Internet Engineering Task Force                               Adam Roach
Internet Draft                                             Ericsson Inc.
Category: Standards Track                                      July                                  November 2001
                                                        Expires January May 2002
                                          <draft-ietf-sip-events-00.txt>
                                          <draft-ietf-sip-events-01.txt>

                    SIP-Specific Event Notification

Status of this Memo

     This document is an Internet-Draft and is in full conformance
     with all provisions of Section 10 of RFC2026.

     Internet-Drafts are working documents of the Internet Engineering
     Task Force (IETF), its areas, and its working groups. Note that
     other groups may also distribute working documents as
     Internet-Drafts.

     Internet-Drafts are draft documents valid for a maximum of six
     months and may be updated, replaced, or obsoleted by other
     documents at any time. It is inappropriate to use Internet-Drafts
     as reference material or cite them other than as "work in
     progress".

     The list of current Internet-Drafts can be accessed at
     http://www.ietf.org/ietf/lid-abstracts.txt

     The list of Internet-Draft Shadow Directories can be accessed at
     http://www.ietf.org/shadow.html

     This document is an individual submission to the IETF. Comments
     should be directed to the authors.

Abstract

     This document describes an extension to the Session Initiation
     Protocol (SIP). The purpose of this extension is to provide an
     extensible framework by which SIP nodes can request notification
     from remote nodes indicating that certain events have occurred.

     Concrete uses of the mechanism described in this document may be
     standardized in the future.

     Note that the event notification mechanisms defined herein are
     NOT intended to be a general-purpose infrastructure for all
     classes of event subscription and notification.

1. Table of Contents

    1.       Table of Contents...................................... 1
    2.       Introduction........................................... 3
    2.1.     Overview of Operation.................................. 3 4
    3.       Event Packages.........................................       Syntax................................................. 4
    3.1.     Appropriateness of Usage............................... 4
    3.2.     Additional Guidelines.................................. 4
    3.3.     Sub-packages........................................... 5
    3.4.     Event Package Responsibilities......................... 5
    3.4.1.   Event Package Name..................................... 6
    3.4.2.   Event Package Parameters............................... 6
    3.4.3.   SUBSCRIBE Bodies....................................... 6
    3.4.4.   Subscription Duration.................................. 6
    3.4.5.   NOTIFY Bodies.......................................... 6
    3.4.6.   Subscriber generation of SUBSCRIBE requests............ 7
    3.4.7.   Notifier processing of SUBSCRIBE requests.............. 7
    3.4.8.   Notifier generation of NOTIFY requests................. 7
    3.4.9.   Subscriber processing of NOTIFY requests............... 7
    3.4.10.  Handling of forked requests............................ 7
    3.4.11.  Rate of notifications.................................. 8
    3.4.12.  State Agents and Notifier Migration.................... 8
    3.4.13.  Examples............................................... 8
    4.       Syntax................................................. 8
    4.1.     New Methods............................................ 9
    4.1.1. 4
    3.1.1.   SUBSCRIBE method....................................... 10
    4.1.2. 5
    3.1.2.   NOTIFY method.......................................... 11
    4.2. 6
    3.2.     New Headers............................................ 11
    4.2.1. 6
    3.2.1.   "Event" header......................................... 11
    4.2.2. 6
    3.2.2.   "Allow-Events" Header.................................. 12
    4.3. 7
    3.2.3.   "Subscription-Expires" Header.......................... 7
    3.3.     New Response Codes..................................... 12
    4.3.1. 7
    3.3.1.   "202 Accepted" Response Code........................... 12
    4.3.2. 8
    3.3.2.   "489 Bad Event" Response Code.......................... 12
    5. 8
    4.       Node Behavior.......................................... 13
    5.1. 8
    4.1.     General................................................ 8
    4.1.1.   Route Handling......................................... 8
    4.1.2.   Detecting support for SUBSCRIBE and NOTIFY............. 9
    4.1.3.   CANCEL requests........................................ 9
    4.1.4.   State Agents and Notifier Migration.................... 9
    4.2.     Description of SUBSCRIBE Behavior...................... 13
    5.1.1. 10
    4.2.1.   Correlation to legs, dialogs, calls, and terminals.............. 13
    5.1.2. terminals........... 10
    4.2.2.   Subscription duration.................................. 14
    5.1.3. 11
    4.2.3.   Identification of Subscribed Events and Event Classes.. 14
    5.1.4. 11
    4.2.4.   Additional SUBSCRIBE Header Values..................... 15
    5.1.5. 12
    4.2.5.   Subscriber SUBSCRIBE Behavior.......................... 15
    5.1.6. 12
    4.2.6.   Proxy SUBSCRIBE Behavior............................... 17
    5.1.7. 14
    4.2.7.   Notifier SUBSCRIBE Behavior............................ 17
    5.2. 14
    4.3.     Description of NOTIFY Behavior......................... 19
    5.2.1. 17
    4.3.1.   Correlation............................................ 20
    5.2.2. 17
    4.3.2.   Identification of reported events, event classes, and c 20
    5.2.3. 18
    4.3.3.   Notifier NOTIFY Behavior............................... 21
    5.2.4. 18
    4.3.4.   Proxy NOTIFY Behavior.................................. 22
    5.2.5. 20
    4.3.5.   Subscriber NOTIFY Behavior............................. 22
    5.3. 20
    4.4.     Polling Resource State................................. 23
    5.4. 21
    4.5.     Allow-Events header usage.............................. 21
    5.       Event Packages......................................... 21
    5.1.     Appropriateness of Usage............................... 22
    5.2.     Sub-packages........................................... 22
    5.3.     Amount of State to be Conveyed......................... 23
    5.3.1.   Complete State Information............................. 23
    5.3.2.   State Deltas........................................... 23
    5.4.     Event Package Responsibilities......................... 24
    5.4.1.   Event Package Name..................................... 24
    5.4.2.   Event Package Parameters............................... 24
    5.4.3.   SUBSCRIBE Bodies....................................... 24
    5.4.4.   Subscription Duration.................................. 25
    5.4.5.   NOTIFY Bodies.......................................... 25
    5.4.6.   Notifier processing of SUBSCRIBE requests.............. 25
    5.4.7.   Notifier generation of NOTIFY requests................. 25
    5.4.8.   Subscriber processing of NOTIFY requests............... 25
    5.4.9.   Handling of forked requests............................ 26
    5.4.10.  Rate of notifications.................................. 26
    5.4.11.  State Agents........................................... 26
    5.4.12.  Examples............................................... 26
    6.       Security Considerations................................ 23 27
    6.1.     Access Control......................................... 27
    6.2.     Release of Sensitive Policy Information................ 27
    6.3.     Denial-of-Service attacks.............................. 27
    7.       IANA Considerations.................................... 24 27
    7.1.     Registration Template.................................. 24 28
    8.       Open Issues............................................ 25 29
    8.1.     Denial-of-Service attacks.............................. 25     CANCEL Handling........................................ 29
    8.2.     SUBSCRIBE Forking...................................... 26     Version of SIP to reference............................ 29
    8.3.     Immediate NOTIFYs...................................... 30
    9.       Changes................................................ 27 30
    9.1.     Changes from draft-roach-...-03........................ 27 draft-ietf-...-00......................... 30
    9.2.     Changes from draft-roach-...-02........................ 29 draft-roach-...-03........................ 31
    9.3.     Changes from draft-roach-...-02........................ 33
    9.4.     Changes from draft-roach-...-01........................ 30 35
    10.      References............................................. 31 35
    11.      Acknowledgements....................................... 32 36
    12.      Feedback and Discussion................................ 32
    13.      Author's Address....................................... 32 36

2. Introduction

     The ability to request asynchronous notification of events proves
     useful in many types of services for which cooperation between
     end-nodes is required. Examples of such services include
     automatic callback services (based on terminal state events),
     buddy lists (based on user presence events), message waiting
     indications (based on mailbox state change events), and PINT
     status (based on call state events).

     The methods described in this document allow a framework by which
     notification of these events can be ordered.

     The event notification mechanisms defined herein are NOT intended
     to be a general-purpose infrastructure for all classes of event
     subscription and notification. Meeting requirements for the
     general problem set of subscription and notification is far too
     complex for a single protocol. Our goal is to provide a
     SIP-specific framework for event notification which is not so
     complex as to be unusable for simple features, but which is still
     flexible enough to provide powerful services. Note, however, that
     extensions
     event packages based on this framework may define arbitrarily
     complex rules which govern the subscription and notification for
     the events or classes of events they describe.

     This draft does not describe an extension which may be used
     directly; it must be extended by other drafts (herein referred to
     as "event packages.") In object-oriented design terminology, it
     may be thought of as an abstract base class which must be derived
     into an instantiatable class by further extensions. Guidelines
     for creating these extensions are described in section 3. 5.

2.1. Overview of Operation

     The general concept is that entities in the network can subscribe
     to resource or call state for various resources or calls in the
     network, and those entities (or entities acting on their behalf)
     can send notifications when those states change.

     A typical flow of messages would be:

     Subscriber          Notifier
         |-----SUBSCRIBE---->|     Request state subscription
         |<-------200--------|     Acknowledge subscription
         |<------NOTIFY----- |     Return current state information
         |--------200------->|
         |<------NOTIFY----- |     Return current state information
         |--------200------->|

     The subscriber and notifier entities need not necessarily be UAs,
     but often will be.

     Subscriptions are expired and must be refreshed in exactly the
     same manner as registrations (see RFC 2543 [1] ).

3. Event Packages Syntax

     This section covers several issues which should be taken into
     consideration when event packages based on SUBSCRIBE and NOTIFY
     are proposed.

3.1. Appropriateness of Usage

     When designing an event package using describes the methods described in
     this draft for event notification, it is important to consider:
     is SIP an appropriate mechanism syntax extensions required for the problem set? Is SIP being
     selected because of some unique feature provided by the protocol
     (e.g. user mobility), or merely because "it can be done?" If you
     find yourself defining event packages for notifications related
     to, for example, network management or the temperature inside
     your car's engine, you may want to reconsider your selection of
     protocols.

     Those interested
     notification in extending the mechanism defined SIP. Semantics are described in this section 4.

3.1. New Methods

     This document are urged to read "Guidelines for Authors of describes two new SIP
     Extensions" [3] for further guidance regarding appropriate uses
     of SIP.

     Further, it is expected that this mechanism is not to be used methods: "SUBSCRIBE" and
     "NOTIFY."

     This table expands on tables 4 and 5 in
     applications where the frequency of reportable events is
     excessively rapid (e.g. more than about once per second). A SIP
     network is generally going to be provisioned for a reasonable
     signalling volume; sending a notification every time a user's GPS
     position changes by one hundreth of a second could easily
     overload such a network.

3.2. Additional Guidelines

     When designing event packages, it RFC 2543 [1] .

     Header                    Where    SUB NOT
     ------                    -----    --- ---
     Accept                      R       o   o
     Accept-Encoding             R       o   o
     Accept-Language             R       o   o
     Allow                      200      -   -
     Allow                      405      o   o
     Authorization               R       o   o
     Call-ID                    gc       m   m
     Contact                     R       m   m
     Contact                    1xx      o   o
     Contact                    2xx      m   o
     Contact                    3xx      m   m
     Contact                    485      o   o
     Content-Encoding            e       o   o
     Content-Length              e       o   o
     Content-Type                e       *   *
     CSeq                       gc       m   m
     Date                        g       o   o
     Encryption                  g       o   o
     Expires                     g       o   -
     From                       gc       m   m
     Hide                        R       o   o
     Max-Forwards                R       o   o
     Organization                g       o   o
     Priority                    R       o   o
     Proxy-Authenticate         407      o   o
     Proxy-Authorization         R       o   o
     Proxy-Require               R       o   o
     Require                     R       o   o
     Retry-After                 R       -   -
     Retry-After            404,480,486  o   o
     Retry-After                503      o   o
     Retry-After              600,603    o   o
     Response-Key                R       o   o
     Record-Route                R       o   o
     Record-Route               2xx      o   o
     Route                       R       o   o
     Server                      r       o   o
     Subject                     R       o   o
     Timestamp                   g       o   o
     To                        gc(1)     m   m
     Unsupported                420      o   o
     User-Agent                  g       o   o
     Via                       gc(2)     m   m
     Warning                     r       o   o
     WWW-Authenticate           401      o   o

3.1.1. SUBSCRIBE method
     "SUBSCRIBE" is important added to consider the
     type definition of information which will be conveyed during a notification.

