Next-Generation Pan-European eCall
draft-ietf-ecrit-ecall-27

ECRIT                                                         R. Gellens
Internet-Draft                                Core Technology Consulting
Intended status: Standards Track                           H. Tschofenig
Expires: January 22, 2017                                     Individual
                                                           July 21, 2016


                   Next-Generation Pan-European eCall
                     draft-ietf-ecrit-ecall-10.txt

Abstract

   This document describes how to use IP-based emergency services
   mechanisms to support the next generation of the Pan European in-
   vehicle emergency call service defined under the eSafety initiative
   of the European Commission (generally referred to as "eCall"). eCall
   is a standardized and mandated system for a special form of emergency
   calls placed by vehicles, providing real-time communications and an
   integrated set of related data.

   This document also registers a MIME Content Type and an Emergency
   Call Additional Data Block for the eCall vehicle data and metadata/
   control data.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 22, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents



Gellens & Tschofenig    Expires January 22, 2017                [Page 1]


Internet-Draft            Next-Generation eCall                July 2016


   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Document Scope  . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   5
   4.  eCall Requirements  . . . . . . . . . . . . . . . . . . . . .   6
   5.  Vehicle Data  . . . . . . . . . . . . . . . . . . . . . . . .   6
   6.  Data Transport  . . . . . . . . . . . . . . . . . . . . . . .   7
   7.  Call Setup  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     7.1.  Call Routing  . . . . . . . . . . . . . . . . . . . . . .   9
   8.  Test Calls  . . . . . . . . . . . . . . . . . . . . . . . . .   9
   9.  eCall-Specific Control/Metadata . . . . . . . . . . . . . . .  10
     9.1.  The eCall Control Block . . . . . . . . . . . . . . . . .  11
       9.1.1.  The <ack> element . . . . . . . . . . . . . . . . . .  12
         9.1.1.1.  Attributes of the <ack> element . . . . . . . . .  12
         9.1.1.2.  Child Elements of the <ack> element . . . . . . .  13
         9.1.1.3.  Ack Examples  . . . . . . . . . . . . . . . . . .  13
       9.1.2.  The <request> element . . . . . . . . . . . . . . . .  13
         9.1.2.1.  Attributes of the <request> element . . . . . . .  13
         9.1.2.2.  Request Example . . . . . . . . . . . . . . . . .  14
   10. The emergencyCallData.eCall INFO package  . . . . . . . . . .  14
     10.1.  INFO Package Requirements  . . . . . . . . . . . . . . .  14
       10.1.1.  Overall Description  . . . . . . . . . . . . . . . .  15
       10.1.2.  Applicability  . . . . . . . . . . . . . . . . . . .  15
       10.1.3.  Info Package Name  . . . . . . . . . . . . . . . . .  15
       10.1.4.  Info Package Parameters  . . . . . . . . . . . . . .  16
       10.1.5.  SIP Option-Tags  . . . . . . . . . . . . . . . . . .  16
       10.1.6.  INFO Message Body Parts  . . . . . . . . . . . . . .  16
       10.1.7.  Info Package Usage Restrictions  . . . . . . . . . .  16
       10.1.8.  Rate of INFO Requests  . . . . . . . . . . . . . . .  16
       10.1.9.  Info Package Security Considerations . . . . . . . .  16
       10.1.10. Implementation Details . . . . . . . . . . . . . . .  16
       10.1.11. Examples . . . . . . . . . . . . . . . . . . . . . .  17
   11. Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  17
   12. Security Considerations . . . . . . . . . . . . . . . . . . .  22
   13. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  23
   14. XML Schema  . . . . . . . . . . . . . . . . . . . . . . . . .  23
   15. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  25
     15.1.  Service URN Registrations  . . . . . . . . . . . . . . .  25
     15.2.  MIME Content-type Registration for



Gellens & Tschofenig    Expires January 22, 2017                [Page 2]


Internet-Draft            Next-Generation eCall                July 2016


            'application/emergencyCallData.eCall.MSD+per'  . . . . .  26
     15.3.  MIME Content-type Registration for
            'application/emergencyCallData.eCall.control+xml'  . . .  27
     15.4.  Registration of the 'eCall.MSD' entry in the Emergency
            Call Additional Data Blocks registry . . . . . . . . . .  29
     15.5.  Registration of the 'eCall.control' entry in the
            Emergency Call Additional Data Blocks registry . . . . .  29
     15.6.  Registration of the emergencyCallData.eCall Info Package  29
     15.7.  URN Sub-Namespace Registration . . . . . . . . . . . . .  29
       15.7.1.  Registration for urn:ietf:params:xml:ns:eCall  . . .  29
       15.7.2.  Registration for
                urn:ietf:params:xml:ns:eCall:control . . . . . . . .  30
     15.8.  Registry creation  . . . . . . . . . . . . . . . . . . .  31
       15.8.1.  eCall Control Action Registry  . . . . . . . . . . .  31
       15.8.2.  eCall Control Extension Registry . . . . . . . . . .  32
   16. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  32
   17. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  33
   18. Changes from Previous Versions  . . . . . . . . . . . . . . .  33
     18.1.  Changes from draft-ietf-08 to draft-ietf-09  . . . . . .  33
     18.2.  Changes from draft-ietf-07 to draft-ietf-08  . . . . . .  33
     18.3.  Changes from draft-ietf-06 to draft-ietf-07  . . . . . .  34
     18.4.  Changes from draft-ietf-05 to draft-ietf-06  . . . . . .  34
     18.5.  Changes from draft-ietf-04 to draft-ietf-05  . . . . . .  34
     18.6.  Changes from draft-ietf-03 to draft-ietf-04  . . . . . .  34
     18.7.  Changes from draft-ietf-02 to draft-ietf-03  . . . . . .  34
     18.8.  Changes from draft-ietf-01 to draft-ietf-02  . . . . . .  34
     18.9.  Changes from draft-ietf-00 to draft-ietf-01  . . . . . .  35
     18.10. Changes from draft-gellens-03 to draft-ietf-00 . . . . .  35
     18.11. Changes from draft-gellens-02 to -03 . . . . . . . . . .  35
     18.12. Changes from draft-gellens-01 to -02 . . . . . . . . . .  35
     18.13. Changes from draft-gellens-00 to -01 . . . . . . . . . .  35
   19. References  . . . . . . . . . . . . . . . . . . . . . . . . .  36
     19.1.  Normative References . . . . . . . . . . . . . . . . . .  36
     19.2.  Informative references . . . . . . . . . . . . . . . . .  37
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  38

1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This document re-uses terminology defined in Section 3 of [RFC5012].

   Additionally, we use the following abbreviations:






Gellens & Tschofenig    Expires January 22, 2017                [Page 3]


Internet-Draft            Next-Generation eCall                July 2016


            +--------+----------------------------------------+
            | Term   | Expansion                              |
            +--------+----------------------------------------+
            | 3GPP   | 3rd Generation Partnership Project     |
            |        |                                        |
            | CEN    | European Committee for Standardization |
            |        |                                        |
            | EENA   | European Emergency Number Association  |
            |        |                                        |
            | ESInet | Emergency Services IP network          |
            |        |                                        |
            | IMS    | IP Multimedia Subsystem                |
            |        |                                        |
            | IVS    | In-Vehicle System                      |
            |        |                                        |
            | MNO    | Mobile Network Operator                |
            |        |                                        |
            | MSD    | Minimum Set of Data                    |
            |        |                                        |
            | PSAP   | Public Safety Answering Point          |
            +--------+----------------------------------------+

2.  Document Scope

   This document is focused on the signaling, data exchange, and
   protocol needs of next-generation eCall (NG-eCall, also referred to
   as packet-switched eCall or all-IP eCall) within the SIP framework
   for emergency calls, as described in [RFC6443] and [RFC6881].  eCall
   itself is specified by 3GPP and CEN and these specifications include
   far greater scope than is covered here.

   The eCall service operates over cellular wireless communication, but
   this document does not address cellular-specific details, nor client
   domain selection (e.g., circuit-switched versus packet-switched).
   All such aspects are the purview of their respective standards
   bodies.  The scope of this document is limited to eCall operating
   within a SIP-based environment (e.g., 3GPP IMS Emergency Calling).

   The technical contents of this document also provide a basis for
   reuse and extension for other vehicle-initiated emergency call
   systems.

   Vehicles designed for multiple regions might need to support eCall
   and other Advanced Automatic Crash Notification (AACN) systems, such
   as described in [I-D.ietf-ecrit-car-crash].






Gellens & Tschofenig    Expires January 22, 2017                [Page 4]


Internet-Draft            Next-Generation eCall                July 2016


3.  Introduction

   Emergency calls made from vehicles (e.g., in the event of a crash)
   assist in significantly reducing road deaths and injuries by allowing
   emergency services to be aware of the incident, the state of the
   vehicle, the location of the vehicle, and to have a voice channel
   with the vehicle occupants.  This enables a quick and appropriate
   response.

