draft-ietf-xcon-floor-control-req-03.txt   rfc4376.txt 
Transport Area P. Koskelainen Network Working Group P. Koskelainen
Internet-Draft Nokia Request for Comments: 4376 Nokia
Expires: July 3, 2005 J. Ott Category: Informational J. Ott
Uni Bremen TZI Helsinki University of Technology
H. Schulzrinne H. Schulzrinne
X. Wu X. Wu
Columbia University Columbia University
January 2, 2005 February 2006
Requirements for Floor Control Protocol
draft-ietf-xcon-floor-control-req-03.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at Requirements for Floor Control Protocols
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at Status of This Memo
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 3, 2005. This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
Floor control is a means to manage joint or exclusive access to Floor control is a means to manage joint or exclusive access to
shared resource in a (multiparty) conferencing environment. Thereby, shared resources in a (multiparty) conferencing environment.
floor control complements other functions -- such as conference and Thereby, floor control complements other functions -- such as
media session setup, conference policy manipulation, and media conference and media session setup, conference policy manipulation,
control -- that are realized by other protocols. This document and media control -- that are realized by other protocols. This
defines the requirements for a floor control protocol for multiparty document defines the requirements for a floor control protocol for
conferences in the context of an existing framework. multiparty conferences in the context of an existing framework.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................2
2. Conventions Used in This Document . . . . . . . . . . . . . . 4 2. Conventions Used in This Document ...............................3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Terminology .....................................................3
4. Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Model ...........................................................4
5. Integration with Conferencing . . . . . . . . . . . . . . . . 7 5. Integration with Conferencing ...................................5
6. Assumptions about a Conference Policy . . . . . . . . . . . . 8 6. Assumptions about a Conference Policy ...........................6
7. Floor Control Protocol Requirements . . . . . . . . . . . . . 10 7. Floor Control Protocol Requirements .............................7
7.1 Communication between Participant and Server . . . . . . . 10 7.1. Communication between Participant and Server ...............7
7.2 Communicaton between Chair and Server . . . . . . . . . . 11 7.2. Communication between Chair and Server .....................9
7.3 General Protocol Requirements . . . . . . . . . . . . . . 12 7.3. General Protocol Requirements ..............................9
8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 8. Security Considerations ........................................10
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 9. Acknowledgements ...............................................11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 10. References ....................................................12
10.1 Normative References . . . . . . . . . . . . . . . . . . . . 16 10.1. Normative References .....................................12
10.2 Informative References . . . . . . . . . . . . . . . . . . . 16 10.2. Informative References ...................................12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17
Intellectual Property and Copyright Statements . . . . . . . . 18
1. Introduction 1. Introduction
Conference applications often have shared resources such as the right Conference applications often have shared resources such as the right
to talk, input access to a limited-bandwidth video channel, or a to talk, input access to a limited-bandwidth video channel, or a
pointer or input focus in a shared application. pointer or input focus in a shared application.
In many cases, it is desirable to be able to control who can provide In many cases, it is desirable to be able to control who can provide
input (send/write/control, depending on the application) to the input (send/write/control, depending on the application) to the
shared resource. shared resource.
Floor control enables applications or users to gain safe and mutually Floor control enables applications or users to gain safe and mutually
exclusive or non-exclusive input access to the shared object or exclusive or non-exclusive input access to the shared object or
resource. The floor is an individual temporary access or resource. The floor is an individual temporary access or
manipulation permission for a specific shared resource (or group of manipulation permission for a specific shared resource (or group of
resources) [7]. resources) [6].
Floor control is an optional feature for conferencing applications. Floor control is an optional feature for conferencing applications.
SIP [2] conferencing applications may also decide not to support this SIP [2] conferencing applications may also decide not to support this
feature at all. Two-party applications may use floor control outside feature at all. Two-party applications may use floor control outside
conferencing, although the usefulness of this kind of scenario is conferencing, although the usefulness of this kind of scenario is
limited. Floor control may be used together with conference policy limited. Floor control may be used together with the conference
control protocol (CPCP) [8], or it may be used as independent policy control protocol (CPCP) [7], or it may be used as an
standalone protocol, e.g. with SIP but without CPCP. independent stand-alone protocol, e.g., with SIP but without CPCP.
Floor control has been studied extensively over the years, (e.g. Floor control has been studied extensively over the years (e.g., [8],
[9], [7], [6]) therefore earlier work can be leveraged here. [6], and [5]); therefore, earlier work can be leveraged here.
