object, as identified by the request attributes the Registry. If the object, as identified by the request attributes
that form part of the object's key, does not exist, then the Registry that form part of the object's key, does not exist, then the Registry
MUST create the object. If the object does exist, then the Registry MUST create the object. If the object does exist, then the Registry
MUST replace the current properties of the object with the properties MUST replace the current properties of the object with the properties
passed in as part of the Add operation. passed in as part of the Add operation.
Note that this effectively allows to modify a pre-existing object. Note that this effectively allows modification of a preexisting
object.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation, an appropriate error message MUST be returned from
amongst the response messages defined in the "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. (Section 5.3 of this document).
7.2. Delete Operation 7.2. Delete Operation
Any conforming substrate protocol specification MUST provide a Any conforming substrate "protocol" specification MUST provide a
definition for the operation that deletes one or more SPPF objects definition for the operation that deletes one or more SPPF objects
from the Registry using the object's key. from the Registry using the object's key.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation, an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. (Section 5.3 of this document).
When an object is deleted, any references to that object must of When an object is deleted, any references to that object must of
course also be removed as the SPPF server implementation fulfills the course also be removed as the SPPF server implementation fulfills the
deletion request. Furthermore, the deletion of a composite object deletion request. Furthermore, the deletion of a composite object
must also result in the deletion of the objects it contains. As a must also result in the deletion of the objects it contains. As a
result, the following rules apply to the deletion of SPPF object result, the following rules apply to the deletion of SPPF object
types: types:
o Destination Groups: When a destination group is deleted any o Destination Groups: When a Destination Group is deleted, any
references between that destination group and any SED group must cross-references between that destination group and any SED Group
be automatically removed by the SPPF implementation as part of must be automatically removed by the SPPF implementation as part
fulfilling the deletion request. Similarly, any references of fulfilling the deletion request. Similarly, any cross-
between that destination group and any Public Identifier must be references between that Destination Group and any Public
removed by the SPPF implementation. Identifier must be removed by the SPPF implementation.
o SED Groups: When a SED group is deleted any references between o SED Groups: When a SED Group is deleted, any references between
that SED group and any destination group must be automatically that SED Group and any Destination Group must be automatically
removed by the SPPF implementation as part of fulfilling the removed by the SPPF implementation as part of fulfilling the
deletion request. Similarly any references between that SED group deletion request. Similarly, any cross-references between that
and any SED records must be removed by the SPPF implementation as SED Group and any SED Records must be removed by the SPPF
part of fulfilling the deletion request. Furthermore, SED group
offers relating to that SED group must also be deleted.
o SED Records: When a SED record is deleted any references between
that SED record and any SED group must be removed by the SPPF
implementation as part of fulfilling the deletion request. implementation as part of fulfilling the deletion request.
Similarly, any reference between that SED record and any Public Furthermore, SED Group Offers relating to that SED Group must also
be deleted.
o SED Records: When a SED Record is deleted, any cross-references
between that SED Record and any SED Group must be removed by the
SPPF implementation as part of fulfilling the deletion request.
Similarly, any reference between that SED Record and any Public
Identifier must be removed by the SPPF implementation. Identifier must be removed by the SPPF implementation.
o Public Identifiers: When a public identifier is deleted any o Public Identifiers: When a Public Identifier is deleted, any
references between that public identifier and any referenced cross-references between that Public Identifier and any referenced
destination group must be removed by the SPPF implementation as Destination Group must be removed by the SPPF implementation as
part of fulfilling the deletion request. Any references to SED part of fulfilling the deletion request. Any references to SED
records associated directly to that Public Identifier must also be Records associated directly to that Public Identifier must also be
deleted by the SPPF implementation. deleted by the SPPF implementation.
Deletes MUST be atomic Deletes MUST be atomic.
7.3. Get Operations 7.3. Get Operations
At times, on behalf of the Registrant, the Registrar may need to get At times, on behalf of the Registrant, the Registrar may need to get
information about SPPF objects that were previously provisioned in information about SPPF objects that were previously provisioned in
the Registry. A few examples include logging, auditing, and pre- the Registry. A few examples include logging, auditing, and pre-
provisioning dependency checking. This query mechanism is limited to provisioning dependency checking. This query mechanism is limited to
aid provisioning scenarios and should not be confused with query aid provisioning scenarios and should not be confused with query
protocols provided as part of the resolution system (e.g., ENUM and protocols provided as part of the resolution system (e.g., ENUM and
SIP). SIP).
Any conforming "protocol" specification MUST provide a definition for Any conforming "protocol" specification MUST provide a definition for
the operation that queries the details of one or more SPPF objects the operation that queries the details of one or more SPPF objects
from the Registry using the object's key. If the entity that issued from the Registry using the object's key. If the entity that issued
the command is not authorized to perform this operation an the command is not authorized to perform this operation, an
appropriate error message MUST be returned from amongst the response appropriate error message MUST be returned from among the response
messages defined in Section 5.3. messages defined in Section 5.3.
