Re: [BLISS] AD review: draft-ietf-bliss-call-completion-14

Robert Sparks <rjsparks@nostrum.com> Mon, 20 August 2012 17:51 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: bliss@ietfa.amsl.com
Delivered-To: bliss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3864D21F8650 for <bliss@ietfa.amsl.com>; Mon, 20 Aug 2012 10:51:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lncnnf+oyVVf for <bliss@ietfa.amsl.com>; Mon, 20 Aug 2012 10:51:58 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id AC18321F8674 for <bliss@ietf.org>; Mon, 20 Aug 2012 10:51:55 -0700 (PDT)
Received: from unnumerable.local ([4.30.77.1]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id q7KHpqcm009433 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 20 Aug 2012 12:51:52 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
Message-ID: <50327938.1050405@nostrum.com>
Date: Mon, 20 Aug 2012 12:51:52 -0500
From: Robert Sparks <rjsparks@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Martin.Huelsemann@telekom.de
References: <4F10B30A.9060203@nostrum.com> <9762ACF04FA26B4388476841256BDE020115C8FA18DA@HE111543.emea1.cds.t-internal.com> <4F43BA45.9090606@nostrum.com> <9762ACF04FA26B4388476841256BDE020115FFE4D077@HE111543.emea1.cds.t-internal.com> <86984151-5A96-4531-BA53-8FB521C3E0E7@ntt-at.com> <9762ACF04FA26B4388476841256BDE020115FFE4D3B4@HE111543.emea1.cds.t-internal.com>
In-Reply-To: <9762ACF04FA26B4388476841256BDE020115FFE4D3B4@HE111543.emea1.cds.t-internal.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Received-SPF: pass (nostrum.com: 4.30.77.1 is authenticated by a trusted mechanism)
Cc: bliss@ietf.org, draft-ietf-bliss-call-completion@tools.ietf.org
Subject: Re: [BLISS] AD review: draft-ietf-bliss-call-completion-14
X-BeenThere: bliss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Basic Level of Interoperability for SIP Services \(BLISS\) BoF" <bliss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bliss>, <mailto:bliss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bliss>
List-Post: <mailto:bliss@ietf.org>
List-Help: <mailto:bliss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bliss>, <mailto:bliss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2012 17:51:59 -0000

On 8/16/12 4:09 AM, Martin.Huelsemann@telekom.de wrote:
> Thanks Shida.
>
> I think you describe exactly the underlying model, only we have been careless and have not described this aspect proper in the draft. The presence instance is initiated together with the creation of the call-completion entity.
>
> If we can agree on this model, I will cath up on this and add this model to the draft.
>
>
> Regards, Martin
That will help - thanks.
I'll put the draft into revised-id needed.

RjS
>
>
>
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: Shida Schubert [mailto:shida@ntt-at.com]
>> Gesendet: Mittwoch, 15. August 2012 19:16
>> An: Hülsemann, Martin
>> Cc: rjsparks@nostrum.com; bliss@ietf.org;
>> draft-ietf-bliss-call-completion@tools.ietf.org;
>> dworley@avaya.com; Jesske, Roland
>> Betreff: Re: [BLISS] AD review: draft-ietf-bliss-call-completion-14
>>
>>
>> Hi Robert;
>>
>>   I think what Martin explained is along the line of what we
>> had discussed at the IETF83..
>>
>>   1. Caller calls the callee.
>>
>>   2. Callee is busy so either callee or call-completion
>> service (CC monitor)
>>       sends back the availability of call-completion to be used.
>>
>>   3. Caller subscribes to the call-completion pkg by sending SUBSCRIBE.
>>
>>   4. Either at the when response with call-completion
>> availability is sent
>>        OR at the point of receiving a SUBSCRIBE message is received,
>>        call-completion service instantiate a presence (and
>> logical presence f
>>        server if it was the first instance of presence) for the
>>        duration of the subscription to the call-completion pkg.
>>
>>   5. Caller will manipulate the presence state of its own
>> presence at the
>>        callee side..
>>
>>   6. As the queue is deleted / removed from the
>> call-completion so does the
>>        associated instance of presence from the presence server.
>>
>> * Another approach is for CC monitor to subscribe to caller's
>> presence at its domain but this doesn't always work because
>> there may not be any presence server.
