IMPP WG D. Crocker
Internet-Draft Brandenburg
Expires: August 29, 2003 J. Peterson
NeuStar
February 28, 2003
Common Profile for Presence (CPP)
draft-ietf-impp-pres-02
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 29, 2003.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Presence is defined in RFC2778 [5]. Today, numerous presence
protocols are in use (largely as components of commercial instant
messaging services), and little interoperability between services
based on these protocols has been achieved. This specification
defines common semantics and data formats for presence to facilitate
the creation of gateways between presence services.
Crocker & Peterson Expires August 29, 2003 [Page 1]
Internet-Draft Common Profile for Presence (CPP) February 2003
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Abstract Presence Service . . . . . . . . . . . . . . . . . 4
3.1 Overview of the Presence Service . . . . . . . . . . . . . . 4
3.2 Identification of PRESENTITIES and WATCHERS . . . . . . . . 6
3.2.1 Address Resolution . . . . . . . . . . . . . . . . . . . . . 7
3.3 Format of Presence Information . . . . . . . . . . . . . . . 7
3.4 The Presence Service . . . . . . . . . . . . . . . . . . . . 7
3.4.1 The Subscribe Operation . . . . . . . . . . . . . . . . . . 7
3.4.2 The Notify Operation . . . . . . . . . . . . . . . . . . . . 8
3.4.3 Subscribe Operation (with Zero Duration) . . . . . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 9
5.1 The PRES URI Scheme . . . . . . . . . . . . . . . . . . . . 10
6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 11
A. PRES URI IANA Registration Template . . . . . . . . . . . . 11
A.1 URI scheme name . . . . . . . . . . . . . . . . . . . . . . 11
A.2 URI scheme syntax . . . . . . . . . . . . . . . . . . . . . 12
A.3 Character encoding considerations . . . . . . . . . . . . . 12
A.4 Intended usage . . . . . . . . . . . . . . . . . . . . . . . 12
A.5 Applications and/or protocols which use this URI scheme
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
A.6 Interoperability considerations . . . . . . . . . . . . . . 12
A.7 Security considerations . . . . . . . . . . . . . . . . . . 12
A.8 Relevant publications . . . . . . . . . . . . . . . . . . . 12
A.9 Person & email address to contact for further information . 13
A.10 Author/Change controller . . . . . . . . . . . . . . . . . . 13
A.11 Applications and/or protocols which use this URI scheme
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
B. Issues of Interest . . . . . . . . . . . . . . . . . . . . . 13
B.1 Address Mapping . . . . . . . . . . . . . . . . . . . . . . 13
B.2 Source-Route Mapping . . . . . . . . . . . . . . . . . . . . 13
Normative References . . . . . . . . . . . . . . . . . . . . 10
Informative References . . . . . . . . . . . . . . . . . . . 11
C. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 14
Full Copyright Statement . . . . . . . . . . . . . . . . . . 15
Crocker & Peterson Expires August 29, 2003 [Page 2]
Internet-Draft Common Profile for Presence (CPP) February 2003
1. Introduction
Presence is defined in RFC2778 [5]. Today, numerous presence
protocols are in use (largely as components of commercial instant
messaging services), and little interoperability between services
based on these protocols has been achieved. This specification
defines semantics and data formats for common services of presence to
facilitate the creation of gateways between presence services: a
common profile for presence (CPP).
Service behavior is described abstractly in terms of operations
invoked between the consumer and provider of a service. Accordingly,
each presence service must specify how this behavior is mapped onto
its own protocol interactions. The choice of strategy is a local
matter, providing that there is a clear relation between the abstract
behaviors of the service (as specified in this memo) and how it is
faithfully realized by a particular presence service. For example,
one strategy might transmit presence information as key/value pairs,
another might use a compact binary representation, and a third might
use nested containers.
The parameters for each operation are defined using an abstract
syntax. Although the syntax specifies the range of possible data
values, each presence service must specify how well-formed instances
of the abstract representation are encoded as a concrete series of
bits.
In order to provide a means for the preservation of end-to-end
features (especially security) to pass through presence
interoperability gateways, this specification also provides
recommendations for presence document formats that could be employed
by presence protocols.