The present document describes the requirements for a floor control The present document describes the requirements for a floor control
protocol. As a requirements specification, the document makes no protocol. As a requirements specification, the document makes no
assumptions about the later implementation of the respective assumptions about the later implementation of the respective
requirements as parts of one or more protocols and about the entities requirements as parts of one or more protocols or about the entities
implementing it/them and their roles. implementing them and their roles.
This document may be used in conjunction with other documents, such This document may be used in conjunction with other documents, such
as the Conferencing framework document [3]. In particular, when as the conferencing framework document [3]. In particular, when
speaking about a floor control server, this entity may be identical speaking about a floor control server, this entity may be identical
to or co-located with the focus or a conference policy server defined to or co-located with the focus or a conference policy server defined
in the framework document, while participants and floor chairs in the framework document, while participants and floor chairs
referred to in this specificiation may be regular participants as referred to in this specification may be regular participants as
introduced in the conferencing framework document. The term "floor introduced in the conferencing framework document. In this
control protocol" is used in an abstract sense in this specification specification, the term "floor control protocol" is used in an
and may ultimately be mapped to any of the existing conference abstract sense and may ultimately be mapped to any of the existing
control or other signaling protocols (including CPCP and SIP). But conference control or other signaling protocols (including CPCP and
defining those relationships is left to a concrete floor control SIP). However, defining those relationships is left to a concrete
protocol specification. floor control protocol specification.
2. Conventions Used in This Document 2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119 [1].
3. Terminology 3. Terminology
This document uses the definitions from [3]. This document uses the definitions from [3].
The following additional definitions apply: The following additional definitions apply:
Floor: A permission to temporarily access or manipulate a specific Floor: A permission to access or manipulate a specific shared
shared resource or set of resources. resource or set of resources temporarily.
Conference owner: A privileged user who controls the conference, Conference owner: A privileged user who controls the conference,
creates floors and assigns and deassigns floor chairs. The creates floors, and assigns and deassigns floor chairs. The
conference owner does not have to be a member in a conference. conference owner does not have to be a member in a conference.
Floor chair: A user (or an entity) who manages one floor (grants, Floor chair: A user (or an entity) who manages one floor (grants,
denies or revokes a floor). The floor chair does not have to be a denies, or revokes a floor). The floor chair does not have to be a
member in a conference. member in a conference.
Floor control: A mechanism that enables applications or users to gain Floor control: A mechanism that enables applications or users to gain
safe and mutually exclusive or non-exclusive input access to the safe and mutually exclusive or non-exclusive input access to the
shared object or resource. shared object or resource.
Floor control server: A logical entity that maintains the state of Floor control server: A logical entity that maintains the state of
the floor(s) including which floors exists, who the floor chairs are, the floor(s) including which floors exists, who the floor chairs are,
who holds a floor, etc. Requests to manipulate a floor are directed who holds a floor, etc. Requests to manipulate a floor are directed
at the floor control server. at the floor control server.
Floor request set: A logical data structure holding all requests for Floor request set: A logical data structure holding all requests for
a particular floor at a given point in time. a particular floor at a given point in time.
Floor holder set: A logical data structure identifying all Floor holder set: A logical data structure identifying all
participants who currently hold the floor. participants who currently hold the floor.
4. Model 4. Model
The model for floor control comprises three logical entities: a The model for floor control is composed of three logical entities: a
single floor control server, one or more floor chairs (moderators), single floor control server, one or more floor chairs (moderators),
and any number of regular conference participants. and any number of regular conference participants.
A floor control protocol is used to convey the floor control messages A floor control protocol is used to convey the floor control messages
among the floor chairs (moderators) of the conference, the floor among the floor chairs (moderators) of the conference, the floor
control server, and the participants of the conference. A control server, and the participants of the conference. A
centralized architecture is assumed in which all messages go via one centralized architecture is assumed in which all messages go via one
point, the floor control server. Processing (granting or rejecting) point, the floor control server. Processing (granting or rejecting)
floor control requests is done by the one or more floor chairs or by floor control requests is done by the one or more floor chairs or by
the server itself, depending on the policy. the server itself, depending on the policy.
Floor requests from the participants are received by the floor Floor requests from the participants are received by the floor
control server and kept in an -- at the level of the floor control control server and kept (at the level of the floor control protocol)
protocol -- floor request set (i.e. are not ordered in any in a floor request set (i.e., are not ordered in any particular
particular fashion). The current floor holders are reflected in a fashion). The current floor holders are reflected in a current floor
current floor holder set. Floor chairs are capable of manipulating holder set. Floor chairs are capable of manipulating both sets to
both sets to e.g. grant, revoke, reject, and pass the floor. grant, revoke, reject, and pass the floor (for example).
