SIPPING Working Group H. Schulzrinne
Internet-Draft Columbia University
Expires: January 10, 2006 E. Shim
Panasonic
July 9, 2005
Recommended Relationships between Different Types of Identifiers.
draft-schulzrinne-sipping-id-relationships-00.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 10, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
Evolution of communications technologies brought us various types of
identifiers or addresses that identify persons such as SIP URIs,
email addresses, and telephone numbers. Proper relationships among
different type of identifiers can enable various services, which,
otherwise, are difficult to realize. This memo provides guidelines
for managing relationships between SIP URIs other personal
identifiers.
Schulzrinne & Shim Expires January 10, 2006 [Page 1]
Internet-Draft ID Relationships July 2005
1. Introduction
In the absence of widely-deployed public directories, users often
have only partial information about the various communication URI
schemes for people they are trying to reach. They might have an old
business card or RFC, typically containing a phone number or email
address, but may need to contact the individual by some other means,
such as via SIP or XMPP. Usage of newer protocols is facilitated if
a communicating party is likely to be able to obtain such addresses.
A number of communications-related URIs, such as for email [4] [5],
SIP [1] and XMPP [6] use the basic 'user@host' form. Particularly
since implementations often allow usage of such identifiers without
prefixing it with the URI scheme, non-technical users expect these
identifiers to work across different means of communication and, in
particular, expect that they reach the same person if they do work.
In some cases, if a SIP or other presence-related address such as an
xmpp URI is known, one can try to subscribe to that address, with the
presence object possibly returning the email address. However, this
is not likely to work consistently, particularly since revealing
presence information requires more trust than simply revealing one's
email address.
Thus, given the limitations of electronic means of relating different
communications-related URI schemes for individuals and services,
users are likely to guess. Communication is facilitated and
communication failures are prevented if identifiers are constructed
in a predictable and consistent manner.
This document makes two core recommendations:
(1) Individuals should be able to choose user identifiers across URI
schemes that are the same.
(2) Assignment policies within a domain should not assign the same
user part in different URI schemes to different individuals.
2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119
[2].
Schulzrinne & Shim Expires January 10, 2006 [Page 2]
Internet-Draft ID Relationships July 2005
SIP URI: Uniform Resource Indicators identifyng communication
resources for SIP as defined in Section 19, RFC 3261 [1].
Its general form is:
sip:user:password@host:port;uri-parameters?headers.
SIPS URI: Same as SIP URI except that the SIP protocol runs on top of
the Transport Layer Security (TLS) protocol [3]. It is also
defined in Section 19, RFC 3261 [1]. Its general form is the
same as the SIP URI except that it starts with 'sips:' rather than
'sip:'.
SIP address: A SIP URI or SIPS URI.
telephone number: A string of decimal digits that uniquely indicates
the network termination point. The string contains the
information necessary to route the call to this point. There are
two categories of telephone numbers: public telephone numbers and
private telephone numbers. This definition is from RFC 3966 [7]
which derived the definition from [11].
tel URI: A resource identifier from a telephone number as defined in
RFC 3966[7].
email address: A character string that identifies a user to whom mail
will be sent or a location into which mail will be deposited. The
standard email address naming convention is defined to be
"user@host". A more rigorous definition can be found in RFC2821
[4] and RFC2822 [5].
3. Recommended Practices
3.1 A SIP address and an email address with the same user and domain
parts
A SIP address MUST NOT have the same user and domain parts as an
email address unless both refer to the same person or service.
Therefore, a SIP address and an email address with the same user and
domain parts MUST refer to the same person or service. For example,
the following SIP address and email address
sip:bob@example.com:5060;transport=udp
(mailto:)bob@example.com
Schulzrinne & Shim Expires January 10, 2006 [Page 3]
Internet-Draft ID Relationships July 2005
MUST refer to the same person.
3.2 Two SIP addresses with the same user and domain parts
Any two SIP addresses MUST NOT have the same user and domain parts
unless both refer to the same person or service.
For example, the following SIP addresses
sip:bob@example.com:5060;transport=udp
sips:bob@example.com;transport=tcp
MUST refer to the same person or service even though they are not
equivalent according to the SIP specification [1] .
3.3 A SIP address and its email-equivalent
All SIP addresses SHOULD have a working email-equivalent as long as
the SIP addresses are referring to people.
For example, for the following SIP address
sip:bob@example.com:6000;transport=tcp
a working email-equivalent SHOULD exist, such as
(mailto:)bob_the_builder@example.net.
The above example illustrates that the working email-equivalent does
not have to have the same user and domain parts as the SIP address.
How to find the email-equivalent for a given SIP address is out of
scope.
If a SIP address refers to a telephone (number), it MAY not have an
email-equivalent.
3.4 A tel URI and its email-equivalent
A tel URI MAY not have an email-equivalent.
3.5 An email address and its SIP-equivalent
Some email addresses may not have SIP equivalents, e.g., because the
domains don't support SIP services.