2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in RFC2119 [1] and indicate requirement levels for
compliant implementations.
This memos makes use of the vocabulary defined in RFC2778 [5]. Terms
such as CLOSED, INSTANT INBOX, PRESENCE, and OPEN are used in the
same meaning as defined therein.
The term 'gateway' used in this draft denotes a network element
responsible for interworking between diverse presence protocols.
Although the presence protocols themselves are diverse, under the
Crocker & Peterson Expires August 29, 2003 [Page 3]
Internet-Draft Common Profile for Presence (CPP) February 2003
model used in this document these protocols can carry a common
payload that is relayed by the gateway. Whether these interworking
intermediaries should be called 'gateways' or 'relays' is therefore
somewhat debatable; for the purposes of this document, they are
called 'CPP gateways'.
The term 'presence service' also derives from RFC2778, but its
meaning changes slightly due to the existence of gateways in the CPP
model. When a client sends a operation to a presence service, that
service might either be an endpoint or an intermediary such as a CPP
gateway - in fact, the client should not have to be aware which it is
addressing, as responses from either will appear the same.
This document defines operations and attributes of an abstract
presence protocol. In order for a compliant protocol to interface
with a presence gateway, it must support all of the operations
described in this document (i.e. the presence protocol must have
some message or capability that provides the function described by
all given operations). Similarly, the attributes defined for these
operations must correspond to information available in the presence
protocol in order for the protocol to interface with gateways defined
by this specification. Note that these attributes provide only the
minimum possible information that needs to be specified for
interoperability - the functions in a presence protocol that
correspond to the operations described in this document can contain
additional information that will not be mapped by CPP.
3. Abstract Presence Service
3.1 Overview of the Presence Service
When an application wants to subscriber to the presence information
associated with a PRESENTITY (in order to receive periodic
notifications of presence information), it invokes the subscribe
operation, e.g.,
+-------+ +-------+
| | | |
| appl. | -- subscribe ----> | pres. |
| | | svc. |
+-------+ +-------+
The subscribe operation has the following attributes: watcher,
target, duration, SubscriptID and TransID. The 'watcher' and
'target' identify the WATCHER and PRESENTITY, respectively, using the
Crocker & Peterson Expires August 29, 2003 [Page 4]
Internet-Draft Common Profile for Presence (CPP) February 2003
identifiers described in Section 3.2. The duration specifies the
maximum number of seconds that the SUBSCRIPTION should be active
(which may be zero, in which case this is a one-time request for
presence information). The SubscriptID creates a reference to the
SUBSCRIPTION that is used when unsubscribing. The TransID is a
unique identifier used to correlate the subscribe operation with a
response operation. Gateways should be capable of handling TransIDs
and SubscriptIDs up to 40 bytes in length.
Upon receiving a subscribe operation, the service immediately
responds by invoking the response operation containing the same
TransID, e.g.,
+-------+ +-------+
| | | |
| appl. | <----- response -- | pres. |
| | | svc. |
+-------+ +-------+
The response operation has the following attributes: status, TransID,
and duration. 'status' indicates whether the subscribe operation has
succeeded or failed. The TransID of the response operation
corresponds to the TransID of the subscription operation to which it
is responding. The 'duration' attribute specifies the number of
seconds for which the subscription will be active (which may differ
from the value requested in the subscribe operation).
If the response operation indicates success, the service immediately
invokes the notify operation to communicate the presence information
to the WATCHER, e.g.,
+-------+ +-------+
| | | |
| appl. | <------- notify -- | pres. |
| | | svc. |
+-------+ +-------+
The notify operation has the following attributes: watcher, target,
and TransID. The values of 'watcher' and 'target' are identical to
those given in the subscribe operation that triggered this notify
operation. The TransID is a unique identifier for this notification.
The notify operation also has content, namely PRESENCE INFORMATION.
Content details are specified in in Section 3.3.
If the duration parameter is non-zero, then for up to the specified
Crocker & Peterson Expires August 29, 2003 [Page 5]
Internet-Draft Common Profile for Presence (CPP) February 2003
duration, the service invokes the notify operation whenever there are
any changes to the PRESENTITY's presence information. Otherwise,
exactly one notify operation is invoked, achieving a one-time poll of
the presence information. Regardless, there is no application
response to the notify operation (i.e., the application does not
invoke a response operation when a notify operation occurs) defined
in CPP.