The order in which requests are processed, whether they are granted The order in which requests are processed, whether they are granted
or rejected, how many participants obtain a floor simultaneously, is or rejected, and how many participants obtain a floor simultaneously
determined by a higher layer application operating on these sets and are determined by a higher-layer application operating on these sets
is not confined by the floor control protocol. and are not confined by the floor control protocol.
A floor is associated with one or more media sessions. The A floor is associated with one or more media sessions. The
centralized conference server manages the floors and thus controls centralized conference server manages the floors and thus controls
access to the media sessions. There are two aspects to this: 1) The access to the media sessions. There are two aspects to this: 1) The
server maintains and distributes consistent state information about server maintains and distributes consistent state information about
who has a certain floor at a certain point in time and does so who has a certain floor at a certain point in time and does so
following some rule set. This provides all participants with the following some rule set. This provides all participants with the
necessary information about who is allowed to e.g. speak, but relies necessary information about who is allowed to speak (for example),
on a cooperative behavior among all participants. 2) In addition, to but relies on a cooperative behavior among all participants. 2) In
prevent individuals from ignoring the "hints" given by the floor addition, to prevent individuals from ignoring the "hints" given by
control server, the latter may -- e.g. in cooperation with other the floor control server, the latter may (e.g., in cooperation with
functional entities -- enforce compliance with floor status, e.g. by other functional entities) enforce compliance with floor status,
blocking media streams from participants not entitled to speak. The e.g., by blocking media streams from participants not entitled to
floor control server controls the floors at least at the signaling speak. The floor control server controls the floors at least at the
level (1); actively controlling also the actual (physical) media signaling level. In addition, actively controlling the actual
resources (2) is highly recommended, but beyond the scope of this (physical) media resources is highly recommended, but beyond the
document. scope of this document.
As noted in the introduction, an actual protocol specification As noted in the introduction, an actual protocol specification
fulfilling the requirements defined in this memo may map the fulfilling the requirements defined in this memo may map the
components of the above model onto the conferencing components components of the above model onto the conferencing components
defined in the conferencing framework document. Some of these defined in the conferencing framework document. Some of these
aspects are discussed briefly in the next subsection. aspects are discussed briefly in the next section.
5. Integration with Conferencing 5. Integration with Conferencing
Floor control itself does not support privileges such as creating Floor control itself does not support privileges such as creating
floors and appointing floor chairs, handing over chair privileges to floors and appointing floor chairs and handing over chair privileges
other users (or taking them away). Instead, some external mechanism, to other users (or taking them away). Instead, some external
such as conference management (e.g. CPCP or web interface for policy mechanism, such as conference management (e.g., CPCP or web interface
manipulation) is used for that. for policy manipulation) is used for that.
The conference policy (and thus the conference owner or creator) The conference policy (and thus the conference owner or creator)
defines whether floor control is in use or not. Actually enforcing defines whether floor control is in use or not. Actually enforcing
conference media distribution in line with the respective media's conference media distribution in line with the respective media's
floor status (e.g. controlling an audio bridge) is beyond the scope floor status (e.g., controlling an audio bridge) is beyond the scope
of this document. Floor control itself does not define media of this document. Floor control itself does not define media
enforcement. It is up to the conference and media policies to define enforcement. It is up to the conference and media policies to define
which media streams may be used in a conference and which ones are which media streams may be used in a conference and which ones are
floor controlled. floor controlled.
Typically, the conference owner creates the floor(s) using conference Typically, the conference owner creates the floor(s) using the
policy control protocol (or some other mechanism) and appoints the conference policy control protocol (or some other mechanism) and
floor chair. The conference owner can remove the floor anytime (so appoints the floor chair. The conference owner can remove the floor
that a media session is not floor-controlled anymore) or change floor anytime (so that a media session is not floor-controlled anymore) or
chair or floor parameters. change the floor chair or floor parameters.
The floor chair just controls the access to the floor(s), according The floor chair just controls the access to the floor(s), according
to the conference policy. to the conference policy.
A floor control server is a separate logical entity, typically A floor control server is a separate logical entity, typically
co-located with focus and/or conference policy server. Therefore, co-located with focus and/or conference policy server. Therefore,
the floor control server can interact with focus, conference Policy the floor control server can interact with the focus and conference
Server and media servers as needed. Communication mechanisms between policy server and media servers as needed. Communication mechanisms
floor control server and other central conferencing entities are not between the floor control server and other central conferencing
within the scope of the floor control protocol requirements described entities are not within the scope of the floor control protocol
in this document. requirements described in this document.
