draft-ietf-sip-events-05.txt   rfc3265.txt 
Internet Engineering Task Force Adam Roach
Internet Draft dynamicsoft
Category: Standards Track February 2002
Expires August 2002
<draft-ietf-sip-events-05.txt>
SIP-Specific Event Notification
Status of this Memo
This document is an Internet-Draft and is in full conformance Network Working Group A. B. Roach
with all provisions of Section 10 of RFC2026. Request for Comments: 3265 dynamicsoft
Updates: 2543 June 2002
Category: Standards Track
Internet-Drafts are working documents of the Internet Engineering Session Initiation Protocol (SIP)-Specific Event Notification
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Status of this Memo
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or cite them other than as "work in
progress".
The list of current Internet-Drafts can be accessed at This document specifies an Internet standards track protocol for the
http://www.ietf.org/ietf/lid-abstracts.txt Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
The list of Internet-Draft Shadow Directories can be accessed at Copyright Notice
http://www.ietf.org/shadow.html
This document is an individual submission to the IETF. Comments Copyright (C) The Internet Society (2002). All Rights Reserved.
should be directed to the authors.
Abstract Abstract
This document describes an extension to the Session Initiation This document describes an extension to the Session Initiation
Protocol (SIP). The purpose of this extension is to provide an Protocol (SIP). The purpose of this extension is to provide an
extensible framework by which SIP nodes can request notification extensible framework by which SIP nodes can request notification from
from remote nodes indicating that certain events have occurred. remote nodes indicating that certain events have occurred.
Concrete uses of the mechanism described in this document may be Concrete uses of the mechanism described in this document may be
standardized in the future. standardized in the future.
Note that the event notification mechanisms defined herein are Note that the event notification mechanisms defined herein are NOT
NOT intended to be a general-purpose infrastructure for all intended to be a general-purpose infrastructure for all classes of
classes of event subscription and notification. event subscription and notification.
1. Table of Contents Table of Contents
1. Table of Contents...................................... 1 1. Introduction........................................... 3
2. Introduction........................................... 3 1.1. Overview of Operation.................................. 4
2.1. Overview of Operation.................................. 4 1.2. Documentation Conventions.............................. 4
2.2. Documentation Conventions.............................. 4 2. Definitions............................................ 5
3. Definitions............................................ 5 3. Node Behavior.......................................... 6
4. Node Behavior.......................................... 5 3.1. Description of SUBSCRIBE Behavior...................... 6
4.1. Description of SUBSCRIBE Behavior...................... 5 3.1.1. Subscription Duration.................................. 6
4.1.1. Subscription Duration.................................. 6 3.1.2. Identification of Subscribed Events and Event Classes.. 6
4.1.2. Identification of Subscribed Events and Event Classes.. 6 3.1.3. Additional SUBSCRIBE Header Values..................... 7
4.1.3. Additional SUBSCRIBE Header Values..................... 7 3.1.4. Subscriber SUBSCRIBE Behavior.......................... 7
4.1.4. Subscriber SUBSCRIBE Behavior.......................... 7 3.1.5. Proxy SUBSCRIBE Behavior............................... 9
4.1.5. Proxy SUBSCRIBE Behavior............................... 9 3.1.6. Notifier SUBSCRIBE Behavior............................ 10
4.1.6. Notifier SUBSCRIBE Behavior............................ 9 3.2. Description of NOTIFY Behavior......................... 13
4.2. Description of NOTIFY Behavior......................... 12 3.2.1. Identification of Reported Events, Event Classes, and
4.2.1. Identification of Reported Events, Event Classes, and C 13 Current State.......................................... 13
4.2.2. Notifier NOTIFY Behavior............................... 13 3.2.2. Notifier NOTIFY Behavior............................... 14
4.2.3. Proxy NOTIFY Behavior.................................. 15 3.2.3. Proxy NOTIFY Behavior.................................. 15
4.2.4. Subscriber NOTIFY Behavior............................. 15 3.2.4. Subscriber NOTIFY Behavior............................. 16
4.3. General................................................ 17 3.3. General................................................ 18
4.3.1. Detecting support for SUBSCRIBE and NOTIFY............. 17 3.3.1. Detecting support for SUBSCRIBE and NOTIFY............. 18
4.3.2. CANCEL requests........................................ 18 3.3.2. CANCEL requests........................................ 18
4.3.3. Forking................................................ 18 3.3.3. Forking................................................ 18
4.3.4. Dialog creation and termination........................ 18 3.3.4. Dialog creation and termination........................ 18
4.3.5. State Agents and Notifier Migration.................... 19 3.3.5. State Agents and Notifier Migration.................... 19
4.3.6. Polling Resource State................................. 20 3.3.6. Polling Resource State................................. 20
4.3.7. Allow-Events header usage.............................. 20 3.3.7. Allow-Events header usage.............................. 21
4.3.8. PINT Compatibility..................................... 21 3.3.8. PINT Compatibility..................................... 21
5. Event Packages......................................... 21 4. Event Packages......................................... 21
5.1. Appropriateness of Usage............................... 21 4.1. Appropriateness of Usage............................... 21
5.2. Event Template-packages................................ 22 4.2. Event Template-packages................................ 22
5.3. Amount of State to be Conveyed......................... 22 4.3. Amount of State to be Conveyed......................... 22
5.3.1. Complete State Information............................. 22 4.3.1. Complete State Information............................. 23
5.3.2. State Deltas........................................... 23 4.3.2. State Deltas........................................... 23
5.4. Event Package Responsibilities......................... 23 4.4. Event Package Responsibilities......................... 24
5.4.1. Event Package Name..................................... 24 4.4.1. Event Package Name..................................... 24
5.4.2. Event Package Parameters............................... 24 4.4.2. Event Package Parameters............................... 24
5.4.3. SUBSCRIBE Bodies....................................... 24 4.4.3. SUBSCRIBE Bodies....................................... 24
5.4.4. Subscription Duration.................................. 24 4.4.4. Subscription Duration.................................. 25
5.4.5. NOTIFY Bodies.......................................... 24 4.4.5. NOTIFY Bodies.......................................... 25
5.4.6. Notifier processing of SUBSCRIBE requests.............. 25 4.4.6. Notifier processing of SUBSCRIBE requests.............. 25
5.4.7. Notifier generation of NOTIFY requests................. 25 4.4.7. Notifier generation of NOTIFY requests................. 25
5.4.8. Subscriber processing of NOTIFY requests............... 25 4.4.8. Subscriber processing of NOTIFY requests............... 26
5.4.9. Handling of forked requests............................ 25 4.4.9. Handling of forked requests............................ 26
5.4.10. Rate of notifications.................................. 26 4.4.10. Rate of notifications.................................. 26
5.4.11. State Agents........................................... 26 4.4.11. State Agents........................................... 27
5.4.12. Examples............................................... 26 4.4.12. Examples............................................... 27
5.4.13. Use of URIs to Retrieve State.......................... 27 4.4.13. Use of URIs to Retrieve State.......................... 27
6. Security Considerations................................ 27 5. Security Considerations................................ 28
6.1. Access Control......................................... 27 5.1. Access Control......................................... 28
6.2. Notifier Privacy Mechanism............................. 27 5.2. Notifier Privacy Mechanism............................. 28
6.3. Denial-of-Service attacks.............................. 27 5.3. Denial-of-Service attacks.............................. 28
6.4. Replay Attacks......................................... 28 5.4. Replay Attacks......................................... 29
6.5. Man-in-the middle attacks.............................. 28 5.5. Man-in-the middle attacks.............................. 29
6.6. Confidentiality........................................ 29 5.6. Confidentiality........................................ 29
7. IANA Considerations.................................... 29 6. IANA Considerations.................................... 30
7.1. Registration Information............................... 30 6.1. Registration Information............................... 30
7.2. Registration Template.................................. 30 6.2. Registration Template.................................. 31
7.3. Header Field Names..................................... 31 6.3. Header Field Names..................................... 31
7.4. Response Codes......................................... 31 6.4. Response Codes......................................... 32
8. Syntax................................................. 31 7. Syntax................................................. 32
8.1. New Methods............................................ 32 7.1. New Methods............................................ 32
8.1.1. SUBSCRIBE method....................................... 33 7.1.1. SUBSCRIBE method....................................... 34
8.1.2. NOTIFY method.......................................... 33 7.1.2. NOTIFY method.......................................... 34
8.2. New Headers............................................ 33 7.2. New Headers............................................ 34
8.2.1. "Event" header......................................... 34 7.2.1. "Event" header......................................... 34
8.2.2. "Allow-Events" Header.................................. 34 7.2.2. "Allow-Events" Header.................................. 35
8.2.3. "Subscription-State" Header............................ 34 7.2.3. "Subscription-State" Header............................ 35
8.3. New Response Codes..................................... 34 7.3. New Response Codes..................................... 35
8.3.1. "202 Accepted" Response Code........................... 35 7.3.1. "202 Accepted" Response Code........................... 35
8.3.2. "489 Bad Event" Response Code.......................... 35 7.3.2. "489 Bad Event" Response Code.......................... 35
8.4. Augmented BNF Definitions.............................. 35 7.4. Augmented BNF Definitions.............................. 35
9. References............................................. 36 8. Normative References................................... 36
10. Acknowledgements....................................... 37 9. Informative References................................. 37
11. Author's Address....................................... 37 10. Acknowledgements....................................... 37
12. Notice Regarding Intellectual Property Rights.......... 37 11. Notice Regarding Intellectual Property Rights.......... 37
13. Full Copyright Statement............................... 37 12. Author's Address....................................... 37
13. Full Copyright Statement............................... 38
2. Introduction 1. Introduction
The ability to request asynchronous notification of events proves The ability to request asynchronous notification of events proves
useful in many types of SIP services for which cooperation useful in many types of SIP services for which cooperation between
between end-nodes is required. Examples of such services include end-nodes is required. Examples of such services include automatic
automatic callback services (based on terminal state events), callback services (based on terminal state events), buddy lists
buddy lists (based on user presence events), message waiting (based on user presence events), message waiting indications (based
indications (based on mailbox state change events), and PSTN and on mailbox state change events), and PSTN and Internet
Internet Internetworking (PINT) [3] status (based on call state Internetworking (PINT) [2] status (based on call state events).
events).
The methods described in this document provide a framework by The methods described in this document provide a framework by which
which notification of these events can be ordered. notification of these events can be ordered.
The event notification mechanisms defined herein are NOT intended The event notification mechanisms defined herein are NOT intended to
to be a general-purpose infrastructure for all classes of event be a general-purpose infrastructure for all classes of event
subscription and notification. Meeting requirements for the subscription and notification. Meeting requirements for the general
general problem set of subscription and notification is far too problem set of subscription and notification is far too complex for a
complex for a single protocol. Our goal is to provide a single protocol. Our goal is to provide a SIP-specific framework for
SIP-specific framework for event notification which is not so event notification which is not so complex as to be unusable for
complex as to be unusable for simple features, but which is still simple features, but which is still flexible enough to provide
flexible enough to provide powerful services. Note, however, that powerful services. Note, however, that event packages based on this
event packages based on this framework may define arbitrarily framework may define arbitrarily elaborate rules which govern the
elaborate rules which govern the subscription and notification subscription and notification for the events or classes of events
for the events or classes of events they describe. they describe.
This draft does not describe an extension which may be used This document does not describe an extension which may be used
directly; it must be extended by other drafts (herein referred to directly; it must be extended by other documents (herein referred to
as "event packages".) In object-oriented design terminology, it as "event packages"). In object-oriented design terminology, it may
may be thought of as an abstract base class which must be derived be thought of as an abstract base class which must be derived into an
into an instantiatable class by further extensions. Guidelines instantiatable class by further extensions. Guidelines for creating
for creating these extensions are described in section 5. these extensions are described in section 4.
2.1. Overview of Operation 1.1. Overview of Operation
The general concept is that entities in the network can subscribe The general concept is that entities in the network can subscribe to
to resource or call state for various resources or calls in the resource or call state for various resources or calls in the network,
network, and those entities (or entities acting on their behalf) and those entities (or entities acting on their behalf) can send
can send notifications when those states change. notifications when those states change.
A typical flow of messages would be: A typical flow of messages would be:
Subscriber Notifier Subscriber Notifier
|-----SUBSCRIBE---->| Request state subscription |-----SUBSCRIBE---->| Request state subscription
|<-------200--------| Acknowledge subscription |<-------200--------| Acknowledge subscription
|<------NOTIFY----- | Return current state information |<------NOTIFY----- | Return current state information
|--------200------->| |--------200------->|
|<------NOTIFY----- | Return current state information |<------NOTIFY----- | Return current state information
|--------200------->| |--------200------->|
Subscriptions are expired and must be refreshed by subsequent Subscriptions are expired and must be refreshed by subsequent
SUBSCRIBE messages. SUBSCRIBE messages.
2.2. Documentation Conventions 1.2. Documentation Conventions
There are several paragraphs throughout the document which There are several paragraphs throughout this document which provide
provide motivational or clarifying text. Such passages are motivational or clarifying text. Such passages are non-normative,
non-normative, and are provided only to assist with reader and are provided only to assist with reader comprehension. These
comprehension. These passages are set off from the remainder of passages are set off from the remainder of the text by being indented
the text by being indented thus: thus:
This is an example of non-normative explanatory text. It does This is an example of non-normative explanatory text. It does not
not form part of the specification, and is used only for form part of the specification, and is used only for
clarification. clarification.
Numbers in square brackets (e.g. [1]) denote a reference to one Numbers in square brackets (e.g., [1]) denote a reference to one of
of the entries in the References section; see section 9. the entries in the reference sections; see sections 8 and 9.
The all-capital terms "MUST", "SHOULD", "MAY", "SHOULD NOT", and The all-capital terms "MUST", "SHOULD", "MAY", "SHOULD NOT", "MUST
"MUST NOT" are used as defined in RFC 2119 [7]. NOT", and "RECOMMENDED" are used as defined in RFC 2119 [5].
The use of quotation marks next to periods and commas follows the The use of quotation marks next to periods and commas follows the
convention used by the American Mathematical Society; although convention used by the American Mathematical Society; although
contrary to traditional American English convention, this usage contrary to traditional American English convention, this usage lends
lends clarity to certain passages. clarity to certain passages.
3. Definitions 2. Definitions
Event Package: An event package is an additional specification Event Package: An event package is an additional specification which
which defines a set of state information to be reported by a defines a set of state information to be reported by a notifier to
notifier to a subscriber. Event packages also define further a subscriber. Event packages also define further syntax and
syntax and semantics based on the framework defined by this semantics based on the framework defined by this document required
document required to convey such state information. to convey such state information.
Event Template-Package: An event template-package is a special Event Template-Package: An event template-package is a special kind
kind of event package which defines a set of state which may of event package which defines a set of states which may be
be applied to all possible event packages, including itself. applied to all possible event packages, including itself.
Notification: Notification is the act of a notifier sending a Notification: Notification is the act of a notifier sending a NOTIFY
NOTIFY message to a subscriber to inform the subscriber of message to a subscriber to inform the subscriber of the state of a
the state of a resource. resource.
Notifier: A notifier is a user agent which generates NOTIFY Notifier: A notifier is a user agent which generates NOTIFY requests
requests for the purpose of notifying subscribers of the for the purpose of notifying subscribers of the state of a
state of a resource. Notifiers typically also accept resource. Notifiers typically also accept SUBSCRIBE requests to
SUBSCRIBE requests to create subscriptions. create subscriptions.