If the response to the Get operation includes object(s) that extend If the response to the Get operation includes an object(s) that
the BasicObjType, the Registry MUST include the 'cDate' and 'mDate', extends the BasicObjType, the Registry MUST include the "cDate" and
if applicable. "mDate", if applicable.
7.4. Accept Operations 7.4. Accept Operations
In SPPF, a SED Group Offer can be accepted or rejected by, or on In SPPF, a SED Group Offer can be accepted or rejected by, or on
behalf of, the Registrant to which the SED Group has been offered behalf of, the Registrant to which the SED Group has been offered
(refer to Section 7 of this document for a description of the SED (refer to Section 6.5 of this document for a description of the SED
Group Offer object). The Accept operation is used to accept the SED Group Offer object). The Accept operation is used to accept the SED
Group Offers. Any conforming substrate protocol specification MUST Group Offers. Any conforming substrate "protocol" specification MUST
provide a definition for the operation to accept SED Group Offers by, provide a definition for the operation to accept SED Group Offers by,
or on behalf of the Registrant, using the SED Group Offer object key. or on behalf of, the Registrant, using the SED Group Offer object
key.
Not until access to a SED Group has been offered and accepted will Not until access to a SED Group has been offered and accepted will
the Registrant's organization ID be included in the peeringOrg list the Registrant's organization ID be included in the peeringOrg list
in that SED Group object, and that SED Group's peering information in that SED Group object, and that SED Group's peering information
become a candidate for inclusion in the responses to the resolution becomes a candidate for inclusion in the responses to the resolution
requests submitted by that Registrant. A SED Group Offer that is in requests submitted by that Registrant. A SED Group Offer that is in
the "offered" status is accepted by, or on behalf of, the Registrant the "offered" status is accepted by, or on behalf of, the Registrant
to which it has been offered. When the SED Group Offer is accepted to which it has been offered. When the SED Group Offer is accepted,
the SED Group Offer is moved to the "accepted" status and adds that the SED Group Offer is moved to the "accepted" status and the data
data recipient's organization ID into the list of peerOrgIds for that recipient's organization ID is added into the list of peerOrgIds for
SED Group. that SED Group.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation, an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" amongst the response messages defined in "Response Message Types"
section of the document. (Section 5.3 of this document).
7.5. Reject Operations 7.5. Reject Operations
In SPPF, a SED Group Offer object can be accepted or rejected by, or In SPPF, a SED Group Offer object can be accepted or rejected by, or
on behalf of, the Registrant to which the SED Group has been offered on behalf of, the Registrant to which the SED Group has been offered
(refer "Framework Data Model Objects" section of this document for a (refer to "Framework Data Model Objects", Section 6 of this document,
description of the SED Group Offer object). Furthermore, that offer for a description of the SED Group Offer object). Furthermore, that
may be rejected, regardless of whether or not it has been previously offer may be rejected, regardless of whether or not it has been
accepted. The Reject operation is used to reject the SED Group previously accepted. The Reject operation is used to reject the SED
Offer. When the SED Group Offer is rejected that SED Group Offer is Group Offer. When the SED Group Offer is rejected, that SED Group
deleted, and, if appropriate, the data recipient's organization ID is Offer is deleted, and, if appropriate, the data recipient's
removed from the list of peeringOrg IDs for that SED Group. Any organization ID is removed from the list of peeringOrg IDs for that
conforming substrate protocol specification MUST provide a definition SED Group. Any conforming substrate "protocol" specification MUST
for the operation to reject SED Group Offers by, or on behalf of the provide a definition for the operation to reject SED Group Offers by,
Registrant, using the SED Group Offer object key. or on behalf of, the Registrant, using the SED Group Offer object
key.
If the entity that issued the command is not authorized to perform If the entity that issued the command is not authorized to perform
this operation an appropriate error message MUST be returned from this operation, an appropriate error message MUST be returned from
amongst the response messages defined in "Response Message Types" among the response messages defined in "Response Message Types"
section of the document. (Section 5.3 of this document).
7.6. Get Server Details Operation 7.6. Get Server Details Operation
In SPPF, the Get Server Details operation can be used to request In SPPF, the Get Server Details operation can be used to request
certain details about the SPPF server that include the SPPF server's certain details about the SPPF server that include the SPPF server's
current status and the major/minor version of the SPPF protocol current status and the major/minor version of the SPPF protocol
supported by the SPPF server. supported by the SPPF server.
Any conforming substrate protocol specification MUST provide a Any conforming substrate "protocol" specification MUST provide a
definition for the operation to request such details from the SPPF definition for the operation to request such details from the SPPF
server. If the entity that issued the command is not authorized to server. If the entity that issued the command is not authorized to
perform this operation an appropriate error message MUST be returned perform this operation, an appropriate error message MUST be returned
from amongst the response messages defined in the "Response Message from among the response messages defined in "Response Message Types"
Types" section of the document. (Section 5.3 of this document).
