SIMPLE WGNetwork Working Group M. IsomakiInternet-DraftRequest for Comments: 4827 E. LeppanenExpires: March 5, 2006Category: Standards Track NokiaSeptember 2005March 2007 An Extensible Markup Language (XML) Configuration Access Protocol (XCAP) Usage for Manipulating Presence Document Contentsdraft-ietf-simple-xcap-pidf-manipulation-usage-02Status ofthisThis Memo This documentisspecifies anInternet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents ofInternet standards track protocol for the InternetEngineering Task Force (IETF), its areas,community, andits working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents validrequests discussion and suggestions fora maximumimprovements. Please refer to the current edition ofsix monthsthe "Internet Official Protocol Standards" (STD 1) for the standardization state andmay be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The liststatus ofcurrent Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The listthis protocol. Distribution ofInternet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 5, 2006.this memo is unlimited. Copyright Notice Copyright (C) TheInternet Society (2005).IETF Trust (2007). Abstract This document describes a usage of the Extensible Markup Language (XML) Configuration Access Protocol (XCAP) for manipulating the contents of Presence Information Data Format (PIDF) based presencedocument.documents. It is intended to be used in Session Initiation Protocol (SIP) based presence systems, where the Event State Compositor can use the XCAP-manipulated presence document as one of the inputs on which it builds the overall presence state for the presentity. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Relationship with Presence State Published Using SIP PUBLISH . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Application Usage ID . . . . . . . . . . . . . . . . . . . . . 6 5. MIME Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Structure of Manipulated Presence Information . . . . . . . . . 66.7. Additional Constraints . . . . . . . . . . . . . . . . . . . . 67.8. Resource Interdependencies . . . . . . . . . . . . . . . . . . 68.9. Naming Conventions . . . . . . . . . . . . . . . . . . . . . . 69.10. Authorization Policies . . . . . . . . . . . . . . . . . . . . 610.11. ExampleDocument. . . . . . . . . . . . . . . . . . . . . . . . . . . . 711.12. Security Considerations . . . . . . . . . . . . . . . . . . . . 812.13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 912.1.13.1. XCAP Application Usage ID . . . . . . . . . . . . . . . . 913.14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 914.15. References . . . . . . . . . . . . . . . . . . . . . . . . . . 914.1.15.1. Normative References . . . . . . . . . . . . . . . . . . . 914.2.15.2. Informative References . . . . . . . . . . . . . . . . .10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . ..11 Intellectual Property and Copyright Statements . . . . . . . . . . 129 1. Introduction The Session Initiation Protocol (SIP) for Instant Messaging and Presence (SIMPLE) specifications allow a user, called a watcher, to subscribe to another user, called a presentity, in order to learntheirits presence information [7]. The presence data model has been specified in [10]. The data model makes a clean separation betweenperson, serviceperson-, service-, anddevice relateddevice-related information. ASIP basedSIP-based mechanism, SIP PUBLISH method, has been defined for publishing presence state [4]. Using SIPPUBLISHPUBLISH, a Presence User Agent (PUA) can publish its view of the presence state, independently of and without the need to learn about the states set by other PUAs. However, SIP PUBLISH has a limited scope and does not address all the requirements for setting presence state. The main issue is that SIP PUBLISH creates a soft statewhichthat expires after the negotiated lifetime unless it is refreshed. This makes it unsuitable for cases where the state should prevail without active devices capable of refreshing the state. There are three main use cases where setting of permanent presence state that is independent of activeness of any particular device is useful. The first case concerns settingperson relatedperson-related state. The presentity would often like to set its presence state even for periods when it has no active devices capable of publishing available. Good examples are traveling,vacationsvacations, and so on. The second case is about setting state for services that are open forcommunicationcommunication, even if the presentity does not have a device running that serviceon-line.online. Examples ofthis kindthese kinds of services include e-mail,MMSMultimedia Messaging Service (MMS), andSMS.Short Message Service (SMS). In theseservicesservices, the presentity is provisioned with a server that makes the service persistently available, at