State Agent: A state agent is a notifier which publishes state State Agent: A state agent is a notifier which publishes state
information on behalf of a resource; in order to do so, it information on behalf of a resource; in order to do so, it may
may need to gather such state information from multiple need to gather such state information from multiple sources.
sources. State agents always have complete state information State agents always have complete state information for the
for the resource for which they are creating notifications. resource for which they are creating notifications.
Subscriber: A subscriber is a user agent which receives NOTIFY Subscriber: A subscriber is a user agent which receives NOTIFY
requests from notifiers; these NOTIFY requests contain requests from notifiers; these NOTIFY requests contain information
information about the state of a resource in which the about the state of a resource in which the subscriber is
subscriber is interested. Subscribers typically also generate interested. Subscribers typically also generate SUBSCRIBE
SUBSCRIBE requests and send them to notifiers to create requests and send them to notifiers to create subscriptions.
subscriptions.
Subscription: A subscription is a set of application state Subscription: A subscription is a set of application state associated
associated with a dialog. This application state includes a with a dialog. This application state includes a pointer to the
pointer to the associated dialog, the event package name, and associated dialog, the event package name, and possibly an
possibly an identification token. Event packages will define identification token. Event packages will define additional
additional subscription state information. By definition, subscription state information. By definition, subscriptions
subscriptions exist in both a subscriber and a notifier. exist in both a subscriber and a notifier.
Subscription Migration: Subscription migration is the act of Subscription Migration: Subscription migration is the act of moving a
moving a subscription from one notifier to another notifier. subscription from one notifier to another notifier.
4. Node Behavior 3. Node Behavior
4.1. Description of SUBSCRIBE Behavior 3.1. Description of SUBSCRIBE Behavior
The SUBSCRIBE method is used to request current state and state The SUBSCRIBE method is used to request current state and state
updates from a remote node. updates from a remote node.
4.1.1. Subscription Duration 3.1.1. Subscription Duration
SUBSCRIBE requests SHOULD contain an "Expires" header (defined in SUBSCRIBE requests SHOULD contain an "Expires" header (defined in SIP
SIP [1]). This expires value indicates the duration of the [1]). This expires value indicates the duration of the subscription.
subscription. In order to keep subscriptions effective beyond the In order to keep subscriptions effective beyond the duration
duration communicated in the "Expires" header, subscribers need communicated in the "Expires" header, subscribers need to refresh
to refresh subscriptions on a periodic basis using a new subscriptions on a periodic basis using a new SUBSCRIBE message on
SUBSCRIBE message on the same dialog as defined in SIP [1]. the same dialog as defined in SIP [1].
If no "Expires" header is present in a SUBSCRIBE request, the If no "Expires" header is present in a SUBSCRIBE request, the implied
implied default is defined by the event package being used. default is defined by the event package being used.
200-class responses to SUBSCRIBE requests also MUST contain an 200-class responses to SUBSCRIBE requests also MUST contain an
"Expires" header. The period of time in the response MAY be "Expires" header. The period of time in the response MAY be shorter
shorter but MUST NOT be longer than specified in the request. The but MUST NOT be longer than specified in the request. The period of
period of time in the response is the one which defines the time in the response is the one which defines the duration of the
duration of the subscription. subscription.
An "expires" parameter on the "Contact" header has no semantics An "expires" parameter on the "Contact" header has no semantics for
for SUBSCRIBE and is explicitly not equivalent to an "Expires" SUBSCRIBE and is explicitly not equivalent to an "Expires" header in
header in a SUBSCRIBE request or response. a SUBSCRIBE request or response.
A natural consequence of this scheme is that a SUBSCRIBE with an A natural consequence of this scheme is that a SUBSCRIBE with an
"Expires" of 0 constitutes a request to unsubscribe from an "Expires" of 0 constitutes a request to unsubscribe from an event.
event.
In addition to being a request to unsubscribe, a SUBSCRIBE In addition to being a request to unsubscribe, a SUBSCRIBE message
message with "Expires" of 0 also causes a fetch of state; see with "Expires" of 0 also causes a fetch of state; see section
section 4.3.6. 3.3.6.
Notifiers may also wish to cancel subscriptions to events; this Notifiers may also wish to cancel subscriptions to events; this is
is useful, for example, when the resource to which a subscription useful, for example, when the resource to which a subscription refers
refers is no longer available. Further details on this mechanism is no longer available. Further details on this mechanism are
are discussed in section 4.2.2. discussed in section 3.2.2.
4.1.2. Identification of Subscribed Events and Event Classes 3.1.2. Identification of Subscribed Events and Event Classes
Identification of events is provided by three pieces of Identification of events is provided by three pieces of information:
information: Request URI, Event Type, and (optionally) message Request URI, Event Type, and (optionally) message body.
body.
The Request URI of a SUBSCRIBE request, most importantly, The Request URI of a SUBSCRIBE request, most importantly, contains
contains enough information to route the request to the enough information to route the request to the appropriate entity per
appropriate entity per the request routing procedures outlined in the request routing procedures outlined in SIP [1]. It also contains
SIP [1]. It also contains enough information to identify the enough information to identify the resource for which event
resource for which event notification is desired, but not notification is desired, but not necessarily enough information to
necessarily enough information to uniquely identify the nature of uniquely identify the nature of the event (e.g.,
the event (e.g. "sip:adam@dynamicsoft.com" would be an "sip:adam@dynamicsoft.com" would be an appropriate URI to subscribe
appropriate URI to subscribe to for my presence state; it would to for my presence state; it would also be an appropriate URI to
also be an appropriate URI to subscribe to the state of my voice subscribe to the state of my voice mailbox).
mailbox).
Subscribers MUST include exactly one "Event" header in SUBSCRIBE Subscribers MUST include exactly one "Event" header in SUBSCRIBE
requests, indicating to which event or class of events they are requests, indicating to which event or class of events they are
subscribing. The "Event" header will contain a token which subscribing. The "Event" header will contain a token which indicates
indicates the type of state for which a subscription is being the type of state for which a subscription is being requested. This
requested. This token will be registered with the IANA and will token will be registered with the IANA and will correspond to an
correspond to an event package which further describes the event package which further describes the semantics of the event or
semantics of the event or event class. The "Event" header MAY event class. The "Event" header MAY also contain an "id" parameter.
also contain an "id" parameter. This "id" parameter, if present, This "id" parameter, if present, contains an opaque token which
contains an opaque token which identifies the specific identifies the specific subscription within a dialog. An "id"
subscription within a dialog. An "id" parameter is only valid parameter is only valid within the scope of a single dialog.
within the scope of a single dialog.
If the event package to which the event token corresponds defines If the event package to which the event token corresponds defines
behavior associated with the body of its SUBSCRIBE requests, behavior associated with the body of its SUBSCRIBE requests, those
those semantics apply. semantics apply.
Event packages may also define parameters for the Event header; Event packages may also define parameters for the Event header; if
if they do so, they must define the semantics for such they do so, they must define the semantics for such parameters.
parameters.
4.1.3. Additional SUBSCRIBE Header Values 3.1.3. Additional SUBSCRIBE Header Values
Because SUBSCRIBE requests create a dialog as defined in SIP [1], Because SUBSCRIBE requests create a dialog as defined in SIP [1],
they MAY contain an "Accept" header. This header, if present, they MAY contain an "Accept" header. This header, if present,
indicates the body formats allowed in subsequent NOTIFY requests. indicates the body formats allowed in subsequent NOTIFY requests.
Event packages MUST define the behavior for SUBSCRIBE requests Event packages MUST define the behavior for SUBSCRIBE requests
without "Accept" headers; usually, this will connote a single, without "Accept" headers; usually, this will connote a single,
default body type. default body type.
Header values not described in this document are to be Header values not described in this document are to be interpreted as
interpreted as described in SIP [1]. described in SIP [1].
4.1.4. Subscriber SUBSCRIBE Behavior 3.1.4. Subscriber SUBSCRIBE Behavior
4.1.4.1. Requesting a Subscription 3.1.4.1. Requesting a Subscription
SUBSCRIBE is a dialog-creating method, as described in SIP [1]. SUBSCRIBE is a dialog-creating method, as described in SIP [1].
When a subscriber wishes to subscribe to a particular state for a When a subscriber wishes to subscribe to a particular state for a
resource, it forms a SUBSCRIBE message. If the initial SUBSCRIBE resource, it forms a SUBSCRIBE message. If the initial SUBSCRIBE
represents a request outside of a dialog (as it typically will), represents a request outside of a dialog (as it typically will), its
its construction follows the procedures outlined in SIP [1] for construction follows the procedures outlined in SIP [1] for UAC
UAC request generation outside of a dialog. request generation outside of a dialog.
This SUBSCRIBE request will be confirmed with a final response. This SUBSCRIBE request will be confirmed with a final response.
200-class responses indicate that the subscription has been 200-class responses indicate that the subscription has been accepted,
accepted, and that a NOTIFY will be sent immediately. A 200 and that a NOTIFY will be sent immediately. A 200 response indicates
response indicates that the subscription has been accepted and that the subscription has been accepted and that the user is
that the user is authorized to subscribe to the requested authorized to subscribe to the requested resource. A 202 response
resource. A 202 response merely indicates that the subscription merely indicates that the subscription has been understood, and that
has been understood, and that authorization may or may not have authorization may or may not have been granted.
been granted.
The "Expires" header in a 200-class response to SUBSCRIBE The "Expires" header in a 200-class response to SUBSCRIBE indicates
indicates the actual duration for which the subscription will the actual duration for which the subscription will remain active
remain active (unless refreshed). (unless refreshed).
Non-200 class final responses indicate that no subscription or Non-200 class final responses indicate that no subscription or dialog
dialog has been created, and no subsequent NOTIFY message will be has been created, and no subsequent NOTIFY message will be sent. All
sent. All non-200 class responses (with the exception of "489", non-200 class responses (with the exception of "489", described
described herein) have the same meanings and handling as herein) have the same meanings and handling as described in SIP [1].
described in SIP [1].
A SUBSCRIBE request MAY include an "id" parameter in its "Event" A SUBSCRIBE request MAY include an "id" parameter in its "Event"
header to allow differentiation between multiple subscriptions in header to allow differentiation between multiple subscriptions in the
the same dialog. same dialog.
4.1.4.2. Refreshing of Subscriptions 3.1.4.2. Refreshing of Subscriptions
At any time before a subscription expires, the subscriber may At any time before a subscription expires, the subscriber may refresh
refresh the timer on such a subscription by sending another the timer on such a subscription by sending another SUBSCRIBE request
SUBSCRIBE request on the same dialog as the existing on the same dialog as the existing subscription, and with the same
subscription, and with the same "Event" header "id" parameter (if "Event" header "id" parameter (if one was present in the initial
one was present in the initial subscription). The handling for subscription). The handling for such a request is the same as for
such a request is the same as for the initial creation of a the initial creation of a subscription except as described below.
subscription except as described below.
If the initial SUBSCRIBE message contained an "id" parameter If the initial SUBSCRIBE message contained an "id" parameter on
on the "Event" header, then refreshes of the subscription the "Event" header, then refreshes of the subscription must also
must also contain an identical "id" parameter; they will contain an identical "id" parameter; they will otherwise be
otherwise be considered new subscriptions in an existing considered new subscriptions in an existing dialog.
dialog.
If a SUBSCRIBE request to refresh a subscription receives a "481" If a SUBSCRIBE request to refresh a subscription receives a "481"
response, this indicates that the subscription has been response, this indicates that the subscription has been terminated
terminated and that the subscriber did not receive notification and that the subscriber did not receive notification of this fact.
of this fact. In this case, the subscriber should consider the In this case, the subscriber should consider the subscription
subscription invalid. If the subscriber wishes to re-subscribe to invalid. If the subscriber wishes to re-subscribe to the state, he
the state, he does so by composing an unrelated initial SUBSCRIBE does so by composing an unrelated initial SUBSCRIBE request with a
request with a freshly-generated Call-ID and a new, unique "From" freshly-generated Call-ID and a new, unique "From" tag (see section
tag (see section 4.1.4.1.) 3.1.4.1.)
If a SUBSCRIBE request to refresh a subscription fails with a non-481
response, the original subscription is still considered valid for the
duration of the most recently known "Expires" value as negotiated by
SUBSCRIBE and its response, or as communicated by NOTIFY in the
"Subscription-State" header "expires" parameter.
If a SUBSCRIBE request to refresh a subscription fails with a Note that many such errors indicate that there may be a problem
non-481 response, the original subscription is still considered with the network or the notifier such that no further NOTIFY
valid for the duration of the most recently known "Expires" value messages will be received.
as negotiated by SUBSCRIBE and its response, or as communicated
by NOTIFY in the "Subscription-State" header "expires" parameter.
Note that many such errors indicate that there may be a 3.1.4.3. Unsubscribing
problem with the network or the notifier such that no further
NOTIFY messages will be received.
4.1.4.3. Unsubscribing Unsubscribing is handled in the same way as refreshing of a
subscription, with the "Expires" header set to "0". Note that a
successful unsubscription will also trigger a final NOTIFY message.
Unsubscribing is handled in the same way as refreshing of a 3.1.4.4. Confirmation of Subscription Creation
subscription, with the "Expires" header set to "0". Note that a
successful unsubscription will also trigger a final NOTIFY
message.
4.1.4.4. Confirmation of Subscription Creation The subscriber can expect to receive a NOTIFY message from each node
which has processed a successful subscription or subscription
refresh. Until the first NOTIFY message arrives, the subscriber
should consider the state of the subscribed resource to be in a
neutral state. Documents which define new event packages MUST define
this "neutral state" in such a way that makes sense for their
application (see section 4.4.7.).
The subscriber can expect to receive a NOTIFY message from each Due to the potential for both out-of-order messages and forking, the
node which has processed a successful subscription or subscriber MUST be prepared to receive NOTIFY messages before the
subscription refresh. Until the first NOTIFY message arrives, the SUBSCRIBE transaction has completed.
subscriber should consider the state of the subscribed resource
to be in a neutral state. Event packages which define new event
packages MUST define this "neutral state" in such a way that
makes sense for their application (see section 5.4.7.).
Due to the potential for both out-of-order messages and forking, Except as noted above, processing of this NOTIFY is the same as in
the subscriber MUST be prepared to receive NOTIFY messages before section 3.2.4.
the SUBSCRIBE transaction has completed.
Except as noted above, processing of this NOTIFY is the same as 3.1.5. Proxy SUBSCRIBE Behavior
in section 4.2.4.
4.1.5. Proxy SUBSCRIBE Behavior Proxies need no additional behavior beyond that described in SIP [1]
to support SUBSCRIBE. If a proxy wishes to see all of the SUBSCRIBE
and NOTIFY requests for a given dialog, it MUST record-route the
initial SUBSCRIBE and any dialog-establishing NOTIFY requests. Such
proxies SHOULD also record-route all other SUBSCRIBE and NOTIFY
requests.