Conferences may be cascaded and hence a single participant in one Conferences may be cascaded, and hence a single participant in one
conference representing a second conference (called subconference). conference may represent a second conference (called subconference).
From a floor control perspective there is no difference between a From a floor control perspective, there is no difference between a
participant (identified by its URI) representing a single person or participant (identified by its URI) representing a single person or
another (set of) subconference(s). another (set of) subconference(s).
Note: In the latter case, it is the responsibility of the Note: In the latter case, it is the responsibility of the
subconference to internally negotiate floor requests before passing subconference to negotiate floor requests internally before passing
on a request to the conference and to internally assign a floor upon on a request to the conference and to assign a floor internally upon
receiving a floor grant. This may be done recursively by employing receiving a floor grant. This may be done recursively by employing
the floor control protocol with a different floor control server in the floor control protocol with a different floor control server in
the subconference. the subconference.
6. Assumptions about a Conference Policy 6. Assumptions about a Conference Policy
The floor control protocol is supposed to be used to manage access to The floor control protocol is supposed to be used to manage access to
shared resources in the context of a conference. It is up to this shared resources in the context of a conference. It is up to this
conference -- more precisely: its conference policy [4] -- to define conference -- more precisely, its conference policy [4] -- to define
the rules for the operation of the floor control protocol. the rules for the operation of the floor control protocol.
Furthermore, a conference policy control protocol [4] may define Furthermore, a conference policy control protocol [4] may define
mechanisms to alter those rules during the course of a conference. mechanisms that alter those rules during the course of a conference.
This section briefly outlines the assumptions made by a floor control This section briefly outlines the assumptions made by a floor control
protocol about the conference policy and means for its modification. protocol about the conference policy and means for its modification.
The conference policy is expected to define the rules for floor The conference policy is expected to define the rules for floor
control -- which particularly implies that it is not the control, which implies in particular that it is not the
responsibility of the floor control protocol to establish or responsibility of the floor control protocol to establish or
communicate those rules. communicate those rules.
In general, it is assumed that the conference policy also defines who In general, it is assumed that the conference policy also defines who
is allowed to create, change and remove a floor in a conference. is allowed to create, change, and remove a floor in a conference.
Conference participants and floor chairs should be able to get and Conference participants and floor chairs should be able to get and
set floor-related parameters. The conference policy may restrict who set floor-related parameters. The conference policy may restrict who
may access or alter which parameters. Note that not all parameters may access or alter which parameters. Note that not all parameters
maintained for a floor are also interpreted by the floor control maintained for a floor are also interpreted by the floor control
protocol (e.g. floor policy descriptions may be stored associated protocol (e.g., floor policy descriptions may be stored associated
with a floor but may be interpreted by a higher layer application). with a floor but may be interpreted by a higher-layer application).
Note also that changes to the floor control policy outside the scope Note also that changes to the floor control policy are outside the
of the floor control protocol and e.g. to be carried out by a scope of the floor control protocol and are (for example) to be
conference policy control protocol. carried out by a conference policy control protocol.
(For example, it may be useful to see who the floor chair is, what (For example, it may be useful to see who the floor chair is, what
kind of policy is in use, time limits, number of simultanous floor kind of policy is in use, time limits, number of simultaneous floor
holders and current floor holder.) holders, and current floor holder.)
These following requirements on a conference policy related to floor The following requirements on a conference policy related to floor
control are identified in [4]: control are identified in [4]:
REQ-F1: It MUST be possible to define whether floor control is in use REQ-F1: It MUST be possible to define whether floor control is in use
or not. or not.
REQ-F2: It MUST be possible to define the algorithm to be used in REQ-F2: It MUST be possible to define the algorithm to be used in
granting the floor. (Note: Example algorithms might be e.g. granting the floor. (Note: Examples of algorithms are moderator-
moderator-controlled, FCFS, random.) controlled, FCFS, or random.)
Note: it must be possible to use an automated floor policy where the Note: It must be possible to use an automated floor policy where the
floor control server decides autonomously about granting, and floor control server decides autonomously about granting and
rejecting floor requests as well as revoking the floor. It must also rejecting floor requests as well as revoking the floor. It must also
be possible to use a chair-controlled floor policy in which the floor be possible to use a chair-controlled floor policy in which the floor
control server notifies the floor chair and waits for the chair to control server notifies the floor chair and waits for the chair to
make a decision. This enables the chair to fully control who has the make a decision. This enables the chair to fully control who has the
floor. The server MAY forward all requests immediately to the floor floor. The server MAY forward all requests immediately to the floor
chair, or it may do filtering and send only occasional notifications chair, or it may do filtering and send only occasional notifications
to the chair. to the chair.
REQ-F3: It MUST be possible to define how many users can have the REQ-F3: It MUST be possible to define how many users can have the
floor at the same time. floor at the same time.
REQ-F4: It MUST be possible to have one floor for one or more media REQ-F4: It MUST be possible to have one floor for one or more media
types. types.
REQ-F5: It MUST be possible to have multiple floors in a conference. REQ-F5: It MUST be possible to have multiple floors in a conference.
REQ-F6: It MUST be possible to define whether a floor is REQ-F6: It MUST be possible to define whether a floor is moderator-
moderator-controlled or not. controlled or not.
REQ-F7: If the floor is moderator-controlled, it MUST be possible to REQ-F7: If the floor is moderator-controlled, it MUST be possible to
assign and replace the floor moderator. assign and replace the floor moderator.
7. Floor Control Protocol Requirements 7. Floor Control Protocol Requirements
This section covers the requirements on a floor control protocol. This section covers the requirements on a floor control protocol.
The requirements are grouped as follows: 1) floor control protocol The requirements are grouped as follows: 1) floor control protocol
between participant and server; 2) floor control protocol between between participant and server; 2) floor control protocol between
floor chairs and server; 3) floor control server management, and 4) floor chairs and server; 3) floor control server management; and 4)
general protocol requirements. general protocol requirements.
7.1 Communication between Participant and Server 7.1. Communication between Participant and Server
REQ-PS-1: Participants MUST be able to request (claim) a floor. REQ-PS-1: Participants MUST be able to request (claim) a floor.
REQ-PS-2: It SHOULD be possible for a participant requesting a floor REQ-PS-2: It SHOULD be possible for a participant requesting a floor
to give additional information about the request, such as the topic to give additional information about the request, such as the topic
of the question for an audio floor. Note: In some scenarios, the of the question for an audio floor. Note: In some scenarios, the
floor control server or the floor chair may use this information when floor control server or the floor chair may use this information when
granting the floor to the user, or when making manipulation to the granting the floor to the user, or when manipulating the floor sets
floor sets at the server. at the server.
REQ-PS-3: It MUST be possible for a participant to modify (e.g. REQ-PS-3: It MUST be possible for a participant to modify (e.g.,
cancel) a previously placed floor request. cancel) a previously placed floor request.
REQ-PS-4: It SHOULD be possible for a participant to initiate a floor REQ-PS-4: It SHOULD be possible for a participant to initiate a floor
control operation (e.g. floor request, release) on behalf of another control operation (e.g., floor request, release) on behalf of another
participant (third-party floor control) provided that he is participant (third-party floor control) provided that he is
authorized to do so. authorized to do so.
REQ-PS-5: A participant MUST be informed that she has been granted REQ-PS-5: A participant MUST be informed that she has been granted
the floor. the floor.
REQ-PS-6: A participant MUST be informed that his floor request has REQ-PS-6: A participant MUST be informed that his floor request has
been rejected. been rejected.
REQ-PS-7: A participant MUST be informed that the floor was revoked REQ-PS-7: A participant MUST be informed that the floor was revoked
from her. from her.
REQ-PS-8: A participant SHOULD be informed that her floor request is REQ-PS-8: A participant SHOULD be informed that her floor request is
pending and will be processed later. pending and will be processed later.
REQ-PS-9: A floor holder MUST be able to release a floor. REQ-PS-9: A floor holder MUST be able to release a floor.
REQ-PS-10: It MUST be possible to notify conference participants REQ-PS-10: It MUST be possible to notify conference participants of
(changes to) the floor holder(s) (changes to) the floor holder(s).
REQ-PS-11: It MUST be possible to notify conference participants when REQ-PS-11: It MUST be possible to notify conference participants when
a new floor request is being made. a new floor request is being made.
RRQ-PS-12: It MUST be possible for a floor requester to request REQ-PS-12: It MUST be possible for a floor requester to request
privacy for claiming the floor. privacy for claiming the floor.
anonymous: the participants (including the floor chair) cannot see anonymous: The participants (including the floor chair) cannot
the floor requester's identity. The floor chairs grant the floor see the floor requester's identity. The floor chairs grant the
based on the claim id and the topic of the claim. floor based on the claim id and the topic of the claim.
known to the floor chair: only the floor chair is able to see the known to the floor chair: Only the floor chair is able to see
floor requester's identity; all other participants do not obtain this the floor requester's identity; all other participants do not
information. obtain this information.
public: all the participants can see the floor requester's identity. public: All the participants can see the floor requester's
identity.