>>
>>   Regards
>>    Shida
>>
>> On Aug 15, 2012, at 8:00 AM, <Martin.Huelsemann@telekom.de>;
>> <Martin.Huelsemann@telekom.de>; wrote:
>>
>>> Hi Robert,
>>>
>>> sorry I somehow missed this mail. Some answers inside.
>>>
>>>
>>> Regards, Martin
>>>
>>>
>>>
>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Robert Sparks [mailto:rjsparks@nostrum.com]
>>>> Gesendet: Dienstag, 21. Februar 2012 16:38
>>>> An: Hülsemann, Martin
>>>> Cc: bliss@ietf.org;
>>>> draft-ietf-bliss-call-completion@tools.ietf.org;
>>>> dworley@avaya.com; Jesske, Roland; alexeitsev@teleflash.com;
>>>> shida@ntt-at.com
>>>> Betreff: Re: AW: [BLISS] AD review:
>>>> draft-ietf-bliss-call-completion-14
>>>>
>>>> Thanks Martin - more comments inline.
>>>>
>>>> Will you be at the Paris IETF meeting?
>>>>
>>>>>> Major issues
>>>>>>
>>>>>>     - The document's proposed use of PUBLISH is not
>>>> consistent with the
>>>>>>       semantics of that method. It attempts to use PUBLISH
>>>> to affect
>>>>>>       the subscription state, not the state of the event being
>>>>>>       subscribed to (it's telling that PUBLISHing to this
>>>> event package
>>>>>>       doesn't allow setting the state being subscribed
>>>> to). Among other
>>>>>>       things, this prevents separating the state agent
>>>> from the state
>>>>>>       authority.
>>>>> The concept is the following: The caller sends it's own status
>>>>> information in the PUBLISH request. In this case there is
>> no change
>>>>> in the CC monitor (the queue) state done by the PUBLISH request
>>>>> directly, but either an indirect change of the state based on the
>>>>> information about the caller status.
>>>>> The CC monitor acts as a state composer, composing the
>> state of the
>>>>> queue from the states of the different callers.
>>>> This isn't composition. It's conflation of unrelated things.
>>> As RFC 3863 says, the values 'open' or 'closed' of the
>> presence basic element also indicate the general availability
>> for other communication means than instant message, such as
>> the availability as a (CC re-) call, so I think there is at
>> least a little relation.
>>>> You have an application that's operating on two unrelated
>> sources of
>>>> information. If you really want to use sip events to carry the
>>>> information about the caller, you should be considering a separate
>>>> event package for it.
>>> A dedicated suspend/resume event package was our first
>> idea, in my opinion that would have been the cleanest
>> solution. But at discussions on the mailing list people were
>> very reluctant to agree on yet another event package with
>> such a limited scope, while on the other hand
>> presence/PUBLISH conveys nearly the same information, that is
>> if the caller is willing to accept a call or not.
>>>> If that feels
>>>> wrong, it's another sign that PUBLISH is not the hammer you're
>>>> looking for to pound on this particular nail.
>>>>
>>>> Speaking more generally to the events architecture, an
>> element that
>>>> has enough information to act as a publisher necessarily has the
>>>> information it needs to be able to serve subscriptions
>> directly. It
>>>> is choosing to publish to a state agent to deal with
>> matters outside
>>>> of the contents of the package itself (not always being connected,
>>>> having limited bandwidth, etc.). Even in an idealized
>> presence system
>>>> where the ultimate presence document is composed from many
>>>> contributing publishers, the individual sources have enough
>>>> information (and it makes sense within the definition of the
>>>> package) to accept subscriptions to their part of the total state.
>>>> Further, subscribing to presence.winfo at the state agent will
>>>> provide meaningful data to each of the contributing sources.
>>> But I think presence information can be used by other
>> services to trigger certain events? So it would be possible
>> for the CC monitor to subscribe for presence information of
>> the caller, and act upon that?
>>>>>
>>>>>
>>>>>
>>>>>>       The document modifies how PUBLISH identifies the
>>>>>>       resource being manipulated by looking at the From
>> URI and not
>>>>>>       only at the Request-URI.  How the Callee's agent
>>>> responds to the
>>>>>>       request to change this subscription state is
>> underspecified -
>>>>>>       when can it reject a request? What is the caller
>>>> supposed to do
>>>>>>       if the request fails?