Proxies need no additional behavior beyond that described in SIP Note that subscribers and notifiers may elect to use S/MIME
[1] to support SUBSCRIBE. If a proxy wishes to see all of the encryption of SUBSCRIBE and NOTIFY requests; consequently, proxies
SUBSCRIBE and NOTIFY requests for a given dialog, it MUST cannot rely on being able to access any information that is not
record-route the initial SUBSCRIBE and any dialog-establishing explicitly required to be proxy-readable by SIP [1].
NOTIFY requests. Such proxies SHOULD also record-route all other
SUBSCRIBE and NOTIFY requests.
Note that subscribers and notifiers may elect to use S/MIME 3.1.6. Notifier SUBSCRIBE Behavior
encryption of SUBSCRIBE and NOTIFY requests; consequently,
proxies cannot rely on being able to access any information
that is not explicitly required to be proxy-readable by SIP
[1].
4.1.6. Notifier SUBSCRIBE Behavior 3.1.6.1. Initial SUBSCRIBE Transaction Processing
4.1.6.1. Initial SUBSCRIBE Transaction Processing In no case should a SUBSCRIBE transaction extend for any longer than
the time necessary for automated processing. In particular,
notifiers MUST NOT wait for a user response before returning a final
response to a SUBSCRIBE request.
In no case should a SUBSCRIBE transaction extend for any longer This requirement is imposed primarily to prevent the non-INVITE
than the time necessary for automated processing. In particular, transaction timeout timer F (see [1]) from firing during the
notifiers MUST NOT wait for a user response before returning a SUBSCRIBE transaction, since interaction with a user would often
final response to a SUBSCRIBE request. exceed 64*T1 seconds.
This requirement is imposed primarily to prevent the The notifier SHOULD check that the event package specified in the
non-INVITE transaction timeout timer F (see [1]) from firing "Event" header is understood. If not, the notifier SHOULD return a
during the SUBSCRIBE transaction, since interaction with a "489 Bad Event" response to indicate that the specified event/event
user would often exceed 64*T1 seconds. class is not understood.
The notifier SHOULD check that the event package specified in the The notifier SHOULD also perform any necessary authentication and
"Event" header is understood. If not, the notifier SHOULD return authorization per its local policy. See section 3.1.6.3.
a "489 Bad Event" response to indicate that the specified
event/event class is not understood.
The notifier SHOULD also perform any necessary authentication and The notifier MAY also check that the duration in the "Expires" header
authorization per its local policy. See section 4.1.6.3. is not too small. If and only if the expiration interval is greater
than zero AND smaller than one hour AND less than a notifier-
configured minimum, the notifier MAY return a "423 Interval too
small" error which contains a "Min-Expires" header field. The "Min-
Expires" header field is described in SIP [1].
The notifier MAY also check that the duration in the "Expires" If the notifier is able to immediately determine that it understands
header is not too small. If and only if the expiration interval the event package, that the authenticated subscriber is authorized to
is greater than zero AND smaller than one hour AND less than a subscribe, and that there are no other barriers to creating the
notifier-configured minimum, the notifier MAY return a "423 subscription, it creates the subscription and a dialog (if
Interval too small" error which contains a "Min-Expires" header necessary), and returns a "200 OK" response (unless doing so would
field. The "Min-Expires" header field is described in SIP [1]. reveal authorization policy in an undesirable fashion; see section
5.2.).
If the notifier is able to immediately determine that it If the notifier cannot immediately create the subscription (e.g., it
understands the event package, that the authenticated subscriber needs to wait for user input for authorization, or is acting for
is authorized to subscribe, and that there are no other barriers another node which is not currently reachable), or wishes to mask
to creating the subscription, it creates the subscription and a authorization policy, it will return a "202 Accepted" response. This
dialog (if necessary), and returns a "200 OK" response (unless response indicates that the request has been received and understood,
doing so would reveal authorization policy in an undesirable but does not necessarily imply that the subscription has been
fashion; see section 6.2.). authorized yet.
If the notifier cannot immediately create the subscription (e.g. When a subscription is created in the notifier, it stores the event
it needs to wait for user input for authorization, or is acting package name and the "Event" header "id" parameter (if present) as
for another node which is not currently reachable), or wishes to part of the subscription information.
mask authorization policy, it will return a "202 Accepted"
response. This response indicates that the request has been
received and understood, but does not necessarily imply that the
subscription has been authorized yet.
When a subscription is created in the notifier, it stores the The "Expires" values present in SUBSCRIBE 200-class responses behave
event package name and the "Event" header "id" parameter (if in the same way as they do in REGISTER responses: the server MAY
present) as part of the subscription information. shorten the interval, but MUST NOT lengthen it.
The "Expires" values present in SUBSCRIBE 200-class responses If the duration specified in a SUBSCRIBE message is unacceptably
behave in the same way as they do in REGISTER responses: the short, the notifier may be able to send a 423 response, as
server MAY shorten the interval, but MUST NOT lengthen it. described earlier in this section.
If the duration specified in a SUBSCRIBE message is 200-class responses to SUBSCRIBE requests will not generally contain
unacceptably short, the notifier may be able to send a 423 any useful information beyond subscription duration; their primary
response, as described earlier in this section. purpose is to serve as a reliability mechanism. State information
will be communicated via a subsequent NOTIFY request from the
notifier.
200-class responses to SUBSCRIBE requests will not generally The other response codes defined in SIP [1] may be used in response
contain any useful information beyond subscription duration; to SUBSCRIBE requests, as appropriate.
their primary purpose is to serve as a reliability mechanism.
State information will be communicated via a subsequent NOTIFY
request from the notifier.
The other response codes defined in SIP [1] may be used in 3.1.6.2. Confirmation of Subscription Creation/Refreshing
response to SUBSCRIBE requests, as appropriate.
4.1.6.2. Confirmation of Subscription Creation/Refreshing Upon successfully accepting or refreshing a subscription, notifiers
MUST send a NOTIFY message immediately to communicate the current
resource state to the subscriber. This NOTIFY message is sent on the
same dialog as created by the SUBSCRIBE response. If the resource
has no meaningful state at the time that the SUBSCRIBE message is
processed, this NOTIFY message MAY contain an empty or neutral body.
See section 3.2.2. for further details on NOTIFY message generation.
Upon successfully accepting or refreshing a subscription, Note that a NOTIFY message is always sent immediately after any 200-
notifiers MUST send a NOTIFY message immediately to communicate class response to a SUBSCRIBE request, regardless of whether the
the current resource state to the subscriber. This NOTIFY message subscription has already been authorized.
is sent on the same dialog as created by the SUBSCRIBE response.
If the resource has no meaningful state at the time that the
SUBSCRIBE message is processed, this NOTIFY message MAY contain
an empty or neutral body. See section 4.2.2. for further details
on NOTIFY message generation.
Note that a NOTIFY message is always sent immediately after any 3.1.6.3. Authentication/Authorization of SUBSCRIBE requests
200-class response to a SUBSCRIBE request, regardless of whether
the subscription has already been authorized.
4.1.6.3. Authentication/Authorization of SUBSCRIBE requests Privacy concerns may require that notifiers apply policy to determine
whether a particular subscriber is authorized to subscribe to a
certain set of events. Such policy may be defined by mechanisms such
as access control lists or real-time interaction with a user. In
general, authorization of subscribers prior to authentication is not
particularly useful.
Privacy concerns may require that notifiers apply policy to SIP authentication mechanisms are discussed in SIP [1]. Note that,
determine whether a particular subscriber is authorized to even if the notifier node typically acts as a proxy, authentication
subscribe to a certain set of events. Such policy may be defined for SUBSCRIBE requests will always be performed via a "401" response,
by mechanisms such as access control lists or real-time not a "407;" notifiers always act as a user agents when accepting
interaction with a user. In general, authorization of subscribers subscriptions and sending notifications.
prior to authentication is not particularly useful.
SIP authentication mechanisms are discussed in SIP [1]. Note Of course, when acting as a proxy, a node will perform normal
that, even if the notifier node typically acts as a proxy, proxy authentication (using 407). The foregoing explanation is a
authentication for SUBSCRIBE requests will always be performed reminder that notifiers are always UAs, and as such perform UA
via a "401" response, not a "407;" notifiers always act as a user authentication.
agents when accepting subscriptions and sending notifications.
Of course, when acting as a proxy, a node will perform normal If authorization fails based on an access list or some other
proxy authentication (using 407). The foregoing explanation automated mechanism (i.e., it can be automatically authoritatively
is a reminder that notifiers are always UAs, and as such determined that the subscriber is not authorized to subscribe), the
perform UA authentication. notifier SHOULD reply to the request with a "403 Forbidden" or "603
Decline" response, unless doing so might reveal information that
should stay private; see section 5.2.
If authorization fails based on an access list or some other If the notifier owner is interactively queried to determine whether a
automated mechanism (i.e. it can be automatically authoritatively subscription is allowed, a "202 Accept" response is returned
determined that the subscriber is not authorized to subscribe), immediately. Note that a NOTIFY message is still formed and sent
the notifier SHOULD reply to the request with a "403 Forbidden" under these circumstances, as described in the previous section.
or "603 Decline" response, unless doing so might reveal
information that should stay private; see section 6.2.
If the notifier owner is interactively queried to determine If subscription authorization was delayed and the notifier wishes to
whether a subscription is allowed, a "202 Accept" response is convey that such authorization has been declined, it may do so by
returned immediately. Note that a NOTIFY message is still formed sending a NOTIFY message containing a "Subscription-State" header
and sent under these circumstances, as described in the previous with a value of "terminated" and a reason parameter of "rejected".
section.
If subscription authorization was delayed and the notifier wishes 3.1.6.4. Refreshing of Subscriptions
to convey that such authorization has been declined, it may do so
by sending a NOTIFY message containing a "Subscription-State"
header with a value of "terminated" and a reason parameter of
"rejected".
4.1.6.4. Refreshing of Subscriptions When a notifier receives a subscription refresh, assuming that the
subscriber is still authorized, the notifier updates the expiration
time for the subscription. As with the initial subscription, the
server MAY shorten the amount of time until expiration, but MUST NOT
increase it. The final expiration time is placed in the "Expires"
header in the response. If the duration specified in a SUBSCRIBE
message is unacceptably short, the notifier SHOULD respond with a
"423 Subscription Too Brief" message.
When a notifier receives a subscription refresh, assuming that If no refresh for a notification address is received before its
the subscriber is still authorized, the notifier updates the expiration time, the subscription is removed. When removing a
expiration time for subscription. As with the initial subscription, the notifier SHOULD send a NOTIFY message with a
subscription, the server MAY shorten the amount of time until "Subscription-State" value of "terminated" to inform it that the
expiration, but MUST NOT increase it. The final expiration time subscription is being removed. If such a message is sent, the
is placed in the "Expires" header in the response. If the "Subscription-State" header SHOULD contain a "reason=timeout"
duration specified in a SUBSCRIBE message is unacceptably short, parameter.
the notifier SHOULD respond with a "423 Subscription Too Brief"
message.
If no refresh for a notification address is received before its The sending of a NOTIFY when a subscription expires allows the
expiration time, the subscription is removed. When removing a corresponding dialog to be terminated, if appropriate.
subscription, the notifier SHOULD send a NOTIFY message with a
"Subscription-State" value of "terminated" to inform it that the
subscription is being removed. If such a message is sent, the
"Subscription-State" header SHOULD contain a "reason=timeout"
parameter.
The sending of a NOTIFY when a subscription expires allows 3.2. Description of NOTIFY Behavior
the corresponding dialog to be terminated, if appropriate.
4.2. Description of NOTIFY Behavior NOTIFY messages are sent to inform subscribers of changes in state to
which the subscriber has a subscription. Subscriptions are typically
put in place using the SUBSCRIBE method; however, it is possible that
other means have been used.
NOTIFY messages are sent to inform subscribers of changes in If any non-SUBSCRIBE mechanisms are defined to create subscriptions,
state to which the subscriber has a subscription. Subscriptions it is the responsibility of the parties defining those mechanisms to
are typically put in place using the SUBSCRIBE method; however, ensure that correlation of a NOTIFY message to the corresponding
it is possible that other means have been used. subscription is possible. Designers of such mechanisms are also
warned to make a distinction between sending a NOTIFY message to a
subscriber who is aware of the subscription, and sending a NOTIFY
message to an unsuspecting node. The latter behavior is invalid, and
MUST receive a "481 Subscription does not exist" response (unless
some other 400- or 500-class error code is more applicable), as
described in section 3.2.4. In other words, knowledge of a
subscription must exist in both the subscriber and the notifier to be
valid, even if installed via a non-SUBSCRIBE mechanism.
If any non-SUBSCRIBE mechanisms are defined to create A NOTIFY does not terminate its corresponding subscription; in other
subscriptions, it is the responsibility of the parties defining words, a single SUBSCRIBE request may trigger several NOTIFY
those mechanisms to ensure that correlation of a NOTIFY message requests.
to the corresponding subscription is possible. Designers of such
mechanisms are also warned to make a distinction between sending
a NOTIFY message to a subscriber who is aware of the
subscription, and sending a NOTIFY message to an unsuspecting
node. The latter behavior is invalid, and MUST receive a "481
Subscription does not exist" response (unless some other 400- or
500-class error code is more applicable), as described in section
4.2.4. In other words, knowledge of a subscription must exist in
both the subscriber and the notifier to be valid, even if
installed via a non-SUBSCRIBE mechanism.
A NOTIFY does not terminate its corresponding subscription; in 3.2.1. Identification of Reported Events, Event Classes, and Current
other words, a single SUBSCRIBE request may trigger several State
NOTIFY requests.
4.2.1. Identification of Reported Events, Event Classes, and Current Identification of events being reported in a notification is very
State similar to that described for subscription to events (see section
3.1.2.).
Identification of events being reported in a notification is very As in SUBSCRIBE requests, NOTIFY "Event" headers will contain a
similar to that described for subscription to events (see section single event package name for which a notification is being
4.1.2.). generated. The package name in the "Event" header MUST match the
"Event" header in the corresponding SUBSCRIBE message. If an "id"
parameter was present in the SUBSCRIBE message, that "id" parameter
MUST also be present in the corresponding NOTIFY messages.
As in SUBSCRIBE requests, NOTIFY "Event" headers will contain a Event packages may define semantics associated with the body of their
single event package name for which a notification is being NOTIFY requests; if they do so, those semantics apply. NOTIFY bodies
generated. The package name in the "Event" header MUST match the are expected to provide additional details about the nature of the
"Event" header in the corresponding SUBSCRIBE message. If an "id" event which has occurred and the resultant resource state.
parameter was present in the SUBSCRIBE message, that "id"
parameter MUST also be present in the corresponding NOTIFY
messages.
Event packages may define semantics associated with the body of When present, the body of the NOTIFY request MUST be formatted into
their NOTIFY requests; if they do so, those semantics apply. one of the body formats specified in the "Accept" header of the
NOTIFY bodies are expected to provide additional details about corresponding SUBSCRIBE request. This body will contain either the
the nature of the event which has occurred and the resultant state of the subscribed resource or a pointer to such state in the
resource state. form of a URI (see section 4.4.13).
When present, the body of the NOTIFY request MUST be formatted 3.2.2. Notifier NOTIFY Behavior
into one of the body formats specified in the "Accept" header of
the corresponding SUBSCRIBE request. This body will contain
either the state of the subscribed resource or a pointer to such
state in the form of a URI.