Schulzrinne & Shim Expires January 10, 2006 [Page 4]
Internet-Draft ID Relationships July 2005
3.6 Email user names and SIP user parts
Providers of SIP services SHOULD allow all valid email user names as
SIP address user parts.
3.7 A telephone number and its SIP-equivalent
Telephone numbers are mapped to SIP URIs without visual separators
(hyphen, etc.), as partially described in the tel URI RFC [7] and the
SIP RFC [1]. The parameter 'user' with its value 'phone' SHOULD be
included in the SIP URIs.
For example, the following public telephone number
+1-212-555-1234
is mapped to the following SIP URI
sip:+12125551234;user=phone.
4. Use Cases
Below are just two example use cases showing the benefits that can be
accrued by the recommended relationships in the above.
4.1 Leaving voicemails using emails in P2P IP telephony systems
Let say there are two identifiers, a SIP URI sip:bob@example.com and
an email address bob@example.com. Imagine that there is no voicemail
server associated with sip:bob@example.com and the human user owning
the SIP URI could not take a call when another user called at the
URI. It would be very useful if the caller can leave a voicemail by
email. This scenario is particularly useful when SIP UAs are
operating in a peer-to-peer fashion. Peer-to-peer networks for SIP-
based communications were discussed recently in several drafts
[8][9][10] . If the email address bob@example.com is assigned to the
same person owning sip:bob@example.com by a global rule, it is
straightforward to which email address the voicemail should be
emailed. Instead, if the email address bob@example.com happens to be
assigned to a different person, the caller will end up leaving the
voicemail to a wrong person.
4.2 Common authentication for IP telephony and email systems
An organization, in their deployment of a SIP-based IP telephony
system, set a policy that the SIP URI and the email address with the
same user information and the host information components, i.e.
Schulzrinne & Shim Expires January 10, 2006 [Page 5]
Internet-Draft ID Relationships July 2005
identical except the protocol component should be assigned only to
the same user and let the users use their email system usernames and
passwords for authentication with the IP telephony system, reducing
the administration overhead and increasing the convenience of users
at the same time.
5. Security Considerations
One could argue that making identifiers the same across communication
means is likely to increase undesirable communication, such as spam.
However, communication identifiers are often short and easily
guessable, so that those intent on sending spam can exhaustively
search the namespace until a working address has been found.
Similarly, a single instance of an address "leaked" on a web page is
often sufficient to introduce the address into the pool of spam-
receiving addresses. Thus, the protection of address hiding appears
to be limited, but the negative impact on desirable communication is
clear. It is not the role of this document to force users to make
such a trade-off between the possible benefits of address hiding and
easier reachability, but rather to facilitate such choice.
This document therefore does not require that users choose the same
'user' part, but suggests that providers of such services make it
easy for users to choose such a convention.
Preventing two users to share the same identifiers across URIs
increases security, as it makes it less likely that a user sends
confidential information to the wrong destination, in the mistaken
belief that they are owned by the same person.
6. Acknowledgments
Arjun Roychowdhury's comments are appreciated.
7. References
7.1 Normative References
[1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirements
Levels", RFC 2119, March 1997.
[3] Alen, C. and T. Dierks, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.
Schulzrinne & Shim Expires January 10, 2006 [Page 6]
Internet-Draft ID Relationships July 2005
[4] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
April 2001.
[5] Resnick, P., "Internet Message Format", RFC 2822, April 2001.
[6] Saint-Andre, Ed., P., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 3920, October 2004.
[7] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966,
December 2004.
7.2 Informative References
[8] Johnston, A., "SIP, P2P, and Internet Communications",
draft-johnston-sipping-p2p-ipcom-01 (work in progress),
March 2005.
[9] Bryan, D. and C. Jennings, "A P2P Approach to SIP
Registration", draft-bryan-sipping-p2p-00 (work in progress),
January 2005.
[10] Philip, P. and B. Poustchi, "Industrial-Strength P2P SIP",
draft-matthews-sipping-p2p-industrial-strength-00 (work in
progress), February 2005.
[11] ITU-T, "The International Public Telecommunication Number
Plan", Recommendation E.164, May 1997.
Authors' Addresses
Henning Schulzrinne
Department of Computer Science
Columbia University
1214 Amsterdam Avenue
New York, NY 10027
USA
Email: schulzrinne@cs.columbia.edu
Schulzrinne & Shim Expires January 10, 2006 [Page 7]
Internet-Draft ID Relationships July 2005
Eunsoo Shim
Panasonic Digital Networking Laboratory
Two Research Way, 3rd Floor
Princeton, NJ 08540
USA
Email: eunsoo@research.panasonic.com
Schulzrinne & Shim Expires January 10, 2006 [Page 8]
Internet-Draft ID Relationships July 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Schulzrinne & Shim Expires January 10, 2006 [Page 9]