A Session Initiation Protocol (SIP) Event Package for Key Press Stimulus (KPML)
RFC 4730

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    sipping mailing list <sipping@ietf.org>, 
    sipping chair <sipping-chairs@tools.ietf.org>
Subject: Protocol Action: 'A Session Initiation Protocol (SIP) 
         Event Package for Key Press Stimulus (KPML)' to Proposed 
         Standard 

The IESG has approved the following document:

- 'A Session Initiation Protocol (SIP) Event Package for Key Press 
   Stimulus (KPML) '
   <draft-ietf-sipping-kpml-09.txt> as a Proposed Standard

This document is the product of the Session Initiation Proposal 
Investigation Working Group. 

The IESG contact persons are Allison Mankin and Jon Peterson.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-sipping-kpml-09.txt

Technical Summary

This document specifies the Key Press Markup Language (KPML). KPML is 
used by a Session Initiation Protocol (SIP) User Agent to monitor 
Dual-Tone Multi-Frequency (DTMF) signals in environments when the 
interested User Agent is not a party to the corresponding audio media 
(tones) associated with those signals.   SIP is an Internet 
application-layer control (signalling) protocol for creating, 
modifying, and terminating sessions with one or more participants. SIP 
sessions are separate from the media flows they establish. These 
sessions include, in particular, telephone calls.   DTMF tones are a 
common form of conveying user input in telephone networks, including 
calls made using IP telephones or gateway devices which interwork 
between IP networks and traditional telephone networks.

KPML markup is designed for use with devices such as telephones or 
telephone gateways which do not render a presentation of their markup 
to an end-user. KPML uses a regular expression language to request 
specific patterns of digits from a telephone or gateway. Using a SIP 
event package, interested User Agents subscribe using a KPML regular 
expression as a filter, and receive notifications which report on the 
status of pattern matches contained in the corresponding subscriptions. 
KPML takes particular care to prevent unauthorized disclosure of DTMF 
events which could reveal sensitive information such as account 
numbers, credit card numbers, and numeric passwords.

Working Group Summary

The document is a product of the SIPPING working group and was 
developed over the course of about two years. The SIP community 
(including participants of the MMUSIC, SIP, and SIPPING working groups) 
has attempted to address the general problem of DTMF monitoring over 
SIP on and off for at least five years, which has resulted in the 
implementation of a number of non-interoperable ad-hoc approaches. The 
working group was finally able to address this problem in a general way 
which is consistent with SIP's overall relationship with other markup 
languages.  The working group demonstrated very strong consensus to 
deliver a standard solution to this problem, and rough-consensus and no 
strong objections to the specific approach.

Protocol Quality

    This document was reviewed under the PROTO process by Rohan
    Mahy, co-chair of the SIP and SIPPING working groups. The regular 
    expression language was reviewed by Bill Fenner.  

RFC Editor Notes:

Please spell out the first occurrence of the following acronyms:
        XML -> Extensible Markup Language (XML)
        DTMF -> Dual Tone Multi-Frequency (DTMF)
        RTP -> Real-time Transport Protocol (RTP)
        MGCP -> Media Gateway Control Protocol (MGCP)

Section 4.7

OLD:
  Upon authenticating the requesting party, the User Interface 
  determines if the requesting party has authorization to monitor the 
  user's key presses.  Determining authorization policies and procedures 
  is beyond the scope of this specification.

NEW:
Upon authenticating the requesting party, the User Interface determines 
if the requesting party has authorization to monitor the user's key 
presses.  The default authorization policy is to allow a KPML 
subscriber who can authenticate with a specific identity to monitor key 
presses from SIP sessions in which the same or equivalent authenticated 
identity is a participant.  In addition, KPML will often be used, for 
example, between "application servers" (subscribers) and PSTN gateways 
(notifiers) operated by the same domain or federation of domains.   In 
this situation a notifier MAY be configured with a list of subscribers 
which are specifically trusted and authorized to subscribe to key press 
information related to all sessions in a particular context.

Section 5.1

Please delete the character marked with ^ below:

OLD
DRegexCharacter  = DIGIT / "A" / "B" / "C" / "D" / "*" / "#" /
                                         / "a" / "b" / "c" / "d"
                                          ^
NEW
DRegexCharacter  = DIGIT / "A" / "B" / "C" / "D" / "*" / "#" /
                                          "a" / "b" / "c" / "d"

In Sections 7.4, 7.5, 7.6, and 7.7, please replace the Registrant
Contact as follows:

OLD
    Registrant Contact: IETF, SIPPING Work Group <sipping@ietf.org>, Eric
    Burger <e.burger@ieee.org>.
NEW
    Registrant Contact: The IESG <iesg@ietf.org>

Section 8 
   
   As an XML markup, all of the security considerations of RFC3023 [3]
   and RFC3406 [6] must be met.
   
   s/must/MUST/