4.2.2. Notifier NOTIFY Behavior When a SUBSCRIBE request is answered with a 200-class response, the
notifier MUST immediately construct and send a NOTIFY request to the
subscriber. When a change in the subscribed state occurs, the
notifier SHOULD immediately construct and send a NOTIFY request,
subject to authorization, local policy, and throttling
considerations.
When a SUBSCRIBE request is answered with a 200-class response, A NOTIFY request is considered failed if the response times out, or a
the notifier MUST immediately construct and send a NOTIFY request non-200 class response code is received which has no "Retry-After"
to the subscriber. When a change in the subscribed state occurs, header and no implied further action which can be taken to retry the
the notifier SHOULD immediately construct and send a NOTIFY request (e.g., "401 Authorization Required".)
request, subject to authorization, local policy, and throttling
considerations.
A NOTIFY request is considered failed if the response times out, If the NOTIFY request fails (as defined above) due to a timeout
or a non-200 class response code is received which has no condition, and the subscription was installed using a soft-state
"Retry-After" header and no implied further action which can be mechanism (such as SUBSCRIBE), the notifier SHOULD remove the
taken to retry the request (e.g. "401 Authorization Required".) subscription.
If the NOTIFY request fails (as defined above) due to a timeout This behavior prevents unnecessary transmission of state
condition, and the subscription was installed using a soft-state information for subscribers who have crashed or disappeared from
mechanism (such as SUBSCRIBE), the notifier SHOULD remove the the network. Because such transmissions will be sent multiple
subscription. times, per the retransmission algorithm defined in SIP [1]
(instead of the typical single transmission for functioning
clients), continuing to service them when no client is available
to acknowledge them could place undue strain on a network. Upon
client restart or reestablishment of a network connection, it is
expected that clients will send SUBSCRIBE messages to refresh
potentially stale state information; such messages will re-install
subscriptions in all relevant nodes.
This behavior prevents unnecessary transmission of state If the NOTIFY request fails (as defined above) due to an error
information for subscribers who have crashed or disappeared response, and the subscription was installed using a soft-state
from the network. Because such transmissions will be sent mechanism, the notifier MUST remove the corresponding subscription.
multiple times, per the retransmission algorithm defined in
SIP [1] (instead of the typical single transmission for
functioning clients), continuing to service them when no
client is available to acknowledge them could place undue
strain on a network. Upon client restart or reestablishment
of a network connection, it is expected that clients will
send SUBSCRIBE messages to refresh potentially stale state
information; such messages will re-install subscriptions in
all relevant nodes.
If the NOTIFY request fails (as defined above) due to an error A notify error response would generally indicate that something
response, and the subscription was installed using a soft-state has gone wrong with the subscriber or with some proxy on the way
mechanism, the notifier MUST remove the corresponding to the subscriber. If the subscriber is in error, it makes the
subscription. most sense to allow the subscriber to rectify the situation (by
re-subscribing) once the error condition has been handled. If a
proxy is in error, the periodic SUBSCRIBE refreshes will re-
install subscription state once the network problem has been
resolved.
A notify error response would generally indicate that If a NOTIFY request receives a 481 response, the notifier MUST remove
something has gone wrong with the subscriber or with some the corresponding subscription even if such subscription was
proxy on the way to the subscriber. If the subscriber is in installed by non-SUBSCRIBE means (such as an administrative
error, it makes the most sense to allow the subscriber to interface).
rectify the situation (by re-subscribing) once the error
condition has been handled. If a proxy is in error, the
periodic SUBSCRIBE refreshes will re-install subscription
state once the network problem has been resolved.
If a NOTIFY request receives a 481 response, the notifier MUST If the above behavior were not required, subscribers receiving a
remove the corresponding subscription even if such subscription notify for an unknown subscription would need to send an error
was installed by non-SUBSCRIBE means (such as an administrative status code in response to the NOTIFY and also send a SUBSCRIBE
interface). request to remove the subscription. Since this behavior would
make subscribers available for use as amplifiers in denial of
service attacks, we have instead elected to give the 481 response
special meaning: it is used to indicate that a subscription must
be cancelled under all circumstances.
If the above behavior were not required, subscribers NOTIFY requests MUST contain a "Subscription-State" header with a
receiving a notify for an unknown subscription would need to value of "active", "pending", or "terminated". The "active" value
send an error status code in response to the NOTIFY and also indicates that the subscription has been accepted and has been
send a SUBSCRIBE request to remove the subscription. Since authorized (in most cases; see section 5.2.). The "pending" value
this behavior would make subscribers available for use as indicates that the subscription has been received, but that policy
amplifiers in denial of service attacks, we have instead information is insufficient to accept or deny the subscription at
elected to give the 481 response special meaning: it is used this time. The "terminated" value indicates that the subscription is
to indicate that a subscription must be cancelled under all not active.
circumstances.
NOTIFY requests MUST contain a "Subscription-State" header with a If the value of the "Subscription-State" header is "active" or
value of "active", "pending", or "terminated". The "active" value "pending", the notifier SHOULD also include in the "Subscription-
indicates that the subscription has been accepted and has been State" header an "expires" parameter which indicates the time
authorized (in most cases; see section 6.2.). The "pending" value remaining on the subscription. The notifier MAY use this mechanism
indicates that the subscription has been received, but that to shorten a subscription; however, this mechanism MUST NOT be used
policy information is insufficient to accept or deny the to lengthen a subscription.
subscription at this time. The "terminated" value indicates that
the subscription is not active.
If the value of the "Subscription-State" header is "active" or Including expiration information for active and pending
"pending", the notifier SHOULD also include in the subscriptions is useful in case the SUBSCRIBE request forks, since
"Subscription-State" header an "expires" parameter which the response to a forked SUBSCRIBE may not be received by the
indicates the time remaining on the subscription. The notifier subscriber. Note well that this "expires" value is a parameter on
MAY use this mechanism to shorten a subscription; however, this the "Subscription-State" header, NOT an "Expires" header.
mechanism MUST NOT be used to lengthen a subscription.
Including expiration information for active and pending If the value of the "Subscription-State" header is "terminated", the
subscriptions is useful in case the SUBSCRIBE request forks, notifier SHOULD also include a "reason" parameter. The notifier MAY
since the response to a forked SUBSCRIBE may not be received also include a "retry-after" parameter, where appropriate. For
by the subscriber. Note well that this "expires" value is a details on the value and semantics of the "reason" and "retry-after"
parameter on the "Subscription-State" header, NOT an parameters, see section 3.2.4.
"Expires" header.
If the value of the "Subscription-State" header is "terminated", 3.2.3. Proxy NOTIFY Behavior
the notifier SHOULD also include a "reason" parameter. The
notifier MAY also include a "retry-after" parameter, where
appropriate. For details on the value and semantics of the
"reason" and "retry-after" parameters, see section 4.2.4.
4.2.3. Proxy NOTIFY Behavior Proxies need no additional behavior beyond that described in SIP [1]
to support NOTIFY. If a proxy wishes to see all of the SUBSCRIBE and
NOTIFY requests for a given dialog, it MUST record-route the initial
SUBSCRIBE and any dialog-establishing NOTIFY requests. Such proxies
SHOULD also record-route all other SUBSCRIBE and NOTIFY requests.
Proxies need no additional behavior beyond that described in SIP Note that subscribers and notifiers may elect to use S/MIME
[1] to support NOTIFY. If a proxy wishes to see all of the encryption of SUBSCRIBE and NOTIFY requests; consequently, proxies
SUBSCRIBE and NOTIFY requests for a given dialog, it MUST cannot rely on being able to access any information that is not
record-route the initial SUBSCRIBE and any dialog-establishing explicitly required to be proxy-readable by SIP [1].
NOTIFY requests. Such proxies SHOULD also record-route all other
SUBSCRIBE and NOTIFY requests.
Note that subscribers and notifiers may elect to use S/MIME 3.2.4. Subscriber NOTIFY Behavior
encryption of SUBSCRIBE and NOTIFY requests; consequently,
proxies cannot rely on being able to access any information
that is not explicitly required to be proxy-readable by SIP
[1].
4.2.4. Subscriber NOTIFY Behavior Upon receiving a NOTIFY request, the subscriber should check that it
matches at least one of its outstanding subscriptions; if not, it
MUST return a "481 Subscription does not exist" response unless
another 400- or 500-class response is more appropriate. The rules
for matching NOTIFY requests with subscriptions that create a new
dialog are described in section 3.3.4. Notifications for
subscriptions which were created inside an existing dialog match if
they are in the same dialog and the "Event" headers match (as
described in section 7.2.1.)
Upon receiving a NOTIFY request, the subscriber should check that If, for some reason, the event package designated in the "Event"
it matches at least one of its outstanding subscriptions; if not, header of the NOTIFY request is not supported, the subscriber will
it MUST return a "481 Subscription does not exist" response respond with a "489 Bad Event" response.
unless another 400- or 500-class response is more appropriate.
The rules for matching NOTIFY requests with subscriptions that
create a new dialog are described in section 4.3.4. Notifications
for subscriptions which were created inside an existing dialog
match if they are in the same dialog and the "Event" headers
match (as described in section 8.2.1.)
If, for some reason, the event package designated in the "Event" To prevent spoofing of events, NOTIFY requests SHOULD be
header of the NOTIFY request is not supported, the subscriber authenticated, using any defined SIP authentication mechanism.
will respond with a "489 Bad Event" response.
To prevent spoofing of events, NOTIFY requests SHOULD be NOTIFY requests MUST contain "Subscription-State" headers which
authenticated, using any defined SIP authentication mechanism. indicate the status of the subscription.
NOTIFY requests MUST contain "Subscription-State" headers which If the "Subscription-State" header value is "active", it means that
indicate the status of the subscription. the subscription has been accepted and (in general) has been
authorized. If the header also contains an "expires" parameter, the
subscriber SHOULD take it as the authoritative subscription duration
and adjust accordingly. The "retry-after" and "reason" parameters
have no semantics for "active".
If the "Subscription-State" header value is "active", it means If the "Subscription-State" value is "pending", the subscription has
that the subscription has been accepted and (in general) has been been received by the notifier, but there is insufficient policy
authorized. If the header also contains an "expires" parameter, information to grant or deny the subscription yet. If the header
the subscriber SHOULD take it as the authoritative subscription also contains an "expires" parameter, the subscriber SHOULD take it
duration and adjust accordingly. The "retry-after" and "reason" as the authoritative subscription duration and adjust accordingly.
parameters have no semantics for "active". No further action is necessary on the part of the subscriber. The
"retry-after" and "reason" parameters have no semantics for
"pending".
If the "Subscription-State" value is "pending", the subscription If the "Subscription-State" value is "terminated", the subscriber
has been received by the notifier, but there is insufficient should consider the subscription terminated. The "expires" parameter
policy information to grant or deny the subscription yet. If the has no semantics for "terminated". If a reason code is present, the
header also contains an "expires" parameter, the subscriber client should behave as described below. If no reason code or an
SHOULD take it as the authoritative subscription duration and unknown reason code is present, the client MAY attempt to re-
adjust accordingly. No further action is necessary on the part of subscribe at any time (unless a "retry-after" parameter is present,
the subscriber. The "retry-after" and "reason" parameters have no in which case the client SHOULD NOT attempt re-subscription until
semantics for "pending". after the number of seconds specified by the "retry-after"
parameter). The defined reason codes are:
If the "Subscription-State" value is "terminated", the subscriber deactivated: The subscription has been terminated, but the subscriber
should consider the subscription terminated. The "expires" SHOULD retry immediately with a new subscription. One primary use
parameter has no semantics for "terminated". If a reason code is of such a status code is to allow migration of subscriptions
present, the client should behave as described below. If no between nodes. The "retry-after" parameter has no semantics for
reason code or an unknown reason code is present, the client MAY "deactivated".
attempt to re-subscribe at any time (unless a "retry-after"
parameter is present, in which case the client SHOULD NOT attempt
re-subscription until after the number of seconds specified by
the "retry-after" parameter). The defined reason codes are:
deactivated: The subscription has been terminated, but the client probation: The subscription has been terminated, but the client
SHOULD retry immediately with a new subscription. One primary SHOULD retry at some later time. If a "retry-after" parameter is
use of such a status code is to allow migration of also present, the client SHOULD wait at least the number of
subscriptions between nodes. The "retry-after" parameter has seconds specified by that parameter before attempting to re-
no semantics for "deactivated". subscribe.
probation: The subscription has been terminated, but the client rejected: The subscription has been terminated due to change in
SHOULD retry at some later time. If a "retry-after" parameter authorization policy. Clients SHOULD NOT attempt to re-subscribe.
is also present, the client SHOULD wait at least the number The "retry-after" parameter has no semantics for "rejected".
of seconds specified by that parameter before attempting to
re-subscribe.
rejected: The subscription has been terminated due to change in timeout: The subscription has been terminated because it was not
authorization policy. Clients SHOULD NOT attempt to refreshed before it expired. Clients MAY re-subscribe
re-subscribe. The "retry-after" parameter has no semantics immediately. The "retry-after" parameter has no semantics for
for "rejected". "timeout".
timeout: The subscription has been terminated because it was not giveup: The subscription has been terminated because the notifier
refreshed before it expired. Clients MAY re-subscribe could not obtain authorization in a timely fashion. If a "retry-
immediately. The "retry-after" parameter has no semantics for after" parameter is also present, the client SHOULD wait at least
"timeout". the number of seconds specified by that parameter before
attempting to re-subscribe; otherwise, the client MAY retry
immediately, but will likely get put back into pending state.
giveup: The subscription has been terminated because the notifier noresource: The subscription has been terminated because the resource
could not obtain authorization in a timely fashion. If a state which was being monitored no longer exists. Clients SHOULD
"retry-after" parameter is also present, the client SHOULD NOT attempt to re-subscribe. The "retry-after" parameter has no
wait at least the number of seconds specified by that semantics for "noresource".
parameter before attempting to re-subscribe; otherwise, the
client MAY retry immediately, but will likely get put back
into pending state.
noresource: The subscription has been terminated because the Once the notification is deemed acceptable to the subscriber, the
resource state which was being monitored no longer exists. subscriber SHOULD return a 200 response. In general, it is not
Clients SHOULD NOT attempt to re-subscribe. The "retry-after" expected that NOTIFY responses will contain bodies; however, they
parameter has no semantics for "noresource". MAY, if the NOTIFY request contained an "Accept" header.
Once the notification is deemed acceptable to the subscriber, the Other responses defined in SIP [1] may also be returned, as
subscriber SHOULD return a 200 response. In general, it is not appropriate. In no case should a NOTIFY transaction extend for any
expected that NOTIFY responses will contain bodies; however, they longer than the time necessary for automated processing. In
MAY, if the NOTIFY request contained an "Accept" header. particular, subscribers MUST NOT wait for a user response before
returning a final response to a NOTIFY request.
Other responses defined in SIP [1] may also be returned, as 3.3. General
appropriate. In no case should a NOTIFY transaction extend for
any longer than the time necessary for automated processing. In
particular, subscribers MUST NOT wait for a user response before
returning a final response to a NOTIFY request.
4.3. General 3.3.1. Detecting support for SUBSCRIBE and NOTIFY
4.3.1. Detecting support for SUBSCRIBE and NOTIFY Neither SUBSCRIBE nor NOTIFY necessitate the use of "Require" or
"Proxy-Require" headers; similarly, there is no token defined for
"Supported" headers. If necessary, clients may probe for the support
of SUBSCRIBE and NOTIFY using the OPTIONS request defined in SIP [1].