     A natural temptation the element "Method" in
     the SIP message grammar.

     Like all SIP method names, the SUBSCRIBE method name is case
     sensitive. The SUBSCRIBE method is used to convey merely the request asynchronous
     notification of an event (e.g. "a new
     voice message just arrived") without accompanying state (e.g. "7
     total voice messages"). This complicates implementation or set of
     subscribing entities (since they have to maintain complete state
     for the entity to which they have subscribed), and also is
     particularly susceptible to synchronization problems.

     It events at a later time.

3.1.2. NOTIFY method

     "NOTIFY" is therefore suggested that event packages are designed so as added to notify of new state when an event occurs. In the circumstances
     that state may not be sufficient for a particular class definition of
     events, the event packages should include complete state
     information along with element "Method" in
     the event that occurred. (For example, "no
     customer service representatives available" may not be as useful
     "no customer service representatives available; representative
     sip:46@cs.xyz.int just logged off".)

3.3. Sub-packages

     Normal event packages define a set of state applied SIP message grammar.

     The NOTIFY method is used to notify a specific
     type of resource, such as user presence, call state, and
     messaging mailbox state.

     Sub-packages are a special type of package SIP node that an event
     which define a set of
     state applied to other packages, such as statistics, access
     policy, and subscriber lists. Sub-packages has been requested by an earlier SUBSCRIBE method has
     occurred. It may even be applied to
     other sub-packages.

     To extend also provide further details about the object-oriented analogy made earlier, sub-packages
     can be thought of as templatized C++ packages which must be
     applied to other packages to be useful.

     The name of a sub-package event.

3.2. New Headers

     This table expands on tables 4 and 5 in RFC 2543 [1] , as applied to a package is formed by
     appending a period followed amended
     by the sub-package name changes described in section 3.1.

     Header field         where  proxy ACK BYE CAN INV OPT REG SUB NOT
     -----------------------------------------------------------------
     Allow-Events           g           o   o   o   o   o   o   o   o
     Allow-Events          489          -   -   -   -   -   -   m   m
     Event                  R           -   -   -   -   -   -   m   m
     Subscription-Expires   R           -   -   -   -   -   -   -   o

3.2.1. "Event" header

     The following header is defined for the purposes of this
     specification.

     Event             =  ( "Event" | "o" ) ":" event-type
                          *(( ";" parameter-name
                          ["=" ( token | quoted-string ) ] )
     event-type        =  event-package *( "." event-subpackage )
     event-package     =  token-nodot
     event-subpackage  =  token-nodot
     token-nodot       =  1*( alphanum | "-"  | "!" | "%" | "*"
                              | "_" | "+" | "`" | "'" | "~" )

     Event is added to the end definition of the package. For example, if a subpackage called "watcherinfo"
     were being applied to a package called "presence," element "request-header"
     in the SIP message grammar.

     This document does not define values for event-types. These
     values will be defined by individual event
     token used in "Event" packages, and "Allow-Events" would MUST be
     "presence.watcherinfo".

     Sub-packages
     registered with the IANA.

     There must be defined so that they can be applied to any
     arbitrary package. In other words, sub-packages cannot be
     specifically tied to exactly one or a few "parent" packages in such a way
     that they will not work with other packages.

3.4. Event Package Responsibilities

     Event packages event type listed per event header.
     Multiple events per message are not required to re-iterate any of disallowed.

     For the behavior
     described in this document, although they may choose curious, the "o" short form is chosen to do so represent
     "occurrence."

3.2.2. "Allow-Events" Header

     The following header is defined for
     clarity or emphasis. In general, though, such packages are
     expected to describe only the behavior that extends or modifies
     the behavior described in this document.

     Note that any behavior designated with "SHOULD" or "MUST" in purposes of this
     document
     specification.

     Allow-Events =  ( "Allow-Events" | "u" ) ":" 1#event-type

     Allow-Events is not allowed to be changed by extension documents;
     however, such documents may elect to strengthen "SHOULD"
     requirements to "MUST" strength if required by their application.

     In addition added to the normal sections expected by "Instructions to
     RFC Authors" [7] and "Guidelines for Authors definition of the element
     "general-header" in the SIP Extensions"
     [3] , authors of event packages should take message grammar.

     For the curious, the "u" short form is chosen to represent
     "understands."

3.2.3. "Subscription-Expires" Header

     The following
     sections into consideration.

3.4.1. Event Package Name

     This mandatory section of an event package defines header is defined for the purposes of this
     specification.

     Subscription-Expires =  "Subscription-Expires" ":"
                              ( SIP-date | delta-seconds )
                               *( ";" subexp-params )

     subexp-params        =   "reason" "=" reason-code
                            | generic-param

     reason-code          =   "migration"
                            | "maint"
                            | "refused"
                            | "timeout"
                            | reason-extension

     reason-extension      =   token name
     to be used

     Subscription-Expires is added to designate the event package. It should include definition of the
     information which appears element
     "request-header" in the IANA registration of the token.
     For information on registering such types, see section 7.

3.4.2. Event Package Parameters

     If parameters are SIP message grammar.

3.3. New Response Codes

3.3.1. "202 Accepted" Response Code

     The 202 response is added to be used on the "Event" "Success" header to modify the
     behavior of the event package, field
     definition:

     Success  = "200"  ;  OK
             |  "202"  ;  Accepted

     "202 Accepted" has the syntax and semantics of such
     headers must be clearly defined.

3.4.3. SUBSCRIBE Bodies

     It same meaning as that defined in HTTP/1.1
     [5] .

3.3.2. "489 Bad Event" Response Code

     The 489 event response is expected added to the "Client-Error" header
     field definition:

     Client-Error = "400"  ; Bad Request
                  ...
                  | "489"  ; Bad Event

     "489 Bad Event" is used to indicate that most, but the server did not all,
     understand the event packages will define
     syntax and semantics for package specified in a "Event" header field.

4. Node Behavior

4.1. General

     Unless noted otherwise, SUBSCRIBE method bodies; these bodies
     will typically modify, expand, filter, throttle, and/or set
     thresholds for and NOTIFY requests follow the class of events being requested. Designers
     same protocol rules governing the usage of
     event packages tags, Route handling,
     Record-Route handling, Via handling, and Contact handling as
     INVITE; retransmission, reliability, CSeq handling and
     provisional responses are strongly encouraged to re-use existing MIME
     types the same as those defined for message bodies where practical.

     This mandatory section BYE.

     For the purposes of an event package defines what type or
     types this document, a "dialog" is defined as all
     messages sharing the tuple of event bodies are expected "To" (including tag), "From"
     (including tag), and "Call-Id." As in SUBSCRIBE INVITE-initiated dialogs,
     requests (or
     specify that containg no event bodies "To" tag are expected). It should point also considered to
     detailed definitions be part of syntax
     the same dialog as messages which contain a "To" tag but
     otherwise match.

4.1.1. Route Handling

     Route and semantics Record-Route handling for all referenced
     body types.

3.4.4. Subscription Duration

     It SUBSCRIBE and NOTIFY dialogs
     is recommended that event packages give a suggested range of
     times considered reasonable for generally the duration of a subscription.
     Such packages should also define a default "Expires" value to be
     used if none is specified.

3.4.5. NOTIFY Bodies same as for INVITE and its subsequent responses.
     The NOTIFY body is used to report state on the resource being
     monitored. Each package must define a what type or types of event
     bodies are expected in NOTIFY requests. Such packages must
     specify or cite detailed specifications exact method for the syntax echoing Record-Route headers in responses
     and
     semantics associated with such event body.

     Event packages also need using them to define which MIME type form Route headers in subsequent requests is to be
     assumed if none are specified
     described in RFC2543 [1] . For the "Accept" header purposes of the
     SUBSCRIBE request.

3.4.6. Subscriber generation of SUBSCRIBE requests

     This section of an event package describes following
     discussion, the process by which "Contact" header is considered part of the
     "Record-Route" set.

     From a subscriber generates and sends perspective, the "Record-Route" headers
     received in a SUBSCRIBE request response are stored locally and
     processes placed in
     the subsequent response. Such a section is optional,
     but encouraged "Route" headers for the sake of clarity.

3.4.7. Notifier processing SUBSCRIBE refreshes. To support forking
     of SUBSCRIBE requests, "Record-Route" headers received in NOTIFY
     requests

     This section describes MUST be echoed back in the processing to NOTIFY responses; if no route
     for the dialog has been established, these "Record-Route" headers
     MUST be performed by stored locally and MUST be placed in the
     notifier upon receipt of a "Route" headers
     for SUBSCRIBE request. Such refreshes.

     From a section is
     required.

3.4.8. Notifier generation of NOTIFY requests

     This section notifier perspective, SUBSCRIBE request "Record-Route"
     headers are echoed back in the SUBSCRIBE response and stored
     locally. The locally stored copy of an event package describes the process by which "Record-Route" headers is
     placed in the notifier generates and sends a "Route" headers when generating NOTIFY request. It may
     optionally describe requests.

     The result of the behavior used forgoing rules is that proxies wishing to processes
     remain on the signalling path for subsequent
     response. Such a section is required.

3.4.9. Subscriber processing of NOTIFY requests

     This section of an event package describes the process followed
     by in the subscriber upon receipt of
     dialog MUST include themselves in a "Record-Route" for all
     requests, not just the initial SUBSCRIBE.

4.1.2. Detecting support for SUBSCRIBE and NOTIFY request, including any
     logic required to form a coherent resource state (if applicable).

3.4.10. Handling of forked requests

     Each event package should specify whether forked

     Neither SUBSCRIBE
     requests are allowed to install multiple subscriptions. If such
     behavior is not allowed, any nor NOTIFY messages not matching necessitate the
     200-class response to use of "Require" or
     "Proxy-Require" headers; similarly, there is no token defined for
     "Supported" headers. If necessary, clients may probe for the initial
     support of SUBSCRIBE message are responded
     to with a 481.

     In the case that multiple subscriptions are allowed, and NOTIFY using the event
     package must specify whether merging OPTIONS request defined
     in RFC2543 [1] .

     The presence of the notifications to form "Allow-Events" header in a single state is required, and how such merging message is
     sufficient to be
     performed. Note that it is possible that some event packages indicate support for SUBSCRIBE and NOTIFY.

     The "methods" parameter for Contact may also be defined in such a way that each leg is tied used to a mutually
     exclusive state which is unaffected by
     specifically announce support for SUBSCRIBE and NOTIFY messages
     when registering. (See reference [8] for details on the other legs; this must
     be clearly stated if it is "methods"
     parameter).

4.1.3. CANCEL requests

     For the case.

3.4.11. Rate purposes of notifications

     Each event package is expected to define a requirement
     (RECOMMENDED, SHOULD or generality, both SUBSCRIBE and NOTIFY MAY be
     canceled; however, doing so is not recommended. Successfully
     cancelled SUBSCRIBE and NOTIFY requests MUST strength) which defines an absolute
     maximum on be completed with a
     "487 Request Cancelled" response; the rate at which notifications server acts as if the
     request were never received. In general, since neither SUBSCRIBE
     nor NOTIFY are allowed to be
     generated by a single notifier.

     Such packages may further define a throttle mechanism which
     allows subscribers have protracted transactions, attempts
     to further limit the rate of notification.

3.4.12. cancel them are expected to fail.

4.1.4. State Agents and Notifier Migration

     Designers of event packages should consider whether their package
     can benefit from network aggregation points ("State Agents")
     and/or nodes which act on behalf of other nodes. (For example,
     nodes which provide state information about a resource when such
     a resource is unable or unwilling to provide such state
     information itself). An example of such an application is a node
     which tracks the presence and availability of a user in the
     network.
     When state agents (see section 5.4.11. ) are used, it may make sense is often
     useful to allow migration of subscriptions between state agents
     and the nodes for which they are providing state aggregation (or
     even among various state agents). Designers of packages using state agents are encouraged
     to include such a feature with detailed description of how such Such migration is performed.

     Note that the mechanism of may be effected
     by sending a "NOTIFY" with an "Expires" "Subscription-Expires" header of "0" is an effective way to force
     "0," and a reason parameter of "migration." This NOTIFY request
     is otherwise normal, and is formed as described in section 4.3.3.

