XCON Working Group C. Boulton Internet-Draft Ubiquity Software Corporation Expires: March 26, 2006 M. Barnes Nortel September 22, 2005 Centralized Conferencing (XCON) Using the Message Session Relay Protocol (MSRP) draft-boulton-xcon-msrp-conferencing-02 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 26, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract A Centralized Conference as defined by the XCON working group is both signaling and protocol agnostic. The primary focus of the XCON work has been centered on the Session Initiation Protocol for signaling and Audio/Video for the media types. This document defines the mechanisms, in the context of the XCON framework, required when using the Message Session Relay Protocol (MSRP) in a Centralized Conference Boulton & Barnes Expires March 26, 2006 [Page 1] Internet-Draft MSRP Conferencing September 2005 (XCON). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 3. Protocol and Framework Overview . . . . . . . . . . . . . . . 3 3.1. Framework operations . . . . . . . . . . . . . . . . . . . 5 4. Text Sidebar . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Private Message . . . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 8.2. Informative References . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Intellectual Property and Copyright Statements . . . . . . . . . . 12 Boulton & Barnes Expires March 26, 2006 [Page 2] Internet-Draft MSRP Conferencing September 2005 1. Introduction A Centralized Conference as defined by the XCON working group is both signaling and protocol agnostic. The primary focus of the XCON work has been centered on the Session Initiation Protocol for signaling and Audio/Video for the media types. The requirements to support conferences of session-based instant messages, private messaging, and sidebars are introduced in [6]. This document defines the mechanisms and associated framework elements involved when using the Message Session Relay Protocol(MSRP) in a Centralized Conference(XCON) in support of those requirements. [Editors Note: This document is still in early stages of development and is intended to invoke discussion. It is not intended to provide exact solutions at his stage, but rather explores a potential approach to a solution.] This document has been constructed in full compliance with both the XCON Framework[2] document and the SIPPING Conference Framework [3] document. The XCON Framework provides the data model and interfaces to be used while the SIPPING Framework provides details of the SIP signaling protocol operations. For the purpose of this document, MSRP will be discussed in the context of SIP being the carrying protocol, as defined in the core MSRP [4] specification. 2. Conventions and Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [1] and indicate requirement levels for compliant implementations. 3. Protocol and Framework Overview MSRP is defined as a peer-to-peer protocol that enables a direct connection between two compliant endpoints, unless an MSRP relay is inserted in the MSRP signaling path. The MSRP Relay specification [5] details the associated functionality with a relay in the signaling path. Centralized conferencing using MSRP can be achieved by the Conference Server appearing as an MSRP endpoint for Conference Participants, with the Conference server distributing the messages by relaying them to each of the conference participants. Figure 1 provides an illustration of MSRP clients having a direct, 1:1 connection to the Conference server. The MSRP Conference Server Boulton & Barnes Expires March 26, 2006 [Page 3] Internet-Draft MSRP Conferencing September 2005 can be roughly categorized as a hybrid MSRP entity that combines both MSRP client and MSRP relay functionality. An MSRP SEND sent to the conference will arrive at the conference server and then be replicated to all appropriate MSRP sessions. +--------+ | MSRP | | Client | | | +--------+ | | | | | | v +-----------+ +--------+ | | +--------+ | MSRP | | MSRP | | MSRP | | Client |-------------->|Conference |<--------------| Client | | | | Server | | | +--------+ | | +--------+ +-----------+ ^ | | | | | | +--------+ | XCON | | Client | | | +--------+ Figure 1: Client Connection The approach in this document is to minimize the impact no the MSRP protocol, while taking full advantage of the functionality provided by the XCON and SIPPING Conferencing frameworks. The solution proposal in this document, as described in Section 3.1, meets many of the requirements identified in the requirements document for Multiparty MSRP [6]. Some of the requirements introduce additional Boulton & Barnes Expires March 26, 2006 [Page 4] Internet-Draft MSRP Conferencing September 2005 concepts that are not yet fully addressed within the context of the XCON framework or associated protocol documents, however, they are general enough that they should be addressed. For example, the notion of privacy and anonymity of participants is introduced in the framework in the context of security, but no discussion of mechanism is provided. [Editor's Note: Further elaboration of how this solution proposal meets those requirements is likely required, although a simple checklist in the appendix, or inline references to those requirements (e.g. ...solution text...