REQ-PS-13: It MUST be possible for a participant to request privacy REQ-PS-13: It MUST be possible for a participant to request privacy
for holding the floor along with a floor request. Note that identity for holding the floor along with a floor request. Note that identity
information about the particpant may become available to others information about the participant may become available to others
through different means (e.g. application/media protocols or the through different means (e.g., application/media protocols or the
mmedia itself such as the voice). media itself such as the voice).
7.2 Communicaton between Chair and Server 7.2. Communication between Chair and Server
REQ-CS-1: It MUST be possible to inform the floor chairs, if present, REQ-CS-1: It MUST be possible to inform the floor chairs, if present,
about a participant's floor request. about a participant's floor request.
It SHOULD be possible to convey additional information the It SHOULD be possible to convey additional information the
participant may have provided along with her request. participant may have provided along with her request.
It MUST be possible to hide the requesting participant's identity It MUST be possible to hide the requesting participant's identity
from the chair, i.e. not include this identity information in the from the chair, i.e., not to include this identity information in the
floor request. floor request.
REQ-CS-2: It MUST be possible to grant a floor to a participant. REQ-CS-2: It MUST be possible to grant a floor to a participant.
REQ-CS-3: It MUST be possible to reject a participant's floor REQ-CS-3: It MUST be possible to reject a participant's floor
request. request.
REQ-CS-4: The floor chair MUST be able to revoke a floor from (one REQ-CS-4: The floor chair MUST be able to revoke a floor from (one
of) its current holder(s). Note that the floor chair may also remove of) its current holder(s). Note that the floor chair may also remove
pending floor requests from the request set (by rejecting them). pending floor requests from the request set (by rejecting them).
REQ-CS-5: It MUST be possible to notify floor chairs about changes to REQ-CS-5: It MUST be possible to notify floor chairs about changes to
the floor holder(s) the floor holder(s).
REQ-CS-6: There SHOULD be operations to manipulate the request set REQ-CS-6: There SHOULD be operations to manipulate the request set
available for floor chair(s). Such request set SHOULD at least available for floor chair(s). Such a request set SHOULD at least
include creating, maintaining, and re-ordering floor requests a queue include creating, maintaining, and re-ordering floor requests in a
and clearing the floor control queue. queue and clearing the floor control queue.
RRQ-CS-7: It MUST be possible to hide the identity of a floor chair REQ-CS-7: It MUST be possible to hide the identity of a floor chair
from a subset or all participants of a conference. from a subset or all participants of a conference.
REQ-CS-8: It MUST be possible for a newly assigned floor chair to REQ-CS-8: It MUST be possible for a newly assigned floor chair to
learn about (e.g. inquire) the existing floor request set. learn (e.g., inquire) about the existing floor request set.
7.3 General Protocol Requirements 7.3. General Protocol Requirements
REQ-GEN-1: Bandwidth and terminal limitations SHOULD be taken into REQ-GEN-1: Bandwidth and terminal limitations SHOULD be taken into
account in order to ensure that floor control can be efficiently used account in order to ensure that floor control can be efficiently used
in mobile environments. in mobile environments.
It should be noted that efficient communication by means of minimal Note that efficient communication by means of minimal-sized messages
sized messages may contradict the desire to express reasons for may contradict the desire to express reasons for requesting a floor
requesting a floor along with other information. Therefore, a floor along with other information. Therefore, a floor control protocol
control protocol SHOULD be designed in a way that it allow for SHOULD be designed in a way that it allows for expressive as well as
expressive as well as minimal messaging, as (negotiable) minimal messaging, as a (negotiable) configuration option and/or
configuration option and/or selectable on a per-message basis. selectable on a per-message basis.
REQ-GEN-2: The floor control MUST be a reliable client-server REQ-GEN-2: The floor control MUST be a reliable client-server
protocol. Hence, it MUST provide a positive response indicating that protocol. Hence, it MUST provide a positive response indicating that
a request has been received or an error response if an error has a request has been received or an error response if an error has
occurred. occurred.
REQ-GEN-3: It MUST be possible for the floor control server to REQ-GEN-3: It MUST be possible for the floor control server to
authenticate participants and chairs. authenticate participants and chairs.
REQ-GEN-4: It MUST be possible for the participants and chairs to REQ-GEN-4: It MUST be possible for the participants and chairs to
authenticate the server. authenticate the server.
REQ-GEN-5: It MUST be possible to ensure message integrity between REQ-GEN-5: It MUST be possible to ensure message integrity between
participants and chairs and the floor control server. participants and chairs and the floor control server.
REQ-GEN-6: It MUST be possible to ensure privacy of messages REQ-GEN-6: It MUST be possible to ensure the privacy of messages
exchanged between participants and chairs and the floor control exchanged between participants and chairs and the floor control
server. server.
8. Security Considerations 8. Security Considerations
Floor control messages are exchanged on one hand between regular Floor control messages are exchanged on one hand between regular
participants and the floor control server and on the other hand participants and the floor control server and on the other hand
between the floor control server and the floor chair(s). between the floor control server and the floor chair(s).
If enabled, floor control mechanisms are used to control who may If enabled, floor control mechanisms are used to control who may
contribute to a conference in arbitrary ways (speak, be seen, write, contribute to a conference in arbitrary ways (speak, be seen, write,
etc. as supported by the conferencing applications). It is etc., as supported by the conferencing applications). It is
important that floor control messages be protected because otherwise important that floor control messages be protected because otherwise
an attacker could prevent participants from being "heard" in the an attacker could prevent participants from being "heard" in the
conference (e.g., in scenarios where silence is considered consent) conference (e.g., in scenarios where silence is considered consent)
or make participants be heard in a conference without their knowledge or make participants be heard in a conference without their knowledge
(e.g., eavesdropping on the participant's mike). Such considerations (e.g., eavesdropping on the participant's microphone). Such
are particularly relevant when floor control is used in conjunction considerations are particularly relevant when floor control is used
with one or more (central) entities (e.g., a media mixer) controlled in conjunction with one or more (central) entities (e.g., a media
by the floor control server to enforce floor control decisions which mixer) controlled by the floor control server to enforce floor
may allow an attacker to completely "mute" a participant. control decisions that may allow an attacker to "mute" a participant
completely.
Communications between a conference participant and the floor control Communications between a conference participant and the floor control
server are vulnerable to all kinds of masquerading attacks. If an server are vulnerable to all kinds of masquerading attacks. If an
attacker can spoof the identity of the participant or inject messages attacker can spoof the identity of the participant or inject messages
on its behalf, it may generate floor requests (e.g. floor release) on his behalf, it may generate floor requests (e.g., floor release)
and prevent proper participation of the participant. If an attacker and prevent proper participation of the participant. If an attacker
can inject messages to the participant, it may generate arbitrary can inject messages to the participant, it may generate arbitrary
responses and false status information. If an attacker can responses and false status information. If an attacker can
impersonate the floor control server, a participant's requests may impersonate the floor control server, a participant's requests may
never reach the actual floor control server. If an attacker can never reach the actual floor control server. If an attacker can
intercept either side's messages (and hence become a man in the intercept either side's messages (and hence become a man in the
middle) it may suppress, alter, or inject messages and thus middle (MITM)), it may suppress, alter, or inject messages and thus
manipulate a participant's view of the conference floor status as manipulate a participant's view of the conference floor status as
well as the floor control server's view of a participant. well as the floor control server's view of a participant.
Similar considerations apply to the communications between the floor Similar considerations apply to the communications between the floor
control server and the floor chair(s). If an attacker can intercept control server and the floor chair(s). If an attacker can intercept
messages from either side, it may defer or prevent responses to floor messages from either side, it may defer or prevent responses to floor
control requests (from a particular floor chair). If it can inject control requests (from a particular floor chair). If it can inject
messages (particularly in the direction from the floor chair to the messages (particularly in the direction from the floor chair to the
floor control server), it may steer the assigment of conference floor control server), it may steer the assignment of conference
floors. If interception and injection is possible (man in the middle floors. If interception and injection is possible (man-in-the-middle
scenario), an attacker can create an arbitrary image of the scenario), an attacker can create an arbitrary image of the
conference for the floor chair. If an attacker can impersonate a conference for the floor chair. If an attacker can impersonate a
floor chair, it may rule the conference floor assignment (if there is floor chair, it may rule the conference floor assignment (if there is
only a single chair) or disrupt the conference course by means of only a single chair) or disrupt the conference course by means of
arbitrary and potentially conflicting requests/responses/assignments arbitrary and potentially conflicting requests/responses/assignments
(if there are multiple floor chairs). In the latter case, the amount (if there are multiple floor chairs). In the latter case, the amount
of damage a single attacker can do depends on the floor control of damage a single attacker can do depends on the floor control
policy. policy.