     Upon receipt of this NOTIFY message, the subscriber SHOULD
     attempt to
     re-subscribe, which may come re-subscribe (as described in useful when designing a migration
     scheme.

3.4.13. Examples

     Event packages should include several demonstrative the following sections).
     The resulting SUBSCRIBE message flow
     diagrams paired with several typical, syntactically correct and
     complete messages.

     It can then be proxied or redirected
     to the node to which notification responsibility is recommended that documents describing event packages
     clearly indicate that such examples are informative passing.

4.2. Description of SUBSCRIBE Behavior

     The SUBSCRIBE method is used to request current state and not
     normative, with instructions that implementors refer state
     updates from a remote node.

4.2.1. Correlation to dialogs, calls, and terminals

     A subscription is uniquely identified by the main
     text combination of the draft for exact protocol details.

4. Syntax

     This section describes
     To, From, and Call-ID fields in the syntax extensions required SUBSCRIBE request. Refreshes
     of subscriptions SHOULD reuse the same Call-ID if possible, since
     subscriptions are uniquely identified at presence servers using
     the Call-ID. Two subscriptions from the same user, for event
     notification in SIP. Semantics the same
     user, but with different Call-IDs, are described considered different
     subscriptions. Note this is exactly the same as usage of Call-ID
     in section 5.

4.1. New Methods

     This document describes two new SIP methods: "SUBSCRIBE" and
     "NOTIFY."

     This table expands on tables 4 and 5 registrations.

     Initial SUBSCRIBE requests MUST contain a "tag" parameter (as
     defined in RFC 2543 [1] .

     Header                    Where    SUB ) in the "From" header, and MUST NOT
     ------                    -----    --- ---
     Accept                      R       o   o
     Accept-Encoding             R       o   o
     Accept-Language             R       o   o
     Allow                      200      -   -
     Allow                      405      o   o
     Authorization               R       o   o
     Call-ID                    gc       m   m
     Contact                     R       m   m
     Contact                    1xx      o   o
     Contact                    2xx      m   o
     Contact                    3xx      m   m
     Contact                    485      o   o
     Content-Encoding            e       o   o
     Content-Length              e       o   o
     Content-Type                e       *   *
     CSeq                       gc       m   m
     Date                        g       o   o
     Encryption                  g       o   o
     Expires                     g       m   o
     From                       gc       m   m
     Hide                        R       o   o
     Max-Forwards                R       o   o
     Organization                g       o   o
     Priority                    R       o   o
     Proxy-Authenticate         407      o   o
     Proxy-Authorization         R       o   o
     Proxy-Require               R       o   o
     Require                     R       o   o
     Retry-After                 R       -   -
     Retry-After            404,480,486  o   o
     Retry-After                503      o   o
     Retry-After              600,603    o   o
     Response-Key                R       o   o
     Record-Route                R       o   o
     Record-Route               2xx      o   o
     Route                       R       o   o
     Server                      r       o   o
     Subject                     R       o   o
     Timestamp                   g       o   o
     To                        gc(1)     m   m
     Unsupported                420      o   o
     User-Agent                  g       o   o
     Via                       gc(2)     m   m
     Warning                     r       o   o
     WWW-Authenticate           401      o   o

4.1.1.
     contain a "tag" parameter in the "To" header. Responses to
     SUBSCRIBE requests MUST contain a "tag" parameter in the "To"
     header.

     The "tag" in the "To" header allows the subscriber to
     differentiate between NOTIFY requests from different clients in
     the case that the SUBSCRIBE request was forked. SUBSCRIBE
     requests for re-subscription MUST contain "tag" parameters in
     both the "To" and "From" headers (matching those previously
     established for the dialog).

     The relationship between subscriptions and (INVITE-initiated)
     sessions sharing the same dialog correlation information is
     undefined. Re-using  dialog correlation information for
     subscriptions is allowed, but sharing of such information does
     not change the semantics of the INVITE session or the SUBSCRIBE
     dialog.

     Similarly, the relationship between a subscription in one
     direction (e.g. from node A to node B) and a subscription in the
     opposite direction (from B to A) with the same dialog correlation
     information is undefined. While re-using such information is
     allowed, the sharing of such information does not change the
     semantics of either SUBSCRIBE dialog.

4.2.2. Subscription duration

     SUBSCRIBE requests SHOULD contain an "Expires" header. This
     expires value indicates the duration of the subscription. The
     formatting of these is described in RFC 2543. In order to keep
     subscriptions effective beyond the duration communicated in the
     "Expires" header, subscribers need to refresh subscriptions on a
     periodic basis. This refreshing is performed in the same way as
     REGISTER refreshes: the To, From, and Call-ID match those in the
     SUBSCRIBE method
     "SUBSCRIBE" being refreshed, while the CSeq number is added to incremented.

     If no "Expires" header is present in a SUBSCRIBE request, the definition
     implied default is defined by the event package being used.

     200-class responses to SUBSCRIBE requests also MUST contain an
     "Expires" header. The period of time in the element "Method" response MAY be
     shorter or longer than specified in the SIP message grammar.

     Like all SIP method names, request. The period of
     time in the response is the one which defines the duration of the
     subscription.

     Similar to REGISTER requests, SUBSCRIBE method name requests may be renewed
     at any time to prevent them from expiring at the end of the
     "Expires" period. These renewals will contain a the same "To,"
     "From," and "Call-ID" as the original request, and an incremented
     "CSeq" number.

     Also similar to REGISTER requests, a natural consequence of this
     scheme is case
     sensitive. The that a SUBSCRIBE method with an "Expires" of 0 constitutes a
     request to unsubscribe from an event.

     Notifiers may also wish to cancel subscriptions to events; this
     is used useful, for example, when the resource to request asynchronous
     notification which a subscription
     refers is no longer available. Further details on this mechanism
     are discussed in section 4.3.3.

4.2.3. Identification of an event or set Subscribed Events and Event Classes

     Identification of events is provided by three pieces of
     information: Request URI, Event Type, and (optionally) message
     body.

     The Request URI of events at a later time.

4.1.2. NOTIFY method

     "NOTIFY" is added SUBSCRIBE request, most importantly,
     contains enough information to route the definition of request to the element "Method" in
     appropriate entity. It also contains enough information to
     identify the SIP message grammar.

     The NOTIFY method resource for which event notification is used desired,
     but not necessarily enough information to notify a SIP node that an event
     which has been requested by an earlier SUBSCRIBE method has
     occurred. It may also provide further details about uniquely identify the event.

4.2. New Headers

     This table expands on tables 4 and 5 in RFC 2543 [1] , as amended
     by
     nature of the changes described in section 4.1.

     Header field         where  proxy ACK BYE CAN INV OPT REG SUB NOT
     -----------------------------------------------------------------
     Allow-Events           g           o   o   o   o   o   o   o   o
     Event                  R           -   -   -   -   -   -   m   m
     Event                  r           -   -   -   -   -   -   -   -

4.2.1. "Event" header

     The following header is defined event (e.g. "sip:adam.roach@ericsson.com" would be
     an appropriate URI to subscribe to for my presence state; it
     would also be an appropriate URI to subscribe to the purposes state of this
     specification.

     Event             =  ( my
     voice mailbox).

     Subscribers MUST include exactly one "Event" | "o" ) ":" event-type
                          *(( ";" parameter-name
                          ["=" ( token | quoted-string ) ] )
     event-type        =  event-package *( "." event-subpackage )
     event-package     =  token-nodot
     event-subpackage  =  token-nodot
     token-nodot       =  1*( alphanum | "-"  | "!" | "%" | "*"
                              | "_" | "+" | "`" | "'" | "~" )

     Event is added header in SUBSCRIBE
     requests, indicating to the definition which event or class of events they are
     subscribing. The "Event" header will contain a token which
     indicates the element "general-header"
     in the SIP message grammar.

     This document does not define values type of state for event-types. These
     values which a subscription is being
     requested. This token will be defined by individual event packages, and MUST be registered with the IANA.

     Experimental event types may be created by prepending IANA and will
     correspond to an "x-"
     followed by event package which further describes the organization's internet domain, with
     semantics of the field
     order reversed, and "." characters replaced by dashes (e.g.
     "Event: x-com-ericsson-foo").

     There must be exactly one event type listed per or event header.
     Multiple events per message are disallowed.

     For the curious, the "o" short form is chosen to represent
     "occurrence."

4.2.2. "Allow-Events" Header class.

     The following "Event" header is defined considered mandatory for the purposes of
     this
     specification.

     Allow-Events =  ( "Allow-Events" | "u" ) ":" 1#event-type

     Allow-Events is added to the definition of the element
     "general-header" in the SIP message grammar.

     For the curious, the "u" short form is chosen to represent
     "understands."

4.3. New Response Codes

4.3.1. "202 Accepted" Response Code

     The 202 response is added document. However, to the "Success" maintain compatibility with PINT (see
     [3] ), servers MAY interpret a SUBSCRIBE request with no "Event"
     header field
     definition:

     Success  = "200"  ;  OK
             |  "202"  ;  Accepted

     "202 Accepted" has the same meaning as that defined in HTTP/1.1
     [6] .

4.3.2. "489 Bad Event" Response Code

     The 489 event response is added requesting a subscription to PINT events. If the "Client-Error" header
     field definition:

     Client-Error = "400"  ; Bad Request
                  ...
                  | "489"  ; Bad Event
     servers do not support PINT, they SHOULD return "489 Bad Event" is used
     to indicate that the server did not
     understand any SUBSCRIBE messages without an EVENT header.

     If the event package specified to which the event token corresponds defines
     behavior associated with the body of its SUBSCRIBE requests,
     those semantics apply.

4.2.4. Additional SUBSCRIBE Header Values

     Each SUBSCRIBE request MUST have exactly one "Contact:" header,
     to be used as part of route handling, as described in a "Event" header field.

5. Node Behavior

     Unless noted otherwise, section
     4.1.1.

     SUBSCRIBE and NOTIFY requests follow MAY contain an "Accept" header. This header,
     if present, indicates the
     same protocol rules governing body formats allowed in subsequent
     NOTIFY requests. Event packages MUST define the usage of tags, Route,
     Record-Route, Via handling, retransmission, reliability, CSeq
     handling, Contact handling, provisional responses, and message
     formatting behavior for
     SUBSCRIBE requests without "Accept" headers; usually, this will
     connote a single, default body type.

     Header values not described in this document are to be
     interpreted as those defined described in RFC 2543 [1] .

4.2.5. Subscriber SUBSCRIBE Behavior

4.2.5.1. Requesting a Subscription

     When a subscriber wishes to subscribe to a particular state for BYE.

     Neither a
     resource, it forms a SUBSCRIBE nor NOTIFY necessitate the use of "Require" or
     "Proxy-Require" headers; similarly, there message.

     The dialog correlation information is no token defined for
     "Supported" headers. If necessary, clients may probe formed as if for an
     original INVITE: the Call-ID is a new call ID with the syntax
     described in RFC 2543; the To: field indicates the subscribed
     resource's persistent address (which will generally match the
     Request URI used to form the message); and the From: field will
     indicate the subscriber's persistent address (typically
     sip:user@domain).

     This SUBSCRIBE request will be confirmed with a final response.
     200-class responses indicate that the
     support of SUBSCRIBE subscription has been
     accepted, and that a NOTIFY using will be sent immediately. A 200
     response indicates that the OPTIONS request defined
     in RFC2543. Note also subscription has been accepted and
     that the presence of user is authorized to subscribe to the "Allow-Events" requested
     resource. A 202 response merely indicates that the subscription
     has been understood, and that authorization may or may not have
     been granted.

     The "Expires" header in a message is sufficient 200-class response to indicate support for SUBSCRIBE and NOTIFY.

     For
     indicates the purposes of generality, both SUBSCRIBE and NOTIFY MAY be
     canceled; however, doing so is actual duration for which the subscription will
     remain active (unless refreshed).

     Non-200 class final responses indicate that the subscription has
     not recommended. Successfully
     cancelled SUBSCRIBE been created, and no subsequent NOTIFY requests MUST message will be completed with a
     "487 Request Cancelled" response; the server acts as if the
     request were never received. In general, since neither SUBSCRIBE
     nor NOTIFY are allowed to have protracted transactions, attempts
     to cancel them are expected to fail.

5.1. Description of SUBSCRIBE Behavior

     The SUBSCRIBE method is used to request current state and state
     updated from a remote node.