The application may prematurely cancel a subscription by re-invoking
the subscribe operation (as described above) with a duration of 0 and
the same SubscriptID as the original subscribe operation , e.g.,
+-------+ +-------+
| | | |
| appl. | -- subscribe 0 --> | pres. |
| | | svc. |
+-------+ +-------+
Note that a notify operation will be invoked when a subscription is
prematurely canceled in this fashion; this notification may be
discarded by the watcher.
The service immediately responds by invoking the response operation
containing the same TransID; e.g.,
+-------+ +-------+
| | | |
| appl. | <----- response -- | pres. |
| | | svc. |
+-------+ +-------+
Note that this specification assumes that CPP-compliant presence
protocols provide reliable message delivery; there are no
application-layer message delivery assurance provisions in this
specification.
3.2 Identification of PRESENTITIES and WATCHERS
A PRESENTITY is specified using the PRES URI scheme, which is further
described in Appendix A. An example would be:
"pres:fred@example.com"
WATCHERs identify themselves in the same manner as PRESENTITIES; that
is, with a pres URI.
Crocker & Peterson Expires August 29, 2003 [Page 6]
Internet-Draft Common Profile for Presence (CPP) February 2003
3.2.1 Address Resolution
A presence service client determines the next hop to forward an
operation to by resolving the domain name portion of the service
destination. Compliant implementations SHOULD follow the guidelines
for dereferencing URIs given in [2].
3.3 Format of Presence Information
This specification defines an abstract interoperability mechanism for
presence protocols; the message content definition given here
pertains to semantics rather than syntax. However, some important
properties for interoperability can only be provided if a common end-
to-end format for presence is employed by the interoperating presence
protocols, especially with respect to security. In order to maintain
end-to-end security properties, applications that send notification
operations through a CPP gateway MUST support the format defined in
PIDF [4]. Applications MAY support other content formats.
CPP gateways MUST be capable of relaying the body of a notification
operation between supported presence protocols without needing to
modify or inspect the content.
3.4 The Presence Service
An implementation of the service must maintain information about both
presence information and continual operations (like periodic
notification) in persistent storage.
Note that the subscription-identifier attribute used by the subscribe
operation is potentially long-lived. Accordingly, the values
generated for this parameter should be unique across a significant
duration of time. The SubscriptID parameter should be intrinsically
globally unique over time, not merely unique among operations sent to
or from a particular WATCHER and PRESENTITY.
3.4.1 The Subscribe Operation
When an application wants to subscribe to the presence information
associated with a PRESENTITY, it invokes the subscribe operation.
When the service is informed of the subscribe operation, it performs
these steps:
1. If the watcher or target parameter does not refer to a valid
PRESENTITY, a response operation having status "failure" is
invoked.
Crocker & Peterson Expires August 29, 2003 [Page 7]
Internet-Draft Common Profile for Presence (CPP) February 2003
2. If access control does not permit the application to request this
operation, a response operation having status "failure" is
invoked.
3. If the duration parameter is non-zero, and if the watcher and
target parameters refer to an in-progress subscribe operation for
the application, a response operation having status "failure" is
invoked.
4. Otherwise, if the service is able to successfully deliver the
message:
A response operation having status "success" is immediately
invoked. (If the service chooses a different duration for the
subscription then it conveys this information in the response
operation.)
A notify operation, corresponding to the target's presence
information, is immediately invoked for the watcher.
For up to the amount of time indicated by the duration
parameter of the notify operation (measured from the time that
the subscribe operation was received), if the target's
presence information changes, and if access control allows, a
notify operation is invoked for the watcher.
Note that if the duration parameter is zero-valued, then the
subscribe operation is making a one-time poll of the presence
information. Accordingly, the final step above (continued
notifications for the duration of the subscription) does not occur.
When the service invokes a response operation as a result of this
processing, the transID parameter is identical to the value found in
the subscribe operation invoked by the application.
3.4.2 The Notify Operation
The service invokes the notify operation whenever the presence
information associated with a PRESENTITY changes and there are
subscribers requesting notifications for that PRESENTITY.