(REQ-GEN-10) might suffice. ] A basic solution for IM chat sessions, also meeting the Multiparty MSRP requirements, is documented in [7]. The solution proposed in that document requires extensions to the base MSRP protocol. It uses the concept of an "MSRP switch" as the centralized component, whose role is very similar to the MSRP Conferencing Server in this document. The solution in [7] doesn't explicitly take advantage of the XCON FW data model, as it primarily intends to make use of the basic SIP conferencing framework to provide the basic chat functionality. However, that solution approach is compatible with the solution components described in this document, with no impact on that basic solution proposal. One of the advantages of applying the two solutions in concert would be a reuse of the XCON FW model for sidebars and private conferences and manipulation of the conference data. [Editor's Note: Ideally, discussion of this document can be used to further the model for sidebars and private conferences within the XCON FW document, which is currently very sketchy]. 3.1. Framework operations As mentioned in the overview, an MSRP client connecting to a Conference server has a 1:1 relationship with the MSRP signaling entity, each having a unique MSRP session ID (session ID's are contained in MSRP URLs). When referring to MSRP session ID's the document is making reference to the locally (at Conference Server) generated Session ID that is inserted into the local Path SDP attribute and used for MSRP session signaling identification. An important concept in this proposal is the creation and management of MSRP sessions. It is important that each MSRP session created, as identified by the unique session ID, is explicitly tied to an associated Conference, represented by the Conference Identifier (as defined in the XCON Conference Framework [3]). This provides the relevant association between MSRP and an XCON Conference. An example representation is illustrated by the rows contained in Figure 2 Boulton & Barnes Expires March 26, 2006 [Page 5] Internet-Draft MSRP Conferencing September 2005 --------------------------------------------- | Conference Identifier | --------------------------------------------- | MSRP Session ID=8asjdhk | | MSRP Session ID=38iuhds | | MSRP Session ID=djiowid | | MSRP Session ID=389hewu | --------------------------------------------- Figure 2: Simple Session Association The XCON Framework[3] introduces the concept of a Conference User Identifier, which is also defined in [TODO]. When a user joins an Conference Instance through the signaling protocol, it is allocated an appropriate Conference User Identifer either through authentication or system allocation. The Conference User Identifer MUST be used in conjunction with the MSRP sessions identifier to internally represent a participant in an Conference Instance. Figure 2 is then expanded to look like Figure 3. Again a row in the table representing a single entry. ------------------------------------------------------------------- | Conference Identifier | ------------------------------------------------------------------- | MSRP Session ID=8asjdhk | Conf User ID=839ULjj | | MSRP Session ID=38iuhds | Conf User ID=0283hHu | | MSRP Session ID=djiowid | Conf User ID=ncH37H | | MSRP Session ID=389hewu | Conf User ID=pakdjjH | ------------------------------------------------------------------- Figure 3: Advanced Session Association A more complex session association is necessary due to potential for a user to have multiple MSRP sessions in a single conference instance e.g. multi-lingual conference support. The conference representation in Figure 3 allows for such functionality when separate SIP dialogs represent MSRP sessions. This process becomes complex when multiple SDP MSRP media sessions (m=) are defined in a single payload. This internal representation now needs expanding to enable a Conference System to explicitly associate a media session (m=). This involves including the media label, as defined in [8], to maintain the internal conference association. An example is illustrated in Figure 4 Boulton & Barnes Expires March 26, 2006 [Page 6] Internet-Draft MSRP Conferencing September 2005 ---------------------------------------------------------------------------- | Conference Identifier | ---------------------------------------------------------------------------- | MSRP Session ID=8asjdhk | Conf User ID=839ULjj | Label=iede3 | | MSRP Session ID=38iuhds | Conf User ID=0283hHu | Label=8heus | | MSRP Session ID=838unaH | Conf User ID=0283hHu | Label=3cnu7 | | MSRP Session ID=djiowid | Conf User ID=ncH37Hs | Label=jd38J | | MSRP Session ID=389hewu | Conf User ID=pakdj7H | Label=U83hd | | MSRP Session ID=Ko03jdk | Conf User ID=pakdj7H | Label=ehy3h | ---------------------------------------------------------------------------- Figure 4: Advanced Session Association + Media Label In Figure 4 Conference User Identifiers '0283hHu' and 'pakdj7H' appear twice. The combination of multiple Conference User Identifiers and a unique MSRP session ID enables the conference system to clearly identify a specific MSRP instance. The representation also includes the media label, as defined in [8],for identification purposes. This added property, which is extracted from the SDP media line, enables clear identification when multi SDP media (m=) lines appear in the same SDP payload. On issuing an MSRP SEND request to an MSRP media session that is a member of an XCON Conference instance, the SEND request will be replicated and forwarded, in the relevant context, to all other MSRP media sessions that are participants of the Conference Instance. An MSRP capable client wishing to join a conference uses standardized XCON mechanisms for creating and joining a Conference. SIP signaling mechanisms for creating and joining a conference are defined in SIPPING Conference Framework [3] and non signaling specific mechanisms are defined in the XCON Framework [2]. A client MUST include the media label attribute defined in [8] when including multiple MSRP sessions in the same SDP payload. Even in the simplest Conference System, where users are allowed to enter anonymously, the internal representation described in this section should be observed. In this case the Conference System would still internally create a Conference User Identifier for participant reference purposes. 