5.1.1. Correlation to legs, calls, and terminals

     A subscription is uniquely identified by sent.
     All non-200 class responses (with the combination exception of "489,"
     described herein) have the
     To, From, same meanings and Call-ID fields handling as
     described in the SUBSCRIBE request. Refreshes RFC 2543 [1] .

4.2.5.2. Refreshing of subscriptions SHOULD reuse the same Call-ID if possible, since
     subscriptions are uniquely identified at presence servers using Subscriptions

     At any time before a subscription expires, the Call-ID. Two subscriptions from subscriber may
     refresh the same user, timer on such a subscription by re-sending a
     SUBSCRIBE request. The handling for the same
     user, but with different Call-IDs, are considered different
     subscriptions. Note this such a request is exactly the same as usage
     for the initial creation of Call-ID
     in registrations.

     Initial SUBSCRIBE requests MUST a subscription except as described
     below.

     Subscription renewals will contain a "tag" parameter (as
     defined in RFC 2543 [1] ) in "To" field matching the
     "From" header, and MUST NOT
     contain a "tag" parameter field in the "To" header. Responses first NOTIFY request for the dialog
     containing the subscription to
     SUBSCRIBE requests MUST be refreshed. They will contain a "tag" parameter in the "To"
     header. The "tag" in
     the "To" header allows same "From" and "Call-ID" fields as the subscriber to
     differentiate between NOTIFY requests original SUBSCRIBE
     request, and an incremented "CSeq" number from different clients the original
     SUBSCRIBE request. Route handling is as discussed in section
     4.1.1.

     If a SUBSCRIBE request to refresh a subscription receives a "481"
     response, this indicates that the case subscription has been
     terminated and that the subscriber did not receive notification
     of this fact. In this case, the subscriber should consider the
     subscription invalid. If the subscriber wishes to re-subscribe to
     the state, he does so by composing an unrelated initial SUBSCRIBE
     request was forked. SUBSCRIBE
     requests for re-subscription MUST contain "tag" parameters in
     both the "To" with a freshly-generated Call-ID and a new, unique "From" headers (matching those previously
     established
     tag (see section 4.2.5.1. )
     If a SUBSCRIBE request to refresh a subscription fails, the
     original subscription is still considered valid for the leg).

     The relationship between subscriptions duration
     of the most recently known "Expires" value as negotiated by
     SUBSCRIBE and (INVITE-initiated)
     sessions sharing its response, or as communicated by NOTIFY in
     "Subscription-Expires," except as described above.

4.2.5.3. Unsubscribing

     Unsubscribing is handled in the same call leg identification information is
     undefined. Re-using call leg information for subscriptions is
     discouraged.

     Similarly, way as refreshing of a
     subscription, with the relationship between "Expires" header set to "0." Note that a subscription in one
     direction (e.g. from node A
     successful unsubscription will also trigger a final "NOTIFY".

4.2.5.4. Confirmation of Subscription Creation

     The subscriber can expect to receive a NOTIFY message from each
     node B) and which has registered a successful subscription in or
     subscription refresh. Until the
     opposite direction (from B to A) with first NOTIFY message arrives, the same call leg
     identification information is undefined. Re-using subscription
     correlation information in two directions is discouraged.

5.1.2. Subscription duration

     SUBSCRIBE requests MUST contain an "Expires" header. This expires
     value indicates
     subscriber should consider the duration state of the subscription. The formatting
     of these is described subscribed resource
     to be in RFC 2543. In order a neutral state. Event packages which define new event
     packages MUST define this "neutral state" in such a way that
     makes sense for their application (see section 5.4.7. ).

     Due to keep subscriptions
     effective beyond the duration communicated in potential for both out-of-order messages and forking,
     the "Expires"
     header, subscribers need subscriber MUST be prepared to refresh subscriptions on a periodic
     basis. This refreshing receive NOTIFY messages before
     the SUBSCRIBE transaction has completed.

     Except as noted above, processing of this NOTIFY is performed in the same way as REGISTER
     refreshes: the To, From, and Call-ID match those
     in the section 4.3.5.

4.2.6. Proxy SUBSCRIBE
     being refreshed, while the CSeq number is incremented.

     200-class responses Behavior

     Proxies need no additional behavior beyond that described in RFC
     2543 [1] to support SUBSCRIBE. If a proxy wishes to see all of
     the SUBSCRIBE and NOTIFY requests also for a given dialog, it MUST contain an
     "Expires" header. The period of time in the response MAY be
     shorter
     record-route all SUBSCRIBE and NOTIFY requests.

4.2.7. Notifier SUBSCRIBE Behavior

4.2.7.1. SUBSCRIBE Transaction Processing

     In no case should a SUBSCRIBE transaction extend for any longer
     than specified in the request, but time necessary for automated processing. In particular,
     notifiers MUST NOT be longer. wait for a user response before returning a
     final response to a SUBSCRIBE request.

     The period of time notifier SHOULD check that the event package specified in the response
     "Event" header is understood. If not, the one which defines notifier SHOULD return
     a "489 Bad Event" response to indicate that the
     duration of specified
     event/event class is not understood.

     The notifier SHOULD also perform any necessary authentication and
     authorization per its local policy. See section 4.2.7.3.

     If the subscription.

     Similar to REGISTER requests, SUBSCRIBE requests may be renewed
     at any time to prevent them from expiring at request contains a tag parameter in the end "To"
     field, but the notifier has no record of the
     "Expires" period. These renewals will contain a indicated dialog,
     the same "To,"
     "From," and "Call-ID" as notifier has two options. If the original request, notifier is able and an incremented
     "CSeq" number.

     Also similar willing
     to REGISTER requests, a natural consequence of this
     scheme reconstruct subscription state, he may accept the subscription
     as an initial subscription. If the notifier cannot or is that a SUBSCRIBE not
     willing to reconstitute such state, it should respond with an "Expires" of 0 constitutes a
     request "481
     Subscription does not exist."

     If the notifier is able to unsubscribe from an event.

     Notifiers may also wish immediately determine that it
     understands the event package, that the authenticated subscriber
     is authorized to cancel subscriptions subscribe, and that there are no other barriers
     to events; this
     is useful, for example, when creating the subscription, it creates the resource to which a subscription
     refers is no longer available. Further details on this mechanism
     are discussed in section 5.2.3.

5.1.3. Identification of Subscribed Events and Event Classes

     Identification of events is provided by three pieces of
     information: Request URI, Event Type, and (optionally) message
     body.

     The Request URI of
     returns a SUBSCRIBE request, most importantly,
     contains enough information to route "200 OK" response, unless doing so would reveal
     authorization policy in an undesirable fashion (see section 6.2.
     ).

     If the request to notifier cannot immediately create the
     appropriate entity. It also contains enough information subscription (e.g.
     it needs to
     identify the resource wait for user input for authorization, or is acting
     for another node which event notification is desired, not currently reachable), or wishes to
     mask authorization policy, it will return a "202 Accepted"
     response. This response indicates that the request has been
     received and understood, but does not necessarily enough information to uniquely identify imply that the
     nature of
     subscription has been created yet.

     The "Expires" values present in SUBSCRIBE 200-class responses
     behave in the event (e.g. "sip:adam.roach@ericsson.com" would be
     an appropriate URI same way as they do in REGISTER responses: the
     server MAY shorten or lengthen the interval.

     200-class responses to subscribe SUBSCRIBE requests will not generally
     contain any useful information beyond subscription duration;
     their primary purpose is to for my presence state; it
     would also serve as a reliability mechanism.
     State information will be an appropriate URI to subscribe to the state of my
     voice mailbox).

     Subscribers MUST include exactly one "Event" header communicated via a subsequent NOTIFY
     request from the notifier.

     The other response codes defined in RFC 2543 may be used in
     response to SUBSCRIBE requests, indicating to which event as appropriate.

4.2.7.2. Confirmation of Subscription Creation/Refreshing

     Upon successfully accepting or class refreshing of events they are
     subscribing. The "Event" header will contain a single opaque
     token which identifies subscription,
     notifiers MUST send a NOTIFY message immediately to communicate
     the event current resource state to the subscriber. If the resource has
     no meaningful state at the time that the SUBSCRIBE message is
     processed, this NOTIFY message MAY contain an empty or class of events neutral
     body. See section 4.3.3. for which further details on NOTIFY message
     generation.

     Note that a
     subscription NOTIFY message is being requested. This token will be registered
     with the IANA and will correspond always sent immediately after any
     200-class response to an event package which
     further describes the semantics a SUBSCRIBE request, regardless of whether
     the event subscription has already been authorized.

4.2.7.3. Authentication/Authorization of SUBSCRIBE requests

     Privacy concerns may require that notifiers either use access
     lists or event class.

     The "Event" header is considered mandatory for ask the purposes notifier owner, on a per-subscription basis,
     whether a particular remote node is authorized to subscribe to a
     certain set of
     this document. However, events. In general, authorization of users prior
     to maintain compatibility with PINT (see
     [4] ), servers MAY interpret authentication is not particularly useful.

     SIP authentication mechanisms are discussed in RFC2543 [1] . Note
     that, even if the notifier node typically acts as a proxy,
     authentication for SUBSCRIBE request with no "Event"
     header as requesting requests will always be performed
     via a subscription to PINT events. "401" response, not a "407;" notifiers always act as a user
     agents when accepting subscriptions and sending notifications.

     If authorization fails based on an access list or some other
     automated mechanism (i.e. it can be automatically authoritatively
     determined that the
     servers do subscriber is not support PINT, they SHOULD return "489 Bad Event" authorized to any SUBSCRIBE messages without an EVENT header.

     If subscribe),
     the event package notifier SHOULD reply to which the event token corresponds defines
     behavior associated request with the body of its SUBSCRIBE requests,
     those semantics apply.

5.1.4. Additional SUBSCRIBE Header Values

     The "Contact:" header in a SUBSCRIBE message will contain "403 Forbidden"
     or "603 Decline" response, unless doing so might reveal
     information about where resulting NOTIFY requests are to be sent.
     Each SUBSCRIBE request must have exactly one "Contact:" header.

     SUBSCRIBE requests MAY contain an "Accept" header. This header,
     if present, indicates the body formats allowed in subsequent
     NOTIFY requests. Event packages MUST define that should stay private; see section 6.2.

     If the behavior for
     SUBSCRIBE requests without "Accept" headers; usually, this will
     connote a single, default body type.

     Header values not described in this document are notifier owner is interactively queried to be
     interpreted determine
     whether a subscription is allowed, a "202 Accept" response is
     returned immediately. Note that a NOTIFY message is still formed
     and sent under these circumstances, as described in RFC 2543 [1] .

5.1.5. Subscriber SUBSCRIBE Behavior

5.1.5.1. Requesting a Subscription
     When a subscriber the previous
     section.

     If subscription authorization was delayed and the notifier wishes
     to subscribe to (or refresh convey that such authorization has been declined, it may do so
     by sending a NOTIFY message containting a "Subscription-Expires"
     header with a value of "0" and a reason parameter of "refused."

4.2.7.4. Refreshing of Subscriptions

     When a
     subscription to) an event class, he forms notifier receives a SUBSCRIBE message.

     The call leg information is formed as if for an original INVITE: subscription refresh, assuming that
     the Call-ID subscriber is a new call ID with still authorized, the syntax described in RFC
     2543; notifier updates the To: field indicates
     expiration time for subscription. As with the subscribed resource's
     persistent address (which will generally match initial
     subscription, the Request URI
     used to form server MAY shorten or increase the message); and amount of
     time until expiration. The final expiration time is placed in the From: field will indicate
     "Expires" header in the
     subscriber's persistent address (typically sip:user@machine for
     UAs, or sip:machine response.

     If no refresh for other entities).

     This SUBSCRIBE request will be confirmed a notification address is received before its
     expiration time, the subscription is removed. When removing a
     subscription, the notifier MAY send a NOTIFY message with a final response.
     200-class responses indicate
     "Subscription-Expires" value of "0" to inform it that the subscriber will be
     receiving
     subscription is being removed. If such a message is sent, the
     "Subscription-Expires" header SHOULD contain a confirmation "reason=timeout"
     parameter.

4.3. Description of subscription NOTIFY Behavior

     NOTIFY messages are sent to inform subscribers of changes in
     state to which the subscriber has a subscription. Subscriptions
     are typically put in place using the form SUBSCRIBE method; however,
     it is possible that other means have been used.