8. XML Considerations 8. XML Considerations
XML serves as the encoding format for SPPF, allowing complex XML serves as the encoding format for SPPF, allowing complex
hierarchical data to be expressed in a text format that can be read, hierarchical data to be expressed in a text format that can be read,
saved, and manipulated with both traditional text tools and tools saved, and manipulated with both traditional text tools and tools
specific to XML. specific to XML.
XML is case sensitive. Unless stated otherwise, the character casing XML is case sensitive. Unless stated otherwise, the character casing
of XML specifications in this document MUST be preserved to develop a of XML specifications in this document MUST be preserved to develop a
conforming specification. conforming specification.
This section discusses a small number of XML-related considerations This section discusses a small number of XML-related considerations
pertaining to SPPF. pertaining to SPPF.
8.1. Namespaces 8.1. Namespaces
All SPPF elements are defined in the namespaces in the IANA All SPPF elements are defined in the Namespaces in the "IANA
Considerations section and in the Formal Framework Specification Considerations" and "Formal Framework Specification" sections of this
section of this document. document.
8.2. Versioning and Character Encoding 8.2. Versioning and Character Encoding
All XML instances SHOULD begin with an <?xml?> declaration to All XML instances SHOULD begin with an <?xml?> declaration to
identify the version of XML that is being used, optionally identify identify the version of XML that is being used, optionally identify
use of the character encoding used, and optionally provide a hint to use of the character encoding used, and optionally provide a hint to
an XML parser that an external schema file is needed to validate the an XML parser that an external schema file is needed to validate the
XML instance. XML instance.
Conformant XML parsers recognize both UTF-8 (defined in [RFC3629]) Conformant XML parsers recognize both UTF-8 (defined in [RFC3629])
and UTF-16 (defined in [RFC2781]); per [RFC2277] UTF-8 is the and UTF-16 (defined in [RFC2781]); per [RFC2277], UTF-8 is the
RECOMMENDED character encoding for use with SPPF. RECOMMENDED character encoding for use with SPPF.
Character encodings other than UTF-8 and UTF-16 are allowed by XML. Character encodings other than UTF-8 and UTF-16 are allowed by XML.
UTF-8 is the default encoding assumed by XML in the absence of an UTF-8 is the default encoding assumed by XML in the absence of an
"encoding" attribute or a byte order mark (BOM); thus, the "encoding" "encoding" attribute or a byte order mark (BOM); thus, the "encoding"
attribute in the XML declaration is OPTIONAL if UTF-8 encoding is attribute in the XML declaration is OPTIONAL if UTF-8 encoding is
used. SPPF clients and servers MUST accept a UTF-8 BOM if present, used. SPPF clients and servers MUST accept a UTF-8 BOM if present,
though emitting a UTF-8 BOM is NOT RECOMMENDED. though emitting a UTF-8 BOM is NOT RECOMMENDED.
Example XML declarations: Example XML declarations:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
9. Security Considerations 9. Security Considerations
Many SPPF implementations manage data that is considered confidential Many SPPF implementations manage data that is considered confidential
and critical. Furthermore, SPPF implementations can support and critical. Furthermore, SPPF implementations can support
provisioning activities for multiple Registrars and Registrants. As provisioning activities for multiple Registrars and Registrants. As
a result any SPPF implementation must address the requirements for a result, any SPPF implementation must address the requirements for
confidentiality, authentication, and authorization. confidentiality, authentication, and authorization.
9.1. Confidentiality and Authentication 9.1. Confidentiality and Authentication
With respect to confidentiality and authentication, the substrate With respect to confidentiality and authentication, the substrate
protocol requirements section of this document contains security protocol requirements section of this document contains security
properties that the substrate protocol must provide so that properties that the substrate protocol must provide, so that
authenticated endpoints can exchange data confidentially and with authenticated endpoints can exchange data confidentially and with
integrity protection. Refer to that section and integrity protection. Refer to Section 4 of this document and
[I-D.ietf-drinks-spp-protocol-over-soap] for the specific solutions [RFC7878] for the specific solutions to authentication and
to authentication and confidentiality. confidentiality.
9.2. Authorization 9.2. Authorization
With respect to authorization, the SPPF server implementation must With respect to authorization, the SPPF server implementation must
define and implement a set of authorization rules that precisely define and implement a set of authorization rules that precisely
address (1) which Registrars will be authorized to create/modify/ address (1) which Registrars will be authorized to create/modify/
delete each SPPF object type for given Registrant(s) and (2) which delete each SPPF object type for a given Registrant(s) and (2) which
Registrars will be authorized to view/get each SPPF object type for Registrars will be authorized to view/get each SPPF object type for a
given Registrant(s). These authorization rules are a matter of given Registrant(s). These authorization rules are a matter of
policy and are not specified within the context of SPPF. However, policy and are not specified within the context of SPPF. However,
any SPPF implementation must specify these authorization rules in any SPPF implementation must specify these authorization rules in
order to function in a reliable and safe manner. order to function in a reliable and safe manner.
