SIP Call-Info Parameters for Rich Call DataComcastComcast Technology CenterPhiladelphia, PA 19103USAchris-ietf@chriswendt.netNeustar Inc.1800 Sutter St Suite 570Concord, CA 94520USjon.peterson@neustar.biz
art
IdentityThis document describes a SIP Call-Info usage defined to include rich data associated with the identity of the calling party that can be rendered to called party for providing more useful information about the caller or the specific reason for the call. This includes extended comprehensive information about the caller such as what a jCard object can represent for describing the calling party or other call specific information such as describing the reason or intent of the call. The elements defined for this purpose are intended to be extensible to accommodate related information about calls that helps people decide whether to pick up the phone and additionally, with the use of jCard and other elements, to be compatible with the STIR/PASSporT Rich Call Data framework.Traditional telephone network signaling protocols have long supported delivering a ‘calling name’ from the originating side, though in practice, the terminating side is often left to derive a name from the calling party number by consulting a local address book or an external database. SIP similarly can carry a ‘display-name’ in the From header field value from the originating to terminating side, though it is an unsecured field that is not commonly trusted. The same is true of information in the Call-Info header field.To allow calling parties to initiate, and called parties to receive, a more comprehensive, deterministic, and extensible rich call data for incoming calls, we describe new tokens for the SIP Call-Info header field and a corresponding “purpose” parameter. We also define a new parameter of Call-Info designed for carrying a “reason” value. For this document, depending on the policies of the communications system, calling parties could either be the end user device or an originating service provider, and called parties could also similarly be an end user device or the terminating service provider acting on behalf of the recipient of the call.Used on its own, this specification assumes that called party user agent can trust the SIP network or the SIP provider to deliver the correct rich call data (RCD) information. This may not always be the case and thus, the entity inserting the Call-Info header field and the UAS relying on it SHOULD be part of the same trust domain . Alternatively, and likely the recommended approach, is that the entity inserting the call-info header should also sign the caller information via STIR mechanisms and specifically through the . This STIR signature would likely be provided by the caller itself or the originating service provider using an authoritative signature to authenticate the information is from the originator and hasn’t been tampered with in transmission. provides a means of carrying additional data about callers for the purposes of emergency services (especially its Section 4.4 “Owner/Subscriber” information). This specification provides an overlapping functionality for non-emergency cases. Rather than overloading its “EmergencyCallData” Call-Info “purpose” parameter value, this document defines a separate “purpose” parameter for the more generic delivery of information via jCard . This document borrows from the capability to carry a data structure as a body, through the use of the “cid” URI scheme .The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.The Call-Info header field, defined in Section 20.9, defines a purpose parameter currently with “info”, “icon”, and “card” tokens. This document defines one new purpose value and one new generic parameter for Call-Info.First, the purpose value of “jcard” is to be used to associate rich call data related to the identity of the calling party in the form of a jCard . While there is a “card” token that is already defined with similar purpose, there are two primary reasons for the definition and usage of jCard and the use of JSON over the XML based vCard . JSON has become the default and optimally supported for transmission, parsing, and manipulation of data on IP networks. jCard has also been defined in and has been adopted by PASSporT because of the usage of JSON Web Tokens (JWT) .Second, a generic parameter for “reason” is to be used to provide a string or other object that is used to convey the intent or reason the caller is calling to help the called party understand better the context of the call and why they may want to answer the call.The use of the new Call-Info Token “jcard” is for the purpose of supporting RCD associated with the identity of a calling party in a SIP call Section 20.9. The format of a Call-Info header field when using the “jcard” is as follows.The Call-Info header should include a URI where the resource pointed to by the URI is a jCard JSON object defined in . This MAY be carried in the body of the SIP request bearing this Call-Info via the “cid” URI scheme . Alternatively, the URI MUST define the use HTTPS or a transport that can validate the integrity of the source of the resource as well as the transport channel the resource is retrieved.An example of a Call-Info header field is:An example jCard JSON file is shown as follows:Examples using the “cid” URI scheme will follow in future versions of this specification.In addition to the jCard value defined here, this specification also defines a generic parameter of the Call-Info header called “reason”. The “reason” parameter is intended to convey a short textual message suitable for display to an end user during call alerting. As a general guideline, this message SHOULD be no longer than ten words; displays that support this specification may be forced to truncate messages that cannot fit onto a screen. This message conveys the caller’s intention in contacting the callee. It is an optional parameter, and the sender of a SIP request cannot guarantee that its display will be supported by the terminating endpoint. The manner in which this reason is set by the caller is outside the scope of this specification.One