There is no application response to the notify operation.
3.4.3 Subscribe Operation (with Zero Duration)
When an application wants to terminate a subscription, it issues a
Crocker & Peterson Expires August 29, 2003 [Page 8]
Internet-Draft Common Profile for Presence (CPP) February 2003
SUBSCRIBE 0 with the SubscriptID of an existing subscription. Note
that an notify operation will be invoked by the presentity when a
subscription is canceled in this fashion; this notification can be
discarded by the watcher. There is no independent UNSUBSCRIBE
operation.
When an application wants to directly request presence information to
be supplied immediately without initiating any persistent
subscription, it issues a SUBSCRIBE 0 with a new SubscriptID. There
is no independent FETCH operation.
4. Security Considerations
Detailed security considerations for presence protocols given in
RFC2779 (in particular, requirements are given in sections 5.1
through 5.3 with some motivating discussion in 8.2).
CPP defines an interoperability function that is employed by gateways
between presence protocols. CPP gateways MUST be compliant with the
minimum security requirements of the presence protocols with which
they interface.
The introduction of gateways to the security model of presence in
RFC2779 also introduces some new risks. End-to-end security
properties (especially confidentiality and integrity) between
presentities and watchers that interface through a CPP gateway can
only be provided if a common presence format (such as the format
described in [4]) is supported by the protocols interfacing with the
CPP gateway.
When end-to-end security is required, the notify operation MUST use
PIDF, and MUST secure the PIDF MIME body with S/MIME [8], with
encryption (CMS EnvelopeData) and/or S/MIME signatures (CMS
SignedData).
The S/MIME algorithms are set by CMS [9]. The AES [10] algorithm
should be preferred, as it is expected that AES best suits the
capabilities of many platforms. However, an IETF specificationfor
this is still incomplete as of the time of this writing.
When PRES URIs are placed in presence protocols, they convey the
identity of the sender and/or the recipient. In some cases,
anonymous messaging may be desired. Such a capability is beyond the
scope of this specification.
5. IANA Considerations
The IANA assigns the "pres" URI scheme.
Crocker & Peterson Expires August 29, 2003 [Page 9]
Internet-Draft Common Profile for Presence (CPP) February 2003
5.1 The PRES URI Scheme
The Presence (PRES) URI scheme designates an Internet resource,
namely a PRESENTITY or WATCHER.
The syntax of a PRES URI is given in Appendix A.
6. Contributors
The following individuals made substantial textual contributions to
this document:
Athanassios Diacakis (thanos.diacakis@openwave.com)
Florencio Mazzoldi (flo@networkprojects.com)
Christian Huitema (huitema@microsoft.com)
Graham Klyne (gk@ninebynine.org)
Jonathan Rosenberg (jdrosen@dynamicsoft.com)
Robert Sparks (rsparks@dynamicsoft.com)
Hiroyasu Sugano (suga@flab.fujitsu.co.jp)
Normative References
[1] Bradner, S., "Key words for use in RFCs to indicate requirement
levels", RFC 2119, March 1997.
[2] Crocker, D. and J. Peterson, "Address resolution for Instant
Messaging and Presence", draft-ietf-impp-srv-02 (work in
progress), February 2003.
[3] Resnick, P., "Internet Message Format", RFC 2822, STD 11, April
2001.
[4] Sugano, H., Fujimoto, S., Klyne, G., Bateman, A., Carr, W. and
J. Peterson, "CPIM Presence Information Data Format", draft-
ietf-impp-cpim-pidf-07 (work in progress), January 2003.
[5] Day, M., Rosenberg, J. and H. Sugano, "A Model for Presence and
Instant Messaging", RFC 2778, February 2000.
[6] Day, M., Aggarwal, S. and J. Vincent, "Instant Messaging /
Presence Protocol Requirements", RFC 2779, February 2000.
Crocker & Peterson Expires August 29, 2003 [Page 10]
Internet-Draft Common Profile for Presence (CPP) February 2003
[7] Allocchio, C., "GSTN Address Element Extensions in Email
Services", RFC 2846, June 2000.
[8] Ramsdell, B., "S/MIME Version 3 Message Specification", draft-
ietf-smime-rfc2633bis-03 (work in progress), January 2003.