>>>>> As mentioned the PUBLISH is not a RPC, the CC agent on
>>>> behalf of the callee publishes information about the
>> reachability of
>>>> the callee for CC recalls. The monitor composes the state.
>> This state
>>>> can be used to evaluate if it is useful to start a CC
>> recall or not.
>>>> I think you were still trying to respond to the first point above
>>>> here.
>>>> This is a different question, and will stand independent of what
>>>> technique you use to make the request to change the
>> information about
>>>> the caller. What happens when that request needs to fail (due to
>>>> parsing, overload, authorization, application-specific
>> logic, or any
>>>> of the other reasons UAS have to reject requests)?
>>> The effect of course would be that the CC service would run
>> a less efficient. If the suspension fails, the monitor woud
>> still think the caller is available for the recall and
>> another recall would be started unnecessarily. Respectively
>> CC would be deactivated after the recall timer expiry. We
>> regarded this as acceptable for exceptional situations, as
>> sus/res is not the most important feature of the CC service.
>>>
>>>>>>         - As written, there does not appear to be any protection
>>>>>>           against an attacker causing everyone else that
>>>> might be in a
>>>>>>           queue to be marked not-available, ensuring his
>>>> call moves to
>>>>>>           the front of the queue. He only needs to know
>>>> the AoRs of the
>>>>>>           callers he might be competing with and send
>>>> PUBLISH requests
>>>>>>           with those AoRs in the From header field.
>>>>>>         - What keeps a new caller from just adding the m=
>>>> attribute to
>>>>>>           a new INVITE in order to get the preferential
>>>> treatment by
>>>>>>           the network and the callee's UA described in
>>>> several sections
>>>>>>           of the document? Was an approach that used a temp-GRUU
>>>>>>           considered instead? It would not have the
>>>> property of being
>>>>>>           as easy to guess as adding an m= URI parameter
>> to an AoR.
>>>>> As for many mechanisms in the CC draft also here we had
>> to consider
>>>>> the interworking to the PSTN. There we have only a very basic CC
>>>>> prioritization indicator in the IAM, saying not much more
>> than 'this
>>>>> IAM is prioritized for CC'. That's why the callee's monitor MUST
>>>>> record the From URI from the initial call, to have the chance to
>>>>> check it against incoming INVITEs and verify id this INV
>> is in fact
>>>>> for CC. Clarifying text for this is needed in the draft.
>>>> That clarifying text needs to capture the scenarios above,
>> and answer
>>>> the questions. For instance, if there is nothing to keep
>> an attacker
>>>> from marking everyone else in the queue as not available, the
>>>> document needs to call that out as a security
>> consideration. (I hope
>>>> this isn't what the group plans to end with).
>>> I hope it's more clear now in the draft, if not please indicate.
>>>
>>>
>>>>>>     - What keeps this from happening? Adam calls and I
>>>> reject his call
>>>>>>       because I'm waiting for another  (I press X and the
>>>> phone just
>>>>>>       reports that I'm busy). Adam's phone subscribes for
>>>>>>       call-completion and gets a NOTIFY of "ready" - his
>>>> phone calls
>>>>>>       mine again, forcing me to re-reject him. This
>> repeats until I
>>>>>>       take my phone off the hook (or engage a global DND)
>>>> causing me to
>>>>>>       not be able to receive the call I was waiting for.
>>>>> If the callee's monitor does not want to enable the caller
>>>> to make use of the CC service, it will not insert a
>> Call-Info header
>>>> field with "purpose=call-completion" in the final response message.
>>>> Where is the text in the document that defines that behavior?
>>>>> Of course Adam's phone could try to sunscribe for CC at
>>>> your phone, but in this case your phone simply rejects the
>>>> subscription, which should not affect your reachability
>> for the call
>>>> you are waiting for.
>>>> Similarly, where in the text is this made clear? It is
>> separable from
>>>> the the scenario above - Adam could write a script to subscribe to
>>>> every address at an enterprise. What normative text causes
>> all those
>>>> subscriptions to be rejected?
>>> I will check this again.
>>>
>>>
>>