alternative approach would be to use the baseline Subject header field value to convey the reason for the call. Because the Subject header has seen little historical use in SIP implementations, however, and its specification describes its potential use in filtering, it seems more prudent to define a new means of carrying a call reason indication.An example of a Call-Info header field value with the “reason” parameter follows:One can readily imagine a need for more structured call reason data that could be reliably processed automatically. Future versions of this specification may explore ways to provide a structured data object in place of a textual string to support things like internationalization or categories of reason that can be parsed by machines.Beyond the definition of the specific properties or JSON arrays associated with each property. This specification defines a few rules above and beyond specific to making sure there is a mimimum level of supported properties that every implementation of this specification should adhere to. This includes the support of intepreting the value of this property and the ability to render in some form appropriate to the display capabilities of the device. This includes requirements specific to either textual displays and graphics capable displays.These types are used to capture information associated with the identification and naming of the entity associated with the jCard.The “fn” property MUST be supported with the intent of providing a formatted text corresponding to the name of the object the jCard represents. Reference Section 6.2.1.The “n” property SHOULD be supported with the intent of providing the components of the name of the object the jCard represents. Reference Section 6.2.2.The “nickname” property SHOULD be supported with the intent of providing the text corresponding to the nickname of the object the jCard represents. Reference Section 6.2.3.The “photo” property MUST be supported with the intent of an image or photograph information that annotates some aspect of the object the jCard represents. Reference Section 6.2.4.In addition to the definition of jCard, and to promote interoperability and proper formating and rendering of images, the photo SHOULD correspond to a square image size of the sizes 128x128, 256x256, 512x512, or 1024x1024 pixels.These properties are concerned with information related to the delivery addressing or label for the jCard object.The “adr” property MUST be supported with the intent of providing the delivery address of the object the jCard represents. Reference Section 6.3.1.These properties describe information about how to communicate with the object the jCard represents.The “tel” property MUST be supported with the intent of providing the telephone number for telephony communication of the object the jCard represents. Reference Section 6.4.1.Relative to the SIP From header field this information may provide alternate telephone number or other related telephone numbers for other uses.The “email” property MUST be supported with the intent of providing the electronic mail address for communication of the object the jCard represents. Reference Section 6.4.2.The “lang” property MUST be supported with the intent of providing the language(s) that may be used for contacting of the object the jCard represents. Reference Section 6.4.4.These properties are concerned with information associated with geographical positions or regions associated with the object the jCard represents.The “tz” property MUST be supported with the intent of providing the time zone of the object the jCard represents. Reference Section 6.5.1.Editor Note: recommendations of representing Time Zone don’t seem to be clear. TBD.The “geo” property MUST be supported with the intent of providing the global positioning of the object the jCard represents. Reference Section 6.5.2.These properties are concerned with information associated with characteristics of the organization or organizational units of the object that the jCard represents.texttexttexttexttexttextThese properties are concerned with additional explanations, such as that related to informational notes or revisions specific to the jCard.ref 6.7.1ref 6.7.2ref 6.7.5 (ringtone?)ref 6.7.6 (origID like value?)ref 6.7.8Part of the intent of the usage of jCard is that it has it’s own extensibility properties where new properties can be defined to relay newly defined information related to a caller. This capability is inherently supported as part of standard extensibility. However, usage of those new properties should be published and registered following Section 3.6 or new specifications.We would like to thank members of the STIR working group for helpful suggestions and comments for the creation of this draft.[this RFC] defines the “jcard” token for use as a new token in the Call-Info header in the “Header Field Parameters and Parameter Values” registry defined by .[this RFC] defines the “reason” generic parameter for use as a new parameter in the Call-Info header in the “Header Field Parameters and Parameter Values” registry defined by . The parameter’s token is “reason” and it takes the value of a quoted string.Revealing information such as the name, location, and affiliation of a person necessarily entails certain privacy risks. SIP and Call-Info has no particular confidentiality requirement, as the information sent in SIP is in the clear anyway. Transport-level security can be used to hide information from eavesdroppers, and the same confidentiality mechanisms would protect any Call-Info or jCard information carried or referred to in SIP.Content-ID and Message-ID Uniform Resource LocatorsThe Uniform Resource Locator (URL) schemes, "cid:" and "mid:" allow references to messages and the body parts of messages. For example, within a single multipart message, one HTML body part might include embedded references to other parts of the same message. [STANDARDS-TRACK]vCard MIME Directory ProfileThis memo defines the profile of the MIME Content-Type for directory information for a white-pages person object, based on a vCard electronic business card. [STANDARDS-TRACK]SIP: Session Initiation ProtocolThis document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. [STANDARDS-TRACK]Short Term Requirements for Network Asserted IdentityThe Internet Assigned Number Authority (IANA) Header Field Parameter Registry for the Session Initiation Protocol (SIP)This document creates an Internet Assigned Number Authority (IANA) registry for the Session Initiation Protocol (SIP) header field parameters and parameter values. It also lists the already existing parameters and parameter values to be used as the initial entries for this registry. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.vCard Format SpecificationThis document defines the vCard data format for representing and exchanging a variety of information about individuals and other entities (e.g., formatted and structured name and delivery addresses, email address, multiple telephone numbers, photograph, logo, audio clips, etc.). This document obsoletes RFCs 2425, 2426, and 4770, and updates RFC 2739. [STANDARDS-TRACK]Further Key Words for Use in RFCs to Indicate Requirement LevelsRFC 2119 defines a standard set of key words for describing requirements of a specification. Many IETF documents have found that these words cannot accurately capture the nuanced requirements of their specification. This document defines additional key words that can be used to address alternative requirements scenarios. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:The key words "MUST (BUT WE KNOW YOU WON\'T)", "SHOULD CONSIDER", "REALLY SHOULD NOT", "OUGHT TO", "WOULD PROBABLY", "MAY WISH TO", "COULD", "POSSIBLE", and "MIGHT" in this document are to be interpreted as described in RFC 6919.jCard: The JSON Format for vCardThis specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example, telephone numbers, email addresses, structured names, and delivery addresses. JSON is a lightweight, text-based, language- independent data interchange format commonly used in Internet applications.Secure Telephone Identity Problem Statement and RequirementsOver the past decade, Voice over IP (VoIP) systems based on SIP have replaced many traditional telephony deployments. Interworking VoIP systems with the traditional telephone network has reduced the overall level of calling party number and Caller ID assurances by granting attackers new and inexpensive tools to impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks. Despite previous attempts to provide a secure assurance of the origin of SIP communications, we still lack effective standards for identifying the calling party in a VoIP session. This document examines the reasons why providing identity for telephone numbers on the Internet has proven so difficult and shows how changes in the last decade may provide us with new strategies for attaching a secure identity to SIP sessions. It also gives high-level requirements for a solution in this space.JSON Web Token (JWT)JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.Additional Data Related to an Emergency CallWhen an emergency call is sent to a Public Safety Answering Point (PSAP), the originating device, the access network provider to which the device is connected, and all service providers in the path of the call have information about the call, the caller, or the location, which is helpful for the PSAP to have in handling the emergency. This document describes data structures and mechanisms to convey such data to the PSAP. The intent is that every emergency call carry as much of the information described here as possible using the mechanisms described here.The mechanisms permit the data to be conveyed by reference (as an external resource) or by value (within the body of a SIP message or a location object). This follows the tradition of prior emergency services standardization work where data can be conveyed by value within the call signaling (i.e., in the body of the SIP message) or by reference.Authenticated Identity Management in the Session Initiation Protocol (SIP)The baseline security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP requests. It does so by defining a SIP header field for conveying a signature used for validating the identity and for conveying a reference to the credentials of the signer.This document obsoletes RFC 4474.PASSporT: Personal Assertion TokenThis document defines a method for creating and validating a token that cryptographically verifies an originating identity or, more generally, a URI or telephone number representing the originator of personal communications. The Personal Assertion Token, PASSporT, is cryptographically signed to protect the integrity of the identity of the originator and to verify the assertion of the identity information at the destination. The cryptographic signature is defined with the intention that it can confidently verify the originating persona even when the signature is sent to the destination party over an insecure channel. PASSporT is particularly useful for many personal-communications applications over IP networks and other multi-hop interconnection scenarios where the originating and destination parties may not have a direct trusted relationship.PASSporT Extension for Rich Call DataThis document extends PASSporT, a token for conveying cryptographically-signed call information about personal communications, to include rich data that can be transmitted and subsequently rendered to users, extending identifying information beyond human-readable display name comparable to the "Caller ID" function common on the telephone network. The element defined for this purpose, Rich Call Data (RCD), is an extensible object defined to either be used as part of STIR or with SIP Call-Info to include related information about calls that helps people decide whether to pick up the phone. This signing of the RCD information is also enhanced with an integrity mechanism to optionally protect the handling of this information between authoritative and non- authoritative parties authoring and signing the Rich Call Data for support of different usage and content policies.Key words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.