least in certainform,forms, and it would be good to be able to advertise this to the watchers. Since it is not realistic to assume that all e-mail,MMSMMS, or SMS servers can publish presence state on their own (and even if this were possible, such state would almost never change), this has to be done by some otherdevice - anddevice. And since the availability of the service is not dependent on that device, it would beunpracticalimpractical to require that device to be constantly active just to publish such availability. The third case concerns setting the default state ofperson,anyserviceperson, service, oranydevice in the absence of any device capable of actively publishing such state. Forinstanceinstance, the presentity might want to advertise that his or her voice service isright nowcurrently closed, just to let the watcherstoknow that such service might be open at some point. Again, this type of default state is independent of any particulardevice,device and can be consideredto berather persistent. Even though SIP PUBLISH remainsto bethe main way of publishing presence state inSIMPLE basedSIMPLE-based presence systems and isespcially well suitedespecially well-suited for publishing dynamic state (which presence mainly is), it needs to be complemented by the mechanism described in this document to address the use cases presented above. XML Configuration Access Protocol (XCAP) [2] allows a client to read,writewrite, and modify application configurationdata,data stored in XML format on a server. The data has no expiration time, so it must be explicitly inserted and deleted. The protocol allows multiple clients to manipulate the data, provided that they are authorized to do so. XCAP is already used inSIMPLE basedSIMPLE-based presence systems for manipulation of presence lists and presence authorization policies. This makes XCAP an ideal choice for doingdevice independentdevice-independent presence document manipulation. This document defines an XML Configuration Access Protocol (XCAP) application usage for manipulating the contents of presence document. Presence Information Document Format (PIDF) [3] is used as the presence document format, since the event state compositor already has to support it, as it is used in SIP PUBLISH. Section 3 describes inmoredetail how the presence document manipulated with XCAP is related to soft state publishing done with SIP PUBLISH. XCAP requires application usages to standardize several pieces of information, including a unique application usage ID(AUID),(AUID) and an XML schema for the manipulated data. These are specified starting from Section 4. 2. Conventions In this document, the key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' are to be interpreted as described in RFC 2119 [1] and indicate requirement levels for compliant implementations. Comprehensive terminology of presence and event state publishing is provided inSession"Session Initiation Protocol (SIP) Extension for Event StatePublicationPublication" [4]. 3. Relationship with Presence State Published Using SIP PUBLISH The framework for publishing presence state is described in Figure 1. A central part of the framework is the event state compositorelementelement, whose function is to compose presence information received from several sources into a single coherent presence document. The presence state manipulated with XCAP can be seen as one of the information sources for the compositor to be combined with the soft state information published using SIP PUBLISH. This is illustrated in Figure 1. It is expectedthatthat, in the normalcasecase, there can be several PUAs publishing their separate views with SIP PUBLISH, but only a single XCAP manipulated presence document. As shown in the figure,there can bemultiple XCAP clients (forinstanceinstance, in different physical devices)manipulatingcan manipulate the same document on the XCAP server, but this still creates only one input to the event state compositor. The XCAP server stores the XCAP manipulated presence document under the "users" tree in the XCAP document hierarchy. See Section 9 for details and Section 11 for an example. As individualinputsinputs, the presence states set by XCAP and SIP PUBLISH are completelyseparatedseparated, and it is not possible to directly manipulate the state set by one mechanism with the other. How the compositor treatsXCAP basedXCAP-based inputs with respect to SIPPUBLISH basedPUBLISH-based inputs is a matter of compositor policy, which is beyond the scope of this specification. Since the SIP PUBLISH specification already mandates the compositor to be able to construct the overall presence state from multipleinputsinputs, which may contain non-orthogonal (or in some ways even conflicting) information, this XCAP usage does not impose any new requirements on the compositor functionality. +---------------+ +------------+ | Event State | | Presence |<-- SIP SUBSCRIBE | Compositor +---------+ Agent |--> SIP NOTIFY | | | (PA) | +-------+-------+ +------------+ ^ ^ ^ | | | | | | +---------------+ +--------+ | +-------| XCAP server | | | +-------+-------+ | | ^ ^ | SIP Publish | | XCAP | | | | | +--+--+ +--+--+ +-------+ +-------+ | PUA | | PUA | | XCAP | | XCAP | | | | | | client| | client| +-----+ +-----+ +-------+ +-------+ Figure 1: Framework for Presence Publishing and Event State Composition The protocol interface between XCAP server and the event state compositor is not specified here. 4. Application Usage ID XCAP requires application usages to define a unique application usage ID (AUID) in either the IETF tree or a vendor tree. This specification defines the 'pidf-manipulation' AUID within the IETF tree, via the IANA registration intheSection12.13. 5. MIME Type The MIME type for this application usage is 'application/pidf+xml'. 6. Structure of Manipulated Presence Information The XML Schema of the presence information(PIDF)is defined inCPIMthe Presence Information Data Format (PIDF) [3]. The PIDF also defines a mechanism for extending presence information. See [8], [9],[11][11], and [12] for currently defined PIDF extensions and their XML Schemas. The namespace URI for PIDF is'urn:ietf:params:xml:ns:pidf'. 6.'urn:ietf:params:xml:ns:pidf' which is also the XCAP default document namespace. 7. Additional Constraints There are no constraints on the document beyond those described in the XML schemas (PIDF and its extensions) and in the description ofCPIMPIDF [3].7.8. Resource Interdependencies There are no resource interdependencies beyond the possible interdependencies defined inCPIMPIDF [3] and XCAP [2] that need to be defined for this application usage.8.9. Naming ConventionsThere are no naming conventions beyondThe XCAP server MUST store only a single XCAP manipulated presence document for each user. The presence document MUST be located under thepossible conventions defined"users" tree, using filename "index". See an example inCPIM PIDF [3] that need to be defined for this application usage. 9.Section 11. 10. Authorization Policies This application usage does not modify the default XCAP authorization policy, which allows only a user (owner) to read,writewrite, or modify their own documents. A server can allow privileged users to modify documents that they do not own, but the establishment and indication of such policies is outside the scope of this document.10.11. ExampleDocumentThe section provides an example of a presence document provided by an XCAP Client to an XCAP Server. The presence document illustrates the situation where a (human) presentity has left for vacation, and beforethatthat, has set his presence informationsuchso that he is only available via e-mail. In the absence of any published soft state information, this would be the sole input to the compositor forming the presence document. The example documentcontaincontains PIDF extensions specified inRPID:"RPID: Rich Presence Extensions to the Presence Information Data Format(PIDF)(PIDF)" [8] andCIPID:"CIPID: Contact Information in Presence Information DataFormatFormat" [9].First,It is assumed that the presentity is a SIP user with Address-of- Record (AOR) sip:someone@example.com. The XCAP root URI for example.com is assumed to be http://xcap.example.com. The XCAP User Identifier (XUI) is assumed to be identical to the SIP AOR, according to XCAP recommendations. In this case, the presence document would be located at http://xcap.example.com/pidf-manipulation/users/ sip:someone@example.com/index. The presence document iscreated.created with the following XCAP operation: PUThttp://xcap.example.com/services/pidf-manipulation/users/someone/pidf.xml/pidf-manipulation/users/sip:someone@example.com/index HTTP/1.1Content type:appliation/pidf+xmlHost: xcap.example.com Content-Type: application/pidf+xml ... <?xml version="1.0" encoding="UTF-8"?> <presence xmlns="urn:ietf:params:xml:ns:pidf"xmlns:es="urn:ietf:params:xml:ns:pidf:status:rpid-status" xmlns:et="urn:ietf:params:xml:ns:pidf:rpid-tuple" xmlns:dm="urn:ietf:params:xml:ns:pidf:person"xmlns:rp="urn:ietf:params:xml:ns:pidf:rpid" xmlns:dm="urn:ietf:params:xml:ns:pidf:data-model" xmlns:ci="urn:ietf:params:xml:ns:pidf:cipid"entity="pres:someone@example.com">entity="sip:someone@example.com"> <tupleid="8eg92m">id="x8eg92m"> <status> <basic>closed</basic><es:idle/></status><et:class>auth-1</et:class><rp:user-input>idle</rp:user-input> <rp:class>auth-1</rp:class> <contact priority="0.5">sip:user@example.com</contact> <note>I'm available only by e-mail.