9.3. Denial of Service 9.3. Denial of Service
Guidance on Denial-of-Service (DoS) issues in general is given in In general, guidance on Denial-of-Service (DoS) issues is given in
[RFC4732], "Internet Denial of Service Considerations", which also "Internet Denial of Service Considerations" [RFC4732], which also
gives a general vocabulary for describing the DoS issue. gives a general vocabulary for describing the DoS issue.
SPPF is a high-level client-server protocol that can be implemented SPPF is a high-level client-server protocol that can be implemented
on lower-level mechanisms such as remote procedure call and web- on lower-level mechanisms such as remote procedure call and web-
service API protocols. As such, it inherits any Denial-of-Service service API protocols. As such, it inherits any Denial-of-Service
issues inherent to the specific lower-level mechanism used for any issues inherent to the specific lower-level mechanism used for any
implementation of SPPF. SPPF also has its own set of higher-level implementation of SPPF. SPPF also has its own set of higher-level
exposures that are likely to be independent of lower-layer mechanism exposures that are likely to be independent of lower-layer mechanism
choices. choices.
9.3.1. DoS Issues Inherited from Substrate Mechanism 9.3.1. DoS Issues Inherited from the Substrate Mechanism
An SPPF implementation is in general dependent on the selection and In general, an SPPF implementation is dependent on the selection and
implementation of a lower-level substrate protocol and a binding implementation of a lower-level substrate protocol and a binding
between that protocol and SPPF. The archetypal SPPF implementation between that protocol and SPPF. The archetypal SPPF implementation
uses XML [W3C.REC-xml-20081126] representation in a SOAP [SOAPREF] uses XML [W3C.REC-xml-20081126] representation in a SOAP [SOAPREF]
request/response framework over HTTP ([RFC7230]), and probably also request/response framework over HTTP [RFC7230], probably also uses
uses TLS ([RFC5246]) for on-the-wire data integrity and participant Transport Layer Security (TLS) [RFC5246] for on-the-wire data
authentication, and might use HTTP Digest authentication ([RFC2609]). integrity and participant authentication, and might use HTTP Digest
authentication [RFC2069].
The typical deployment scenario for SPPF is to have servers in a The typical deployment scenario for SPPF is to have servers in a
managed facility, and therefore techniques such as Network Ingress managed facility; therefore, techniques such as Network Ingress
Filtering ([RFC2609]) are generally applicable. In short, any DoS Filtering [RFC2827] are generally applicable. In short, any DoS
mechanism affecting a typical HTTP implementation would affect such mechanism affecting a typical HTTP implementation would affect such
an SPPF implementation, and the mitigation tools for HTTP in general an SPPF implementation; therefore, the mitigation tools for HTTP in
also therefore apply to SPPF. general also apply to SPPF.
SPPF does not directly specify an authentication mechanism, instead SPPF does not directly specify an authentication mechanism; instead,
relying on the lower-level substrate protocol to provide for it relies on the lower-level substrate protocol to provide for
authentication. In general, authentication is an expensive authentication. In general, authentication is an expensive
operation, and one apparent attack vector is to flood an SPPF server operation, and one apparent attack vector is to flood an SPPF server
with repeated requests for authentication, thereby exhausting its with repeated requests for authentication, thereby exhausting its
resources. SPPF implementations SHOULD therefore be prepared to resources. Therefore, SPPF implementations SHOULD be prepared to
handle authentication floods, perhaps by noting repeated failed login handle authentication floods, perhaps by noting repeated failed login
requests from a given source address and blocking that source requests from a given source address and blocking that source
address. address.
9.3.2. DoS Issues Specific to SPPF 9.3.2. DoS Issues Specific to SPPF
The primary defense mechanism against DoS within SPPF is The primary defense mechanism against DoS within SPPF is
authentication. Implementations MUST tightly control access to the authentication. Implementations MUST tightly control access to the
SPPF service, SHOULD implement DoS and other policy control SPPF service, SHOULD implement DoS and other policy control
screening, and MAY employ a variety of policy violation reporting and screening, and MAY employ a variety of policy violation reporting and
response measures such as automatic blocking of specific users and response measures such as automatic blocking of specific users and
alerting of operations personnel. In short, the primary SPPF alerting of operations personnel. In short, the primary SPPF
response to DoS-like activity by a user is to block that user or response to DoS-like activity by a user is to block that user or
subject their actions to additional review. subject their actions to additional review.