     If any non-SUBSCRIBE mechanisms are defined to create
     subscriptions, it is the responsibility of the parties defining
     those mechanisms to ensure that correlation of a NOTIFY
     message. A 200 response can be interpreted message
     to the corresponding subscription is possible. Designers of such
     mechanisms are also warned to make a distinction between sending
     a NOTIFY message to mean that a subscriber who is aware of the
     requested subscription has succeeded
     subscription, and that sending a NOTIFY is message to be
     expected immediately. A 202 response indicates that there may be
     a sizable delay before an unsuspecting
     node. The latter behavior is invalid, and MUST receive a notification "481
     Subscription does not exist" response (unless some other 400- or
     500-class error code is received, pending the
     actual creation more applicable), as described in section
     4.3.5. In other words, knowlege of a subscription must exist in
     both the subscription. For most implementations,
     there will subscriber and the notifier to be no difference in handling these two response codes.

     The "Expires" header valid, even if
     installed via a non-SUBSCRIBE mechanism.

     A NOTIFY does not cancel its corresponding subscription; in other
     words, a 200-class response to single SUBSCRIBE
     indicates request may trigger several NOTIFY
     requests.

4.3.1. Correlation

     NOTIFY requests MUST contain the actual duration for same Call-ID as the SUBSCRIBE
     request which ordered them; the subscription will
     remain active (unless refreshed).

     Non-200 class final responses indicate that "To" field MUST match the subscription has
     not been created, "From"
     field in the SUBSCRIBE that ordered them, and no subsequent the "From" field
     MUST match the "To" field that was sent in the 200-class response
     to the SUBSCRIBE. In other words, NOTIFY message will requests MUST be sent.
     All non-200 class responses (with the exception of "489,"
     described herein) have in the
     same meanings and handling dialog as
     described in RFC 2543 [1] .

5.1.5.2. Refreshing of Subscriptions

     At any time before a subscription expires, the subscriber may
     refresh the timer on such a subscription by re-sending a SUBSCRIBE request. that ordered them.

     The handling for such From field of a request is the same as
     for NOTIFY request, like the initial creation "To" field of a subscription, with the exception
     that these renewals will
     SUBSCRIBE response, MUST contain a tag; this allows for the same "To," "From," and
     "Call-ID" as
     subscriber to differentiate between events from different
     notifiers.

     Successful SUBSCRIBE requests will receive only one 200-class
     response; however, due to forking, the subscription may have been
     accepted by multiple nodes. The subscriber MUST therefore be
     prepared to receive NOTIFY requests with "From:" tags which
     differ from the "To:" tag received in the original SUBSCRIBE request, and an incremented
     "CSeq" number. 200-class
     response.

     If multiple NOTIFY messages are received in response to a single
     SUBSCRIBE request message, they represent different destinations to refresh a subscription fails, which
     the
     original subscription is still considered valid for SUBSCRIBE request was forked. Unless the duration
     of event package
     specifies otherwise, the most recently known "Expires" value subscriber may either accept all such
     notifications as negotiated by
     SUBSCRIBE and its response, representing different dialogs (which are then
     refreshed separately), or as communicated by NOTIFY.

5.1.5.3. Unsubscribing

     Unsubscribing is handled send a 481 response to any NOTIFYs on
     dialogs that it does not want to keep alive.

     As expected, CSeq spaces are unique for each node; in other
     words, the same way as refreshing of notifier uses a
     subscription, with different CSeq space than the "Expires" header set
     subscriber and any other notifiers.

4.3.2. Identification of reported events, event classes, and current
state

     Identification of events being reported in a notification is very
     similar to "0." Note that a
     successful unsubscription will also trigger a final "NOTIFY".

5.1.5.4. Confirmation of Subscription Creation described for subscription to events (see section
     4.2.3. ).

     The subscriber can expect Request URI of a NOTIFY request contains enough information
     to route the request to the party which is subscribed to receive a NOTIFY message
     notifications. It is derived from each
     node which has registered a successful subscription or
     subscription refresh. Until the first NOTIFY message(s) arrive, the subscriber should consider "Contact" header present in
     the state of corresponding SUBSCRIBE request.

     If the same events for different resources are being subscribed
     resource
     to, implementors are expected to be use different dialogs in an undefined state. Event packages which define
     new order
     to be able to differentiate between notifications for them,
     unless the body for the event packages MUST define contains enough information for
     this "undefined state" correlation.

     As in such SUBSCRIBE requests, NOTIFY "Event" headers will contain a
     way that makes sense for their application.

     Due to
     single  token which identifies the potential event or class of events for both out-of-order messages and forking,
     which a notification is being generated.

     If the subscriber MUST be prepared event package to receive which the event token corresponds defines
     behavior associated with the body of its NOTIFY messages before requests, those
     semantics apply. This information is expected to provide
     additional details about the SUBSCRIBE transaction nature of the event which has completed.

     Except as noted above, processing
     occurred and the resultant resource state.

     When present, the body of this the NOTIFY is request MUST be formatted
     into one of the same as body formats specified in section 5.2.5.

5.1.6. Proxy the "Accept" header of
     the corresponding SUBSCRIBE request.

4.3.3. Notifier NOTIFY Behavior

     Proxies need no additional behavior beyond that described in RFC
     2543 [1] to support SUBSCRIBE. Note that SIP proxies may also act
     as subscribers

     When a SUBSCRIBE request is successfully processed or notifiers, as appropriate; under these
     circumstances, they a relevant
     change in the subscribed state occurs, the notifier will act
     immediately construct and send a NOTIFY request to the
     subscriber(s), per standard Route/Record-Route handling, as
     described in 5.1.5. and 5.1.7.

5.1.7. Notifier SUBSCRIBE Behavior

5.1.7.1. SUBSCRIBE Transaction Processing

     In no case should a SUBSCRIBE transaction extend for section 4.1.1.

     If the notifier is able, through any means, to determine that the
     subscriber is no longer
     than available to receive notifications, it
     MAY elect to not send a notification. An example of a method by
     which such information may be known is the time necessary for automated processing. In particular,
     notifiers MUST NOT wait "SIP for a user Presence"
     event set (see [4] ).

     A NOTIFY request is considered failed if the response before returning times out,
     or a
     final non-200 class response code is received which has no
     "Retry-After" header and no implied further action which can be
     taken to retry the request (e.g. "401 Authorization Required.")

     If the NOTIFY request fails (as defined above) due to a SUBSCRIBE request.

     The timeout
     condition, and the subscription was installed using a soft-state
     mechanism (such as SIP signalling), the notifier SHOULD check that remove
     the event package specified in subscription.

     If the
     "Event" header is understood. NOTIFY request fails (as defined above) due to an error
     response, and the subscription was installed using a soft-state
     mechanism, the notifier MUST remove the corresponding
     subscription.

     If not, a NOTIFY request receives a 481 response, the notifier MUST
     remove the corresponding subscription even if such subscription
     was installed by non-SUBSCRIBE means (such as an administrative
     interface).

     NOTIFY requests SHOULD return contain an "Subscription-Expires" header
     which indicates the remaining duration of the subscription (such
     a "489 Bad Event" header is  useful in case the SUBSCRIBE request forks, since
     the response to indicate a forked subscribe -- which contains the "Expire"
     header that specifies the specified
     event/event class is agreed-upon expiration time --  may not understood.
     be received by the subscriber). The notifier SHOULD also perform any necessary authentication and
     authorization per its local policy. See section 5.1.7.3.

     If the notifier is able use this
     header to immediately determine that it
     understands adjust the event package, that time remaining on the authenticated subscriber
     is authorized subscription; however,
     this mechanism MUST not be used to subscribe, and that there are no other barriers lengthen a subscription, only
     to creating the subscriptions, it creates the shorten it. The notifier may inform a subscriber that a
     subscription and
     returns has been removed by sending a "200 OK" response. NOTIFY message with an
     "Subscription-Expires" value of "0."

     If the notifier cannot immediately create the duration of a subscription (e.g.
     it needs to wait for user input for authorization, has been shortened or is acting
     for another node which is not currently reachable), it will
     return a "202 Accepted" response. This
     terminated by the "Subscription-Expires" header as compared to
     the most recent 200-class SUBSCRIBE response indicates sent, that header
     SHOULD include a "reason" parameter indicating the request has been received and understood, but reason that no
     such action
     has yet taken place.

     The "Expires" was taken. Currently, four such values present in SUBSCRIBE 200-class responses
     behave in are defined:
     "migration" indicates that the same way node acting as they do in REGISTER responses: the
     server MAY shorten the interval, but MUST not increase it.

     200-class responses to SUBSCRIBE requests will not generally
     contain any useful information beyond subscription duration;
     their primary purpose notifier is to serve as a reliability mechanism.
     State
     transferring responsibility for maintaing such state information will be communicated via a subsequent NOTIFY
     request from
     to another node; this only makes sense when subscriptions are
     terminated, not when they are shortened. "Maint" indicates that
     the notifier.

     The other response codes defined in RFC 2543 may be used in
     response subscription is being truncated or terminated due to SUBSCRIBE requests, as appropriate.

5.1.7.2. Confirmation of Subscription Creation/Refreshing

     Upon successful creation server
     maintainance, and "refused" indicates that the subscription has
     been removed or refreshing of shortened administratively (e.g. by a subscription,
     notifiers MUST change in
     ACL policy). Finally, if the notifier elects to send a NOTIFY message as soon as practical to
     communicate the current resource state to the subscriber. If
     upon timeout of the
     resource has subscription, they SHOULD include a
     "Subscription-Expires" header with a value of "0" and a reason
     parameter of "timeout."

4.3.4. Proxy NOTIFY Behavior

     Proxies need no meaningful state at the time additional behavior beyond that described in RFC
     2543 [1] to support NOTIFY. If a proxy wishes to see all of the
     SUBSCRIBE
     message is processed, this and NOTIFY message MAY contain an empty
     body. See section 5.2.3. requests for further details on NOTIFY message
     generation.

     If the response to the a given dialog, it MUST
     record-route all SUBSCRIBE message was 202, this initial and NOTIFY will serve as indication requests.

4.3.5. Subscriber NOTIFY Behavior

     Upon receiving a NOTIFY request, the subscriber should check that
     it matches at least one of its outstanding subscriptions; if not,
     it MUST return a "481 Subscription does not exist" response
     unless another 400- or 500-class response is more appropriate.

     If, for some reason, the subscription has finally
     been processed. In event package designated in the case that "Event"
     header of the subscription has NOTIFY request is not been
     created (e.g. supported, the subscriber
     will respond with a "489 Bad Event" response.

     To prevent spoofing of events, NOTIFY requests MAY be
     authenticated, using any defined SIP authentication mechanism.

     NOTIFY requests SHOULD contain "Subscription-Expires" headers
     which indicate the notifier was waiting for authorization and such
     authorization failed), time remaining on the notifier subscription. If this
     header is present, the subscriber SHOULD indicate to take it as the
     authoritative duration and adjust accordingly. If an expires
     value of "0" is present, the subscriber that should consider the
     subscription does has not been created by
     setting terminated.

     When the "Expires" header to "0" in this initial NOTIFY
     response.

5.1.7.3. Authentication/Authorization of SUBSCRIBE requests

     Privacy concerns may require that notifiers either use access
     lists subscription is terminated or ask shortened using the notifier owner, on a per-subscription basis,
     whether
     "Subscription-Expires" mechanism, there SHOULD be a particular remote node reason
     parameter present. If it is authorized to subscribe present and the subscriber is still
     interested in receiving updates to a
     certain the state information, the
     subscriber SHOULD attempt re-subscribe upon expiration if it is
     set of events. In general, authorization of users prior to authentication "migration," "timeout," is not particularly useful.

     SIP authentication mechanisms are discussed in RFC2543 [1] . Note
     that, even if the notifier node typically acts as present, or is set to an
     unknown value. Such a proxy,
     authentication for SUBSCRIBE requests resubscription will always be performed
     via a "401" response, completely
     independant of the original subscription, and will not share a "407;" notifiers always act
     dialog with it; it will be generated as a user
     agents when accepting subscriptions and sending notifications. described in section
     4.2.5.1.

     If authorization fails based the "reason" parameter on an access list a "Subscription-Expires" header  is
     set to either "maint" or some other
     automated mechanism (i.e. it can be automatically authoritatively
     determined that "refused," the subscriber SHOULD NOT
     attempt re-subscription.

