modern C. Wendt
Internet-Draft Comcast
Intended status: Standards Track October 31, 2016
Expires: May 4, 2017

Identity Registry (idreg)


This document will describe an approach for how a distributed identity registry model might look. It will consider both public registry components of the data model necessary for routing calls from one globally routable identity to another. It will also consider part of the private registry components a provider may need to manage associations with users or customers. Other topics include provider associations, application or service association, and the ability to support multiple identities associated with a user/subscriber (e.g. telephone number and e-mail identity).

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on May 4, 2017.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Introduction

There are many useful VoIP and user to user communications applications that desire the ability to provide services that don’t depend on a single entity or provider to manage the end-to-end identities associated with that application. For example, using the VoIP protocol, SIP [RFC3261], the telephone network provides a federated mechanism that using a publicly known identity, the telephone number, a customer of a telephone provider A can call a customer of telephone provider B based on managed routing databases and routing rules. XMPP [RFC6120] is another example of a protocol that allowed federation of communications based on the username and domain of the host of the XMPP server. Each of these examples uses service specific databases or registries that are generally protocol or application specific, however today application providers general provide many applications or services for a user which generally share the use of common communications identities like telephone numbers, e-mail identities, or identities associated with web based IdPs.

2. Terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].

3. Overview

The identity registry model proposed in this document supports the model where there are a few actors in the model relevant to providing communications services.

This data model can be used to build the shared data between providers that support the federated service in order for users that are associated with one provider to call another provider.

3.1. Identity Data Model

                         |           |
                         |   User/   |\
                         | Subscriber|  \
                         | (Private) |    \
                         |___________|    Uses Services of    
                               |           ___\_______
                               |           |          |
                         Subscribes to     | Provider |
                               |           |__________|
                          _____|_____       /
                         |           |  Offers a
                         | Service   |  /
                         | Identity  |/
                       Using (one or more)
         _____|_____      _____|_____        _____|_____
        |           |    |           |      |           |
        |  Public   |    |  Public   |      |  Public   |
        | Identity 1|    | Identity 2|  ... | Identity N|
        |___________|    |___________|      |___________|
                    is network addressable by
                          |          |
                          | Routing  |
                          | Identity |

3.2. Other identity registry attributes

The identity registry MUST support functions such as the following:

It is anticipated that this identity registry would be used with [I-D.wendt-modern-drip] for supporting a continuously and timely updated local registry for a given service identity the provider is offering.

4. Message and Control Flows

4.1. Queries

Typical queries for finding a globally routable identity should be in the context of a public identity and service identity for an allocated routing identity.

4.2. Allocation/Assignment

When a provider customer has decided to allocate a given single or block level set of telephone numbers there is a PUT command that allocates the number, given the number wasn’t already allocated between the GET and the PUT. As a result of a successful allocation, the telephone number will be removed from the unallocated bucket.

4.2.1. Example

As part of the allocation, the service provider will be required to provide following information:

4.3. Update Entry/Port

If a provider needs to update information related to an allocated entry, such as adding a publicID, modify routingID, etc. or if there is a port where a new service provider will overwrite the entry with new information, the API should be the same.

There is a GET operation to read the current entry information, if the provider needs this information, (e.g., read/modify/write). There also is a PUT operation that will write the updated entry information. This will require a new timestamp and signature to validate the security of the operation and logging/historical purposes.

4.4. Removal/de-allocation

If a provider wants to remove an entry for the case where a customer removes his service and no longer wants to own or associate a public identity, a DELETE operation will be provided that will delete the entry, and for the case of a telephone number, will put the telephone number back in the pool of unallocated numbers.

5. Security Considerations


6. Acknowledgements

Thanks to Harsha Bellur for collaboration on developing this model and it’s implementation.

7. References

7.1. Normative References

[I-D.wendt-modern-drip] Bellur, H. and C. Wendt, "Distributed Registry Protocol", Internet-Draft draft-wendt-modern-drip-01, July 2016.

7.2. Informative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, DOI 10.17487/RFC3261, June 2002.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R. and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008.
[RFC6120] Saint-Andre, P., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 6120, DOI 10.17487/RFC6120, March 2011.

Author's Address

Chris Wendt Comcast One Comcast Center Philadelphia, PA 19103, USA EMail: