Internet Engineering Task Force Mike Pierce
INTERNET DRAFT Artel
Expires October, 2002
Don Choi
DISA
April 2002
Architecture for Assured Service Capabilities in Voice over IP
draft-pierce-sipping-assured-service-arch-00.txt
Status of This Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed a
http://www.ietf.org/ietf/lid-abstracts.text
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright Notice
Copyright (c) Internet Society 2002. All rights reserved.
Pierce Expires October 2002 Page 1
Internet Draft Architecture for Assured Service in VoIP April 2002
Reproduction or translation of the complete documents, but not of
extracts, including this notice, is freely permitted.
Abstract
Assured Service refers to the set of capabilities used to ensure that
mission critical communications are setup and remain connected. This
memo describes the architecture required to meet the requirements
detailed in [Pierce1].
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . 2
2. Architectures . . . . . . . . . . . . . . . . . . . . . . 3
2.1 End-to-end Architecture . . . . . . . . . . . . . . . . . 3
2.2 Service Provider Network Architecture . . . . . . . . . . 3
3. Required Architecture . . . . . . . . . . . . . . . . . . 4
4. Required Procedures . . . . . . . . . . . . . . . . . . . 4
4.1 Authentication . . . . . . . . . . . . . . . . . . . . . 4
4.2 Function of Proxy . . . . . . . . . . . . . . . . . . . . 5
4.3 Session Control . . . . . . . . . . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . 6
6. References . . . . . . . . . . . . . . . . . . . . . . . 6
7. Authors' Addresses . . . . . . . . . . . . . . . . . . . 6
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 7
1. Introduction
The requirements for Assured Service are given in [Pierce1]. Many
other drafts and RFCs have addressed the assumed architecture for the
provision of SIP-based services. A lot of consideration has been
given to continued reliance on the pure peer-to-peer model on which
the Internet (and especially HTTP) has been based vs. migration to
centralized control models in which dedicated proxies perform
specific functions for the control of telephony services. This would
include, possibly, full knowledge of the state of each call.
While there is an wide-spread desire to maintain the peer-to-peer
architecture, there has been increasing admissions in various drafts
that centralized control or intelligent "middleboxes" are required in
many cases. This list will likely continue to grow. Some examples
are:
1. The revision to RFC 2543 [SIP-2543bis] defines the notion of a
"Call Stateful proxy", which "retains state for a dialog from the
initiating INVITE to the terminating BYE request", i.e., for the
duration of a call. However, no use of this state has been included
in the current version of SIP [SIP-2543bis].
Pierce Expires October 2002 Page 2
Internet Draft Architecture for Assured Service in VoIP April 2002
2. Draft-ietf-sipping-cc-framework-00 includes the concept of a
"central control" signaling model (although its reference to 3pcc
indicates that the actual concept is not "centralized" but rather a
specialized end-user performing control for other users.)
3. The abstract for draft-ietf-sipping-service-examples-00 recognizes
that "some [services] require the assistance of a SIP Proxy", but
that "most ... shown in this document are implemented in the SIP User
Agents". However, it then states that the flows shown assume "a
network of proxies, registrars, PSTN gateways, and other SIP servers
that have a pre-established trust relationship with each other...
User agents wishing to use the services in this network are required
to authenticate themselves with an edge proxy..."
4. The draft for identity and privacy [SIP-IDENTITY] states that, in
order for an originating device to achieve privacy concerning its
identity related information, one must "assume an architecture where
the caller initiates a session to the callee via a trusted entity in
its network. The callee in turn receives the session initiation via a
trusted entity". It further states that the "trusted entity ...
belongs to and is controlled by the Network".
2. Architectures
Various discussions and memos have identified two potential network
architectures for the provision of SIP services. They are briefly:
2.1 End-to-end Architecture
All service provision is between and under control of the calling and
called party, referred to as "User Agent Client (UAC)" and "User
Agent Server (UAS)", respectively. This terminology of "client" and
"server" are based on the HTTP model from which this model is derived
and have no real significance to this model. Either end can initiate
a transaction. There is no device in between which provides service
support, only routers for packets.
(If a specialized back-to-back user agent (B2BUA) is used for some
defined capability, that B2BUA simply acts as the termination point
of two distinct sessions. There is no additional "network" function
which associates the two sessions.)
2.2 Service Provider Network Architecture
A Service Provider maintains and controls network elements which play
an active role in the provision of services to end users. These
network elements may be referred to as back-to-back user agents
(B2BUA), proxies, servers, or middleboxes, but they all have the
common characteristic of being provided by a Service Provider. These
elements terminate SIP messages, perform service control, and send
new or modified SIP messages to other network elements or to the
other user.
Pierce Expires October 2002 Page 3
Internet Draft Architecture for Assured Service in VoIP April 2002
3. Required Architecture
In order to provide the security and feature control required for
Assured Service, it is necessary to utilize the Service Provider
Network Architecture in which proxies are used to support call
origination and termination for each user involved in the service.
The architecture is the "trapezoid" described in [SIP-2543bis] and
[SIP-IDENTITY] as follows (copied from draft-ietf-sip-srv-06):
......................... ..........................
. . . .
. +-------+ . . +-------+ .
. | | . (2) . | | .
. | Proxy |----------------- | Proxy | .