     Once the notification is not authorized deemed acceptable to subscribe), the notifier subscriber, the
     subscriber SHOULD reply to return a 200 response. In general, it is not
     expected that NOTIFY responses will contain bodies; however, they
     MAY, if the NOTIFY request with a "403 Forbidden"
     or "603 Decline" response, contained an "Accept" header.

     Other responses defined in RFC 2543 [1] may also be returned, as
     appropriate. Depending on

4.4. Polling Resource State

     A natural consequence of the
     situation, such a response may have security implications; see
     section 6.

     If behavior described in the notifier owner preceding
     sections is interactively queried to determine
     whether that an immediate fetch without a persistent
     subscription is allowed, a "202 Accept" response is
     returned immediately, and the subsequent NOTIFY request is
     suppressed until the notifier owner responds.

5.1.7.4. Refreshing may be effected by sending an appropriate SUBSCRIBE
     with an "Expires" of Subscriptions

     When a notifier receives 0.

     Of course, an immediate fetch while a subscription refresh, assuming that
     the subscriber is still authorized, active may
     be effected by sending an appropriate SUBSCRIBE with an "Expires"
     greater than 0.

     Upon receipt of this SUBSCRIBE request, the notifier updates (or
     notifiers, if the
     expiration time for SUBSCRIBE request was forked) will send a
     NOTIFY request containing resource state to the "Contact:" address present in the
     SUBSCRIBE. As with the initial subscription, the server MAY lower
     the amount of time until expiration, but MUST NOT increase it.
     The final expiration time is placed in the Expires
     SUBSCRIBE "Contact" field. Note that normal Route and
     Record-Route handle still applies; see section 4.1.1.

4.5. Allow-Events header in the
     response.

     If no refresh for usage

     The "Allow-Events" header, if present, includes a notification address is received before its
     expiration time, that address is removed from the list of
     addresses. When removing a contact, tokens
     which indicates the notifier MAY send event packages supported by the client (if
     sent in a request) or server (if sent in a response). In other
     words, a node sending an "Allow-Events" header is advertising
     that it can process SUBSCRIBE requests and generate NOTIFY message to
     requests for all of the event packages listed in that contact with header.

     Any node implementing one or more event packages SHOULD include
     an "Expires" value appropriate "Allow-Events" header indicating all supported
     events in INVITE requests and responses, OPTIONS responses, and
     REGISTER requests. "Allow-Events" headers MAY be included in any
     other type of "0" request or response.

     This information is very useful, for example, in allowing user
     agents to
     inform it that render particular interface elements appropriately
     according to whether the subscription is being removed. If all
     notification addresses events required to implement the
     features they represent are removed, supported by the entire subscription is
     deleted.

5.2. Description of NOTIFY Behavior appropriate nodes.

     Note that "Allow-Events" headers MUST NOT be inserted by proxies.

5. Event Packages

     This section covers several issues which should be taken into
     consideration when event packages based on SUBSCRIBE and NOTIFY messages
     are sent to inform subscribers proposed.

5.1. Appropriateness of changes in
     state to which the subscriber has a subscription. Subscriptions
     are typically put in place Usage

     When designing an event package using the SUBSCRIBE method; however, methods described in
     this draft for event notification, it is possible that other means have been used.

     If any non-SUBSCRIBE mechanisms are defined important to create
     subscriptions, it consider:
     is SIP an appropriate mechanism for the problem set? Is SIP being
     selected because of some unique feature provided by the protocol
     (e.g. user mobility), or merely because "it can be done?" If you
     find yourself defining event packages for notifications related
     to, for example, network management or the responsibility temperature inside
     your car's engine, you may want to reconsider your selection of
     protocols.

     Those interested in extending the parties defining
     those mechanisms mechanism defined in this
     document are urged to ensure that correlation read "Guidelines for Authors of a NOTIFY message SIP
     Extensions" [2] for further guidance regarding appropriate uses
     of SIP.

     Further, it is expected that this mechanism is not to be used in
     applications where the corresponding subscription is possible. Designers frequency of such
     mechanisms are also warned reportable events is
     excessively rapid (e.g. more than about once per second). A SIP
     network is generally going to make be provisioned for a distinction between reasonable
     signalling volume; sending a NOTIFY message to notification every time a subscriber who is aware user's GPS
     position changes by one hundreth of the
     subscription, and sending a NOTIFY message second could easily
     overload such a network.

5.2. Sub-packages

     Normal event packages define a set of state applied to an unsuspecting
     node. The latter behavior is invalid, and MUST receive a "481
     Subscription does not exist" response (unless some other 400- or
     500-class error code is more applicable), specific
     type of resource, such as described in section
     5.2.5. In other words, subscriptions must exist in both the
     subscriber user presence, call state, and the notifier to be valid, even if installed via a
     non-SUBSCRIBE mechanism.

     A NOTIFY does not cancel its corresponding subscription; in other
     words,
     messaging mailbox state.

     Sub-packages are a single SUBSCRIBE request may trigger several NOTIFY
     requests.

5.2.1. Correlation

     NOTIFY requests MUST contain the same Call-ID, local URI, and
     remote URI as the SUBSCRIBE request which ordered them. This is
     the same set special type of criteria that package which define a call leg.

     The From field set of a NOTIFY request MUST contain a tag; this
     allows for the subscriber to differentiate between events from
     different notifiers.

     Successful SUBSCRIBE requests will receive only one 200-class
     response; however, due
     state applied to forking, the subscription may have been
     accepted by multiple nodes. The other packages, such as statistics, access
     policy, and subscriber MUST therefore lists. Sub-packages may even be
     prepared applied to receive NOTIFY requests with "From:" tags which
     differ from the "To:" tag received in
     other sub-packages.

     To extend the SUBSCRIBE 200-class
     response.

     Handling object-oriented analogy made earlier, sub-packages
     can be thought of the situation in as templatized C++ packages which multiple distinct NOTIFY
     requests are received for must be
     applied to other packages to be useful.

     The name of a SUBSCRIBE sub-package as applied to a package is still an open issue; see
     section 8.2.

     As expected, CSeq spaces are unique for each node; in other
     words, formed by
     appending a period followed by the notifier uses sub-package name to the end of
     the package. For example, if a different CSeq space than subpackage called "watcherinfo"
     were being applied to a package called "presence," the
     subscriber event
     token used in "Event" and "Allow-Events" would be
     "presence.watcherinfo".

     Sub-packages must be defined so that they can be applied to any
     arbitrary package. In other notifiers.

5.2.2. Identification of reported events, event classes, and current
state

     Identification of events being reported words, sub-packages cannot be
     specifically tied to one or a few "parent" packages in such a notification is very
     similar to way
     that described for subscription they will not work with other packages.

5.3. Amount of State to be Conveyed

     When designing event packages, it is important to events (see section
     5.1.3. ).

     The Request URI consider the
     type of a NOTIFY request contains enough information which will be conveyed during a notification.

     A natural temptation is to route convey merely the request event (e.g. "a new
     voice message just arrived") without accompanying state (e.g. "7
     total voice messages"). This complicates implementation of
     subscribing entities (since they have to maintain complete state
     for the party entity to which they have subscribed), and also is subscribed
     particularly susceptible to receive
     notifications. It is derived from the "Contact" header present in
     the corresponding SUBSCRIBE request.

     If the same events for different resources are being subscribed
     to, implementors synchronization problems.

     There are expected to use different "Call Legs" (To,
     From, Call-ID) in order two possible solutions to be able this problem that event
     packages may choose to differentiate between
     notifications for them, unless the body for implement.

5.3.1. Complete State Information

     For packages which typically convey state information that is
     reasonably small (on the order of 1 kb or so), it is suggested
     that event contains
     enough packages are designed so as to send complete state
     information when an event occurs.

     In the circumstances that state may not be sufficient for this correlation.

     As in SUBSCRIBE requests, NOTIFY "Event" headers will contain a
     single opaque token which identifies the event or
     particular class of events
     for which a notification is being generated.

     If events, the event package to which packages should include
     complete state information along with the event token corresponds defines
     behavior associated with that occurred.
     For example, "no customer service representatives available" may
     not be as useful "no customer service representatives available;
     representative sip:46@cs.xyz.int just logged off".

5.3.2. State Deltas

     In the case that the state information to be conveyed is large,
     the body event package may choose to detail a scheme by which NOTIFY
     messages contain state deltas instead of its complete state.

     Such a scheme would work as follows: any NOTIFY requests, those
     semantics apply. This information is expected sent in immediate
     response to provide
     additional details about the nature a SUBSCRIBE contains full state information. NOTIFY
     messages sent because of a state change will contain only the event which
     state information that has
     occurred and changed; the resultant resource state.

     When present, subscriber will then
     merge this information into its current knowledge about the body state
     of the NOTIFY request resource.

     Any event package that supports delta changes to states MUST be formatted
     into use
     a payload which contains a version number that increases by
     exactly one of for each NOTIFY message. Note that the body formats specified state version
     number appears in the "Accept" header body of the corresponding SUBSCRIBE request. The formatting rules and
     behavior when no "Accept" header message, not in a SIP header.

     If a NOTIFY arrives that has a version number that is present are expected to be
     defined incremented
     by more than one, the document which describes subscriber knows that a state delta has
     been missed; it ignores the relevant event
     package.

5.2.3. Notifier NOTIFY Behavior

     When a SUBSCRIBE request is successfully processed or a relevant
     change in message containing the subscribed state occurs,
     delta (except for the notifier will
     construct version number, which it retains to detect
     message loss), and send re-sends a SUBSCRIBE to force a NOTIFY request
     containing a complete state snapshot.

5.4. Event Package Responsibilities

     Event packages are not required to the subscriber(s), as
     specified in the "Contact" field re-iterate any of the SUBSCRIBE request. Such a
     message should be sent behavior
     described in as timely a manner as is practical.

     If the notifier is able, through any means, this document, although they may choose to do so for
     clarity or emphasis. In general, though, such packages are
     expected to determine describe only the behavior that extends or modifies
     the
     subscriber behavior described in this document.

     Note that any behavior designated with "SHOULD" or "MUST" in this
     document is no longer available to receive notifications, it
     MAY elect to not send a notification. An example of a method allowed to be changed by
     which extension documents;
     however, such information documents may be known is the "SIP for Presence"
     event set (see [5] ).

     If the original subscription contained a "Record-Route" header,
     notifications are sent according elect to the rules outlined in RFC
     2543 [1] , as strengthen "SHOULD"
     requirements to "MUST" strength if required by their application.

     In addition to the SUBSCRIBE were an INVITE, normal sections expected by "Instructions to
     RFC Authors" [6] and the NOTIFY
     were any subsequent message (e.g. BYE).

     Notify requests "Guidelines for Authors of SIP Extensions"
     [2] , authors of event packages MUST contain a "Contact" header. This contact
     header is used by address each of the subscriber issues
     detailed in building "Route" headers for
     subsequent subscriptions (i.e. refreshes).

     A NOTIFY request is considered failed if the response times out,
     or a non-200 class response code is received which has no
     "Retry-After" header and no implied further action which can following subsections, whenever applicable.

5.4.1. Event Package Name

     This mandatory section of an event package defines the token name
     to be
     taken used to retry the request (e.g. "401 Authorization Required.")

     If the NOTIFY request fails (as defined above), designate the notifier event package. It MUST
     remove the contact from the appropriate subscription. If removal
     of the contact leaves no remaining contacts, include the entire
     subscription is removed.

     NOTIFY requests MAY contain an "Expires" header
     information which indicates appears in the remaining duration IANA registration of the subscription. The notifier MAY use
     this token.
     For information on registering such types, see section 7.

5.4.2. Event Package Parameters

     If parameters are to be used on the "Event" header to adjust modify the time remaining on
     behavior of the subscription;
     however, this mechanism MUST not event package, the syntax and semantics of such
     headers must be used to lengthen a
     subscription, only to shorten it. The notifier may inform a
     subscriber clearly defined.

5.4.3. SUBSCRIBE Bodies

     It is expected that a subscription has been removed by sending a
     NOTIFY most, but not all, event packages will define
     syntax and semantics for SUBSCRIBE method bodies; these bodies
     will typically modify, expand, filter, throttle, and/or set
     thresholds for the class of events being requested. Designers of
     event packages are strongly encouraged to re-use existing MIME
     types for message with bodies where practical.