   The European Commission initiative of eCall was conceived in the late
   1990s, and has evolved to a European Parliament decision requiring
   the implementation of a compliant in-vehicle system (IVS) in new
   vehicles and the deployment of eCall in the European Member States in
   the very near future.  Other regions are developing eCall-compatible
   systems.

   The pan-European eCall system provides a standardized and mandated
   mechanism for emergency calls by vehicles.  eCall establishes
   procedures for such calls to be placed by in-vehicle systems,
   recognized and processed by the mobile network, and routed to a
   specialized PSAP where the vehicle data is available to assist the
   call taker in assessing and responding to the situation.  eCall
   provides a standard set of vehicle, sensor (e.g., crash related), and
   location data.

   An eCall can be either user-initiated or automatically triggered.
   Automatically triggered eCalls indicate a car crash or some other
   serious incident.  Manually triggered eCalls might be reports of
   witnessed crashes or serious hazards.  PSAPs might apply specific
   operational handling to manual and automatic eCalls.

   Legacy eCall is standardized (by 3GPP [SDO-3GPP] and CEN [CEN]) as a
   3GPP circuit-switched call over GSM (2G) or UMTS (3G).  Flags in the
   call setup mark the call as an eCall, and further indicate if the
   call was automatically or manually triggered.  The call is routed to
   an eCall-capable PSAP, a voice channel is established between the
   vehicle and the PSAP, and an eCall in-band modem is used to carry a
   defined set of vehicle, sensor (e.g., crash related), and location
   data (the Minimum Set of Data or MSD) within the voice channel.  The
   same in-band mechanism is used for the PSAP to acknowledge successful
   receipt of the MSD, and to request the vehicle to send a new MSD
   (e.g., to check if the state of or location of the vehicle or its
   occupants has changed).  NG-eCall moves from circuit switched to all-
   IP, and carries the vehicle data and other eCall-specific data as
   additional data carried with the call.  This document describes how
   IETF mechanisms for IP-based emergency calls, including [RFC6443] and
   [I-D.ietf-ecrit-additional-data] are used to provide the signaling
   and data exchange of the next generation of pan-European eCall.



Gellens & Tschofenig    Expires January 22, 2017                [Page 5]


Internet-Draft            Next-Generation eCall                July 2016


   The European Telecommunications Standards Institute (ETSI) [SDO-ETSI]
   has published a Technical Report titled "Mobile Standards Group
   (MSG); eCall for VoIP" [MSG_TR] that presents findings and
   recommendations regarding support for eCall in an all-IP environment.
   The recommendations include the use of 3GPP IMS emergency calling
   with additional elements identifying the call as an eCall and as
   carrying eCall data and with mechanisms for carrying the data and
   eCall-specific signaling.  3GPP IMS emergency services support
   multimedia, providing the ability to carry voice, text, and video.
   This capability is referred to within 3GPP as Multimedia Emergency
   Services (MMES).

   A transition period will exist during which time the various entities
   involved in initiating and handling an eCall might support next-
   generation eCall, legacy eCall, or both.  The issues of migration and
   co-existence during the transition period is outside the scope of
   this document.

4.  eCall Requirements

   eCall requirements are specified by CEN in [EN_16072] and by 3GPP in
   [TS22.101] clauses 10.7 and A.27.  Requirements specific to vehicle
   data are contained in EN 15722 [msd].

5.  Vehicle Data

   Pan-European eCall provides a standardized and mandated set of
   vehicle related data, known as the Minimum Set of Data (MSD).  The
   European Committee for Standardization (CEN) has specified this data
   in EN 15722 [msd], along with both ASN.1 and XML encodings.  Both
   circuit-switched eCall and this document use the ASN.1 PER encoding,
   which is specified in Annex A of EN 15722 [msd] (the XML encoding
   specified in Annex C is not used in this document).

   This document registers the 'application/
   emergencyCallData.eCall.MSD+per' MIME Content-Type to enable the MSD
   to be carried in SIP.  As an ASN.1 PER encoded object, the data is
   binary and transported using binary content transfer encoding within
   SIP messages.  This document also adds the 'eCall.MSD' entry to the
   Emergency Call Additional Data Blocks registry to enable the MSD to
   be recognized as such in a SIP-based eCall emergency call.  (See
   [I-D.ietf-ecrit-additional-data] for more information about the
   registry and how it is used.)

   See Section 6 for a discussion of how the MSD vehicle data is
   conveyed in an NG-eCall.





Gellens & Tschofenig    Expires January 22, 2017                [Page 6]


Internet-Draft            Next-Generation eCall                July 2016


6.  Data Transport

   The "Additional Data related to an Emergency Call" document
   [I-D.ietf-ecrit-additional-data] establishes a general mechanism for
   attaching blocks of data to a SIP emergency call.  This mechanism
   permits certain MIME types to be attached to SIP messages.  This
   document makes use of that mechanism.

   Note that if additional data sets are defined and registered (e.g.,
   in the future or in other regions) and transmitted using the same
   mechanisms, the size and frequency of transmission during a dialog
   need to be evaluated to be sure it is appropriate to use the
   signaling channel.

   An In-Vehicle System (IVS) transmits the MSD (see Section 5) by
   encoding it per Annex A of EN 15722 [msd] and attaching it to a SIP
   message as a MIME body part per [I-D.ietf-ecrit-additional-data].
   The body part is identified by its MIME content-type ('application/
   emergencyCallData.eCall.MSD+per') in the Content-Type header field of
   the body part.  The body part is assigned a unique identifier which
   is listed in a Content-ID header field in the body part.  The SIP
   message is marked as containing the MSD by adding (or appending to) a
   Call-Info header field at the top level of the SIP message.  This
   Call-Info header field contains a CID URL referencing the body part's
   unique identifier, and a 'purpose' parameter identifying the data as
   the eCall MSD per the Emergency Call Additional Data Blocks registry
   entry; the 'purpose' parameter's value is
   'emergencyCallData.eCall.MSD'.

   A PSAP transmits a metadata/control object (see Section 9) by
   encoding it per the description in this document and attaching it to
   a SIP message as a MIME body part per
   [I-D.ietf-ecrit-additional-data].  The body part is identified by its
   MIME content-type ('application/emergencyCallData.eCall.control+xml')
   in the Content-Type header field of the body part.  The body part is
   assigned a unique identifier which is listed in a Content-ID header
   field in the body part.  The SIP message is marked as containing the
   MSD by adding (or appending to) a Call-Info header field at the top
   level of the SIP message.  This Call-Info header field contains a CID
   URL referencing the body part's unique identifier, and a 'purpose'
   parameter identifying the data as an eCall metadata/control block per
   the Emergency Call Additional Data Blocks registry entry; the
   'purpose' parameter's value is 'emergencyCallData.eCall.control'.

   An In-Vehicle System (IVS) initiating an NG-eCall attaches the MSD to
   the initial INVITE.  The PSAP creates a metadata/control object
   acknowledging receipt of the MSD and attaches it to the SIP response
   to the INVITE.



Gellens & Tschofenig    Expires January 22, 2017                [Page 7]


Internet-Draft            Next-Generation eCall                July 2016


   A PSAP can request the vehicle to send an updated MSD during a call.
   The PSAP creates a metadata/control object requesting the MSD and
   attaches it to a SIP INFO message which it sends within the dialog.
   The IVS then attaches an updated MSD to a SIP INFO message and sends
   it within the dialog.  The metadata/control object and the MSD are
   attached to an INFO message in the same way they are attached to
   other messages (such as the INVITE and the reply to the INVITE as
   discussed above).  See Section 10 for information about the use of
   INFO messages to carry data within an eCall.

   When data is being carried in an INFO request message, the body part
   also carries a Content-Disposition header field set to "Info-
   Package".

   Support for the data blocks defined in
   [I-D.ietf-ecrit-additional-data] is NOT REQUIRED for conformance with
   this document.

7.  Call Setup

   In circuit-switched eCall, the IVS places a special form of a 112
   emergency call which carries an eCall flag (indicating that the call
   is an eCall and also if the call was manually or automatically
   triggered); the mobile network operator (MNO) recognizes the eCall
   flag and routes the call to an eCall-capable PSAP; vehicle data is
   transmitted to the PSAP via the eCall in-band modem (in the voice
   channel).

      ///----\\\      112 voice call with eCall flag      +------+
     ||| IVS  |||---------------------------------------->+ PSAP |
      \\\----///   vehicle data via eCall in-band modem   +------+


                     Figure 1: circuit-switched eCall

   For NG-eCall, the IVS establishes an emergency call using a Request-
   URI indicating a manual or automatic eCall; the MNO (or ESInet)
   recognizes the eCall URN and routes the call to an NG-eCall capable
   PSAP; the PSAP interpets the vehicle data sent with the call and
   makes it available to the call taker.