[9] Housley, R., "Cryptographic Message Syntax", RFC 3369, August
2002.
Informative References
[10] Schaad, J. and R. Housley, "Use of the AES Encryption Algorithm
and RSA-OAEP Key Transport in CMS", draft-ietf-smime-aes-alg-06
(work in progress), January 2003.
Authors' Addresses
Dave Crocker
Brandenburg InternetWorking
675 Spruce Drive
Sunnyvale, CA 94086
US
Phone: +1 408/246-8253
EMail: dcrocker@brandenburg.com
Jon Peterson
NeuStar, Inc.
1800 Sutter St
Suite 570
Concord, CA 94520
US
Phone: +1 925/363-8720
EMail: jon.peterson@neustar.biz
Appendix A. PRES URI IANA Registration Template
This section provides the information to register the pres: presence
URI .
A.1 URI scheme name
pres
Crocker & Peterson Expires August 29, 2003 [Page 11]
Internet-Draft Common Profile for Presence (CPP) February 2003
A.2 URI scheme syntax
The syntax follows the existing mailto: URI syntax specified in
RFC2368. The ABNF is:
PRES-URI = "pres:" [ to ] [ headers ]
to = mailbox
headers = "?" header *( "&" header )
header = hname "=" hvalue
hname = *urlc
hvalue = *urlc
A.3 Character encoding considerations
Representation of non-ASCII character sets in local-part strings is
limited to the standard methods provided as extensions to RFC2822"
[3].
A.4 Intended usage
Use of the pres: URI follows closely usage of the mailto: URI. That
is, invocation of an PRES URI will cause the user's instant messaging
application to start, with destination address and message headers
fill-in according to the information supplied in the URI.
A.5 Applications and/or protocols which use this URI scheme name
It is anticipated that protocols compliant with RFC2779, and meeting
the interoperability requirements specified here, will make use of
this URI scheme name.
A.6 Interoperability considerations
The underlying exchange protocol used to send an instant message may
vary from service to service. Therefore complete, Internet-scale
interoperability cannot be guaranteed. However, a service conforming
to this specification permits gateways to achieve interoperability
sufficient to the requirements of RFC2779.
A.7 Security considerations
See Section 4.
A.8 Relevant publications
RFC2779, RFC2778
Crocker & Peterson Expires August 29, 2003 [Page 12]
Internet-Draft Common Profile for Presence (CPP) February 2003
A.9 Person & email address to contact for further information
Jon Peterson [mailto:jon.peterson@neustar.biz]
A.10 Author/Change controller
This scheme is registered under the IETF tree. As such, IETF
maintains change control.
A.11 Applications and/or protocols which use this URI scheme name
Instant messaging service; presence service
Appendix B. Issues of Interest
This appendix briefly discusses issues that may be of interest when
designing an interoperation gateway.
B.1 Address Mapping
When mapping the service described in this memo, mappings that place
special information into the im: address local-part MUST use the
meta-syntax defined in RFC2846 [7].
B.2 Source-Route Mapping
The easiest mapping technique is a form of source- routing and
usually is the least friendly to humans having to type the string.
Source-routing also has a history of operational problems.
Use of source-routing for exchanges between different services is by
a transformation that places the entire, original address string into
the im: address local part and names the gateway in the domain part.
For example, if the destination INSTANT INBOX is "pepp://example.com/
fred", then, after performing the necessary character conversions,
the resulting mapping is:
im:pepp=example.com/fred@relay-domain
where "relay-domain" is derived from local configuration information.
Experience shows that it is vastly preferable to hide this mapping
from end-users - if possible, the underlying software should perform
the mapping automatically.
Crocker & Peterson Expires August 29, 2003 [Page 13]
Internet-Draft Common Profile for Presence (CPP) February 2003
Appendix C. Acknowledgments
The authors would like to acknowledge John Ramsdell for his comments,
suggestions and enthusiasm. Thanks to Derek Atkins for editorial
fixes.
Crocker & Peterson Expires August 29, 2003 [Page 14]
Internet-Draft Common Profile for Presence (CPP) February 2003
Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Crocker & Peterson Expires August 29, 2003 [Page 15]