     This mandatory section of an "Expires" value event package defines what type or
     types of "0."

5.2.4. Proxy NOTIFY Behavior

     Proxies need no additional behavior beyond that described event bodies are expected in RFC
     2543 [1] SUBSCRIBE requests (or
     specify that no event bodies are expected). It should point to support NOTIFY.

5.2.5. Subscriber NOTIFY Behavior

     Upon receiving
     detailed definitions of syntax and semantics for all referenced
     body types.

5.4.4. Subscription Duration

     It is recommended that event packages give a NOTIFY request, suggested range of
     times considered reasonable for the subscriber should check that
     it matches at least one duration of its outstanding subscriptions; if not,
     it a subscription.
     Such packages MUST return also define a default "Expires" value to be
     used if none is specified.

5.4.5. NOTIFY Bodies

     The NOTIFY body is used to report state on the resource being
     monitored. Each package must define a "481 Subscription does not exist" response
     unless another 400- what type or 500-class response is more appropriate.

     If, types of event
     bodies are expected in NOTIFY requests. Such packages must
     specify or cite detailed specifications for some reason, the syntax and
     semantics associated with such event package designated body.

     Event packages also need to define which MIME type is to be
     assumed if none are specified in the "Event" "Accept" header of the NOTIFY request is not supported, the subscriber
     will respond with a "489 Bad Event" response.

     To prevent spoofing
     SUBSCRIBE request.

5.4.6. Notifier processing of events, NOTIFY requests MAY be
     authenticated, using any defined SIP authentication mechanism.

     NOTIFY SUBSCRIBE requests may contain "Expires" headers which indicate the
     time remaining on the subscription. If this header is present,

     This section describes the subscriber SHOULD take it as processing to be performed by the authoritative duration and
     adjust accordingly. If an expires value
     notifier upon receipt of "0" a SUBSCRIBE request. Such a section is present, the
     subscriber should consider
     required.

     Information in this section includes details of how to
     authenticate subscribers and authorization issues for the subscription terminated. Note that
     package. Such authorization issues may include, for example,
     whether all SUBSCRIBE requests for this does not prevent package are answered with
     202 responses (see section 6.2. ).

5.4.7. Notifier generation of NOTIFY requests

     This section of an event package describes the subscriber from re-sending process by which
     the notifier generates and sends a SUBSCRIBE
     if he wishes NOTIFY request. This includes
     detailed information about what events cause a NOTIFY to be sent,
     how to re-initiate compute the subscription.

     Once state information in the notification is deemed acceptable NOTIFY, how to
     generate "neutral" or "fake" state information to hide
     authorization delays and decisions from users, and whether state
     information is complete or deltas for notifications (see section
     5.3. )

     It may optionally describe the subscriber, behavior used to processes the
     subscriber SHOULD return a 200
     subsequent response. In general, it Such a section is not
     expected that NOTIFY responses will contain bodies; however, they
     MAY, if the required.

5.4.8. Subscriber processing of NOTIFY request contained requests
     This section of an "Accept" header.

     Other responses defined in RFC 2543 [1] may also be returned, as
     appropriate.

     Event packages should describe appropriate handling for event package describes the
     situation in which process followed
     by the subscriber upon receipt of a NOTIFY request, including any
     logic required to form a coherent resource state (if applicable).

5.4.9. Handling of forked requests

     Each event package should specify whether forked SUBSCRIBE
     requests are received from allowed to install multiple
     notifiers. In general, subscriptions. If such handling will involve
     behavior is not allowed, any NOTIFY messages not matching the
     200-class response to the initial SUBSCRIBE message are responded
     to with a simple 481.

     In the case that multiple subscriptions are allowed, the event
     package must specify whether merging of the received notifications into to form
     a single, overall
     state.

5.3. Polling Resource State

     A natural consequence of the behavior described in the preceding
     sections single state is required, and how such merging is to be
     performed. Note that an immediate fetch without a persistent
     subscription it is possible that some event packages may
     be effected by sending an appropriate SUBSCRIBE
     with an "Expires" of 0.

     Of course, an immediate fetch while defined in such a way that each dialog is tied to a subscription mutually
     exclusive state which is active may
     be effected unaffected by sending an appropriate SUBSCRIBE with an "Expires"
     greater than 0.

     Upon receipt of this SUBSCRIBE request, the notifier (or
     notifiers, other dialogs; this
     must be clearly stated if it is the SUBSCRIBE request was forked) will send a
     NOTIFY request containing resource state case.

5.4.10. Rate of notifications

     Each event package is expected to the address in the
     SUBSCRIBE "Contact" field.

5.4. Allow-Events header usage

     The "Allow-Events" header, if present, includes define a list of tokens requirement
     (RECOMMENDED, SHOULD or MUST strength) which indicates defines an absolute
     maximum on the event packages supported rate at which notifications are allowed to be
     generated by the client (if
     sent in a request) or server (if sent in a response). In other
     words, single notifier.

     Such packages may further define a node sending an "Allow-Events" header is advertising
     that it can process SUBSCRIBE requests and generate NOTIFY
     requests for all of throttle mechanism which
     allows subscribers to further limit the rate of notification.

5.4.11. State Agents

     Designers of event packages listed in that header.

     Any node implementing one should consider whether their package
     can benefit from network aggregation points ("State Agents")
     and/or nodes which act on behalf of other nodes. (For example,
     nodes which provide state information about a resource when such
     a resource is unable or more event packages SHOULD include unwilling to provide such state
     information itself). An example of such an appropriate "Allow-Events" header indicating all supported
     events in INVITE requests and responses, OPTIONS responses, application is a node
     which tracks the presence and
     REGISTER requests. "Allow-Events" headers MAY be included in any
     other type availability of request or response.

     This information is very useful, for example, in allowing a user in the
     network.

     If state agents are to render particular interface elements appropriately
     according to whether be used by the events required to implement package, the
     features package must
     specify how such state agents aggregate information and how they represent
     provide authentication and authorization.

5.4.12. Examples

     Event packages should include several demonstrative message flow
     diagrams paired with several typical, syntactically correct and
     complete messages.

     It is recommended that documents describing event packages
     clearly indicate that such examples are supported by informative and not
     normative, with instructions that implementors refer to the appropriate nodes. main
     text of the draft for exact protocol details.

6. Security Considerations

6.1. Access Control

     The ability to accept subscriptions should be under the direct
     control of the user, since many types of events may be considered
     sensitive for the purposes of privacy. Similarly, the notifier
     should have the ability to selectively reject subscriptions based
     on the calling party (based on access control lists), and/or using
     standard SIP authentication mechanisms. The methods for creation
     and distribution of such access control lists is outside the
     scope of this draft.

6.2. Release of Sensitive Policy Information

     The mere act of returning a "403 Forbidden" 200 or "603 Decline"
     response code certain 4xx and 6xx responses
     to a SUBSCRIBE request requests may, under certain very rare circumstances, create
     privacy concerns. Similarly, a delay in the
     initial notification may create the same concerns. concerns by revealing sensitive policy information. In
     these cases, the notifier may elect to should always return an immediate 200 or 202
     response and send a  202 response.
     While the subsequent NOTIFY message with (possibly erroneous)
     state. Note that this behavior may not convey true state, it
     MUST appear to contain a potentially correct piece of data from
     the point of view of the subscriber, indistinguishable from a
     valid response. Information about whether a user is authorized to
     subscribe to the requested state is never conveyed back to the
     original user under these circumstances.

6.3. Denial-of-Service attacks

     The current model (one SUBSCRIBE request triggers a rare exception, SUBSCRIBE
     response and should
     not one or more NOTIFY requests) is a classic setup for
     an amplifier node to be exhibited without justification. used in a smurf attack.

     Also, the creation of state upon receipt of a SUBSCRIBE request
     can be used by attackers to consume resources on a victim's
     machine, rendering it unusable.

     To reduce the chances of such an attack, implementations of
     notifiers SHOULD require authentication. Authentication issues
     are discussed in RFC2543 [1] .

7. IANA Considerations

     (This section is not applicable until this document is published
     as an RFC.)

     This document defines an event-type namespace which requires a
     central coordinating body. The body chosen for this coordination
     is the Internet Assigned Numbers Authority (IANA).

     There are two different types of event-types: normal event
     packages, and event sub-packages; see section 3.3. 5.2. To avoid
     confusion, subpackage names and package names share the same
     namespace; in other words, a sub-package MUST NOT share a name
     with a package.

     Following the policies outlined in "Guidelines for Writing an
     IANA Considerations Section in RFCs" [8] [7] , normal event package
     identification tokens are allocated as First Come First Served,
     and event sub-package identification tokens are allocated on a
     IETF Consensus basis. Package names beginning with "x-" are
     experimental, and are reserved for Private Use. such names MUST
     be formed according to the rules outlined in section 4.2.1.

     Note that the naming scheme allows a certain level of
     Hierarchical Allocation for experimental types. Organizations may
     choose to centrally coordinate allocation of names within the
     scope of the experimental namespace designated by their internet
     domain name. Assignment of such authority is not in the scope of
     this document, and will not be provided by the IANA.

     Registrations with the IANA MUST include the token being
     registered and whether the token is a package or a subpackage.
     Further, packages MUST include contact information for the party
     responsible for the registration and/or a published document
     which describes the event package. Sub-package token
     registrations MUST include a pointer to the published RFC which
     defines the sub-package.

     Registered tokens to designate packages and sub-packages MUST NOT
     contain the character ".", which is used to separate sub-packages
     from packages.

7.1. Registration Template

     As this document specifies no package or sub-package names, the
     initial IANA registration for event types will be empty. The
     remainder of the text in this section gives an example of the
     type of information to be maintained by the IANA; it also
     demonstrates all five possible permutations of package type,
     contact, and reference.

     The table below lists the event packages and sub-packages defined
     in "SIP-Specific Event Notification" [RFC xxxx]. Each name is
     designated as a package or a subpackage under "Type."
     Package Name      Type         Contact      Reference
     ------------      ----         -------      ---------
     example1          package      [Roach]
     example2          package      [Roach]      [RFC xxxx]
     example3          package                   [RFC xxxx]
     example4          sub-package  [Roach]      [RFC xxxx]
     example5          sub-package               [RFC xxxx]

     PEOPLE
     ------
     [Roach] Adam Roach <adam.roach@ericsson.com>

     REFERENCES
     ----------
     [RFC xxxx] A. Roach "SIP-Specific Event Notification", RFC XXXX,
                August 2002.

8. Open Issues

8.1. Denial-of-Service attacks

     The current model (one SUBSCRIBE request triggers a SUBSCRIBE
     response and one or more NOTIFY requests) is a classic setup for
     an amplifier node to be used in a smurf attack.

     Also, the creation of state upon receipt of a SUBSCRIBE request
     can be used by attackers to consume resources on a victim's
     machine, rendering it unusable.

     These problems can be mitigated by requiring that all SUBSCRIBE
     requests be authenticated (and that unauthenticated SUBSCRIBE
     requests maintain zero state), but this doesn't actually solve
     the problem, as much as it makes it somewhat less likely to be
     exploited.

     Suggestions for improvements in this area are solicited, and
     should be taken on the mailing list (see section 12. ).

8.2. SUBSCRIBE Forking

     Forking poses an interesting problem for SUBSCRIBE requests.

     At first glance, everything would seem to work okay; a forked
     SUBSCRIBE which successfully reaches more than one notifier will
     install a subscription in all of the notifier nodes. Generally,
     several 200 class responses will be received by the forking
     proxy, and the first one will be returned

     In addition to the subscriber.

     Upon receipt of the 200 response, the subscriber could correctly
     deduce that three issues listed below, the subscription has been successfully created BNF in at
     least one node. Once the NOTIFY responses begin arriving, it is
     trivial this
     document needs to differentiate between the notifiers using be converted to explicit LWS to match the "To" tag
     values. If
     latest bis draft; this change will be reflected in the subscriber next
     version.

8.1. CANCEL Handling

     This is happy having multiple outstanding
     subscriptions, he can accept each actually a protocol-wide open issue which has impacts on
     this specification: there hasn't been a clear consensus about
     cancellation of them, and refresh them
     independently. non-INVITE requests yet. If multiple subscriptions don't make sense for non-INVITE requests
     cannot be cancelled, we need to remove section 4.1.3.