Finally, attackers may eavesdrop on the floor control communications Finally, attackers may eavesdrop on the floor control communications
skipping to change at page 16, line 7 skipping to change at page 12, line 7
eavesdropping. eavesdropping.
9. Acknowledgements 9. Acknowledgements
The authors would like to thank IETF conferencing design team and The authors would like to thank IETF conferencing design team and
Keith Drage, Marcus Brunner, Sanjoy Sen, Eric Burger, Brian Rosen, Keith Drage, Marcus Brunner, Sanjoy Sen, Eric Burger, Brian Rosen,
and Nermeen Ismail for their feedback. and Nermeen Ismail for their feedback.
10. References 10. References
10.1 Normative References 10.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, BCD 14, March 1997. Levels", RFC 2119, BCD 14, March 1997.
[2] Rosenberg et al., J., "SIP: Session Initiation Protocol", RFC [2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
3261, June 2002. Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
10.2 Informative References 10.2. Informative References
[3] Rosenberg, J., "A Framework for Conferencing with the Session [3] Rosenberg, J., "A Framework for Conferencing with the Session
Initiation Protocol", Initiation Protocol (SIP)", RFC 4353, February 2006.
draft-ietf-sipping-conferencing-framework-02.txt (work in
progress), June 2004.
[4] Koskelainen, P. and H. Khartabil, "Additional Requirements to [4] Koskelainen, P. and H. Khartabil, "Additional Requirements to
Conferencing", August 2004. Conferencing", Work in Progress, August 2004.
[5] Wu, X., Schulzrinne, H. and P. Koskelainen, "Use of SIP and SOAP
for conference floor control", January 2003.
[6] Koskelainen, P., Schulzrinne, H. and X. Wu, "A sip-based [5] Koskelainen, P., Schulzrinne, H., and X. Wu, "A SIP-based
conference control framework", Nossdav'2002 Miami Beach, May conference control framework", NOSSDAV 2002, Miami Beach,
2002. May 2002.
[7] Dommel, H. and J. Garcia-Luna-Aceves, "Floor control for [6] Dommel, H. and J. Garcia-Luna-Aceves, "Floor control for
activity coordination in networked multimedia applications", activity coordination in networked multimedia applications",
Proc. of 2nd Asian-pacific Conference on Communications APPC, Proc. of 2nd Asian-pacific Conference on Communications APPC,
Osaka Japan, June 1995. Osaka Japan, June 1995.
[8] Koskelainen, P., Khartabil, H. and A. Niemi, "The Conference [7] Koskelainen, P., Khartabil, H., and A. Niemi, "The Conference
Policy Control Protocol (CPCP)", draft-ietf-xcon-cpcp-01.txt Policy Control Protocol (CPCP)", Work in Progress, October 2004.
(work in progress), October 2004.
[9] Borman, C., Kutscher, D., Ott, J. and D. Trossen, "Simple [8] Borman, C., Kutscher, D., Ott, J., and D. Trossen, "Simple
conference control protocol service specification", conference control protocol service specification", Work in
draft-ietf-mmusic-sccp-00.txt (work in progress), March 2001. Progress, March 2001.
Authors' Addresses Authors' Addresses
Petri Koskelainen Petri Koskelainen
Nokia Nokia
5 Wayside Road 102 Corporate Park Drive
Burlington 01803 White Plains, NY 10604
USA USA
EMail: petri.koskelainen@nokia.com EMail: petri.koskelainen@nokia.com
Joerg Ott Joerg Ott
Uni Bremen TZI Helsinki University of Technology
Bibliothekstr. 1 Networking Laboratory
Bremen D-28359 Otakaari 5A
Germany 02150 Espoo
Finland
EMail: jo@tzi.uni-bremen.de EMail: jo@netlab.hut.fi
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
1214 Amsterdam Avenue 1214 Amsterdam Avenue
New York 10027 New York 10027
USA USA
EMail: hgs@cs.columbia.edu EMail: hgs@cs.columbia.edu
Xiaotao Wu Xiaotao Wu
Columbia University Columbia University
1214 Amsterdam Avenue 1214 Amsterdam Avenue
New York 10027 New York 10027
USA USA
EMail: xiaotaow@cs.columbia.edu EMail: xiaotaow@cs.columbia.edu
Intellectual Property Statement Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 18, line 29 skipping to change at page 14, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity Acknowledgement
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 79 change blocks. 
226 lines changed or deleted 200 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/