     ///----\\\     IMS emergency call with eCall URN    +------+
        IVS    ----------------------------------------->+ PSAP |
     \\\----///    vehicle data included in call setup   +------+

                            Figure 2: NG-eCall





Gellens & Tschofenig    Expires January 22, 2017                [Page 8]


Internet-Draft            Next-Generation eCall                July 2016


   See Section 6 for information on how the MSD is transported within an
   NG-eCall.

   This document registers new service URN children within the "sos"
   subservice.  These URNs provide the mechanism by which an eCall is
   identified, and differentiate between manually and automatically
   triggered eCalls (which might be subject to different treatment,
   depending on policy).  The two service URNs are:
   urn:service:sos.ecall.automatic and urn:service:sos.ecall.manual,
   which requests resources associated with an emergency call placed by
   an in-vehicle system, carrying a standardized set of data related to
   the vehicle and incident.

7.1.  Call Routing

   The routing applied to eCalls might differ from those of other
   emergency calls, as eCalls are intended to be handled by PSAPs that
   support eCall.  In regions without ESInets, typically the emergency
   services authorities and the originating network determine how such
   calls are routed.  In a region that uses ESInets, the originating
   network passes all types of emergency calls to an ESInet (calls which
   have a request URI containing the "SOS" service URN).  The ESInet is
   then responsible for routing such calls to the appropriate PSAP.

8.  Test Calls

   eCall requires the ability to place test calls (see [TS22.101] clause
   10.7 and [EN_16062] clause 7.2.2).  These are calls that are
   recognized and treated to some extent as eCalls but are not given
   emergency call treatment and are not handled by call takers.  The
   specific handling of test eCalls is not itself standardized;
   typically, the test call facility allows the IVS or user to verify
   that an eCall can be successfully established with voice
   communication.  The IVS might also be able to verify that the MSD was
   successfully received.

   A service URN starting with "test." indicates a test call.  For
   eCall, "urn:service:test.sos.ecall" indicates such a test feature.
   This functionality is defined in [RFC6881].

   This document registers "urn:service:test.sos.ecall" for eCall test
   calls.

   The CS-eCall test call facility is a non-emergency number so does not
   get treated as an emergency call.  For NG-eCall, MNOs, emergency
   authorities, and PSAPs can determine how to treat a vehicle call
   requesting the "test" service URN so that the desired functionality
   is tested, but this is outside the scope of this document.



Gellens & Tschofenig    Expires January 22, 2017                [Page 9]


Internet-Draft            Next-Generation eCall                July 2016


9.  eCall-Specific Control/Metadata

   eCall requires the ability for the PSAP to acknowledge successful
   receipt of an MSD sent by the IVS, and for the PSAP to request that
   the IVS send an MSD (e.g., the call taker can initiate a request for
   a new MSD to see if there have been changes in the vehicle's state,
   e.g., location, direction, number of fastened seatbelts).

   This document defines a block of metadata/control data as an XML
   structure containing eCall-specific elements.  When the PSAP needs to
   send an eCall control block that is in response to data sent by the
   IVS in a SIP request (e.g., the MSD in the initial INVITE), the
   control block can be sent in the SIP response to that request (e.g.,
   the response to the INVITE request).  When the PSAP needs to send an
   eCall control block in other circumstances (e.g., mid-call), the
   control block can be transmitted from the PSAP to the IVS in a SIP
   INFO request within the established dialog.  The IVS sends the
   requested data (the MSD) in a new INFO request.  This mechanism
   flexibly allows the PSAP to send eCall-specific data to the IVS and
   the IVS to respond.  See Section 6 for more information on attaching
   a metadata/control block to a SIP message.

   This mechanism requires

   o  An XML definition of the eCall control object
   o  An extension mechanism by which new elements, attributes, and
      values can be added to the control object definition
   o  A MIME type registration for the control object (so it can be
      carried in SIP messages and responses)
   o  An entry in the Emergency Call Additional Data Blocks sub-registry
      (established by [I-D.ietf-ecrit-additional-data]) so that the
      control block can be recognized as emergency call specific data
      within SIP messages
   o  An Info-Package registration per [RFC6086] permitting data blocks
      registered in the Emergency Call Additional Data Blocks sub-
      registry (established by [I-D.ietf-ecrit-additional-data]) within
      Info messages

   When the IVS includes an unsolicited MSD in a SIP request (e.g., the
   initial INVITE), the PSAP sends a metadata/control block indicating
   successful/unsuccessful receipt of the MSD in the SIP response to the
   request.  This also informs the IVS that an NG-eCall is in operation.
   If the IVS receives a SIP response without the metadata/control
   block, it indicates that the SIP dialog is not an NG-eCall (e.g.,
   some part of the call is being handled as a legacy call).  When the
   IVS sends a solicited MSD (e.g., in a SIP INFO request sent following
   receipt of a SIP INFO request containing a metadata/control block
   requesting an MSD), the PSAP does not send a metadata/control block



Gellens & Tschofenig    Expires January 22, 2017               [Page 10]


Internet-Draft            Next-Generation eCall                July 2016


   indicating successful or unsuccessful receipt of the MSD.  (Normal
   SIP retransmission handles non-receipt of requested data; if the IVS
   sends a requested MSD in an INFO request and does not receive a SIP
   status message for the INFO request, it resends it; if the PSAP
   requests an MSD and does not receive a SIP status message for the
   INFO request, it resends it.)

   This provides flexibility to handle various circumstances.  For
   example, if a PSAP is unable to accept an eCall (e.g., due to
   overload or too many calls from the same location), it can reject the
   INVITE.  Since a metadata/control object is also included in the SIP
   response that rejects the call, the IVS knows if the PSAP received
   the MSD, and can inform the vehicle occupants that the PSAP
   successfully received the vehicle location and information but can't
   talk to the occupants at that time.  Especially for SIP response
   codes that indicate an inability to conduct a call (as opposed to a
   technical inability to process the request), the IVS can also
   determine that the call was successful on a technical level (e.g.,
   not helpful to retry as a CS-eCall).  The SIP response codes 600
   (Busy Everywhere), 486 (Busy Here), and 603 (Decline) are used when
   the PSAP wants to reject a call but inform the vehicle occupants that
   it is aware of the situation.  (Note that there could be edge cases
   where the PSAP response is not received by the IVS, e.g., if an
   intermediary sends a CANCEL, and an error response is forwarded
   towards the IVS before the error response from the PSAP is received,
   the response will be dropped, but these are unlikely to occur here.)

9.1.  The eCall Control Block

   The eCall control block is an XML data structure allowing for
   acknowledgments and requests.  It is carried in a SIP body part with
   a specific MIME content type.  It can be extended via an IANA
   registry to add additional elements, attributes, and values.  Two
   top-level elements are defined for use within an eCall control block:

   ack           Used in a control block sent by the PSAP to acknowledge
                 receipt of a data set sent by the IVS.

   request       Used in a control block sent by the PSAP to request the
                 vehicle to perform an action.  The only action defined
                 in this document is a request for the IVS to send an
                 MSD.

   Mandatory Actions (the IVS and the PSAP MUST support):

   o  Transmit data object

   Optional Actions (the IVS and the PSAP MAY support):



Gellens & Tschofenig    Expires January 22, 2017               [Page 11]


Internet-Draft            Next-Generation eCall                July 2016


   o  None

   The <ack> element indicates the object being acknowledged (e.g., the
   MSD), and reports success or failure.

   The <request> element contains attributes to indicate the request and
   to supply related information.  The 'action' attribute is mandatory
   and indicates the specific action.  An IANA registry is created in
   Section 15.8.1 to contain the allowed values.

   Extensibility: New elements, child elements, attributes of new and
   existing elements, and values for new and existing attributes can be
   added in the IANA registry created in Section 15.8.2.  The registry
   permits implementors to see what has been added, with a reference to
   the defining document.  (Implementations are not expected to
   dynamically check the registry.)  Implementations MUST ignore
   unrecognized elements, attributes, and values (this allows new items
   to be added without breaking older implementations).

9.1.1.  The <ack> element

   The <ack> element is transmitted by the PSAP to acknowledge receipt
   of an eCall data object.  An <ack> element sent by a PSAP references
   the unique ID of the data object that was sent by the IVS, and
   further indicates if the PSAP considers the receipt successful or
   not.

   The <ack> element has the following attributes:

9.1.1.1.  Attributes of the <ack> element

   The <ack> element has the following attributes:

   Name:  ref
   Usage:  Mandatory
   Type:  anyURI
   Description:  References the Content-ID of the body part that
      contained the data object being acknowledged.
   Example:  <ack received="yes" ref="1234567890@atlanta.example.com"/>

   Name:  received
   Usage:  Conditional: mandatory in an >ack< element sent by a PSAP
   Type:  Boolean
   Description:  Indicates if the referenced object was successfully
      received or not
   Example:  <ack received="yes" ref="1234567890@atlanta.example.com"/>





Gellens & Tschofenig    Expires January 22, 2017               [Page 12]


Internet-Draft            Next-Generation eCall                July 2016


9.1.1.2.  Child Elements of the <ack> element

   The <ack> element has no child elements

9.1.1.3.  Ack Examples


      <?xml version="1.0" encoding="UTF-8"?>
      <EmergencyCallData.eCall.Control
          xmlns="urn:ietf:params:xml:ns:EmergencyCallData:eCall:control"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation=
              "urn:ietf:params:xml:ns:EmergencyCallData:eCall:control">

      <ack received="true" ref="1234567890@atlanta.example.com"/>

      </EmergencyCallData.eCall.Control>


                  Figure 3: Ack Example from PSAP to IVS

9.1.2.  The <request> element

   A <request> element allows the PSAP to request that the IVS send an
   MSD.  The following attributes are defined:

9.1.2.1.  Attributes of the <request> element

   The <request> element has the following attributes:

   Name:  action
   Usage:  Mandatory
   Type:  token
   Description:  Identifies the action that the vehicle is requested to
      perform.  An IANA registry is established in Section 15.8.1 to
      contain the allowed values.
   Example:  action="send-data"

   Name:  datatype
   Usage:  Conditional
   Type:  token
   Description:  Mandatory with a "send-data" action.  Specifies the
      data block that the IVS is requested to transmit, using the same
      identifier as in the 'purpose' attribute set in a Call-Info header
      field to point to the data block.  Permitted values are contained
      in the 'Emergency Call Data Types' IANA registry established in
      [I-D.ietf-ecrit-additional-data].  Only the "eCall.MSD" value is
      mandatory to support.



Gellens & Tschofenig    Expires January 22, 2017               [Page 13]


Internet-Draft            Next-Generation eCall                July 2016


   Example:  datatype="eCall.MSD"

9.1.2.2.  Request Example


      <?xml version="1.0" encoding="UTF-8"?>
      <EmergencyCallData.eCall.Control
          xmlns="urn:ietf:params:xml:ns:EmergencyCallData:eCall:control"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation=
              "urn:ietf:params:xml:ns:EmergencyCallData:eCall:control">

      <request action="send-data" datatype="eCall.MSD"/>

      </EmergencyCallData.eCall.Control>


                         Figure 4: Request Example

10.  The emergencyCallData.eCall INFO package

   This document registers the 'emergencyCallData.eCall' INFO package.

   Both endpoints (the IVS and the PSAP equipment) include
   'emergencyCallData.eCall' in a Recv-Info header field per [RFC6086]
   to indicate ability to receive INFO messages carrying data as
   described here.

   Support for the 'emergencyCallData.eCall' INFO package indicates the
   ability to receive body parts registered in the 'Emergency Call Data
   Types' IANA registry.  Because new body parts can be added to the
   registry, implementations MUST ignore any unsupported or unrecognized
   body parts.  Only the 'application/emergencyCallData.eCall.MSD+per'
   and 'application/emergencyCallData.eCall.control+xml' body parts are
   REQUIRED to be supported for conformance with this document.

   An INFO request message carrying data related to an emergency call
   has an Info-Package header field set to 'emergencyCallData.eCall' per
   [RFC6086].  See Section 6 for details on how to attach eCall data to
   an INFO message.

10.1.  INFO Package Requirements

   The requirements of Section 10 of [RFC6086] are addressed in the
   following sections.






Gellens & Tschofenig    Expires January 22, 2017               [Page 14]


Internet-Draft            Next-Generation eCall                July 2016


10.1.1.  Overall Description

   This section describes "what type of information is carried in INFO
   requests associated with the Info Package, and for what types of
   applications and functionalities UAs can use the Info Package."

   INFO requests associated with the emergencyCallData.eCall INFO
   package carry data associated with emergency calls as registered in
   the 'Emergency Call Data Types' IANA registry.  The application is
   emergency calls established using SIP.  The functionality is to carry
   data, metadata, and control information (requests) between vehicles
   and PSAPs.  Refer to [TBD: THIS DOCUMENT] for more information.

10.1.2.  Applicability

   This section describes "why the Info Package mechanism, rather than
   some other mechanism, has been chosen for the specific use-case...."

   The use of INFO is based on an analysis of the requirements against
   the intent and effects of INFO versus other approaches (which
   included SIP MESSAGE, SIP OPTIONS, SIP re-INVITE, media plane
   transport, and non-SIP protocols).  In particular, the transport of
   emergency call data blocks occurs within a SIP emergency dialog, per
   Section 6, and is normally carried in the initial INVITE and its
   response; the use of INFO only occurs when emergency-call-related
   data needs to be sent mid-call.  While MESSAGE could be used, it is
   not tied to a SIP dialog as is INFO and thus might not be associated
   with the dialog.  SIP OPTIONS or re-INVITE could also be used, but is
   seen as less clean than INFO.  SUBSCRIBE/NOTIFY could be coerced into
   service, but the semantics are not a good fit, e.g., the subscribe/
   notify mechanism provides one-way communication consisting of (often
   multiple) notifications from notifier to subscriber indicating that
   certain events in notifier have occurred, whereas what's needed here
   is two-way communication of data related to the emergency dialog.
   Use of the media plane mechanisms was discounted because the number
   of messages needing to be exchanged in a dialog is normally zero or
   very few, and the size of the data is likewise very small.  The
   overhead caused by user plane setup (e.g., to use MSRP as transport)
   would be disproportionately large.

   Based on the the analyses, the SIP INFO method was chosen to provide
   for mid-call data transport.

10.1.3.  Info Package Name

   The info package name is emergencyCallData.eCall.





Gellens & Tschofenig    Expires January 22, 2017               [Page 15]


Internet-Draft            Next-Generation eCall                July 2016


10.1.4.  Info Package Parameters

   None.

10.1.5.  SIP Option-Tags

   None.

10.1.6.  INFO Message Body Parts

   Only those body parts registered in the 'Emergency Call Data Types'
   IANA registry are associated with this INFO package.

   When more than one body part is included, they are enclosed in a
   multipart body part (e.g., multipart/mixed).  When a body part is
   digitally signed or encrypted, it is enclosed in an appropriate body
   part (e.g., multipart/signed or multipart/encrypted).

   The Content-Disposition value of a message body part associated with
   the emergencyCallData.eCall info package is "info-package".

10.1.7.  Info Package Usage Restrictions

   None.

10.1.8.  Rate of INFO Requests

   The rate of SIP INFO requests associated with the
   emergencyCallData.eCall info package is expected to be quite low
   (most dialogs are likely to contain zero INFO requests, while others
   can be expected to carry occasional requests).

10.1.9.  Info Package Security Considerations

   The MIME content type registation for each data block listed in the
   'Emergency Call Data Types' IANA registry contains a discussion of
   the security and/or privacy considerations specific to that data
   block.  The "Security Considerations" and "Privacy Considerations"
   sections of [TBD: THIS DOCUMENT] discuss security and privacy
   considerations of the data carried in eCealls.

10.1.10.  Implementation Details

   See [TBD: THIS DOCUMENT] for protocol details.







Gellens & Tschofenig    Expires January 22, 2017               [Page 16]


Internet-Draft            Next-Generation eCall                July 2016


10.1.11.  Examples

   See [TBD: THIS DOCUMENT] for protocol examples.

11.  Examples

   Figure 5 illustrates an eCall.  The call uses the request URI
   'urn:service:sos.ecall.automatic' service URN and is recognized as an
   eCall, and further as one that was invoked automatically by the IVS
   due to a crash or other serious incident.  In this example, the
   originating network routes the call to an ESInet which routes the
   call to the appropriate NG-eCall capable PSAP.  The emergency call is
   received by the ESInet's Emergency Services Routing Proxy (ESRP), as
   the entry point into the ESInet.  The ESRP routes the call to a PSAP,
   where it is received by a call taker.  In deployments where there is
   no ESInet, the originating network routes the call directly to the
   appropriate NG-eCall capable PSAP, an illustration of which would be
   identical to the one below except without an ESInet or ESRP.


               +------------+  +---------------------------------------+
               |            |  |                  +-------+            |
               |            |  |                  | PSAP2 |            |
               |            |  |                  +-------+            |
               |            |  |                                       |
               |            |  |  +------+     +-------+               |
     Vehicle-->|            |--+->| ESRP |---->| PSAP1 |--> Call-Taker |
               |            |  |  +------+     +-------+               |
               |            |  |                                       |
               |            |  |                  +-------+            |
               |            |  |                  | PSAP3 |            |
               | Originating|  |                  +-------+            |
               |   Mobile   |  |                                       |
               |  Network   |  |                ESInet                 |
               +------------+  +---------------------------------------+

                Figure 5: Example of NG-eCall Message Flow

   Figure 6 illustrates an eCall call flow with a mid-call PSAP request
   for an updated MSD.  The call flow shows the IVS initiating an
   emergency call, including the MSD in the INVITE.  The PSAP includes
   in the 200 OK response a metadata/control object acknowledging
   receipt of the MSD.  During the call, the PSAP sends a request for an
   MSD in an INFO message.  The IVS sends the requested MSD in a new
   INFO message.






Gellens & Tschofenig    Expires January 22, 2017               [Page 17]


Internet-Draft            Next-Generation eCall                July 2016


            IVS                                         PSAP
             |(1) INVITE (eCall MSD)                      |
             |------------------------------------------->|
             |                                            |
             |(2) 200 OK (eCall metadata [ack MSD])       |
             |<-------------------------------------------|
             |                                            |
             |(3) start media stream(s)                   |
             |............................................|
             |                                            |
             |(4) INFO (eCall metadata [request MSD])     |
             |<-------------------------------------------|
             |                                            |
             |(5) 200 OK                                  |
             |------------------------------------------->|
             |                                            |
             |(6) INFO (eCall MSD)                        |
             |------------------------------------------->|
             |                                            |
             |(7) 200 OK                                  |
             |<-------------------------------------------|
             |                                            |
             |(8) BYE                                     |
             |<-------------------------------------------|
             |                                            |
             |(9) end media streams                       |
             |............................................|
             |                                            |
             |(10) 200 OK                                 |
             |------------------------------------------->|

                 Figure 6: NG-eCall Call Flow Illustration

   The example, shown in Figure 7, illustrates a SIP eCall INVITE that
   contains an MSD.  For simplicity, the example does not show all SIP
   headers, nor the SDP contents, nor does it show any additional data
   blocks added by the IVS or the originating mobile network.  Because
   the MSD is encoded in ASN.1 PER, which is a binary encoding, its
   contents cannot be included in a text document.












Gellens & Tschofenig    Expires January 22, 2017               [Page 18]


Internet-Draft            Next-Generation eCall                July 2016


      INVITE urn:service:sos.ecall.automatic SIP/2.0
      To: urn:service:sos.ecall.automatic
      From: <sip:+13145551111@example.com>;tag=9fxced76sl
      Call-ID: 3848276298220188511@atlanta.example.com
      Geolocation: <cid:target123@example.com>
      Geolocation-Routing: no
      Call-Info: cid:1234567890@atlanta.example.com;
                 purpose=emergencyCallData.eCall.MSD;
      Accept: application/sdp, application/pidf+xml,
              application/emergencyCallData.eCall.control+xml
      CSeq: 31862 INVITE
      Recv-Info: emergencyCallData.eCall
      Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
             SUBSCRIBE, NOTIFY, UPDATE
      Content-Type: multipart/mixed; boundary=boundary1
      Content-Length: ...

      --boundary1
      Content-Type: application/sdp

           ...Session Description Protocol (SDP) goes here...

      --boundary1
      Content-Type: application/emergencyCallData.eCall.MSD+per
      Content-ID: 1234567890@atlanta.example.com
      Content-Disposition: by-reference;handling=optional
      Content-Transfer-Encoding: binary

           ...MSD in ASN.1 PER encoding goes here...

       --boundary1--

                       Figure 7: SIP NG-eCall INVITE

   Continuing the example, Figure 8 illustrates a SIP 200 OK response to
   the INVITE of Figure 7, containing an eCall control block
   acknowledging successful receipt of the eCall MSD.  (For simplicity,
   the example does not show all SIP headers.)













Gellens & Tschofenig    Expires January 22, 2017               [Page 19]


Internet-Draft            Next-Generation eCall                July 2016


      SIP/2.0 200 OK
      To: <sip:+13145551111@example.com>;tag=9fxced76sl
      From: Exemplar PSAP <urn:service:sos.ecall.automatic>
      Call-ID: 3848276298220188511@atlanta.example.com
      Call-Info: cid:2345678901@atlanta.example.com;
                 purpose=emergencyCallData.eCall.control;
      Accept: application/sdp, application/pidf+xml,
              application/emergencyCallData.eCall.control+xml,
              application/emergencyCallData.eCall.MSD+per
      CSeq: 31862 INVITE
      Recv-Info: emergencyCallData.eCall
      Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
             SUBSCRIBE, NOTIFY, UPDATE
      Content-Type: multipart/mixed; boundary=boundaryX
      Content-Length: ...

      --boundaryX
      Content-Type: application/sdp

           ...Session Description Protocol (SDP) goes here...

      --boundaryX
      Content-Type: application/EmergencyCallData.eCall.control+xml
      Content-ID: 2345678901@atlanta.example.com
      Content-Disposition: by-reference;handling=optional

      <?xml version="1.0" encoding="UTF-8"?>
      <EmergencyCallData.eCall.Control
          xmlns="urn:ietf:params:xml:ns:EmergencyCallData:eCall:control"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation=
              "urn:ietf:params:xml:ns:EmergencyCallData:eCall:control">

      <ack received="true" ref="1234567890@atlanta.example.com"/>

      </EmergencyCallData.eCall.Control>

      --boundaryX--


                    Figure 8: 200 OK response to INVITE

   Figure 9 illustrates an INFO message containing an eCall metadata/
   control block requesting an eCall MSD.  (For simplicity, the example
   does not show all SIP headers.)






Gellens & Tschofenig    Expires January 22, 2017               [Page 20]


Internet-Draft            Next-Generation eCall                July 2016


      INFO sip:+13145551111@example.com SIP/2.0
      To: <sip:+13145551111@example.com>;tag=9fxced76sl
      From: Exemplar PSAP <urn:service:sos.ecall.automatic>
      Call-ID: 3848276298220188511@atlanta.example.com
      Call-Info: cid:3456789012@atlanta.example.com;
                 purpose=emergencyCallData.eCall.control;
      Accept: application/sdp, application/pidf+xml,
              application/emergencyCallData.eCall.control+xml,
              application/emergencyCallData.eCall.MSD+per
      CSeq: 41862 INFO
      Recv-Info: emergencyCallData.eCall
      Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
             SUBSCRIBE, NOTIFY, UPDATE
      Content-Type: application/EmergencyCallData.eCall.control+xml
      Content-ID: 3456789012@atlanta.example.com
      Content-Disposition: info-package

      <?xml version="1.0" encoding="UTF-8"?>
      <EmergencyCallData.eCall.Control
          xmlns="urn:ietf:params:xml:ns:EmergencyCallData:eCall:control"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation=
              "urn:ietf:params:xml:ns:EmergencyCallData:eCall:control">

      <request action="send-data" datatype="eCall.MSD"/>

      </EmergencyCallData.eCall.Control>


                       Figure 9: INFO requesting MSD

   Figure 10 illustrates a SIP eCall INFO that contains an MSD.  For
   simplicity, the example does not show all SIP headers.  Because the
   MSD is encoded in ASN.1 PER, which is a binary encoding, its contents
   cannot be included in a text document.
















Gellens & Tschofenig    Expires January 22, 2017               [Page 21]


Internet-Draft            Next-Generation eCall                July 2016


      INFO urn:service:sos.ecall.automatic SIP/2.0
      To: urn:service:sos.ecall.automatic
      From: <sip:+13145551111@example.com>;tag=9fxced76sl
      Call-ID: 3848276298220188511@atlanta.example.com
      Call-Info: cid:4567890123@atlanta.example.com;
                 purpose=emergencyCallData.eCall.MSD;
      Accept: application/sdp, application/pidf+xml,
              application/emergencyCallData.eCall.control+xml
      CSeq: 51862 INFO
      Recv-Info: emergencyCallData.eCall
      Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
             SUBSCRIBE, NOTIFY, UPDATE
      Content-Type: application/emergencyCallData.eCall.MSD+per
      Content-ID: 4567890123@atlanta.example.com
      Content-Disposition: info-package
      Content-Transfer-Encoding: binary

           ...MSD in ASN.1 PER encoding goes here...


                      Figure 10: INFO containing MSD

12.  Security Considerations

   The security considerations described in [RFC5069] apply here.

   In addition to any network-provided location (which might be
   determined solely by the network, or in cooperation with or possibly
   entirely by the originating device), an eCall carries an IVS-supplied
   location within the MSD.  This is likely to be useful to the PSAP,
   especially when no network-provided location is included, or when the
   two locations are independently determined.  Even in situations where
   the network-supplied location is limited to the cell site, this can
   be useful as a sanity check on the device-supplied location contained
   in the MSD.

   The document [RFC7378] discusses trust issues regarding location
   provided by or determined in cooperation with end devices.

   Security considerations specific to the mechanism by which the PSAP
   sends acknowledgments and requests to the vehicle are discussed in
   the "Security Considerations" block of Section 15.3.

   Data received from external sources inherently carries implementation
   risks.  For example, depending on the platform, buffer overflows can
   introduce remote code execution vulnerabilities, null characters can
   corrupt strings, numeric values used for internal calculations can
   result in underflow/overflow errors, malformed XML objects can expose



Gellens & Tschofenig    Expires January 22, 2017               [Page 22]


Internet-Draft            Next-Generation eCall                July 2016


   parsing bugs, etc.  Implementations need to be cognizant of the
   potential risks, observe best practices (which might include
   sufficiently capable static code analysis, fuzz testing, component
   isolation, avoiding use of unsafe coding techniques, third-party
   attack tests, signed software, over-the-air updates, etc.), and have
   multiple levels of protection.  Implementors need to be aware that,
   potentially, the data objects described here and elsewhere might be
   malformed, might contain unexpected characters, excessively long
   attribute values, elements, etc.

   The security considerations discussed in
   [I-D.ietf-ecrit-additional-data] apply here (see especially the
   discussion of TLS, TLS versions, cypher suites, and PKI).

   When vehicle data or control/metadata is contained in a signed or
   encrypted body part, the enclosing multipart (e.g., multipart/signed
   or multipart/encrypted) has the same Content-ID as the enclosed data
   part.  This allows an entity to identify and access the data blocks
   it is interested in without having to dive deeply into the message
   structure or decrypt parts it is not interested in.  (The 'purpose'
   parameter in a Call-Info header field identifies the data and
   contains a CID URL pointing to the data block in the body, which has
   a matching Content-ID body part header field).

13.  Privacy Considerations

   The privacy considerations discussed in
   [I-D.ietf-ecrit-additional-data] apply here.  The MSD carries some
   identifying and personal information (mostly about the vehicle and
   less about the owner), as well as location information, and so needs
   to be protected against unauthorized disclosure.  Local regulations
   may impose additional privacy protection requirements.

   Privacy considerations specific to the data structure containing
   vehicle information are discussed in the "Security Considerations"
   block of Section 15.2.

   Privacy considerations specific to the mechanism by which the PSAP
   sends acknowledgments and requests to the vehicle are discussed in
   the "Security Considerations" block of Section 15.3.

14.  XML Schema

   This section defines an XML schema for the eCall control block.  The
   text description of the eCall control block in Section 9.1 is
   normative and supersedes any conflicting aspect of this schema.





Gellens & Tschofenig    Expires January 22, 2017               [Page 23]


Internet-Draft            Next-Generation eCall                July 2016


    <?xml version="1.0"?>
    <xs:schema
        targetNamespace=
            "urn:ietf:params:xml:ns:EmergencyCallData:eCall:control"
        xmlns:xs="http://www.w3.org/2001/XMLSchema"
        xmlns:pi="urn:ietf:params:xml:ns:EmergencyCallData:eCall:control"
        xmlns:xml="http://www.w3.org/XML/1998/namespace"
        elementFormDefault="qualified"
        attributeFormDefault="unqualified">

        <xs:import namespace="http://www.w3.org/XML/1998/namespace"
            schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>

        <xs:element name="EmergencyCallData.eCall.Control"
                    type="pi:eCallControlType"/>

        <xs:simpleType name="iana-token">
            <xs:annotation>
                <xs:documentation>Permitted values specified in IANA
                registries</xs:documentation>
            </xs:annotation>
        </xs:simpleType>

        <xs:complexType name="eCallControlType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:choice>
                        <xs:element name="request" type="pi:requestType"/>
                        <xs:element name="ack" type="pi:ackType"/>

                        <xs:element type="cx:iana-token"/>

                        <xs:any namespace="##other" processContents="lax"
                                minOccurs="0"
                                maxOccurs="unbounded"/>
                    </xs:choice>
                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>


        <xs:complexType name="ackType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:sequence minOccurs="1" maxOccurs="unbounded">

                        <xs:any namespace="##other" processContents="lax"



Gellens & Tschofenig    Expires January 22, 2017               [Page 24]


Internet-Draft            Next-Generation eCall                July 2016


                                minOccurs="0"
                                maxOccurs="unbounded"/>

                        <xs:attribute type="cx:iana-token"/>
                    </xs:sequence>

                    <xs:attribute name="ref"
                                  type="xs:anyURI"
                                  use="required"/>
                    <xs:attribute name="received"
                                  type="xs:boolean"/>
                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>


        <xs:complexType name="requestType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:choice minOccurs="1" maxOccurs="unbounded">
                        <xs:any namespace="##other" processContents="lax"
                                minOccurs="0"
                                maxOccurs="unbounded"/>
                        <xs:element type="cx:iana-token"/>
                    </xs:choice>
                    <xs:attribute name="action" type="xs:token" use="required"/>

                    <xs:attribute type="cx:iana-token" minOccurs="0"
                        maxOccurs="unbounded"/>

                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>

    </xs:schema>


                   Figure 11: eCall Control Block Schema

15.  IANA Considerations

15.1.  Service URN Registrations

   IANA is requested to register the URN 'urn:service:sos.ecall' under
   the sub-services 'sos' registry defined in Section 4.2 of [RFC5031].




Gellens & Tschofenig    Expires January 22, 2017               [Page 25]


Internet-Draft            Next-Generation eCall                July 2016


   This service requests resources associated with an emergency call
   placed by an in-vehicle system, carrying a standardized set of data
   related to the vehicle and incident.  Two sub-services are registered
   as well:

   urn:service:sos.ecall.manual

      Used with an eCall invoked due to manual interaction by a vehicle
      occupant.

   urn:service:sos.ecall.automatic

      Used with an eCall invoked automatically, for example, due to a
      crash or other serious incident.

   IANA is also requested to register the URN
   'urn:service:test.sos.ecall' under the sub-service 'test' registry
   defined in Setcion 17.2 of [RFC6881].

15.2.  MIME Content-type Registration for 'application/
       emergencyCallData.eCall.MSD+per'

   IANA is requested to add application/emergencyCallData.eCall.MSD+per
   as a MIME content type, with a reference to this document, in
   accordance to the procedures of RFC 6838 [RFC6838] and guidelines in
   RFC 7303 [RFC7303].

      MIME media type name: application

      MIME subtype name: emergencyCallData.eCall.MSD+per

      Mandatory parameters: none

      Optional parameters: none

      Encoding scheme: binary

      Encoding considerations: Uses ASN.1 PER, which is a binary
      encoding; when transported in SIP, binary content transfer
      encoding is used.

      Security considerations: This content type is designed to carry
      vehicle and incident-related data during an emergency call.  This
      data contains personal information including vehicle VIN,
      location, direction, etc.  Appropriate precautions need to be
      taken to limit unauthorized access, inappropriate disclosure to
      third parties, and eavesdropping of this information.  In general,
      it is acceptable for the data to be unprotected while briefly in



Gellens & Tschofenig    Expires January 22, 2017               [Page 26]


Internet-Draft            Next-Generation eCall                July 2016


      transit within the Mobile Network Operator (MNO); the MNO is
      trusted to not permit the data to be accessed by third parties.
      Sections 7 and Section 8 of [I-D.ietf-ecrit-additional-data]
      contain more discussion.

      Interoperability considerations: None

      Published specification: Annex A of EN 15722 [msd]

      Applications which use this media type: Pan-European eCall
      compliant systems

      Additional information: None

      Magic Number: None

      File Extension: None

      Macintosh file type code: 'BINA'

      Person and email address for further information: Randall Gellens,
      rg+ietf@randy.pensive.org

      Intended usage: LIMITED USE

      Author: The MSD specification was produced by the European
      Committee For Standardization (CEN).  For contact information,
      please see <http://www.cen.eu/cen/Pages/contactus.aspx>.

      Change controller: The European Committee For Standardization
      (CEN)

15.3.  MIME Content-type Registration for 'application/
       emergencyCallData.eCall.control+xml'

   IANA is requested to add application/
   emergencyCallData.eCall.control+xml as a MIME content type, with a
   reference to this document, in accordance to the procedures of RFC
   6838 [RFC6838] and guidelines in RFC 7303 [RFC7303].

      MIME media type name: application

      MIME subtype name: emergencyCallData.eCall.control+xml

      Mandatory parameters: none

      Optional parameters: charset




Gellens & Tschofenig    Expires January 22, 2017               [Page 27]


Internet-Draft            Next-Generation eCall                July 2016


      Indicates the character encoding of the XML content.

      Encoding considerations: Uses XML, which can employ 8-bit
      characters, depending on the character encoding used.  See
      Section 3.2 of RFC 7303 [RFC7303].

      Security considerations:

         This content type carries metadata and control information and
         requests, such as from a Public Safety Answering Point (PSAP)
         to an In-Vehicle System (IVS) during an emergency call.

         Metadata (such as an acknowledgment that data sent by the IVS
         to the PSAP was successfully received) has limited privacy and
         security implications.  Control information (such as requests
         from the PSAP that the vehicle perform an action) has some
         privacy and security implications.  The privacy concern arises
         from the ability to request the vehicle to transmit a data set,
         which as described in Section 15.2, can contain personal
         information.  The security concern is the ability to request
         the vehicle to perform an action.  Control information needs to
         originate only from a PSAP or other emergency services
         provider, and not be modified en-route.  The level of integrity
         of the cellular network over which the emergency call is placed
         is a consideration: when the IVS initiates an eCall over a
         cellular network, in most cases it relies on the MNO to route
         the call to a PSAP.  (Calls placed using other means, such as
         Wi-Fi or over-the-top services, generally incur somewhat higher
         levels of risk than calls placed "natively" using cellular
         networks.)  A call-back from a PSAP merits additional
         consideration, since current mechanisms are not ideal for
         verifying that such a call is indeed a call-back from a PSAP in
         response to an emergency call placed by the IVS.  See the
         discussion in Section 12 and the PSAP Callback document
         [RFC7090].

         Sections 7 and Section 8 of [I-D.ietf-ecrit-additional-data]
         contain more discussion.

      Interoperability considerations: None

      Published specification: This document

      Applications which use this media type: Pan-European eCall
      compliant systems

      Additional information: None




Gellens & Tschofenig    Expires January 22, 2017               [Page 28]


Internet-Draft            Next-Generation eCall                July 2016


      Magic Number: None

      File Extension: .xml

      Macintosh file type code: 'TEXT'

      Person and email address for further information: Randall Gellens,
      rg+ietf@randy.pensive.org

      Intended usage: LIMITED USE

      Author: The IETF ECRIT WG.

      Change controller: The IETF ECRIT WG.

15.4.  Registration of the 'eCall.MSD' entry in the Emergency Call
       Additional Data Blocks registry

   This specification requests IANA to add the 'eCall.MSD' entry to the
   Emergency Call Additional Data Blocks registry, with a reference to
   this document.

15.5.  Registration of the 'eCall.control' entry in the Emergency Call
       Additional Data Blocks registry

   This specification requests IANA to add the 'eCall.control' entry to
   the Emergency Call Additional Data Blocks registry, with a reference
   to this document.

15.6.  Registration of the emergencyCallData.eCall Info Package

   IANA is requested to add emergencyCallData.eCall to the Info Packages
   Registry under "Session Initiation Protocol (SIP) Parameters", with a
   reference to this document.

15.7.  URN Sub-Namespace Registration

15.7.1.  Registration for urn:ietf:params:xml:ns:eCall

   This section registers a new XML namespace, as per the guidelines in
   RFC 3688 [RFC3688].

   URI:  urn:ietf:params:xml:ns:eCall

   Registrant Contact:  IETF, ECRIT working group, <ecrit@ietf.org>, as
      delegated by the IESG <iesg@ietf.org>.

   XML:



Gellens & Tschofenig    Expires January 22, 2017               [Page 29]


Internet-Draft            Next-Generation eCall                July 2016


       BEGIN
       <?xml version="1.0"?>
       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
           "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
       <head>
           <meta http-equiv="content-type"
                 content="text/html;charset=iso-8859-1"/>
           <title>Namespace for eCall Data</title>
       </head>
       <body>
           <h1>Namespace for eCall Data</h1>
           <p>See [TBD: This document].</p>
       </body>
       </html>
       END


15.7.2.  Registration for urn:ietf:params:xml:ns:eCall:control

   This section registers a new XML namespace, as per the guidelines in
   RFC 3688 [RFC3688].

   URI:  urn:ietf:params:xml:ns:eCall:control

   Registrant Contact:  IETF, ECRIT working group, <ecrit@ietf.org>, as
      delegated by the IESG <iesg@ietf.org>.

   XML:






















Gellens & Tschofenig    Expires January 22, 2017               [Page 30]


Internet-Draft            Next-Generation eCall                July 2016


      BEGIN
      <?xml version="1.0"?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
           "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
           <meta http-equiv="content-type"
                 content="text/html;charset=iso-8859-1"/>
           <title>Namespace for eCall Data:
                  Control Block</title>
      </head>
      <body>
           <h1>Namespace for eCall Data</h1>
           <h2>Control Block</h2>
      <p>See [TBD: This document].</p>
      </body>
      </html>
      END


15.8.  Registry creation

   This document creates a new registry called 'eCall Control Data'.
   The following sub-registries are created for this registry.

15.8.1.  eCall Control Action Registry

   This document creates a new sub-registry called "eCall Control Action
   Registry".  As defined in [RFC5226], this registry operates under
   "Expert Review" rules.  The expert should determine that the proposed
   action is within the purview of a vehicle, is sufficiently
   distinguishable from other actions, and the action is clearly and
   fully described.  In most cases, a published and stable document is
   referenced for the description of the action.

   The content of this registry includes:

   Name:  The identifier to be used in the 'action' attribute of an
      eCall control <request> element.

   Description:  A description of the action.  In most cases this will
      be a reference to a published and stable document.  The
      description MUST specify if any attributes or child elements are
      optional or mandatory, and describe the action to be taken by the
      vehicle.

   The initial set of values is listed in Table 2.




Gellens & Tschofenig    Expires January 22, 2017               [Page 31]


Internet-Draft            Next-Generation eCall                July 2016


           +-----------+--------------------------------------+
           |    Name   |             Description              |
           +-----------+--------------------------------------+
           | send-data | See Section 9.1.2.1 of this document |
           +-----------+--------------------------------------+

           Table 2: eCall Control Action Registry Initial Values

15.8.2.  eCall Control Extension Registry

   This document creates a new sub-registry called "eCall Control
   Extension Registry".  This registry contains elements, attributes,
   and values for the eCall metadata/control object.  As defined in
   [RFC5226], this registry operates under "Expert Review" rules.  The
   expert should determine that the proposed elements, attributes, and/
   or values are within the purview of a vehicle, are sufficiently
   distinguishable, and clearly and fully described.  In most cases, a
   published and stable document is referenced for the description of
   each element, attribute, or value.  New values MUST indicate for
   which attributes or elements they are appropriate.  New attributes
   MUST indicate in which elements they can appear and to which values
   that can be set.  New elements MUST indicate if they can appear as
   child elements within other elements, and if so which elements, and/
   or if they can appear at the top level of an eCall metadata/control
   object.  New elements MUST also describe which attributes and/or sub-
   elements they can contain and which are optional and which are
   mandatory.  Note that this mechanism allows new items to be added
   while maintaining compatibility with existing implementations, since
   unrecognized items are ignored.

   The content of this registry includes:

   Type:  'Element', 'Attribute', or 'Value'.

   Name:  The name of the new element or attribute.  Not used for new
      values.

   Description:  A description of the element, attribute, or value.  In
      most cases this will be a reference to a published and stable
      document.

16.  Contributors

   Brian Rosen was a co-author of the original document upon which this
   document is based.






Gellens & Tschofenig    Expires January 22, 2017               [Page 32]


Internet-Draft            Next-Generation eCall                July 2016


17.  Acknowledgements

   We would like to thank Bob Williams and Ban Al-Bakri for their
   feedback and suggestion; Rex Buddenberg, Lena Chaponniere, Keith
   Drage, Stephen Edge, Wes George, Christer Holmberg, Ivo Sedlacek, and
   James Winterbottom for their review and comments; Robert Sparks and
   Paul Kyzivat for their help with the SIP mechanisms.  We would like
   to thank Michael Montag, Arnoud van Wijk, Gunnar Hellstrom, and
   Ulrich Dietz for their help with the original document upon which
   this document is based.

18.  Changes from Previous Versions

18.1.  Changes from draft-ietf-08 to draft-ietf-09

   o  Created a new "Data Transport" section that describes how the MSD
      and metadata/control blocks are attached, and then referred to
      that section rather than repeat the information about the CID and
      Call-Info and so forth, which means most references to the
      additional-data draft have now been deleted
   o  Mentioned edge cases where a PSAP response to INVITE isn't
      received by the IVS
   o  Reworded description of which status codes are used when a PSAP
      wishes to reject a call but inform the vehicle occupants that it
      is aware of the situation to be more definite
   o  Added examples showing INFO
   o  Added references for eCall test call requirement
   o  Described meaning of eCall URNs in Section 8 as well as in IANA
      registration

18.2.  Changes from draft-ietf-07 to draft-ietf-08

   o  eCall MSD now encoded as ASN.1 PER, using binary content transfer
      encoding
   o  Added text to point out aspects of call handling and metadata/
      control usage, such as use in rejected calls, and solicited MSDs
   o  Revised use of INFO to require that when a request for an MSD is
      sent in INFO, the MSD sent in response is in its own INFO, not the
      response to the requesting INFO
   o  Added material to INFO package registation to comply with
      Section 10 of [RFC6086]
   o  Moved material not required by 3GPP into
      [I-D.ietf-ecrit-car-crash], e.g., some of the eCall metadata/
      control elements, attributes, and values
   o  Revised test call wording to clarify that specific handling is out
      of scope
   o  Revised wording throughout the document to simplify
   o  Moved new Section Section 7.1 to be a subsection of Section 7



Gellens & Tschofenig    Expires January 22, 2017               [Page 33]


Internet-Draft            Next-Generation eCall                July 2016


   o  Moved new Section Section 10 to be a main section instead of a
      subsection of Section 9
   o  Revised SIP INFO usage and package registration per advice from
      Robert Sparks and Paul Kyzivat

18.3.  Changes from draft-ietf-06 to draft-ietf-07

   o  Fixed typo in Acknowledgements

18.4.  Changes from draft-ietf-05 to draft-ietf-06

   o  Added additional security and privacy clarifications regarding
      signed and encrypted data
   o  Additional security and privacy text
   o  Deleted informative section on ESINets as unnecessary.

18.5.  Changes from draft-ietf-04 to draft-ietf-05

   o  Reworked the security and privacy considerations material in the
      document as a whole and in the MIME registation sections of the
      MSD and control objects
   o  Clarified that the <actionResult> element can appear multiple
      times within an <ack> element
   o  Fixed IMS definition
   o  Added clarifying text for the 'msgid' attribute

18.6.  Changes from draft-ietf-03 to draft-ietf-04

   o  Added Privacy Considerations section
   o  Reworded most uses of non-normative "may", "should", "must", and
      "recommended."
   o  Fixed nits in examples

18.7.  Changes from draft-ietf-02 to draft-ietf-03

   o  Added request to enable cameras
   o  Improved examples and XML schema
   o  Clarifications and wording improvements

18.8.  Changes from draft-ietf-01 to draft-ietf-02

   o  Added clarifying text reinforcing that the data exchange is for
      small blocks of data infrequently transmitted
   o  Clarified that dynamic media is conveyed using SIP re-INVITE to
      establish a one-way media stream
   o  Clarified that the scope is the needs of eCall within the SIP
      emergency call environment




Gellens & Tschofenig    Expires January 22, 2017               [Page 34]


Internet-Draft            Next-Generation eCall                July 2016


   o  Added informative statement that the document may be suitable for
      reuse by other ACN systems
   o  Clarified that normative language for the control block applies to
      both IVS and PSAP
   o  Removed 'ref', 'supported-mime', and <media> elements
   o  Minor wording improvements and clarifications

18.9.  Changes from draft-ietf-00 to draft-ietf-01

   o  Added further discussion of test calls
   o  Added further clarification to the document scope
   o  Mentioned that multi-region vehicles may need to support other
      crash notification specifications in addition to eCall
   o  Added details of the eCall metadata and control functionality
   o  Added IANA registration for the MIME content type for the eCall
      control object
   o  Added IANA registries for protocol elements and tokens used in the
      eCall control object
   o  Minor wording improvements and clarifications

18.10.  Changes from draft-gellens-03 to draft-ietf-00

   o  Renamed from draft-gellens- to draft-ietf-.
   o  Added mention of and reference to ETSI TR "Mobile Standards Group
      (MSG); eCall for VoIP"
   o  Added text to Introduction regarding migration/co-existence being
      out of scope
   o  Added mention in Security Considerations that even if the network-
      supplied location is just the cell site, this can be useful as a
      sanity check on the IVS-supplied location
   o  Minor wording improvements and clarifications

18.11.  Changes from draft-gellens-02 to -03

   o  Clarifications and editorial improvements.

18.12.  Changes from draft-gellens-01 to -02

   o  Minor wording improvements
   o  Removed ".automatic" and ".manual" from
      "urn:service:test.sos.ecall" registration and discussion text.

18.13.  Changes from draft-gellens-00 to -01

   o  Now using 'EmergencyCallData' for purpose parameter values and
      MIME subtypes, in accordance with changes to
      [I-D.ietf-ecrit-additional-data]
   o  Added reference to RFC 6443



Gellens & Tschofenig    Expires January 22, 2017               [Page 35]


Internet-Draft            Next-Generation eCall                July 2016


   o  Fixed bug that caused Figure captions to not appear

19.  References

19.1.  Normative References

   [EN_16062]
              CEN, , "Intelligent transport systems - eSafety - eCall
              High Level Application Requirements (HLAP) Using GSM/UMTS
              Circuit Switched Networks, EN 16062", April 2015.

   [EN_16072]
              CEN, , "Intelligent transport systems - eSafety - Pan-
              European eCall operating requirements, EN 16072", April
              2015.

   [I-D.ietf-ecrit-additional-data]
              Gellens, R., Rosen, B., Tschofenig, H., Marshall, R., and
              J. Winterbottom, "Additional Data Related to an Emergency
              Call", draft-ietf-ecrit-additional-data-38 (work in
              progress), April 2016.

   [msd]      CEN, , "Intelligent transport systems -- eSafety -- eCall
              minimum set of data (MSD), EN 15722", April 2015.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
              DOI 10.17487/RFC3688, January 2004,
              <http://www.rfc-editor.org/info/rfc3688>.

   [RFC5031]  Schulzrinne, H., "A Uniform Resource Name (URN) for
              Emergency and Other Well-Known Services", RFC 5031,
              DOI 10.17487/RFC5031, January 2008,
              <http://www.rfc-editor.org/info/rfc5031>.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              <http://www.rfc-editor.org/info/rfc5226>.

   [RFC6443]  Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
              "Framework for Emergency Calling Using Internet
              Multimedia", RFC 6443, DOI 10.17487/RFC6443, December
              2011, <http://www.rfc-editor.org/info/rfc6443>.



Gellens & Tschofenig    Expires January 22, 2017               [Page 36]


Internet-Draft            Next-Generation eCall                July 2016


   [RFC6838]  Freed, N., Klensin, J., and T. Hansen, "Media Type
              Specifications and Registration Procedures", BCP 13,
              RFC 6838, DOI 10.17487/RFC6838, January 2013,
              <http://www.rfc-editor.org/info/rfc6838>.

   [RFC6881]  Rosen, B. and J. Polk, "Best Current Practice for
              Communications Services in Support of Emergency Calling",
              BCP 181, RFC 6881, DOI 10.17487/RFC6881, March 2013,
              <http://www.rfc-editor.org/info/rfc6881>.

   [RFC7303]  Thompson, H. and C. Lilley, "XML Media Types", RFC 7303,
              DOI 10.17487/RFC7303, July 2014,
              <http://www.rfc-editor.org/info/rfc7303>.

   [TS22.101]
              3GPP, , "3GPP TS 22.101: Technical Specification Group
              Services and System Aspects; Service aspects; Service
              principles".

19.2.  Informative references

   [CEN]      "European Committee for Standardization",
              <http://www.cen.eu>.

   [I-D.ietf-ecrit-car-crash]
              Gellens, R., Rosen, B., and H. Tschofenig, "Next-
              Generation Vehicle-Initiated Emergency Calls", draft-ietf-
              ecrit-car-crash-08 (work in progress), July 2016.

   [MSG_TR]   ETSI, , "ETSI Mobile Standards Group (MSG); eCall for
              VoIP", ETSI Technical Report TR 103 140 V1.1.1 (2014-04),
              April 2014.

   [RFC5012]  Schulzrinne, H. and R. Marshall, Ed., "Requirements for
              Emergency Context Resolution with Internet Technologies",
              RFC 5012, DOI 10.17487/RFC5012, January 2008,
              <http://www.rfc-editor.org/info/rfc5012>.

   [RFC5069]  Taylor, T., Ed., Tschofenig, H., Schulzrinne, H., and M.
              Shanmugam, "Security Threats and Requirements for
              Emergency Call Marking and Mapping", RFC 5069,
              DOI 10.17487/RFC5069, January 2008,
              <http://www.rfc-editor.org/info/rfc5069>.

   [RFC6086]  Holmberg, C., Burger, E., and H. Kaplan, "Session
              Initiation Protocol (SIP) INFO Method and Package
              Framework", RFC 6086, DOI 10.17487/RFC6086, January 2011,
              <http://www.rfc-editor.org/info/rfc6086>.



Gellens & Tschofenig    Expires January 22, 2017               [Page 37]


Internet-Draft            Next-Generation eCall                July 2016


   [RFC7090]  Schulzrinne, H., Tschofenig, H., Holmberg, C., and M.
              Patel, "Public Safety Answering Point (PSAP) Callback",
              RFC 7090, DOI 10.17487/RFC7090, April 2014,
              <http://www.rfc-editor.org/info/rfc7090>.

   [RFC7378]  Tschofenig, H., Schulzrinne, H., and B. Aboba, Ed.,
              "Trustworthy Location", RFC 7378, DOI 10.17487/RFC7378,
              December 2014, <http://www.rfc-editor.org/info/rfc7378>.

   [SDO-3GPP]
              "3d Generation Partnership Project",
              <http://www.3gpp.org/>.

   [SDO-ETSI]
              "European Telecommunications Standards Institute (ETSI)",
              <http://www.etsi.org>.

Authors' Addresses

   Randall Gellens
   Core Technology Consulting

   Email: rg+ietf@randy.pensive.org


   Hannes Tschofenig
   Individual

   Email: Hannes.Tschofenig@gmx.net
   URI:   http://www.tschofenig.priv.at





















Gellens & Tschofenig    Expires January 22, 2017               [Page 38]