[Ecrit] == PSAP Callback ==
"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Wed, 10 February 2010 14:09 UTC
Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: ecrit@core3.amsl.com
Delivered-To: ecrit@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A75053A71D6 for <ecrit@core3.amsl.com>; Wed, 10 Feb 2010 06:09:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.532
X-Spam-Level:
X-Spam-Status: No, score=-2.532 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UHuC9xUhCDed for <ecrit@core3.amsl.com>; Wed, 10 Feb 2010 06:09:54 -0800 (PST)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by core3.amsl.com (Postfix) with ESMTP id 380A63A71BC for <ecrit@ietf.org>; Wed, 10 Feb 2010 06:09:53 -0800 (PST)
Received: from demuprx016.emea.nsn-intra.net ([10.150.129.55]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id o1AEB2E7017075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ecrit@ietf.org>; Wed, 10 Feb 2010 15:11:02 +0100
Received: from demuexc024.nsn-intra.net (demuexc024.nsn-intra.net [10.159.32.11]) by demuprx016.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id o1AEB1iF015035 for <ecrit@ietf.org>; Wed, 10 Feb 2010 15:11:02 +0100
Received: from FIESEXC015.nsn-intra.net ([10.159.0.23]) by demuexc024.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.3959); Wed, 10 Feb 2010 15:10:54 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 10 Feb 2010 16:15:08 +0200
Message-ID: <3D3C75174CB95F42AD6BCC56E5555B45022D5B59@FIESEXC015.nsn-intra.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: == PSAP Callback ==
Thread-Index: AcqqW3MzkUOYagP8RJCdKM2NIBhDDA==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: ecrit@ietf.org
X-OriginalArrivalTime: 10 Feb 2010 14:10:54.0545 (UTC) FILETIME=[DBD55410:01CAAA5A]
Subject: [Ecrit] == PSAP Callback ==
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ecrit>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2010 14:09:58 -0000
Hi all, I have added text about PSAP callbacks to the our ECRIT Wiki page http://trac.tools.ietf.org/wg/ecrit/trac/wiki/WikiStart. I have copied the text into this mail to simplify the response. YOUR FEEDBACK IS IMPORTANT. http://tools.ietf.org/id/draft-schulzrinne-ecrit-psap-callback-01.txt defines PSAP callback and illustrates what solution is provided with existing specifications. It then goes on describing under what circumstances the existing solution does not work. A few design decisions impact the direction of a solution, namely: 1) Approach 1: Indication that the caller is a PSAP. 2) Approach 2: Indication that the call is in response to a previous emergency call. 3) Approach 3: Indication is that the communication attempt is of emergency nature. The group needs to make a decision about the solution direction. We discuss each solution approach in more detail below. *** Approach 2: Indication that the call is in response to a previous emergency call. A variant of approach (2) is already described in Section 13 of [I-D.ietf-ecrit-framework] and provides the following guidance regarding callback handling: A UA may be able to determine a PSAP call back by examining the domain of incoming calls after placing an emergency call and comparing that to the domain of the answering PSAP from the emergency call. Any call from the same domain and directed to the supplied Contact header or AoR after an emergency call should be accepted as a call-back from the PSAP if it occurs within a reasonable time after an emergency call was placed. This approach mimics a stateful packet filtering firewall functionality. Although this approach is quite coarse grained since any call from the PSAP's domain is given preferential treatment it is likely to be practical. It is possible to reduce the granularity by storing additional information (such as the username part of the called party rather than just the domain part). *** Approach 1: Indication that the caller is a PSAP. Approach (1) requires more discussion. Consider the following approaches: +----------+ | List of |+ | valid || | PSAP ids || +----------+| +----------+ * * whitelist * V Incoming +----------+ Normal SIP Msg | SIP |+ Treatment -------------->| Entity ||=============> + Identity | ||(if not in whitelist) +----------+| +----------+ || || || Preferential || Treatment ++=============> (in whitelist) Figure 1: Identity Based Authorization In Figure 1 an interaction is presented that allows a SIP entity to make a policy decision whether to bypass installed authorization policies and thereby providing preferential treatment. To make this decision the sender's identity is compared with a whitelist of valid PSAPs. The identity assurances in SIP can come in different forms, such as SIP Identity [RFC4474] or with P-Asserted-Identity [RFC3325]. The former technique relies on a cryptographic assurance and the latter on a chain of trust. The establishment of a whitelist with PSAP identities is operationally complex and might not easily scale world wide. When there is a local relationship between the VSP/ASP and the PSAP then populating the whitelist is far simpler. A drawback of the presented solution is that this method does not allow any mechanism to distinguish different types of calls initiated by PSAPs. An approach that extends the one presented in Figure 1 is outlined in Figure 2. RFC 4484 illustrated the basic requirements for this technique. +----------+ | List of |+ | trust || | anchor || +----------+| +----------+ * * * V Incoming +----------+ Normal SIP Msg | SIP |+ Treatment -------------->| Entity ||=============> + trait | ||(no indication +----------+| of PSAP) +----------+ || || || Preferential || Treatment ++=============> (indicated as PSAP) Figure 2: Trait Based Authorization In a trait-based authorization scenario an incoming SIP message contains a form of trait, i.e. some form of assertion. The assertion contains an indication that the sending party has the role of a PSAP (or similar emergency services entity). The assertion is either cryptographically protected to enable end-to-end verification or an chain of trust security model has to be assumed. In Figure 2 we assume an end-to-end security model where trust anchors are provisioned to ensure the ability for a SIP entity to verify the received assertion. >From a solution point of view various approaches are feasible, such as SIP SAML (see http://tools.ietf.org/html/draft-ietf-sip-saml-06) or URI Parameters for indicating the Calling Party's Category and Originating Line Information (see http://tools.ietf.org/id/draft-patel-dispatch-cpc-oli-parameter-02.txt). *** Approach 3: Indication is that the communication attempt is of emergency nature. This approach is a slight modification of the one presented in the previous section. Instead of indicating that the calling party has the role of a PSAP it instead indicates the emergency services nature. This indication cannot be verified by external parties because it heavily depends on the intention of the call taker itself. Call takers might make calls that cannot be classified as emergency calls. It is, however, possible to combine this marking with the indication of the PSAP role. A receiving entity might be more inclined to execute preferential treatment in case (a) there is a close relationship with the emergency services authorities (e.g. the PSAP identity is listed in a white list), and (b) an assertion is provided that indicates the sender's role as a PSAP (or similar emergency services entities). *** Decisions for the WG to make a) Do you believe that approach (3) is the correct direction for further standardization work? b) Is it useful to specify the technical capabilities for offering trait based authorization to simplify decision making with approach (3)? Ciao Hannes
- [Ecrit] == PSAP Callback == Tschofenig, Hannes (NSN - FI/Espoo)