SPPF allows a client to submit multiple-element or "batch" requests SPPF allows a client to submit multiple-element or "batch" requests
that may insert or otherwise affect a large amount of data with a that may insert or otherwise affect a large amount of data with a
single request. In the simplest case, the server progresses single request. In the simplest case, the server progresses
sequentially through each element in a batch, completing one before sequentially through each element in a batch, completing one before
starting the next. Mid-batch failures are handled by stopping the starting the next. Mid-batch failures are handled by stopping the
batch and rolling-back the data store to its pre-request state. This batch and rolling back the data store to its pre-request state. This
"stop and roll-back" design provides a DoS opportunity. A hostile "stop and roll back" design provides a DoS opportunity. A hostile
client could repeatedly issue large batch requests with one or more client could repeatedly issue large batch requests with one or more
failing elements, causing the server to repeatedly stop and roll-back failing elements, causing the server to repeatedly stop and roll back
large transactions. The suggested response is to monitor clients for large transactions. The suggested response is to monitor clients for
such failures, and take administrative action (such as blocking the such failures and take administrative action (such as blocking the
user) when an excessive number of roll-backs is reported. user) when an excessive number of rollbacks is reported.
An additional suggested response is for an implementer to set their An additional suggested response is for an implementer to set their
maximum allowable XML message size, and their maximum allowable batch maximum allowable XML message size and their maximum allowable batch
size at a level that they feel protects their operational instance, size at a level that they feel protects their operational instance,
given the hardware sizing they have in place and the expected load given the hardware sizing they have in place and the expected load
and size needs that their users expect. and size needs that their users expect.
9.4. Information Disclosure 9.4. Information Disclosure
It is not uncommon for the logging systems to document on-the-wire It is not uncommon for the logging systems to document on-the-wire
messages for various purposes, such as, debug, audit, and tracking. messages for various purposes, such as debugging, auditing, and
At the minimum, the various support and administration staff will tracking. At the minimum, the various support and administration
have access to these logs. Also, if an unprivileged user gains staff will have access to these logs. Also, if an unprivileged user
access to the SPPF deployments and/or support systems, it will have gains access to the SPPF deployments and/or support systems, it will
access to the information that is potentially deemed confidential. have access to the information that is potentially deemed
To manage information disclosure concerns beyond the substrate level, confidential. To manage information disclosure concerns beyond the
SPPF implementations MAY provide support for encryption at the SPPF substrate level, SPPF implementations MAY provide support for
object level. encryption at the SPPF object level.
9.5. Non-repudiation 9.5. Non-repudiation
In some situations, it may be required to protect against denial of In some situations, it may be required to protect against denial of
involvement (see [RFC4949]) and tackle non-repudiation concerns in involvement (see [RFC4949]) and tackle non-repudiation concerns in
regards to SPPF messages. This type of protection is useful to regard to SPPF messages. This type of protection is useful to
satisfy authenticity concerns related to SPPF messages beyond the satisfy authenticity concerns related to SPPF messages beyond the
end-to-end connection integrity, confidentiality, and authentication end-to-end connection integrity, confidentiality, and authentication
protection that the substrate layer provides. This is an optional protection that the substrate layer provides. This is an optional
feature and some SPPF implementations MAY provide support for it. feature, and some SPPF implementations MAY provide support for it.
9.6. Replay Attacks 9.6. Replay Attacks
Anti-replay protection ensures that a given SPPF object replayed at a Anti-replay protection ensures that a given SPPF object replayed at a
later time doesn't affect the integrity of the system. SPPF provides later time won't affect the integrity of the system. SPPF provides
at least one mechanism to fight against replay attacks. Use of the at least one mechanism to fight against replay attacks. Use of the
optional client transaction identifier allows the SPPF client to optional client transaction identifier allows the SPPF client to
correlate the request message with the response and to be sure that correlate the request message with the response and to be sure that
it is not a replay of a server response from earlier exchanges. Use it is not a replay of a server response from earlier exchanges. Use
of unique values for the client transaction identifier is highly of unique values for the client transaction identifier is highly
encouraged to avoid chance matches to a potential replay message. encouraged to avoid chance matches to a potential replay message.
9.7. Compromised or Malicious Intermediary 9.7. Compromised or Malicious Intermediary
The SPPF client or Registrar can be a separate entity acting on The SPPF client or Registrar can be a separate entity acting on
behalf of the Registrant in facilitating provisioning transactions to behalf of the Registrant in facilitating provisioning transactions to
the Registry. Therefore, even though the substrate layer provides the Registry. Therefore, even though the substrate layer provides
end-to-end protection for each specific SPPP connection between end-to-end protection for each specific SPPP connection between
client and server, data might be available in clear text before or client and server, data might be available in clear text before or
after it traverses a SPPP connection. Therefore, a man-in-the-middle after it traverses an SPPP connection. Therefore, a
attack by one of the intermediaries is a possibility that could man-in-the-middle attack by one of the intermediaries is a
affect the integrity of the data that belongs to the Registrant and/ possibility that could affect the integrity of the data that belongs
or expose peering data to unintended actors. to the Registrant and/or expose peering data to unintended actors.