</note> <timestamp>2004-02-06T16:49:29Z</timestamp> </tuple> <tupleid="8eg92n">id="x8eg92n"> <status> <basic>open</basic> </status><et:class>auth-1</et:class><rp:class>auth-1</rp:class> <contact priority="1.0">mailto:someone@example.com</contact> <note>I'm reading mail a couple of times a week</note> </tuple><dm:person> <et:class>auth-A</et:class><dm:person id="p1"> <rp:class>auth-A</rp:class> <ci:homepage>http://www.example.com/~someone</ci:homepage><dm:status> <es:activities> <es:activity>Vacation</es:activity> </es:activities> </dm:status><rp:activities> <rp:vacation/> </rp:activities> </dm:person> </presence>HTTP/1.1 201 Created Etag: "xyz" Next,When thenote concerninguser wants to change the note related to e-mail service, it ischanged.done with the following XCAP operation: PUThttp://xcap.example.com/services/pidf-manipulation/users/someone/pidf.xml /~~/presence/tuple%5b@id=%228eg92n%22%5d/note/pidf-manipulation/users/sip:someone@example.com/index/ ~~/presence/tuple%5b@id='x8eg92n'%5d/note HTTP/1.1 If-Match: "xyz"Content type:appliation/xcap-el+xmlHost: xcap.example.com Content-Type: application/xcap-el+xml ... <note>I'm reading mails on Tuesdays and Fridays</note>HTTP/1.1 200 OK Etag:"xyzz" 11.12. Security Considerations A presence document may contain information that is highly sensitive. Its delivery to watchers needs to happen strictly according to the relevant authorization policies. It is also important that only authorized clients are able to manipulate the presence information. The XCAP base specification mandates that all XCAP servers MUST implement HTTP Digest authentication specified in RFC 2617 [5]. Furthermore, XCAP servers MUST implement HTTP over TLS [6]. It is recommended that administrators of XCAP servers use an HTTPS URI as the XCAP rootservicesservices' URI, so that the digest client authentication occurs over TLS. By using these means, XCAP client and server can ensure the confidentiality and integrity of the XCAP presence document manipulation operations, and that only authorized clients are allowed to perform them.12.13. IANA Considerations There is an IANA consideration associated with this specification.12.1.13.1. XCAP Application Usage ID This section registers a new XCAP Application Usage ID (AUID) according to the IANA procedures defined in [2]. Name of the AUID: pidf-manipulation Description: Pidf-manipulation application usage defines how XCAP is used to manipulate the contents ofPIDF basedPIDF-based presence documents.13.14. Acknowledgements The authors would like to thank Jari Urpalainen, Jonathan Rosenberg, Hisham Khartabil, Aki Niemi, Mikko Lonnfors, Oliver Biot, Alex Audu, Krisztian Kiss, Jose Costa-Requena, GeorgeFotiFoti, and Paul Kyzivat for their comments.14.15. References14.1.15.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Rosenberg, J., "The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)",draft-ietf-simple-xcap-03 (work in progress), July 2004.RFC 4825, February 2007. [3] Sugano, H.,"CPIM presence information data format", draft-ietf-impp-cpim-pidf-08, May 2003.Fujimoto, S., Klyne, G., Bateman, A., Carr, W., and J. Peterson, "Presence Information Data Format (PIDF)", RFC 3863, August 2004. [4] Niemi, A.,"An Event State Publication Extension for Session"Session Initiation Protocol(SIP)", draft-ietf-sip-publish-04.txt, May(SIP) Extension for Event State Publication", RFC 3903, October 2004. [5] Franks, J., "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [6] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.14.2.15.2. Informative References [7] Rosenberg, J., "A Presence Event Package for the Session Initiation Protocol (SIP)", RFC 3856, August 2004. [8] Schulzrinne, H., Gurbani, V., Kyzivat, P., and J. Rosenberg, "RPID: Rich Presence Extensions to the Presence Information Data Format (PIDF)",draft-ietf-simple-rpid-03.txt (work in progress), March 2004.RFC 4480, July 2006. [9] Schulzrinne, H., "CIPID: Contact Informationinfor the Presence Information Data Format",draft-ietf-simple-cipid-03.txt (work in progress),RFC 4482, July2004.2006. [10] Rosenberg, J., "A Data Model for Presence",draft-ietf-simple-presence-data-model-00 (work in progress), September 2004.RFC 4479, July 2006. [11] Lonnfors,M., "UserM. and K. Kiss, "Session Initiation Protocol (SIP) User Agent Capability Extension to Presence Information Data Format (PIDF)",draft-ietf-simple-prescaps-ext-01 (workWork inprogress), May 2004.Progress, July 2006. [12] Schulzrinne, H., "Timed Presence Extensions to the Presence Information Data Format (PIDF) to IndicatePresenceStatus Information for Past and Future Time Intervals",draft-ietf-simple-future-02 (work in progress),RFC 4481, July2004.2006. Authors' Addresses Markus Isomaki NokiaP.O.BOXP.O. BOX 100 00045 NOKIA GROUP FinlandPhone: Email:EMail: markus.isomaki@nokia.com Eva Leppanen NokiaP.OP.O. BOX 785 33101 Tampere FinlandPhone: Email:EMail: eva-maria.leppanen@nokia.com Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual PropertyStatementThe IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. AcknowledgmentAcknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.