4. Text Sidebar The Session Based Messaging Conferencing requirements document [6] identifies the requirement (REQ-GEN-12) to set up a sidebar conference with one or more participants of the conference. Boulton & Barnes Expires March 26, 2006 [Page 7] Internet-Draft MSRP Conferencing September 2005 The concept of a 'sidebar' in an XCON compliant conference system is fully described in section 7.3 of the XCON Framework document [2]. The creation, manipulation and deletion of sidebars for MSRP based sessions has the same principles. [Editors note: see current sidebar proposal in the XCON FW relating to cloning a conference object with no associated time reference. This provides a current sub-conference.] Creating a sidebar representation for MSRP would have internal ramifications in a Conference System. It would involve the creation of a cloned conference object (see editor's note above) that associates the appropriate Conference users. This would then involve a new session being established to convey the Sidebar information. [Editors note: Lots more detail to insert.] 5. Private Message [Editors note: This section needs updating to align with updates to niemi-simple-chat.] 6. Security Considerations As discussed in the XCON Framework, there are a wide variety of potential attacks related to conferencing, due to the natural involvement of multiple endpoints and the many, often user-invoked, capabilities provided by the conferencing system. Examples of attacks in the context of MSRP conferencing would include the following: an endpoint attempting to receive the messages for conferences in which it is not authorized to participate, an endpoint attempting to disconnect other users, and theft of service, by an endpoint, in attempting to create conferences it is not allowed to create. Since this solution makes use of existing protocols (e.g. MSRP, Conference Control Protocol, SIP), it also re-uses the security solutions for those protocols and the associated authorization mechanisms. There are security issues associated with the authorization to specifically perform the MSRP conferencing capability. Since, this solution makes use of the XCON framework, it makes use of the policy associated with the Conference Object to ensure that only authorized entities are able to manipulate the data to access the capabilities. This solution also makes use of the privacy and security of the identity of a user in the conference, as discussed in the XCON Framework. Boulton & Barnes Expires March 26, 2006 [Page 8] Internet-Draft MSRP Conferencing September 2005 [Editor's Note: Are there any security issues unique to MSRP conferencing that aren't covered by based MSRP, MSRP relays or the conferencing framework? ] 7. Acknowledgements The authors would like to thank Miguel Garcia-Martin for his comments on this document and discussion of the solution options. 8. References 8.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 8.2. Informative References [2] Barnes, M., "A Framework and Data Model for Centralized Conferencing", draft-ietf-xcon-framework-01 (work in progress), July 2005. [3] Rosenberg, J., "A Framework for Conferencing with the Session Initiation Protocol", draft-ietf-sipping-conferencing-framework-05 (work in progress), May 2005. [4] Campbell, B., "The Message Session Relay Protocol", draft-ietf-simple-message-sessions-11 (work in progress), July 2005. [5] Jennings, C., "Relay Extensions for the Message Sessions Relay Protocol (MSRP)", draft-ietf-simple-msrp-relays-05 (work in progress), July 2005. [6] Niemi, A. and M. Garcia-Martin, "Requirements for Private Messaging in Centralized Conference Environments", draft-garcia-xcon-private-messaging-reqs-01 (work in progress), June 2005. [7] Niemi, A. and M. Garcia-Martin, "Multi-party Instant Message (IM) Sessions using the Message Session Relay Protocol (MSRP)", draft-niemi-simple-chat-03 (work in progress), July 2005. [8] Levin, O. and G. Camarillo, "The SDP (Session Description Protocol) Label Attribute", draft-ietf-mmusic-sdp-media-label-01 Boulton & Barnes Expires March 26, 2006 [Page 9] Internet-Draft MSRP Conferencing September 2005 (work in progress), January 2005. Boulton & Barnes Expires March 26, 2006 [Page 10] Internet-Draft MSRP Conferencing September 2005 Authors' Addresses Chris Boulton Ubiquity Software Corporation Building 3 Wern Fawr Lane St Mellons Cardiff, South Wales CF3 5EA Email: cboulton@ubiquitysoftware.com Mary Barnes Nortel 2201 Lakeside Blvd Richardson, TX Email: mary.barnes@nortel.com Boulton & Barnes Expires March 26, 2006 [Page 11] Internet-Draft MSRP Conferencing September 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Boulton & Barnes Expires March 26, 2006 [Page 12]