10. Internationalization Considerations 10. Internationalization Considerations
Character encodings to be used for SPPF elements are described in Character encodings to be used for SPPF elements are described in
Section 8.2. The use of time elements in the protocol is specified Section 8.2. The use of time elements in the protocol is specified
in Section 3.2. Where human-readable messages that are presented to in Section 3.2. Where human-readable messages that are presented to
an end user are used in the protocol, those messages SHOULD be tagged an end user are used in the protocol, those messages SHOULD be tagged
according to [RFC5646], and the substrate protocol MUST support a according to [RFC5646], and the substrate protocol MUST support a
respective mechanism to transmit such tags together with those human- respective mechanism to transmit such tags together with those human-
readable messages. readable messages.
11. IANA Considerations 11. IANA Considerations
11.1. URN Assignments 11.1. URN Assignments
This document uses URNs to describe XML namespaces and XML schemas This document uses URNs to describe XML Namespaces and XML Schemas
conforming to a Registry mechanism described in [RFC3688]. conforming to a Registry mechanism described in [RFC3688].
Two URI assignments are requested. Two URI assignments have been made:
Registration request for the SPPF XML namespace: Registration for the SPPF XML Namespace:
urn:ietf:params:xml:ns:sppf:base:1 urn:ietf:params:xml:ns:sppf:base:1
Registrant Contact: IESG Registrant Contact: The IESG
XML: None. Namespace URIs do not represent an XML specification. XML: None. Namespace URIs do not represent an XML specification.
Registration request for the XML schema: Registration request for the XML Schema:
URI: urn:ietf:params:xml:schema:sppf:1 URI: urn:ietf:params:xml:schema:sppf:1
Registrant Contact: IESG Registrant Contact: IESG
XML: See the "Formal Specification" section of this document XML: See "Formal Specification" (Section 12 of this document).
(Section 12).
11.2. Organization Identifier Namespace Registry 11.2. Organization Identifier Namespace Registry
IANA is requested to create and maintain a Registry entitled "SPPF IANA has created and will maintain a registry titled "SPPF OrgIdType
OrgIdType Namespaces". The formal syntax is described in Namespaces". The formal syntax is described in Section 5.1.
Section 5.1.
Assignments consist of the OrgIdType namespace string and the Assignments consist of the OrgIdType Namespace string and the
definition of the associated namespace. This document makes the definition of the associated Namespace. This document makes the
following initial assignment for the OrgIdType Namespaces: following initial assignment for the OrgIdType Namespaces:
OrgIdType namespace string Namespace OrgIdType Namespace string Namespace
-------------------------- --------- -------------------------- ---------
IANA Enterprise Numbers iana-en IANA Enterprise Numbers iana-en
Future assignments are to be made through the well-known IANA Policy Future assignments are to be made through the well-known IANA Policy
"RFC Required" (see section 4.1 of [RFC5226]). Such assignments will "RFC Required" (see Section 4.1 of [RFC5226]). Such assignments will
typically be requested when a new namespace for identification of typically be requested when a new Namespace for identification of SPs
service providers is defined. is defined.
12. Formal Specification 12. Formal Specification
This section provides the draft XML Schema Definition for SPPF This section provides the XSD for the SPPF protocol.
Protocol.
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<schema xmlns:sppfb="urn:ietf:params:xml:ns:sppf:base:1" <schema xmlns:sppfb="urn:ietf:params:xml:ns:sppf:base:1"
xmlns="http://www.w3.org/2001/XMLSchema" xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:ietf:params:xml:ns:sppf:base:1" targetNamespace="urn:ietf:params:xml:ns:sppf:base:1"
elementFormDefault="qualified" xml:lang="EN"> elementFormDefault="qualified" xml:lang="EN">
<annotation> <annotation>
<documentation> <documentation>
---- Generic Object key types to be defined by specific ---- Generic object key types to be defined by specific
Substrate/Architecture. The types defined here can substrate/architecture. The types defined here can
be extended by the specific architecture to be extended by the specific architecture to
define the Object Identifiers ---- define the Object Identifiers. ----
</documentation> </documentation>
</annotation> </annotation>
<complexType name="ObjKeyType" <complexType name="ObjKeyType"
abstract="true"> abstract="true">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents the ---- Generic type that represents the
key for various objects in SPPF. ---- key for various objects in SPPF. ----
</documentation> </documentation>
</annotation> </annotation>
skipping to change at page 44, line 51 skipping to change at page 46, line 4
</annotation> </annotation>
<complexType name="ObjKeyType" <complexType name="ObjKeyType"
abstract="true"> abstract="true">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents the ---- Generic type that represents the