. | 1 | . . | 2 | .
. | | . . | | .
. +-------+ . . +-------+ .
. / . . \ .
. / (1) . . \ (3) .
. / . . \ .
. / . . \ .
. +-------+ . . +-------+ .
. | | . (4) . | | .
. | UA 1 |------------------------------------| UA 2 | .
. | | . . | | .
. +-------+ . . +-------+ .
. Domain A . . Domain B .
......................... ..........................
Interfaces:
(1) Originating UA 1 to Proxy 1: Authentication and all SIP messages
to/from UA 1
(2) Proxy 1 to Proxy 2 (and to other devices such as policy servers):
SIP messages and policy actions
(3) Proxy 2 to terminating UA 2: Authentication and all SIP messages
to/from U 2
(4) Originating UA 1 to terminating UA 2: Voice packets
4. Required Procedures
4.1 Authentication
Each UA which might use the Assured Service capability must
authenticate with a designated proxy before any service activation is
attempted. Normally, this would be at the time the device is powered
on, connected to the network, or is initialized, or it might be done
at pre-determined time intervals. Whether or not this authentication
requires a user interaction (human entry of a password, iris scan,
etc.) is not important and depends on the application. Such an
authentication may be very time consuming, with password verification
and policy data-base look-ups. After this authentication, this proxy
Pierce Expires October 2002 Page 4
Internet Draft Architecture for Assured Service in VoIP April 2002
must handle all session establishment, both to and from this UA.
This authentication function may be performed when the user attempts
the first session setup, for example, when an individual is allowed
to use a common device by first "logging on" with their identity and
password. In fact, this is still an "authentication" function
performed before the session setup is attempted. However, in this
case, it must be understood that there may be an additional delay due
to the authentication process before a call can be placed.
This authentication process is not unique to the provision of the
Assured Service capability. It is also required for many other
services which are to be provided by the service provider's proxy
based on pre-established authorizations.
4.2 Function of Proxy
Besides the processing of the authentication, each proxy is
responsible for a number of functions important to the provision of
Assured Service (as well as other services) and the handling of
interactions, where required, between different services. This
includes (for Assured Service):
- maintaining state of all existing sessions, including their
priority, which exist on the UA (both proxies).
- maintaining knowledge of other services being used by the UA
which might need to be taken into consideration when applying
the Assured Service capabilities (both proxies).
- verifying that the originating UA is allowed to establish the
session at the precedence level requested (originating proxy).
- establish permission at the access router for it to handle the
precedence marked packets from the UA (both proxies).
- performing the timing function to control the diversion service
(terminating proxy).
- deciding when to preempt the end user and sending the
appropriate preempt messages to the other party (both proxies).
- maintaining records of the use of the service, whether for
accounting or auditing purposes (both proxies).
4.3 Session Control
Session establishment and release should follow the same message
sequence as defined in SIP and its extensions for non-Assured Service
calls. There should not be any additional messages. The only
additional requirements are the inclusion of:
Pierce Expires October 2002 Page 5
Internet Draft Architecture for Assured Service in VoIP April 2002
- the priority level as defined in [Resource-priority] in the
INVITE
- security related information in every message which would
consist of an authentication header (AH) using cryptographic
techniques to allow the receiving end (user or proxy) to
validate the authenticity of the message before acting on it.
(This requirement is not unique to Assured Service, but is also
required to secure other capabilities.)
5. Security Considerations
This memo mostly deals with the architectural requirements to provide
the necessary security. While it does not attempt to define the
actual security mechanisms used for authentication and authorization,
it establishes the service architecture required.
6. References
[SIP-CALL-AUTH] draft-ietf-sip-call-auth-04, "SIP Extension for Media
Authorization", February 2002.
[SIP-2543bis] draft-ietf-sip-rfc2543bis-09, "SIP: Session Initiation
Protocol" (revision), February 2002.
[SIP-IDENTITY] draft-ietf-sip-privacy-04, "SIP extensions for
Network-asserted Caller Identity and Privacy within Trusted
Networks", February 2002.
[Baker] draft-baker-ieprep-requirements-00, "IEPS Requirement
Statement", February 2002.
[Pierce1] draft-pierce-sipping-assured-service-02, "Requirements for
Assured Service Capabilities in Voice over IP", April 2002.
[Pierce2] draft-pierce-sipping-pref-treat-examples-00, "Examples for
Provision of Preferential Treatment in Voice over IP", April 2002.
7. Authors' Addresses
Michael Pierce
Artel
1893 Preston White Drive
Reston, VA 20191
Phone: +1 410.817.4795
Email: pierce1m@ncr.disa.mil
Don Choi
DISA
5600 Columbia Pike
Falls Church, VA 22041-2717
Phone: +1 703.681.2312
Email: choid@ncr.disa.mil
Pierce Expires October 2002 Page 6
Internet Draft Architecture for Assured Service in VoIP April 2002
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published,
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein are provided on an
"AS IS" basis and THE INTERNET SOCIETY and THE INTERNET ENGINEERING
TASK FORCE disclaim all warranties, express or implied, including but
not limited to any warranty that the use of the information herein
will not infringe any rights or any implied warranties of
merchantability or fitness for a particular purpose.
Internet Draft Architecture for Assured Service in VoIP April 2002