Neither SUBSCRIBE nor NOTIFY necessitate the use of "Require" or The presence of the "Allow-Events" header in a message is sufficient
"Proxy-Require" headers; similarly, there is no token defined for to indicate support for SUBSCRIBE and NOTIFY.
"Supported" headers. If necessary, clients may probe for the
support of SUBSCRIBE and NOTIFY using the OPTIONS request defined
in SIP[1].
The presence of the "Allow-Events" header in a message is The "methods" parameter for Contact may also be used to
sufficient to indicate support for SUBSCRIBE and NOTIFY. specifically announce support for SUBSCRIBE and NOTIFY messages
when registering. (See reference [8] for details on the "methods"
parameter).
The "methods" parameter for Contact may also be used to 3.3.2. CANCEL requests
specifically announce support for SUBSCRIBE and NOTIFY
messages when registering. (See reference [6] for details on
the "methods" parameter).
4.3.2. CANCEL requests No semantics are associated with cancelling SUBSCRIBE or NOTIFY.
No semantics are associated with cancelling SUBSCRIBE or NOTIFY. 3.3.3. Forking
4.3.3. Forking In accordance with the rules for proxying non-INVITE requests as
defined in SIP [1], successful SUBSCRIBE requests will receive only
one 200-class response; however, due to forking, the subscription may
have been accepted by multiple nodes. The subscriber MUST therefore
be prepared to receive NOTIFY requests with "From:" tags which differ
from the "To:" tag received in the SUBSCRIBE 200-class response.
In accordance with the rules for proxying non-INVITE requests as If multiple NOTIFY messages are received in different dialogs in
defined in SIP [1], successful SUBSCRIBE requests will receive response to a single SUBSCRIBE message, each dialog represents a
only one 200-class response; however, due to forking, the different destination to which the SUBSCRIBE request was forked. For
subscription may have been accepted by multiple nodes. The information on subscriber handling in such situations, see section
subscriber MUST therefore be prepared to receive NOTIFY requests 4.4.9.
with "From:" tags which differ from the "To:" tag received in the
SUBSCRIBE 200-class response.
If multiple NOTIFY messages are received in response to a single 3.3.4. Dialog creation and termination
SUBSCRIBE message, they represent different destinations to which
the SUBSCRIBE request was forked. For information on subscriber
handling in such situations, see section 5.4.9.
4.3.4. Dialog creation and termination If an initial SUBSCRIBE request is not sent on a pre-existing dialog,
the subscriber will wait for a response to the SUBSCRIBE request or a
matching NOTIFY.
If an initial SUBSCRIBE request is not sent on a pre-existing Responses are matched to such SUBSCRIBE requests if they contain the
dialog, the subscriber will wait for a response to the SUBSCRIBE same the same "Call-ID", the same "From" header "tag", and the same
request or a matching NOTIFY. "CSeq". Rules for the comparison of these headers are described in
SIP [1]. If a 200-class response matches such a SUBSCRIBE request,
it creates a new subscription and a new dialog (unless they have
already been created by a matching NOTIFY request; see below).
Responses are matched to such SUBSCRIBE requests if they contain NOTIFY requests are matched to such SUBSCRIBE requests if they
the same the same "Call-ID", the same "From" header "tag", and contain the same "Call-ID", a "To" header "tag" parameter which
the same "CSeq". Rules for the comparison of these headers are matches the "From" header "tag" parameter of the SUBSCRIBE, and the
described in SIP [1]. If a 200-class response matches such a same "Event" header field. Rules for comparisons of the "Event"
SUBSCRIBE request, it creates a new subscription and a new dialog headers are described in section 7.2.1. If a matching NOTIFY request
(unless they have already been created by a matching NOTIFY contains a "Subscription-State" of "active" or "pending", it creates
request; see below). a new subscription and a new dialog (unless they have already been
created by a matching response, as described above).
NOTIFY requests are matched to such SUBSCRIBE requests if they If an initial SUBSCRIBE is sent on a pre-existing dialog, a matching
contain the same "Call-ID", a "To" header "tag" parameter which 200-class response or successful NOTIFY request merely creates a new
matches the "From" header "tag" parameter of the SUBSCRIBE, and subscription associated with that dialog.
the same "Event" header field. Rules for comparisons of the
"Event" headers are described in section 8.2.1. If a matching
NOTIFY request contains a "Subscription-State" of "active" or
"pending", it creates a new subscription and a new dialog (unless
they have already been created by a matching response, as
described above).
If an initial SUBSCRIBE is sent on a pre-existing dialog, a Multiple subscriptions can be associated with a single dialog.
matching 200-class response or successful NOTIFY request merely Subscriptions may also exist in dialogs associated with INVITE-
creates a new subscription associated with that dialog. created application state and other application state created by
mechanisms defined in other specifications. These sets of
application state do not interact beyond the behavior described for a
dialog (e.g., route set handling).
Multiple subscriptions can be associated with a single dialog. A subscription is destroyed when a notifier sends a NOTIFY request
Subscriptions may also exist in dialogs associated with with a "Subscription-State" of "terminated".
INVITE-created application state and other application state
created by mechanisms defined in other specifications. These sets
of application state do not interact beyond the behavior
described for a dialog (e.g. route set handling).
A subscription is destroyed when a notifier sends a NOTIFY A subscriber may send a SUBSCRIBE request with an "Expires" header
request with a "Subscription-State" of "terminated". of 0 in order to trigger the sending of such a NOTIFY request;
however, for the purposes of subscription and dialog lifetime, the
subscription is not considered terminated until the NOTIFY with a
"Subscription-State" of "terminated" is sent.
A subscriber may send a SUBSCRIBE request with an "Expires" If a subscription's destruction leaves no other application state
header of 0 in order to trigger the sending of such a NOTIFY associated with the dialog, the dialog terminates. The destruction
request; however, for the purposes of subscription and dialog of other application state (such as that created by an INVITE) will
lifetime, the subscription is not considered terminated until not terminate the dialog if a subscription is still associated with
the NOTIFY with a "Subscription-State" of "terminated" is that dialog.
sent.
If a subscription's destruction leaves no other application state Note that the above behavior means that a dialog created with an
associated with the dialog, the dialog terminates. The INVITE does not necessarily terminate upon receipt of a BYE.
destruction of other application state (such as that created by Similarly, in the case that several subscriptions are associated
an INVITE) will not terminate the dialog if a subscription is with a single dialog, the dialog does not terminate until all the
still associated with that dialog. subscriptions in it are destroyed.
Note that the above behavior means that a dialog created with 3.3.5. State Agents and Notifier Migration
an INVITE does not necessarily terminate upon receipt of a
BYE. Similarly, in the case that several subscriptions are
associated with a single dialog, the dialog does not
terminate until all the subscriptions in it are destroyed.
4.3.5. State Agents and Notifier Migration When state agents (see section 4.4.11.) are used, it is often useful
to allow migration of subscriptions between state agents and the
nodes for which they are providing state aggregation (or even among
various state agents). Such migration may be effected by sending a
NOTIFY message with a "Subscription-State" header of "terminated",
and a reason parameter of "deactivated". This NOTIFY request is
otherwise normal, and is formed as described in section 3.2.2.
When state agents (see section 5.4.11.) are used, it is often Upon receipt of this NOTIFY message, the subscriber SHOULD attempt to
useful to allow migration of subscriptions between state agents re-subscribe (as described in the preceding sections). Note that
and the nodes for which they are providing state aggregation (or this subscription is established on a new dialog, and does not re-use
even among various state agents). Such migration may be effected the route set from the previous subscription dialog.
by sending a NOTIFY message with a "Subscription-State" header of
"terminated", and a reason parameter of "deactivated". This
NOTIFY request is otherwise normal, and is formed as described in
section 4.2.2.
Upon receipt of this NOTIFY message, the subscriber SHOULD The actual migration is effected by making a change to the policy
attempt to re-subscribe (as described in the preceding sections). (such as routing decisions) of one or more servers to which the
Note that this subscription is established on a new dialog, and SUBSCRIBE request will be sent in such a way that a different node
does not re-use the route set from the previous subscription ends up responding to the SUBSCRIBE request. This may be as simple
dialog. as a change in the local policy in the notifier from which the
subscription is migrating so that it serves as a proxy or redirect
server instead of a notifier.
The actual migration is effected by making a change to the policy Whether, when, and why to perform notifier migrations may be
(such as routing decisions) of one or more servers to which the described in individual event packages; otherwise, such decisions are
SUBSCRIBE request will be sent in such a way that a different a matter of local notifier policy, and are left up to individual
node ends up responding to the SUBSCRIBE request. This may be as implementations.
simple as a change in the local policy in the notifier from which
the subscription is migrating so that it serves as a proxy or
redirect server instead of a notifier.
Whether, when, and why to perform notifier migrations may be 3.3.6. Polling Resource State
described in individual event packages; otherwise, such decisions
are a matter of local notifier policy, and are left up to
individual implementations.
4.3.6. Polling Resource State A natural consequence of the behavior described in the preceding
sections is that an immediate fetch without a persistent subscription
may be effected by sending a SUBSCRIBE with an "Expires" of 0.
A natural consequence of the behavior described in the preceding Of course, an immediate fetch while a subscription is active may be
sections is that an immediate fetch without a persistent effected by sending a SUBSCRIBE with an "Expires" equal to the number
subscription may be effected by sending a SUBSCRIBE with an of seconds remaining in the subscription.
"Expires" of 0.
Of course, an immediate fetch while a subscription is active may Upon receipt of this SUBSCRIBE request, the notifier (or notifiers,
be effected by sending a SUBSCRIBE with an "Expires" equal to the if the SUBSCRIBE request was forked) will send a NOTIFY request
number of seconds remaining in the subscription. containing resource state in the same dialog.
Upon receipt of this SUBSCRIBE request, the notifier (or Note that the NOTIFY messages triggered by SUBSCRIBE messages with
notifiers, if the SUBSCRIBE request was forked) will send a "Expires" headers of 0 will contain a "Subscription-State" value of
NOTIFY request containing resource state in the same dialog. "terminated", and a "reason" parameter of "timeout".
Note that the NOTIFY messages triggered by SUBSCRIBE messages Polling of event state can cause significant increases in load on the
with "Expires" headers of 0 will contain a "Subscription-State" network and notifiers; as such, it should be used only sparingly. In
value of "terminated", and a "reason" parameter of "timeout". particular, polling SHOULD NOT be used in circumstances in which it
will typically result in more network messages than long-running
subscriptions.
Polling of event state can cause significant increases in load on When polling is used, subscribers SHOULD attempt to cache
the network and notifiers; as such, it should be used only authentication credentials between polls so as to reduce the number
sparingly. In particular, polling SHOULD NOT be used in of messages sent.
circumstances in which it will typically result in more network
messages than long-running subscriptions.
When polling is used, subscribers SHOULD attempt to cache 3.3.7. Allow-Events header usage
authentication credentials between polls so as to reduce the
number of messages sent.
4.3.7. Allow-Events header usage The "Allow-Events" header, if present, includes a list of tokens
which indicates the event packages supported by the client (if sent
in a request) or server (if sent in a response). In other words, a
node sending an "Allow-Events" header is advertising that it can
process SUBSCRIBE requests and generate NOTIFY requests for all of
the event packages listed in that header.
The "Allow-Events" header, if present, includes a list of tokens Any node implementing one or more event packages SHOULD include an
which indicates the event packages supported by the client (if appropriate "Allow-Events" header indicating all supported events in
sent in a request) or server (if sent in a response). In other all methods which initiate dialogs and their responses (such as
words, a node sending an "Allow-Events" header is advertising INVITE) and OPTIONS responses.
that it can process SUBSCRIBE requests and generate NOTIFY
requests for all of the event packages listed in that header.
Any node implementing one or more event packages SHOULD include This information is very useful, for example, in allowing user agents
an appropriate "Allow-Events" header indicating all supported to render particular interface elements appropriately according to
events in all methods which initiate dialogs and their responses whether the events required to implement the features they represent
(such as INVITE) and OPTIONS responses. are supported by the appropriate nodes.
This information is very useful, for example, in allowing user Note that "Allow-Events" headers MUST NOT be inserted by proxies.
agents to render particular interface elements appropriately
according to whether the events required to implement the
features they represent are supported by the appropriate nodes.
Note that "Allow-Events" headers MUST NOT be inserted by proxies. 3.3.8. PINT Compatibility
4.3.8. PINT Compatibility The "Event" header is considered mandatory for the purposes of this
document. However, to maintain compatibility with PINT (see [2]),
servers MAY interpret a SUBSCRIBE request with no "Event" header as
requesting a subscription to PINT events. If a server does not
support PINT, it SHOULD return "489 Bad Event" to any SUBSCRIBE
messages without an "Event" header.
The "Event" header is considered mandatory for the purposes of 4. Event Packages
this document. However, to maintain compatibility with PINT (see
[3]), servers MAY interpret a SUBSCRIBE request with no "Event"
header as requesting a subscription to PINT events. If a server
does not support PINT, it SHOULD return "489 Bad Event" to any
SUBSCRIBE messages without an "Event" header.
5. Event Packages This section covers several issues which should be taken into
consideration when event packages based on SUBSCRIBE and NOTIFY are
proposed.
This section covers several issues which should be taken into 4.1. Appropriateness of Usage
consideration when event packages based on SUBSCRIBE and NOTIFY
are proposed.
5.1. Appropriateness of Usage When designing an event package using the methods described in this
document for event notification, it is important to consider: is SIP
an appropriate mechanism for the problem set? Is SIP being selected
because of some unique feature provided by the protocol (e.g., user
mobility), or merely because "it can be done?" If you find yourself
defining event packages for notifications related to, for example,
network management or the temperature inside your car's engine, you
may want to reconsider your selection of protocols.
When designing an event package using the methods described in Those interested in extending the mechanism defined in this
this draft for event notification, it is important to consider: document are urged to follow the development of "Guidelines for
is SIP an appropriate mechanism for the problem set? Is SIP being Authors of SIP Extensions" [7] for further guidance regarding
selected because of some unique feature provided by the protocol appropriate uses of SIP.
(e.g. user mobility), or merely because "it can be done?" If you
find yourself defining event packages for notifications related
to, for example, network management or the temperature inside
your car's engine, you may want to reconsider your selection of
protocols.
Those interested in extending the mechanism defined in this Further, it is expected that this mechanism is not to be used in
document are urged to follow the development of "Guidelines applications where the frequency of reportable events is excessively
for Authors of SIP Extensions"[2] for further guidance rapid (e.g., more than about once per second). A SIP network is
regarding appropriate uses of SIP. generally going to be provisioned for a reasonable signalling volume;
sending a notification every time a user's GPS position changes by
one hundredth of a second could easily overload such a network.
Further, it is expected that this mechanism is not to be used in 4.2. Event Template-packages
applications where the frequency of reportable events is
excessively rapid (e.g. more than about once per second). A SIP
network is generally going to be provisioned for a reasonable
signalling volume; sending a notification every time a user's GPS
position changes by one hundreth of a second could easily
overload such a network.
5.2. Event Template-packages Normal event packages define a set of state applied to a specific
type of resource, such as user presence, call state, and messaging
mailbox state.