key for various objects in SPPF. ---- key for various objects in SPPF. ----
</documentation> </documentation>
</annotation> </annotation>
</complexType> </complexType>
<complexType name="SedGrpOfferKeyType" abstract="true"> <complexType name="SedGrpOfferKeyType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:ObjKeyType"> <extension base="sppfb:ObjKeyType">
<annotation> <annotation>
<documentation> <documentation>
---- Generic type that represents ---- Generic type that represents
the key for a SED group offer. ---- the key for a SED Group Offer. ----
</documentation> </documentation>
</annotation> </annotation>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
<complexType name="PubIdKeyType" abstract="true"> <complexType name="PubIdKeyType" abstract="true">
<complexContent> <complexContent>
<extension base="sppfb:ObjKeyType"> <extension base="sppfb:ObjKeyType">
<annotation> <annotation>
<documentation> <documentation>
----Generic type that ----Generic type that
represents the key represents the key
for a Pub Id. ---- for a Pub ID. ----
</documentation> </documentation>
</annotation> </annotation>
</extension> </extension>
</complexContent> </complexContent>
</complexType> </complexType>
<annotation> <annotation>
<documentation> <documentation>
---- Object Type Definitions ---- ---- Object Type Definitions ----
</documentation> </documentation>
skipping to change at page 51, line 51 skipping to change at page 53, line 4
<simpleType name="ServerStatusType"> <simpleType name="ServerStatusType">
<restriction base="token"> <restriction base="token">
<enumeration value="inService"/> <enumeration value="inService"/>
<enumeration value="outOfService"/> <enumeration value="outOfService"/>
</restriction> </restriction>
</simpleType> </simpleType>
<simpleType name="SedGrpOfferStatusType"> <simpleType name="SedGrpOfferStatusType">
<restriction base="token"> <restriction base="token">
<enumeration value="offered"/> <enumeration value="offered"/>
<enumeration value="accepted"/> <enumeration value="accepted"/>
</restriction>
</restriction>
</simpleType> </simpleType>
<simpleType name="NumberValType"> <simpleType name="NumberValType">
<restriction base="token"> <restriction base="token">
<maxLength value="20"/> <maxLength value="20"/>
<pattern value="\+?\d\d*"/> <pattern value="\+?\d\d*"/>
</restriction> </restriction>
</simpleType> </simpleType>
<simpleType name="NumberTypeEnum"> <simpleType name="NumberTypeEnum">
<restriction base="token"> <restriction base="token">
<enumeration value="TN"/> <enumeration value="TN"/>
skipping to change at page 52, line 39 skipping to change at page 54, line 5
</sequence> </sequence>
</complexType> </complexType>
<complexType name="NumberRangeType"> <complexType name="NumberRangeType">
<sequence> <sequence>
<element name="startRange" type="sppfb:NumberValType"/> <element name="startRange" type="sppfb:NumberValType"/>
<element name="endRange" type="sppfb:NumberValType"/> <element name="endRange" type="sppfb:NumberValType"/>
</sequence> </sequence>
</complexType> </complexType>
</schema> </schema>
13. Acknowledgments 13. References
This document is a result of various discussions held in the DRINKS
working group and within the DRINKS protocol design team, with
contributions from the following individuals, in alphabetical order:
Alexander Mayrhofer, David Schwartz, Deborah A Guyton, Lisa
Dusseault, Manjul Maharishi, Mickael Marrache, Otmar Lendl, Richard
Shockey, Samuel Melloul, Sumanth Channabasappa, Syed Ali, Vikas
Bhatia, and Jeremy Barkan.
14. References
14.1. Normative References
[I-D.ietf-drinks-spp-protocol-over-soap] 13.1. Normative References
Cartwright, K., Bhatia, V., Mule, J., and A. Mayrhofer,
"Session Peering Provisioning (SPP) Protocol over SOAP",
draft-ietf-drinks-spp-protocol-over-soap-08 (work in
progress), July 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and
Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277,
January 1998, <http://www.rfc-editor.org/info/rfc2277>. January 1998, <http://www.rfc-editor.org/info/rfc2277>.
skipping to change at page 53, line 47 skipping to change at page 54, line 41
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008, DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>. <http://www.rfc-editor.org/info/rfc5226>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<http://www.rfc-editor.org/info/rfc5234>. <http://www.rfc-editor.org/info/rfc5234>.
[RFC7878] Cartwright, K., Bhatia, V., Mule, J., and A. Mayrhofer,
"Session Peering Provisioning (SPP) Protocol over SOAP",
RFC 7878, DOI 10.17487/RFC7878, August 2016,
<http://www.rfc-editor.org/info/rfc7878>.
[W3C.REC-xml-20081126] [W3C.REC-xml-20081126]
Sperberg-McQueen, C., Yergeau, F., Bray, T., Maler, E., Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and
and J. Paoli, "Extensible Markup Language (XML) 1.0 (Fifth F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth
Edition)", World Wide Web Consortium Recommendation REC- Edition)", World Wide Web Consortium Recommendation REC-
xml-20081126, November 2008, xml-20081126, November 2008,
<http://www.w3.org/TR/2008/REC-xml-20081126>. <http://www.w3.org/TR/2008/REC-xml-20081126>.