8.2. Version of SIP to reference

     Much of the
     event package, or introduce a level handling in this document is rather different than
     what is described in RFC2543; in fact, many of complexity that the
     subscriber implementor doesn't want recent changes
     to worry about, all
     subscriptions with correlation information (i.e. "To" tags)
     differing from those received this document have been tracking changes in the 200-class response may be
     rejected with a 481 response (which will remove the subscription
     from "bis" versions
     of the notifiers).

     On closer examination, there appears SIP specification. We can continue to be a minor problem with
     proxies inserting "Record-Route" headers: specifically, reference RFC2543
     while pulling in huge chunks of the
     200-class response to bis draft for compatibility
     (for example, the SUBSCRIBE Route handling would essentially be copied
     word-for-word from the bis draft), or we can only carry one route; start referencing
     the
     routes to bis drafts.

     Of course, referencing the other notifiers appears bis drafts allows us to be effectively lost.
     This problem is rather trivial pick up
     changes to overcome; in particular, protocol semantics "for free," while importing chunks
     of it requires constant maintanance and runs the
     newest versions risk of SIP have getting
     out of sync.

     On the other hand, placing a "SHOULD" strength requirement that
     proxies wishing to stay in dependency on the path include "Record-Route"
     headers in all requests. This means that bis draft pushes
     the incoming NOTIFYs
     themselves will contain this routing information timeframe for proxies this draft (and the drafts that depend on it)
     out past the time that
     comply with the newer next SIP specification.

     Since the draft you are currently reading technically references RFC 2543 (which is published.

8.3. Immediate NOTIFYs

     There has been discussion, but no such provision), we can describe this
     behavior in here. Proxies which consensus, on the issue of
     whether each SUBSCRIBE must have no notion an immediate NOTIFY message sent
     in response. In attempts to follow the prevailing sentiment, this
     draft had become internally inconsistent.

     This version of what
     "SUBSCRIBE" and "NOTIFY" mean don't know that "SUBSCRIBE" this document has eliminated these
     inconsistancies by requiring notifiers always to send a
     long-running leg associated with it. Record-Routing NOTIFY
     immediately upon receiving a "SUBSCRIBE"
     without knowing what it means should cause no problems, but those
     proxies certainly won't know to expect "NOTIFY" messages. On the
     other hand, proxies wishing to track subscriptions SUBSCRIBE. This decision does not
     necessarily represent group consensus, and
     notifications are doubtless aware further discussion may
     be warranted.

9. Changes

9.1. Changes from draft-ietf-...-00

     - Fixed confusing typo in section describing correlation
       of this draft; if we SUBSCRIBE requests

     - Added explanitory text to clarify tag handling when
       generating re-subscriptions

     - Expanded general handling section to include specific
       discussion of Route/Record-Route handling.

     - Included use of "methods" parameter on Contact as
       a
     provision that proxies interested in tracking these types means for detecting support for SUBSCRIBE and NOTIFY.

     - Added definition of legs
     MUST include Record-Route headers in all term "dialog"; changed "leg" to
       "dialog" everwhere.

     - Added syntax for "Subscription-Expires" header.

     - Changed NOTIFY requests, it
     solves our routing problem -- messages to refer to "Subscription-Expires"
       everywhere (instead of "Expires.")
     - Added information about generation and it's completely compatible with
     the remainder handling of SIP, since we're just strengthening a
     requirement already presented in the newer SIP specification.

     So, there's a rather airtight technical solution
       481 responses to the problem;
     currently, no one seems SUBSCRIBE requests

     - Changed having Expires header in SUBSCRIBE from
       MUST to be disputing that fact. However, there
     are some theory-of-knowledge type philosophical arguments that
     claim that installing multiple subscriptions SHOULD; this aligns more closely with one
     subscription request is a fundamentally flawed concept.

     The arguments, if I understand them correctly, roughly state
       REGISTER behavior

     - Removed experimental/private event package names,
       per list consensus

     - Cleaned up some legacy text left over from very early
       drafts that
     a allowed multiple contacts per subscription is to a particular single state, and that only one
     node in the network can possibly be considered

     - Strengthened language requiring the authoritative
     source removal of that state. I would counterargue that for certain event
     packages -- like user presence -- this is absolutely correct.
     Those packages should mandate that all but one subscriptions
       if a NOTIFY is rejected request fails with a 481. In circumstances where the node reached Clarified that such
       removal is the
     authoritative source required for one instance all subscriptions, including
       administrative ones.

     - Removed description of a set delaying NOTIFY requests until
       authorization is granted. Such behavior was inconsistent
       with other parts of state (such as
     terminal state), it makes a lot this document.

     - Moved description of sense event packages to have the ability later in document,
       to
     install a subscription into every end-node reached.

     Of course, the forgoing discussion reflects the author's
     viewpoint; others would certainly cast reduce the situation in different
     light. In any case, without a group consensus on this topic, it
     is considered an number of forward references.

     - Minor editorial and nits changes

     - Added new open issue.

9. Changes

9.1. issues to open issues section. All
       previous open issues have been resolved.

9.2. Changes from draft-roach-...-03

     - Added DOS attacks section to open issues.

     - Added discussion of forking to open issues

     - Changed response to PINT request for notifiers who don't
       support PINT from 400 to 489.

     - Added sentence to security section to call attention to
       potential privacy issues of delayed NOTIFY responses.

     - Added clarification: access control list handling is out
       of scope.

     - (Hopefully) Final resolution on out-of-band subscriptions:
       mentioned in section
     5.2.
     4.3.
     Removed from open issues.

     - Made "Contact" header optional for SUBSCRIBE 1xx responses.

     - Added description clarifying tag handling (section
     5.1.1.
     4.2.1.
     )

     - Removed event throttling from open issues.

     - Editorial cleanup to remove term "extension draft" and
       similar; "event package" is now (hopefully) used consistently
       throughout the document.

     - Remove discussion of event agents from open issues.
       This is covered in the event packages section now.

     - Added discussion of forking to open issues.

     - Added discussion of sub-packages

     - Added clarification that, upon receiving a "NOTIFY"
       with an expires of "0", the subscriber can re-subscribe.
       This allows trivial migration of subscriptions between
       nodes.

     - Added preliminary IANA Considerations section
     - Changed syntax for experimental event tokens to avoid
       possibly ambiguity between experimental tokens and
       sub-packages.

     - Slight adjustment to "Event" syntax to accommodate sub-packages.

     - Added section describing the information which is to be
       included in documents describing event packages.

     - Made 481 responses mandatory for unexpected notifications
       (allowing notifiers to remove subscriptions in error cases)

     - Several minor non-semantic editorial changes.

9.2.

9.3. Changes from draft-roach-...-02

     - Clarification under "Notifier SUBSCRIBE behavior" which
       indicates that the first NOTIFY message (sent immediately
       in response to a SUBSCRIBE) may contain an empty body, if
       resource state doesn't make sense at that point in time.

     - Text on message flow in overview section corrected

     - Removed suggestion that clients attempt to unsubscribe
       whenever they receive a NOTIFY for an unknown event.
       Such behavior opens up DOS attacks, and will lead to
       message loops unless additional precautions are taken.
       The 481 response to the NOTIFY should serve the same
       purpose.

     - Changed processing of non-200 responses to NOTIFY from
       "SHOULD remove contact" to "MUST remove contact" to support
       the above change.

     - Re-added discussion of out-of-band subscription mechanisms
       (including open issue of resource identification).

     - Added text specifying that SUBSCRIBE transactions are not
       to be prolonged. This is based on the consensus that non-INVITE
       transactions should never be prolonged; such consensus within
       the SIP working group was reached at the 49th IETF.

     - Added "202 Accepted" response code to support the above
       change. The behavior of this 202 response code is a
       generalization of that described in the presence draft.

     - Updated to specify that the response to an unauthorized
       SUBSCRIBE request is 603 or 403.

     - Level-4 subheadings added to particularly long sections to
       break them up into logical units. This helps make the
       behavior description seem somewhat less rambling. This also
       caused some re-ordering of these paragraphs (hopefully in a
       way that makes them more readable).

     - Some final mopping up of old text describing "call related"
       and "third party" subscriptions (deprecated concepts).

     - Duplicate explanation of subscription duration removed from
       subscriber SUBSCRIBE behavior section.

     - Other text generally applicable to SUBSCRIBE (instead of just
       subscriber handling of SUBSCRIBE) moved to parent section.

     - Updated header table to reflect mandatory usage of "Expires"
       header in SUBSCRIBE requests and responses

     - Removed "Event" header usage in responses

     - Added sentence suggesting that notifiers may notify
       subscribers when a subscription has timed out.

     - Clarified that a failed attempt to refresh a subscription
       does not imply that the original subscription has been
       cancelled.

     - Clarified that 489 is a valid response to "NOTIFY" requests.

     - Minor editorial changes to clean up awkward and/or unclear
       grammar in several places

9.3.

9.4. Changes from draft-roach-...-01

     - Multiple contacts per SUBSCRIBE message disallowed.

     - Contact header now required in NOTIFY messages.

     - Distinction between third party/call member events removed.

     - Distinction between call-related/resource-related events removed.

     - Clarified that subscribers must expect NOTIFY messages before
       the SUBSCRIBE transaction completes

     - Added immediate NOTIFY message after successful SUBSCRIBE;
       this solves a myriad of issues, most having to do with forking.

     - Added discussion of "undefined state" (before a NOTIFY arrives).

     - Added mechanism for notifiers to shorten/cancel outstanding
       subscriptions.

     - Removed open issue about appropriateness of new "489" response.

     - Removed all discussion of out-of-band subscriptions.

     - Added brief discussion of event state polling.

10. References

     [1] M. Handley/H. Schulzrinne/E. Schooler/J. Rosenberg, "SIP:
         Session Initiation Protocol", RFC 2543, IETF; March 1999.

     [2] Adam Roach, "Automatic Call Back Service in SIP", Internet
         Draft <draft-roach-sip-acb-00.txt>, IETF; March 2000. Work in
         progress.

     [3] J. Rosenberg, H. Schulzrinne, "Guidelines for Authors of SIP
         Extensions", <draft-ietf-sip-guidelines-01.txt>, <draft-ietf-sip-guidelines-02.txt>, IETF; July
         2000. March
         2001. Work in progress.

     [4]

     [3] S. Petrack, L. Conroy, "The PINT Service Protocol", RFC 2848,
         IETF; June 2000.

     [5]

     [4] J. Rosenberg et. al., "SIP Extensions for Presence",
         <draft-rosenberg-impp-presence-00.txt>,
         <draft-ietf-simple-presence-03.txt>, IETF; June 2000. September 2001.
         Work in progress.

     [6]

     [5] R. Fielding et. al., "Hypertext Transfer Protocol --
         HTTP/1.1", RFC2068, IETF, January 1997.

     [7]

     [6] J. Postel, J. Reynolds, "Instructions to RFC Authors",
         RFC2223, IETF, October 1997.

     [8]

     [7] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA
         Considerations Section in RFCs", BCP 26, IETF, October 1998.

     [8] Schulzrinne/Rosenberg, "SIP Caller Preferences and Callee
         Capabilities", <draft-ietf-sip-callerprefs-04.txt>, IETF;
         June 2001. Work in progress.

11. Acknowledgements

     Thanks to the participants in the Events BOF at the 48th IETF
     meeting in Pittsburgh, as well as those who gave ideas and
     suggestions on the SIP Events mailing list. In particular, I wish
     to thank Henning Schulzrinne of Columbia University for coming up
     with the final three-tiered event identification scheme, Sean
     Olson of Ericsson for miscellaneous guidance, Jonathan Rosenberg
     for a thorough scrubbing of the -00 draft, and the authors of the
     "SIP Extensions for Presence" draft for their input to SUBSCRIBE
     and NOTIFY request semantics.

12. Feedback and Discussion

     Comments regarding this draft are welcomed at the author's
     address listed below.

     General-purpose discussion of asynchronous event topics,
     including this draft, should be taken on the sip-events mailing
     list (and NOT the general-purpose SIP mailing list). To
     subscribe, send mail to "sip-events@standards.ericsson.net" with
     the word "SUBSCRIBE" in the body.

13. Author's Address

     Adam Roach
     Ericsson Inc.
     Mailstop L-04
     851 International Pkwy.
     740 E. Campbell Rd.
     Richardson, TX 75081
     USA
     Phone: +1 972 583 7594
     Fax: +1 972 669 0154
     E-Mail: adam.roach@ericsson.com