Normal event packages define a set of state applied to a specific Event template-packages are a special type of package which define a
type of resource, such as user presence, call state, and set of state applied to other packages, such as statistics, access
messaging mailbox state. policy, and subscriber lists. Event template-packages may even be
applied to other event template-packages.
Event template-packages are a special type of package which To extend the object-oriented analogy made earlier, event template-
define a set of state applied to other packages, such as packages can be thought of as templatized C++ packages which must be
statistics, access policy, and subscriber lists. Event applied to other packages to be useful.
template-packages may even be applied to other event
template-packages.
To extend the object-oriented analogy made earlier, event The name of an event template-package as applied to a package is
template-packages can be thought of as templatized C++ packages formed by appending a period followed by the event template-package
which must be applied to other packages to be useful. name to the end of the package. For example, if a template-package
called "winfo" were being applied to a package called "presence", the
event token used in "Event" and "Allow-Events" would be
"presence.winfo".
The name of an event template-package as applied to a package is Event template-packages must be defined so that they can be applied
formed by appending a period followed by the event to any arbitrary package. In other words, event template-packages
template-package name to the end of the package. For example, if cannot be specifically tied to one or a few "parent" packages in such
a template-package called "winfo" were being applied to a package a way that they will not work with other packages.
called "presence", the event token used in "Event" and
"Allow-Events" would be "presence.winfo".
Event template-packages must be defined so that they can be 4.3. Amount of State to be Conveyed
applied to any arbitrary package. In other words, event
template-packages cannot be specifically tied to one or a few
"parent" packages in such a way that they will not work with
other packages.
5.3. Amount of State to be Conveyed When designing event packages, it is important to consider the type
of information which will be conveyed during a notification.
When designing event packages, it is important to consider the A natural temptation is to convey merely the event (e.g., "a new
type of information which will be conveyed during a notification. voice message just arrived") without accompanying state (e.g., "7
total voice messages"). This complicates implementation of
subscribing entities (since they have to maintain complete state for
the entity to which they have subscribed), and also is particularly
susceptible to synchronization problems.
A natural temptation is to convey merely the event (e.g. "a new There are two possible solutions to this problem that event packages
voice message just arrived") without accompanying state (e.g. "7 may choose to implement.
total voice messages"). This complicates implementation of
subscribing entities (since they have to maintain complete state
for the entity to which they have subscribed), and also is
particularly susceptible to synchronization problems.
There are two possible solutions to this problem that event 4.3.1. Complete State Information
packages may choose to implement.
5.3.1. Complete State Information For packages which typically convey state information that is
reasonably small (on the order of 1 kb or so), it is suggested that
event packages are designed so as to send complete state information
when an event occurs.
For packages which typically convey state information that is In some circumstances, conveying the current state alone may be
reasonably small (on the order of 1 kb or so), it is suggested insufficient for a particular class of events. In these cases, the
that event packages are designed so as to send complete state event packages should include complete state information along with
information when an event occurs. the event that occurred. For example, conveying "no customer service
representatives available" may not be as useful as conveying "no
customer service representatives available; representative
sip:46@cs.xyz.int just logged off".
In some circumstances, conveying the current state alone may be 4.3.2. State Deltas
insufficient for a particular class of events. In these cases,
the event packages should include complete state information
along with the event that occurred. For example, conveying "no
customer service representatives available" may not be as useful
as conveying "no customer service representatives available;
representative sip:46@cs.xyz.int just logged off".
5.3.2. State Deltas In the case that the state information to be conveyed is large, the
event package may choose to detail a scheme by which NOTIFY messages
contain state deltas instead of complete state.
In the case that the state information to be conveyed is large, Such a scheme would work as follows: any NOTIFY sent in immediate
the event package may choose to detail a scheme by which NOTIFY response to a SUBSCRIBE contains full state information. NOTIFY
messages contain state deltas instead of complete state. messages sent because of a state change will contain only the state
information that has changed; the subscriber will then merge this
information into its current knowledge about the state of the
resource.
Such a scheme would work as follows: any NOTIFY sent in immediate Any event package that supports delta changes to states MUST include
response to a SUBSCRIBE contains full state information. NOTIFY a version number that increases by exactly one for each NOTIFY
messages sent because of a state change will contain only the transaction in a subscription. Note that the state version number
state information that has changed; the subscriber will then appears in the body of the message, not in a SIP header.
merge this information into its current knowledge about the state
of the resource.
Any event package that supports delta changes to states MUST If a NOTIFY arrives that has a version number that is incremented by
include a version number that increases by exactly one for each more than one, the subscriber knows that a state delta has been
NOTIFY message in a subscription. Note that the state version missed; it ignores the NOTIFY message containing the state delta
number appears in the body of the message, not in a SIP header. (except for the version number, which it retains to detect message
loss), and re-sends a SUBSCRIBE to force a NOTIFY containing a
complete state snapshot.
If a NOTIFY arrives that has a version number that is incremented 4.4. Event Package Responsibilities
by more than one, the subscriber knows that a state delta has
been missed; it ignores the NOTIFY message containing the state
delta (except for the version number, which it retains to detect
message loss), and re-sends a SUBSCRIBE to force a NOTIFY
containing a complete state snapshot.
5.4. Event Package Responsibilities Event packages are not required to reiterate any of the behavior
described in this document, although they may choose to do so for
clarity or emphasis. In general, though, such packages are
expected to describe only the behavior that extends or modifies
the behavior described in this document.
Event packages are not required to re-iterate any of the behavior Note that any behavior designated with "SHOULD" or "MUST" in this
described in this document, although they may choose to do so for document is not allowed to be weakened by extension documents;
clarity or emphasis. In general, though, such packages are however, such documents may elect to strengthen "SHOULD"
expected to describe only the behavior that extends or modifies requirements to "MUST" strength if required by their application.
the behavior described in this document.
Note that any behavior designated with "SHOULD" or "MUST" in this In addition to the normal sections expected in standards-track
document is not allowed to be weakened by extension documents; RFCs and SIP extension documents, authors of event packages need
however, such documents may elect to strengthen "SHOULD" to address each of the issues detailed in the following
requirements to "MUST" strength if required by their application. subsections, whenever applicable.
In addition to the normal sections expected in 4.4.1. Event Package Name
standards-track RFCs and SIP extension documents, authors of
event packages need to address each of the issues detailed in
the following subsections, whenever applicable.
5.4.1. Event Package Name This section, which MUST be present, defines the token name to be
used to designate the event package. It MUST include the information
which appears in the IANA registration of the token. For information
on registering such types, see section 6.
This section, which MUST be present, defines the token name to be 4.4.2. Event Package Parameters
used to designate the event package. It MUST include the
information which appears in the IANA registration of the token.
For information on registering such types, see section 7.
5.4.2. Event Package Parameters If parameters are to be used on the "Event" header to modify the
behavior of the event package, the syntax and semantics of such
headers MUST be clearly defined.
If parameters are to be used on the "Event" header to modify the 4.4.3. SUBSCRIBE Bodies
behavior of the event package, the syntax and semantics of such
headers MUST be clearly defined.
5.4.3. SUBSCRIBE Bodies It is expected that most, but not all, event packages will define
syntax and semantics for SUBSCRIBE method bodies; these bodies will
typically modify, expand, filter, throttle, and/or set thresholds for
the class of events being requested. Designers of event packages are
strongly encouraged to re-use existing MIME types for message bodies
where practical.
It is expected that most, but not all, event packages will define This mandatory section of an event package defines what type or types
syntax and semantics for SUBSCRIBE method bodies; these bodies of event bodies are expected in SUBSCRIBE requests (or specify that
will typically modify, expand, filter, throttle, and/or set no event bodies are expected). It should point to detailed
thresholds for the class of events being requested. Designers of definitions of syntax and semantics for all referenced body types.
event packages are strongly encouraged to re-use existing MIME
types for message bodies where practical.
This mandatory section of an event package defines what type or 4.4.4. Subscription Duration
types of event bodies are expected in SUBSCRIBE requests (or
specify that no event bodies are expected). It should point to
detailed definitions of syntax and semantics for all referenced
body types.
5.4.4. Subscription Duration It is RECOMMENDED that event packages give a suggested range of times
considered reasonable for the duration of a subscription. Such
packages MUST also define a default "Expires" value to be used if
none is specified.
It is RECOMMENDED that event packages give a suggested range of 4.4.5. NOTIFY Bodies
times considered reasonable for the duration of a subscription.
Such packages MUST also define a default "Expires" value to be
used if none is specified.
5.4.5. NOTIFY Bodies The NOTIFY body is used to report state on the resource being
monitored. Each package MUST define what type or types of event
bodies are expected in NOTIFY requests. Such packages MUST specify
or cite detailed specifications for the syntax and semantics
associated with such event body.
The NOTIFY body is used to report state on the resource being Event packages also MUST define which MIME type is to be assumed if
monitored. Each package MUST define what type or types of event none are specified in the "Accept" header of the SUBSCRIBE request.
bodies are expected in NOTIFY requests. Such packages MUST
specify or cite detailed specifications for the syntax and
semantics associated with such event body.
Event packages also MUST define which MIME type is to be assumed 4.4.6. Notifier processing of SUBSCRIBE requests
if none are specified in the "Accept" header of the SUBSCRIBE
request.
5.4.6. Notifier processing of SUBSCRIBE requests This section describes the processing to be performed by the notifier
upon receipt of a SUBSCRIBE request. Such a section is required.
This section describes the processing to be performed by the Information in this section includes details of how to authenticate
notifier upon receipt of a SUBSCRIBE request. Such a section is subscribers and authorization issues for the package. Such
required. authorization issues may include, for example, whether all SUBSCRIBE
requests for this package are answered with 202 responses (see
section 5.2.).
Information in this section includes details of how to 4.4.7. Notifier generation of NOTIFY requests
authenticate subscribers and authorization issues for the
package. Such authorization issues may include, for example,
whether all SUBSCRIBE requests for this package are answered with
202 responses (see section 6.2.).
5.4.7. Notifier generation of NOTIFY requests This section of an event package describes the process by which the
notifier generates and sends a NOTIFY request. This includes
detailed information about what events cause a NOTIFY to be sent, how
to compute the state information in the NOTIFY, how to generate
neutral or fake state information to hide authorization delays and
decisions from users, and whether state information is complete or
deltas for notifications; see section 4.3. Such a section is
required.
This section of an event package describes the process by which This section may optionally describe the behavior used to process the
the notifier generates and sends a NOTIFY request. This includes subsequent response.
detailed information about what events cause a NOTIFY to be sent,
how to compute the state information in the NOTIFY, how to
generate neutral or fake state information to hide authorization
delays and decisions from users, and whether state information is
complete or deltas for notifications; see section 5.3. Such a
section is required.
This section may optionally describe the behavior used to process 4.4.8. Subscriber processing of NOTIFY requests
the subsequent response.
5.4.8. Subscriber processing of NOTIFY requests This section of an event package describes the process followed by
the subscriber upon receipt of a NOTIFY request, including any logic
required to form a coherent resource state (if applicable).
This section of an event package describes the process followed 4.4.9. Handling of forked requests
by the subscriber upon receipt of a NOTIFY request, including any
logic required to form a coherent resource state (if applicable).
5.4.9. Handling of forked requests Each event package MUST specify whether forked SUBSCRIBE requests are
allowed to install multiple subscriptions.
Each event package MUST specify whether forked SUBSCRIBE requests If such behavior is not allowed, the first potential dialog-
are allowed to install multiple subscriptions. establishing message will create a dialog. All subsequent NOTIFY
messages which correspond to the SUBSCRIBE message (i.e., match "To",
"From", "From" header "tag" parameter, "Call-ID", "CSeq", "Event",
and "Event" header "id" parameter) but which do not match the dialog
would be rejected with a 481 response. Note that the 200-class
response to the SUBSCRIBE can arrive after a matching NOTIFY has been
received; such responses might not correlate to the same dialog
established by the NOTIFY. Except as required to complete the
SUBSCRIBE transaction, such non-matching 200-class responses are
ignored.
If such behavior is not allowed, the first potential If installing of multiple subscriptions by way of a single forked
dialog-establishing message will create a dialog. All subsequent SUBSCRIBE is allowed, the subscriber establishes a new dialog towards
NOTIFY messages which correspond to the SUBSCRIBE message (i.e. each notifier by returning a 200-class response to each NOTIFY. Each
match "To", "From", "From" header "tag" parameter, "Call-ID", dialog is then handled as its own entity, and is refreshed
"CSeq", "Event", and "Event" header "id" parameter) but which do independent of the other dialogs.
not match the dialog would be rejected with a 481 response. Note
that the 200-class response to the SUBSCRIBE can arrive after a
matching NOTIFY has been received; such responses might not
correlate to the same dialog established by the NOTIFY. Except as
required to complete the SUBSCRIBE transaction, such non-matching
200-class responses are ignored.
If installing of multiple subscriptions by way of a single forked In the case that multiple subscriptions are allowed, the event
SUBSCRIBE is allowed, the subscriber establishes a new dialog package MUST specify whether merging of the notifications to form a
towards each notifier by returning a 200-class response to each single state is required, and how such merging is to be performed.
NOTIFY. Each dialog is then handled as its own entity, and is Note that it is possible that some event packages may be defined in
refreshed independent of the other dialogs. such a way that each dialog is tied to a mutually exclusive state
which is unaffected by the other dialogs; this MUST be clearly stated
if it is the case.
In the case that multiple subscriptions are allowed, the event 4.4.10. Rate of notifications
package MUST specify whether merging of the notifications to form
a single state is required, and how such merging is to be
performed. Note that it is possible that some event packages may
be defined in such a way that each dialog is tied to a mutually
exclusive state which is unaffected by the other dialogs; this
MUST be clearly stated if it is the case.
5.4.10. Rate of notifications Each event package is expected to define a requirement (SHOULD or
MUST strength) which defines an absolute maximum on the rate at which
notifications are allowed to be generated by a single notifier.
Each event package is expected to define a requirement (SHOULD or Each package MAY further define a throttle mechanism which allows
MUST strength) which defines an absolute maximum on the rate at subscribers to further limit the rate of notification.
which notifications are allowed to be generated by a single
notifier.
Each package MAY further define a throttle mechanism which allows 4.4.11. State Agents
subscribers to further limit the rate of notification.
5.4.11. State Agents Designers of event packages should consider whether their package can
benefit from network aggregation points (state agents) and/or nodes
which act on behalf of other nodes. (For example, nodes which
provide state information about a resource when such a resource is
unable or unwilling to provide such state information itself). An
example of such an application is a node which tracks the presence
and availability of a user in the network.
Designers of event packages should consider whether their package If state agents are to be used by the package, the package MUST
can benefit from network aggregation points (state agents) and/or specify how such state agents aggregate information and how they
nodes which act on behalf of other nodes. (For example, nodes provide authentication and authorization.
which provide state information about a resource when such a
resource is unable or unwilling to provide such state information
itself). An example of such an application is a node which tracks
the presence and availability of a user in the network.
If state agents are to be used by the package, the package MUST Event packages MAY also outline specific scenarios under which
specify how such state agents aggregate information and how they notifier migrations take place.
provide authentication and authorization.
Event packages MAY also outline specific scenarios under which 4.4.12. Examples
notifier migrations take place.