14.2. Informative References 13.2. Informative References
[RFC2609] Guttman, E., Perkins, C., and J. Kempf, "Service Templates [RFC2069] Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P.,
and Service: Schemes", RFC 2609, DOI 10.17487/RFC2609, Luotonen, A., Sink, E., and L. Stewart, "An Extension to
June 1999, <http://www.rfc-editor.org/info/rfc2609>. HTTP : Digest Access Authentication", RFC 2069,
DOI 10.17487/RFC2069, January 1997,
<http://www.rfc-editor.org/info/rfc2069>.
[RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO [RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO
10646", RFC 2781, DOI 10.17487/RFC2781, February 2000, 10646", RFC 2781, DOI 10.17487/RFC2781, February 2000,
<http://www.rfc-editor.org/info/rfc2781>. <http://www.rfc-editor.org/info/rfc2781>.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827,
May 2000, <http://www.rfc-editor.org/info/rfc2827>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002, DOI 10.17487/RFC3261, June 2002,
<http://www.rfc-editor.org/info/rfc3261>. <http://www.rfc-editor.org/info/rfc3261>.
[RFC3403] Mealling, M., "Dynamic Delegation Discovery System (DDDS) [RFC3403] Mealling, M., "Dynamic Delegation Discovery System (DDDS)
Part Three: The Domain Name System (DNS) Database", Part Three: The Domain Name System (DNS) Database",
RFC 3403, DOI 10.17487/RFC3403, October 2002, RFC 3403, DOI 10.17487/RFC3403, October 2002,
<http://www.rfc-editor.org/info/rfc3403>. <http://www.rfc-editor.org/info/rfc3403>.
skipping to change at page 55, line 26 skipping to change at page 56, line 36
/Intra-NetworK SIP (DRINKS) Use Cases and Protocol /Intra-NetworK SIP (DRINKS) Use Cases and Protocol
Requirements", RFC 6461, DOI 10.17487/RFC6461, January Requirements", RFC 6461, DOI 10.17487/RFC6461, January
2012, <http://www.rfc-editor.org/info/rfc6461>. 2012, <http://www.rfc-editor.org/info/rfc6461>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>. <http://www.rfc-editor.org/info/rfc7230>.
[SOAPREF] Gudgin, M., Hadley, M., Moreau, J., and H. Nielsen, "SOAP [SOAPREF] Gudgin, M., Hadley, M., Moreau, J., and H. Nielsen, "SOAP
Version 1.2 Part 1: Messaging Framework", W3C Version 1.2 Part 1: Messaging Framework", W3C REC REC-
Recommendation REC-SOAP12-part1-20030624, June 2002. SOAP12-part1-20030624, June 2003,
<http://www.w3.org/TR/soap12-part1/>.
[Unicode6.1] [Unicode6.1]
The Unicode Consortium, "The Unicode Standard - Version The Unicode Consortium, "The Unicode Standard, Version
6.1", Unicode 6.1, January 2012. 6.1.0", (Mountain View, CA: The Unicode Consortium,
2012. ISBN 978-1-936213-02-3),
<http://unicode.org/versions/Unicode6.1.0/>.
Acknowledgements
This document is a result of various discussions held in the DRINKS
working group and within the DRINKS protocol design team, with
contributions from the following individuals, in alphabetical order:
Syed Ali, Jeremy Barkan, Vikas Bhatia, Sumanth Channabasappa, Lisa
Dusseault, Deborah A. Guyton, Otmar Lendl, Manjul Maharishi, Mickael
Marrache, Alexander Mayrhofer, Samuel Melloul, David Schwartz, and
Richard Shockey.
Authors' Addresses Authors' Addresses
Kenneth Cartwright Kenneth Cartwright
TNS TNS
1939 Roland Clarke Place 1939 Roland Clarke Place
Reston, VA 20191 Reston, VA 20191
USA United States
Email: kcartwright@tnsi.com Email: kcartwright@tnsi.com
Vikas Bhatia Vikas Bhatia
TNS TNS
1939 Roland Clarke Place 1939 Roland Clarke Place
Reston, VA 20191 Reston, VA 20191
USA United States
Email: vbhatia@tnsi.com Email: vbhatia@tnsi.com
Syed Wasim Ali Syed Wasim Ali
NeuStar NeuStar
46000 Center Oak Plaza 46000 Center Oak Plaza
Sterling, VA 20166 Sterling, VA 20166
USA United States
Email: syed.ali@neustar.biz Email: syed.ali@neustar.biz
David Schwartz David Schwartz
XConnect XConnect
316 Regents Park Road 316 Regents Park Road
London N3 2XJ London N3 2XJ
United Kingdom United Kingdom
Email: dschwartz@xconnect.net Email: dschwartz@xconnect.net
 End of changes. 257 change blocks. 
639 lines changed or deleted 624 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/