5.4.12. Examples Event packages SHOULD include several demonstrative message flow
diagrams paired with several typical, syntactically correct, and
complete messages.
Event packages SHOULD include several demonstrative message flow It is RECOMMENDED that documents describing event packages clearly
diagrams paired with several typical, syntactically correct and indicate that such examples are informative and not normative, with
complete messages. instructions that implementors refer to the main text of the document
for exact protocol details.
It is RECOMMENDED that documents describing event packages 4.4.13. Use of URIs to Retrieve State
clearly indicate that such examples are informative and not
normative, with instructions that implementors refer to the main
text of the draft for exact protocol details.
5.4.13. Use of URIs to Retrieve State Some types of event packages may define state information which is
potentially too large to reasonably send in a SIP message. To
alleviate this problem, event packages may include the ability to
convey a URI instead of state information; this URI will then be used
to retrieve the actual state information.
Some types of event packages may define state information which The precise mechanisms for conveying such URIs are out of the scope
is potentially too large to reasonably send in a SIP message. To of this document.
alleviate this problem, event packages may include the ability to
convey a URI instead of state information; this URI will then be
used to retrieve the actual state information.
The precise mechanisms for conveying such URIs are out of the 5. Security Considerations
scope of this document.
6. Security Considerations 5.1. Access Control
6.1. Access Control The ability to accept subscriptions should be under the direct
control of the notifier's user, since many types of events may be
considered sensitive for the purposes of privacy. Similarly, the
notifier should have the ability to selectively reject subscriptions
based on the subscriber identity (based on access control lists),
using standard SIP authentication mechanisms. The methods for
creation and distribution of such access control lists is outside the
scope of this document.
The ability to accept subscriptions should be under the direct 5.2. Notifier Privacy Mechanism
control of the notifier's user, since many types of events may be
considered sensitive for the purposes of privacy. Similarly, the
notifier should have the ability to selectively reject
subscriptions based on the subscriber identity (based on access
control lists), using standard SIP authentication mechanisms. The
methods for creation and distribution of such access control
lists is outside the scope of this draft.
6.2. Notifier Privacy Mechanism The mere act of returning a 200 or certain 4xx and 6xx responses to
SUBSCRIBE requests may, under certain circumstances, create privacy
concerns by revealing sensitive policy information. In these cases,
the notifier SHOULD always return a 202 response. While the
subsequent NOTIFY message may not convey true state, it MUST appear
to contain a potentially correct piece of data from the point of view
of the subscriber, indistinguishable from a valid response.
Information about whether a user is authorized to subscribe to the
requested state is never conveyed back to the original user under
these circumstances.
The mere act of returning a 200 or certain 4xx and 6xx responses Individual packages and their related documents for which such a mode
to SUBSCRIBE requests may, under certain circumstances, create of operation makes sense can further describe how and why to generate
privacy concerns by revealing sensitive policy information. In such potentially correct data. For example, such a mode of operation
these cases, the notifier SHOULD always return a 202 response. is mandated by RFC 2779 [6] for user presence information.
While the subsequent NOTIFY message may not convey true state, it
MUST appear to contain a potentially correct piece of data from
the point of view of the subscriber, indistinguishable from a
valid response. Information about whether a user is authorized to
subscribe to the requested state is never conveyed back to the
original user under these circumstances.
Individual packages and their related drafts for which such a 5.3. Denial-of-Service attacks
mode of operation makes sense can further describe how and why to
generate such potentially correct data. For example, such a mode
of operation is mandated by RFC 2779 [8] for user presence
information.
6.3. Denial-of-Service attacks The current model (one SUBSCRIBE request triggers a SUBSCRIBE
response and one or more NOTIFY requests) is a classic setup for an
amplifier node to be used in a smurf attack.
The current model (one SUBSCRIBE request triggers a SUBSCRIBE Also, the creation of state upon receipt of a SUBSCRIBE request can
response and one or more NOTIFY requests) is a classic setup for be used by attackers to consume resources on a victim's machine,
an amplifier node to be used in a smurf attack. rendering it unusable.
Also, the creation of state upon receipt of a SUBSCRIBE request To reduce the chances of such an attack, implementations of notifiers
can be used by attackers to consume resources on a victim's SHOULD require authentication. Authentication issues are discussed
machine, rendering it unusable. in SIP [1].
To reduce the chances of such an attack, implementations of 5.4. Replay Attacks
notifiers SHOULD require authentication. Authentication issues
are discussed in SIP [1].
6.4. Replay Attacks Replaying of either SUBSCRIBE or NOTIFY can have detrimental effects.
Replaying of either SUBSCRIBE or NOTIFY can have detrimental In the case of SUBSCRIBE messages, attackers may be able to install
effects. any arbitrary subscription which it witnessed being installed at some
point in the past. Replaying of NOTIFY messages may be used to spoof
old state information (although a good versioning mechanism in the
body of the NOTIFY messages may help mitigate such an attack). Note
that the prohibition on sending NOTIFY messages to nodes which have
not subscribed to an event also aids in mitigating the effects of
such an attack.
In the case of SUBSCRIBE messages, attackers may be able to To prevent such attacks, implementations SHOULD require
install any arbitrary subscription which it witnessed being authentication with anti-replay protection. Authentication issues
installed at some point in the past. Replaying of NOTIFY messages are discussed in SIP [1].
may be used to spoof old state information (although a good
versioning mechanism in the body of the NOTIFY messages may help
mitigate such an attack). Note that the prohibition on sending
NOTIFY messages to nodes which have not subscribed to an event
also aids in mitigating the effects of such an attack.
To prevent such attacks, implementations SHOULD require 5.5. Man-in-the middle attacks
authentication with anti-replay protection. Authentication issues
are discussed in SIP [1].
6.5. Man-in-the middle attacks Even with authentication, man-in-the-middle attacks using SUBSCRIBE
may be used to install arbitrary subscriptions, hijack existing
subscriptions, terminate outstanding subscriptions, or modify the
resource to which a subscription is being made. To prevent such
attacks, implementations SHOULD provide integrity protection across
"Contact", "Route", "Expires", "Event", and "To" headers of SUBSCRIBE
messages, at a minimum. If SUBSCRIBE bodies are used to define
further information about the state of the call, they SHOULD be
included in the integrity protection scheme.
Even with authentication, man-in-the-middle attacks using Man-in-the-middle attacks may also attempt to use NOTIFY messages to
SUBSCRIBE may be used to install arbitrary subscriptions, hijack spoof arbitrary state information and/or terminate outstanding
existing subscriptions, terminate outstanding subscriptions, or subscriptions. To prevent such attacks, implementations SHOULD
modify the resource to which a subscription is being made. To provide integrity protection across the "Call-ID", "CSeq", and
prevent such attacks, implementations SHOULD provide integrity "Subscription-State" headers and the bodies of NOTIFY messages.
protection across "Contact", "Route", "Expires", "Event", and
"To" headers of SUBSCRIBE messages, at a minimum. If SUBSCRIBE
bodies are used to define further information about the state of
the call, they SHOULD be included in the integrity protection
scheme.
Man-in-the-middle attacks may also attempt to use NOTIFY messages Integrity protection of message headers and bodies is discussed in
to spoof arbitrary state information and/or terminate outstanding SIP [1].
subscriptions. To prevent such attacks, implementations SHOULD
provide integrity protection across the "Call-ID", "CSeq", and
"Subscription-State" headers and the bodies of NOTIFY messages.
Integrity protection of message headers and bodies is discussed 5.6. Confidentiality
in SIP [1].
6.6. Confidentiality The state information contained in a NOTIFY message has the potential
to contain sensitive information. Implementations MAY encrypt such
information to ensure confidentiality.
The state information contained in a NOTIFY message has the While less likely, it is also possible that the information contained
potential to contain sensitive information. Implementations MAY in a SUBSCRIBE message contains information that users might not want
encrypt such information to ensure confidentiality. to have revealed. Implementations MAY encrypt such information to
ensure confidentiality.
While less likely, it is also possible that the information To allow the remote party to hide information it considers sensitive,
contained in a SUBSCRIBE message contains information that users all implementations SHOULD be able to handle encrypted SUBSCRIBE and
might not want to have revealed. Implementations MAY encrypt such NOTIFY messages.
information to ensure confidentiality.
To allow the remote party to hide information it considers The mechanisms for providing confidentiality are detailed in SIP [1].
sensitive, all implementations SHOULD be able to handle encrypted
SUBSCRIBE and NOTIFY messages.
The mechanisms for providing confidentiality are detailed in SIP 6. IANA Considerations
[1].
7. IANA Considerations This document defines an event-type namespace which requires a
central coordinating body. The body chosen for this coordination is
the Internet Assigned Numbers Authority (IANA).
(This section is not applicable until this document is published There are two different types of event-types: normal event packages,
as an RFC.) and event template-packages; see section 4.2. To avoid confusion,
template-package names and package names share the same namespace; in
other words, an event template-package MUST NOT share a name with a
package.
This document defines an event-type namespace which requires a Following the policies outlined in "Guidelines for Writing an IANA
central coordinating body. The body chosen for this coordination Considerations Section in RFCs" [4], normal event package
is the Internet Assigned Numbers Authority (IANA). identification tokens are allocated as First Come First Served, and
event template-package identification tokens are allocated on a IETF
Consensus basis.
There are two different types of event-types: normal event Registrations with the IANA MUST include the token being registered
packages, and event template-packages; see section 5.2. To avoid and whether the token is a package or a template-package. Further,
confusion, template-package names and package names share the packages MUST include contact information for the party responsible
same namespace; in other words, an event template-package MUST for the registration and/or a published document which describes the
NOT share a name with a package. event package. Event template-package token registrations MUST
include a pointer to the published RFC which defines the event
template-package.
Following the policies outlined in "Guidelines for Writing an Registered tokens to designate packages and template-packages MUST
IANA Considerations Section in RFCs"[5], normal event package NOT contain the character ".", which is used to separate template-
identification tokens are allocated as First Come First Served, packages from packages.
and event template-package identification tokens are allocated on
a IETF Consensus basis.
Registrations with the IANA MUST include the token being 6.1. Registration Information
registered and whether the token is a package or a
template-package. Further, packages MUST include contact
information for the party responsible for the registration and/or
a published document which describes the event package. Event
template-package token registrations MUST include a pointer to
the published RFC which defines the event template-package.
Registered tokens to designate packages and template-packages As this document specifies no package or template-package names, the
MUST NOT contain the character ".", which is used to separate initial IANA registration for event types will be empty. The
template-packages from packages. remainder of the text in this section gives an example of the type of
information to be maintained by the IANA; it also demonstrates all
five possible permutations of package type, contact, and reference.
7.1. Registration Information The table below lists the event packages and template-packages
defined in "SIP-Specific Event Notification" [RFC3265]. Each name is
designated as a package or a template-package under "Type".
As this document specifies no package or template-package names, Package Name Type Contact Reference
the initial IANA registration for event types will be empty. The ------------ ---- ------- ---------
remainder of the text in this section gives an example of the example1 package [Roach]
type of information to be maintained by the IANA; it also example2 package [Roach] [RFC3265]
demonstrates all five possible permutations of package type, example3 package [RFC3265]
contact, and reference. example4 template [Roach] [RFC3265]
example5 template [RFC3265]
The table below lists the event packages and template-packages PEOPLE
defined in "SIP-Specific Event Notification" [RFC xxxx]. Each ------
name is designated as a package or a template-package under [Roach] Adam Roach <adam@dynamicsoft.com>
"Type".
Package Name Type Contact Reference REFERENCES
------------ ---- ------- --------- ----------
example1 package [Roach] [RFC3265] Roach, A., "SIP-Specific Event Notification", RFC 3265,
example2 package [Roach] [RFC xxxx] June 2002.
example3 package [RFC xxxx]
example4 template [Roach] [RFC xxxx]
example5 template [RFC xxxx]
PEOPLE 6.2. Registration Template
------
[Roach] Adam Roach <adam@dynamicsoft.com>
REFERENCES To: ietf-sip-events@iana.org
---------- Subject: Registration of new SIP event package
[RFC xxxx] A. Roach "SIP-Specific Event Notification", RFC XXXX,
August 2002.
7.2. Registration Template Package Name:
To: ietf-sip-events@iana.org (Package names must conform to the syntax described in
Subject: Registration of new SIP event package section 7.2.1.)
Package Name: Is this registration for a Template Package:
(Package names must conform to the syntax described in (indicate yes or no)
section 8.2.1.)
Is this registration for a Template Package: Published Specification(s):
(indicate yes or no) (Template packages require a published RFC. Other packages
may reference a specification when appropriate).
Published Specification(s): Person & email address to contact for further information:
(Template packages require a published RFC. Other packages 6.3. Header Field Names
may reference a specification when appropriate).
Person & email address to contact for further information: This document registers three new header field names, described
elsewhere in this document. These headers are defined by the
following information, which is to be added to the header sub-
registry under http://www.iana.org/assignments/sip-parameters.
7.3. Header Field Names Header Name: Allow-Events
Compact Form: u
Header Name: Subscription-State
Compact Form: (none)
This document registers three new header field names, described Header Name: Event
elsewhere in this document. These headers are defined by the Compact Form: o
following information, which is to be added to the header
sub-registry under
http://www.iana.org/assignments/sip-parameters.
Header Name: Allow-Events 6.4. Response Codes
Compact Form: u
Header Name: Subscription-State This document registers two new response codes. These response codes
Compact Form: (none) are defined by the following information, which is to be added to the
method and response-code sub-registry under
http://www.iana.org/assignments/sip-parameters.
Header Name: Event Response Code Number: 202
Compact Form: o Default Reason Phrase: Accepted
7.4. Response Codes Response Code Number: 489
Default Reason Phrase: Bad Event
This document registers two new methods. These methods are 7. Syntax
defined by the following information, which is to be added to the
method and response-code sub-registry under
http://www.iana.org/assignments/sip-parameters.
Response Code Number: 202 This section describes the syntax extensions required for event
Default Reason Phrase: Accepted notification in SIP. Semantics are described in section 3. Note
that the formal syntax definitions described in this document are
expressed in the ABNF format used in SIP [1], and contain references
to elements defined therein.
Response Code Number: 489 7.1. New Methods
Default Reason Phrase: Bad Event
8. Syntax This document describes two new SIP methods: SUBSCRIBE and
NOTIFY.
This section describes the syntax extensions required for event This table expands on tables 2 and 3 in SIP [1].
notification in SIP. Semantics are described in section 4. Note
that the formal syntax definitions described in this document are
expressed in the ABNF format used in SIP [1], and contain
references to elements defined therein.
8.1. New Methods Header Where SUB NOT
------ ----- --- ---
Accept R o o
Accept 2xx - -
Accept 415 o o
Accept-Encoding R o o
Accept-Encoding 2xx - -
Accept-Encoding 415 o o
Accept-Language R o o
Accept-Language 2xx - -
Accept-Language 415 o o
Alert-Info R - -
Alert-Info 180 - -
Allow R o o
Allow 2xx o o
Allow r o o
Allow 405 m m
Authentication-Info 2xx o o
Authorization R o o
Call-ID c m m
Contact R m m
Contact 1xx o o
Contact 2xx m o
Contact 3xx m m
Contact 485 o o
Content-Disposition o o
Content-Encoding o o
Content-Language o o
Content-Length t t
Content-Type * *
CSeq c m m
Date o o
Error-Info 300-699 o o
Expires o -
Expires 2xx m -
From c m m
In-Reply-To R - -
Max-Forwards R m m
Min-Expires 423 m -
MIME-Version o o
Organization o -
Priority R o -
Proxy-Authenticate 407 m m
Proxy-Authorization R o o
Proxy-Require R o o
RAck R - -
Record-Route R o o
Record-Route 2xx,401,484 o o
Reply-To - -
Require o o
Retry-After 404,413,480,486 o o
Retry-After 500,503 o o
Retry-After 600,603 o o
Route R c c
RSeq 1xx o o
Server r o o
Subject R - -
Supported R o o
Supported 2xx o o
Timestamp o o
To c(1) m m
Unsupported 420 o o
User-Agent o o
Via c m m
Warning R - o
Warning r o o
WWW-Authenticate 401 m m
This document describes two new SIP methods: SUBSCRIBE and 7.1.1. SUBSCRIBE method
NOTIFY.
This table expands on tables 2 and 3 in SIP [1]. "SUBSCRIBE" is added to the definition of the element "Method" in the
SIP message grammar.
Header Where SUB NOT Like all SIP method names, the SUBSCRIBE method name is case
------ ----- --- --- sensitive. The SUBSCRIBE method is used to request asynchronous
Accept R o o notification of an event or set of events at a later time.
Accept 2xx - -
Accept 415 o o
Accept-Encoding R o o
Accept-Encoding 2xx - -
Accept-Encoding 415 o o
Accept-Language R o o
Accept-Language 2xx - -
Accept-Language 415 o o
Alert-Info R - -
Alert-Info 180 - -
Allow R o o
Allow 2xx o o
Allow r o o
Allow 405 m m
Authentication-Info 2xx o o
Authorization R o o
Call-ID c m m
Contact R m m
Contact 1xx o o
Contact 2xx m o
Contact 3xx m m
Contact 485 o o
Content-Disposition o o
Content-Encoding o o
Content-Language o o
Content-Length t t
Content-Type * *
CSeq c m m
Date o o
Error-Info 300-699 o o
Expires o -
Expires 2xx m -
From c m m
In-Reply-To R - -
Max-Forwards R m m
Min-Expires 423 m -
MIME-Version o o
Organization o -
Priority R o -
Proxy-Authenticate 407 m m
Proxy-Authorization R o o
Proxy-Require R o o
RAck R - -
Record-Route R o o
Record-Route 2xx,401,484 o o
Reply-To - -
Require o o
Retry-After 404,413,480,486 o o
Retry-After 500,503 o o
Retry-After 600,603 o o
Route R c c
RSeq 1xx o o
Server r o o
Subject R - -
Supported R o o
Supported 2xx o o
Timestamp o o
To c(1) m m
Unsupported 420 o o
User-Agent o o
Via c m m
Warning R - o
Warning r o o
WWW-Authenticate 401 m m
8.1.1. SUBSCRIBE method 7.1.2. NOTIFY method
"SUBSCRIBE" is added to the definition of the element "Method" in "NOTIFY" is added to the definition of the element "Method" in the
the SIP message grammar. SIP message grammar.
Like all SIP method names, the SUBSCRIBE method name is case The NOTIFY method is used to notify a SIP node that an event which
sensitive. The SUBSCRIBE method is used to request asynchronous has been requested by an earlier SUBSCRIBE method has occurred. It
notification of an event or set of events at a later time. may also provide further details about the event.
8.1.2. NOTIFY method 7.2. New Headers
"NOTIFY" is added to the definition of the element "Method" in This table expands on tables 2 and 3 in SIP [1], as amended by the
the SIP message grammar. changes described in section 7.1.
The NOTIFY method is used to notify a SIP node that an event Header field where proxy ACK BYE CAN INV OPT REG PRA SUB NOT
which has been requested by an earlier SUBSCRIBE method has -----------------------------------------------------------------
occurred. It may also provide further details about the event. Allow-Events R o o - o o o o o o
Allow-Events 2xx - o - o o o o o o
Allow-Events 489 - - - - - - - m m
Event R - - - - - - - m m
Subscription-State R - - - - - - - - m
8.2. New Headers 7.2.1. "Event" header
This table expands on tables 2 and 3 in SIP [1], as amended by
the changes described in section 8.1.
Header field where proxy ACK BYE CAN INV OPT REG PRA SUB NOT Event is added to the definition of the element "message-header" in
----------------------------------------------------------------- the SIP message grammar.
Allow-Events R o o - o o o o o o
Allow-Events 2xx - o - o o o o o o
Allow-Events 489 - - - - - - - m m
Event R - - - - - - - m m
Subscription-State R - - - - - - - - m
8.2.1. "Event" header For the purposes of matching responses and NOTIFY messages with
SUBSCRIBE messages, the event-type portion of the "Event" header is
compared byte-by-byte, and the "id" parameter token (if present) is
compared byte-by-byte. An "Event" header containing an "id"
parameter never matches an "Event" header without an "id" parameter.
No other parameters are considered when performing a comparison.
Event is added to the definition of the element "message-header" Note that the forgoing text means that "Event: foo; id=1234" would
in the SIP message grammar. match "Event: foo; param=abcd; id=1234", but not "Event: foo" (id
does not match) or "Event: Foo; id=1234" (event portion does not
match).
For the purposes of matching responses and NOTIFY messages with This document does not define values for event-types. These values
SUBSCRIBE messages, the event-type portion of the "Event" header will be defined by individual event packages, and MUST be registered
is compared byte-by-byte, and the "id" parameter token (if with the IANA.
present) is compared byte-by-byte. An "Event" header containing
an "id" parameter never matches an "Event" header without an "id"
parameter. No other parameters are considered when performing a
comparison.
Note that the forgoing text means that "Event: foo; id=1234" There MUST be exactly one event type listed per event header.
would match "Event: foo; param=abcd; id=1234", but not Multiple events per message are disallowed.
"Event: foo" (id does not match) or "Event: Foo; id=1234"
(event portion does not match).
This document does not define values for event-types. These 7.2.2. "Allow-Events" Header
values will be defined by individual event packages, and MUST be
registered with the IANA.
There MUST be exactly one event type listed per event header. Allow-Events is added to the definition of the element "general-
Multiple events per message are disallowed. header" in the SIP message grammar. Its usage is described in
section 3.3.7.
8.2.2. "Allow-Events" Header 7.2.3. "Subscription-State" Header
Allow-Events is added to the definition of the element Subscription-State is added to the definition of the element
"general-header" in the SIP message grammar. Its usage is "request-header" in the SIP message grammar. Its usage is described
describe in section 4.3.7. in section 3.2.4.
8.2.3. "Subscription-State" Header 7.3. New Response Codes
Subscription-State is added to the definition of the element 7.3.1. "202 Accepted" Response Code
"request-header" in the SIP message grammar. Its usage is
described in section 4.2.4.
8.3. New Response Codes The 202 response is added to the "Success" header field definition.
8.3.1. "202 Accepted" Response Code "202 Accepted" has the same meaning as that defined in HTTP/1.1 [3].
The 202 response is added to the "Success" header field 7.3.2. "489 Bad Event" Response Code
definition. "202 Accepted" has the same meaning as that defined
in HTTP/1.1 [4].
8.3.2. "489 Bad Event" Response Code The 489 event response is added to the "Client-Error" header field
definition. "489 Bad Event" is used to indicate that the server did
not understand the event package specified in a "Event" header field.
The 489 event response is added to the "Client-Error" header 7.4. Augmented BNF Definitions
field definition. "489 Bad Event" is used to indicate that the
server did not understand the event package specified in a
"Event" header field.
8.4. Augmented BNF Definitions The Augmented BNF definitions for the various new and modified syntax
elements follows. The notation is as used in SIP [1], and any
elements not defined in this section are as defined in SIP and the
documents to which it refers.
The Augmented BNF definitions for the various new and modified SUBSCRIBEm = %x53.55.42.53.43.52.49.42.45 ; SUBSCRIBE in caps
syntax elements follows. The notation is as used in SIP [1], and NOTIFYm = %x4E.4F.54.49.46.59 ; NOTIFY in caps
any elements not defined in this section are as defined in SIP extension-method = SUBSCRIBEm / NOTIFYm / token
and the documents to which it refers. Event = ( "Event" / "o" ) HCOLON event-type
*( SEMI event-param )
event-type = event-package *( "." event-template )
event-package = token-nodot
event-template = token-nodot
token-nodot = 1*( alphanum / "-" / "!" / "%" / "*"
/ "_" / "+" / "`" / "'" / "~" )
event-param = generic-param / ( "id" EQUAL token )
SUBSCRIBEm = %x53.55.42.53.43.52.49.42.45 ; SUBSCRIBE in caps Allow-Events = ( "Allow-Events" / "u" ) HCOLON event-type
NOTIFYm = %x4E.4F.54.49.46.59 ; NOTIFY in caps *(COMMA event-type)
extension-method = SUBSCRIBEm / NOTIFYm / token
Event = ( "Event" / "o" ) HCOLON event-type Subscription-State = "Subscription-State" HCOLON substate-value
*( SEMI event-param ) *( SEMI subexp-params )
event-type = event-package *( "." event-template ) substate-value = "active" / "pending" / "terminated"
event-package = token-nodot / extension-substate
event-template = token-nodot extension-substate = token
token-nodot = 1*( alphanum / "-" / "!" / "%" / "*" subexp-params = ("reason" EQUAL event-reason-value)
/ "_" / "+" / "`" / "'" / "~" ) / ("expires" EQUAL delta-seconds)
event-param = generic-param / ( "id" EQUAL token ) / ("retry-after" EQUAL delta-seconds)
/ generic-param
event-reason-value = "deactivated"
/ "probation"
/ "rejected"
/ "timeout"
/ "giveup"
/ "noresource"
/ event-reason-extension
event-reason-extension = token
Allow-Events = ( "Allow-Events" / "u" ) HCOLON event-type 8. Normative References
*(COMMA event-type)
Subscription-State = "Subscription-State" HCOLON substate-value [1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
*( SEMI subexp-params ) Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP:
substate-value = "active" / "pending" / "terminated" Session Initiation Protocol", RFC 3261, June 2002.
/ extension-substate
extension-substate = token
subexp-params = ("reason" EQUAL reason-value)
/ ("expires" EQUAL delta-seconds)
/ ("retry-after" EQUAL delta-seconds)
/ generic-param
reason-value = "deactivated"
/ "probation"
/ "rejected"
/ "timeout"
/ "giveup"
/ "noresource"
/ reason-extension
reason-extension = token
9. References [2] Petrack, S. and L. Conroy, "The PINT Service Protocol", RFC
2848, June 2000.
NOTE: Non-normative references are so labeled. [3] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999.
[1] J. Rosenberg et. al., "SIP: Session Initiation Protocol", [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
<draft-ietf-sip-rfc2543bis-07>, IETF; February 2002. Work in Considerations Section in RFCs", BCP 26, RFC 2434, October
progress. 1998.
[2] J. Rosenberg, H. Schulzrinne, "Guidelines for Authors of SIP [5] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement
Extensions", <draft-ietf-sip-guidelines-03.txt>, IETF; Levels", BCP 14, RFC 2119, March 1997.
November 2001. Work in progress. Non-normative.
[3] S. Petrack, L. Conroy, "The PINT Service Protocol", RFC 2848, [6] Day, M., Aggarwal, S., Mohr, G. and J. Vincent, "Instant
IETF; June 2000. Messaging/Presence Protocol Requirements", RFC 2779, February
2000.
[4] R. Fielding et. al., "Hypertext Transfer Protocol -- 9. Informative References
HTTP/1.1", RFC 2616, IETF, June 1999.
[5] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA [7] Rosenberg, J. and H. Schulzrinne, "Guidelines for Authors of
Considerations Section in RFCs", BCP 26, IETF, October 1998. SIP Extensions", Work in Progress.
[6] Schulzrinne/Rosenberg, "SIP Caller Preferences and Callee [8] Schulzrinne, H. and J. Rosenberg, "SIP Caller Preferences and
Capabilities", <draft-ietf-sip-callerprefs-05.txt>, IETF; Callee Capabilities", Work in Progress.
November 2001. Work in progress. Non-normative.
[7] S. Bradner, "Key words for use in RFCs to indicate 10. Acknowledgements
requirement levels", RFC 2119, IETF, March 1997
[8] M. Day et. al., "Instant Messaging/Presence Protocol Thanks to the participants in the Events BOF at the 48th IETF meeting
Requirements", RFC 2779, IETF, February 2000 in Pittsburgh, as well as those who gave ideas and suggestions on the
SIP Events mailing list. In particular, I wish to thank Henning
Schulzrinne of Columbia University for coming up with the final
three-tiered event identification scheme, Sean Olson for
miscellaneous guidance, Jonathan Rosenberg for a thorough scrubbing
of the -00 draft, and the authors of the "SIP Extensions for
Presence" document for their input to SUBSCRIBE and NOTIFY request
semantics.
10. Acknowledgements 11. Notice Regarding Intellectual Property Rights
Thanks to the participants in the Events BOF at the 48th IETF The IETF has been notified of intellectual property rights claimed in
meeting in Pittsburgh, as well as those who gave ideas and regard to some or all of the specification contained in this
suggestions on the SIP Events mailing list. In particular, I wish document. For more information, consult the online list of claimed
to thank Henning Schulzrinne of Columbia University for coming up rights at http://www.ietf.org/ipr.html
with the final three-tiered event identification scheme, Sean
Olson for miscellaneous guidance, Jonathan Rosenberg for a
thorough scrubbing of the -00 draft, and the authors of the "SIP
Extensions for Presence" draft for their input to SUBSCRIBE and
NOTIFY request semantics.
11. Author's Address 12. Author's Address
Adam Roach Adam Roach
dynamicsoft dynamicsoft
5100 Tennyson Parkway 5100 Tennyson Parkway
Suite 1200 Suite 1200
Plano, TX 75024 Plano, TX 75024
USA USA
E-Mail: <adam@dynamicsoft.com>
Voice: <sip:adam@dynamicsoft.com>
12. Notice Regarding Intellectual Property Rights EMail: adam@dynamicsoft.com
Voice: sip:adam@dynamicsoft.com
The IETF has been notified of intellectual property rights 13. Full Copyright Statement
claimed in regard to some or all of the specification contained
in this document. For more information, consult the online list
of claimed rights at http://www.ietf.org/ipr.html
13. Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved.
Copyright (c) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
This document and translations of it may be copied and furnished The limited permissions granted above are perpetual and will not be
to others, and derivative works that comment on or otherwise revoked by the Internet Society or its successors or assigns.
explain it or assist in its implementation may be prepared,
copied, published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice
and this paragraph are included on all such copies and derivative
works. However, this document itself may not be modified in any
way, such as by removing the copyright notice or references to
the Internet Society or other Internet organizations, except as
needed for the purpose of developing Internet standards in which
case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate
it into languages other than English.
The limited permissions granted above are perpetual and will not This document and the information contained herein is provided on an
be revoked by the Internet Society or its successors or assigns. "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
This document and the information contained herein is provided on Acknowledgement
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR Funding for the RFC Editor function is currently provided by the
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE Internet Society.
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
 End of changes. 363 change blocks. 
1457 lines changed or deleted 1397 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/