One document matched: draft-ietf-drinks-spp-framework-02.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY rfc2277 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2277.xml">
<!ENTITY rfc2609 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2609.xml">
<!ENTITY rfc2616 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2616.xml">
<!ENTITY rfc2781 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2781.xml">
<!ENTITY rfc3261 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3261.xml">
<!ENTITY rfc3263 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3263.xml">
<!ENTITY rfc3629 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
<!ENTITY rfc3688 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3688.xml">
<!ENTITY rfc3986 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml">
<!ENTITY rfc4725 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.4725.xml">
<!ENTITY rfc4732 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.4732.xml">
<!ENTITY rfc4949 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.4949.xml">
<!ENTITY rfc5067 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5067.xml">
<!ENTITY rfc5246 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5246.xml">
<!ENTITY rfc5321 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5321.xml">
<!ENTITY rfc5486 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5486.xml">
<!ENTITY rfc5646 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5646.xml">
<!ENTITY rfc6116 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6116.xml">
<!ENTITY rfc6461 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6461.xml">
]>
<rfc category="std" docName="draft-ietf-drinks-spp-framework-02" ipr="trust200902">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<front>
<title abbrev="draft-drinks-spp-framework">Session Peering Provisioning Framework (SPPF)</title>
<author initials="K.C." surname="Cartwright" fullname="Kenneth Cartwright">
<organization>TNS</organization>
<address>
<postal>
<street>1939 Roland Clarke Place</street>
<city>Reston</city>
<region>VA</region>
<code>20191</code>
<country>USA</country>
</postal>
<email>kcartwright@tnsi.com</email>
</address>
</author>
<author initials="V.B." surname="Bhatia" fullname="Vikas Bhatia">
<organization>TNS</organization>
<address>
<postal>
<street>1939 Roland Clarke Place</street>
<city>Reston</city>
<region>VA</region>
<code>20191</code>
<country>USA</country>
</postal>
<email>vbhatia@tnsi.com</email>
</address>
</author>
<author initials="S.A." surname="Ali" fullname="Syed Wasim Ali">
<organization>NeuStar</organization>
<address>
<postal>
<street>46000 Center Oak Plaza</street>
<city>Sterling</city>
<region>VA</region>
<code>20166</code>
<country>USA</country>
</postal>
<email>syed.ali@neustar.biz</email>
</address>
</author>
<author initials="D.S." surname="Schwartz" fullname="David Schwartz">
<organization>XConnect</organization>
<address>
<postal>
<street>316 Regents Park Road</street>
<city>London</city>
<region> </region>
<code>N3 2XJ</code>
<country>United Kingdom</country>
</postal>
<email>dschwartz@xconnect.net</email>
</address>
</author>
<date year="2012"/>
<area>Real-time Applications and Infrastructure Area</area>
<workgroup>DRINKS</workgroup>
<abstract>
<t> This document specifies the data model and the overall structure for
a framework to provision session establishment data into Session Data Registries and SIP
Service Provider data stores. The framework is called the Session Peering Provisioning
Framework (SPPF). The provisioned data is typically used by network elements for session
peering. </t>
</abstract>
</front>
<middle>
<!-- Note: this is how you can put a note in the draft for yourself or for the co-authors to check on -->
<section anchor="introduction" title="Introduction">
<t> Service providers and enterprises use registries to make
session routing decisions for Voice over IP, SMS and
MMS traffic exchanges. This document is narrowly focused on
the provisioning framework for these registries. This framework
prescribes a way for an entity to provision session-related
data into a registry. The data being provisioned can be
optionally shared with other participating peering entities.
The requirements and use cases driving this framework have been
documented in <xref target="RFC6461"/>. The reader
is expected to be familiar with the terminology defined in the
previously mentioned document. <vspace blankLines="1"/> Three
types of provisioning flows have been described in the use
case document: client to registry provisioning, registry to
local data repository and registry to registry. This document
addresses client to registry aspect to fulfill the need to provision
Session Establishment Data (SED). The framework that supports flow of
messages to facilitate client to registry provisioning is referred
to as Session Peering Provisioning Framework (SPPF).</t>
<t>Please note that the role of the "client" and the "server" only
applies to the connection, and those roles are not related
in any way to the type of entity that participates in a
protocol exchange. For example, a registry might also
include a "client" when such a registry initiates a
connection (for example, for data distribution to SSP).</t>
<t>
<figure align="center" anchor="RegFlows">
<artwork align="center"><![CDATA[
*--------* *------------* *------------*
| | (1). Client | | (3).Registry | |
| Client | ------------> | Registry |<------------->| Registry |
| | to Registry | | to Registry | |
*--------* *------------* *------------*
/ \ \
/ \ \
/ \ \
/ \ v
/ \ ...
/ \
/ (2). Distrib \
/ Registry data \
/ to local data \
V store V
+----------+ +----------+
|Local Data| |Local Data|
|Repository| |Repository|
+----------+ +----------+
]]></artwork>
<postamble> Three Registry Provisioning Flows </postamble>
</figure>
</t>
<t>The data provisioned for session establishment is typically
used by various downstream SIP signaling systems to route a
call to the next hop associated with the called domain. These
systems typically use a local data store ("Local Data
Repository") as their source of session routing information.
More specifically, the SED data is the set of parameters that
the outgoing signaling path border elements (SBEs) need to
initiate the session. See <xref target="RFC5486"/> for more
details. <vspace blankLines="1"/> A "terminating" SIP Service
Provider (SSP) provisions SED into the registry to be
selectively shared with other peer SSPs. Subsequently, a
registry may distribute the provisioned data into local data
repositories used for look-up queries (identifier -> URI) or
for lookup and location resolution (identifier -> URI ->
ingress SBE of terminating SSP). In some cases, the registry
may additionally offer a central query resolution service (not
shown in the above figure). </t>
<t> A key requirement for the SPPF is to be able to
accommodate two basic deployment scenarios: <list style="numbers">
<t> A resolution system returns a Look-Up Function (LUF) that
comprises the target domain to assist in call routing
(as described in <xref target="RFC5486"/>). In this case,
the querying entity may use other means to perform the Location Routing
Function (LRF) which in turn helps determine the actual
location of the Signaling Function in that domain. </t>
<t> A resolution system returns a Location Routing Function (LRF)
that comprises the location (address) of the signaling function
in the target domain (as described in <xref target="RFC5486"/>). </t>
</list>
</t>
<t> In terms of framework design, SPPF is agnostic to
the transport protocol. This document includes the specification of the
data model and identifies, but does not specify, the means to enable
protocol operations within a request and response structure. That aspect
of the specification has been delegated to the "protocol" specification
for the framework. To encourage interoperability, the framework supports
extensibility aspects. </t>
<t> Transport requirements are provided in this document to help
with the selection of the optimum transport mechanism.
The SPP Protocol over SOAP document identifies a protocol
for SPPF that uses SOAP/HTTP as the transport mechanism. </t>
<t> This document is organized as follows:
<list style="symbols" hangIndent="5">
<t><xref target="terminology"/> provides the terminology;</t>
<t><xref target="highleveldesign"/> provides an overview of SPPF,
including functional entities and data model; </t>
<t><xref target="transportreq"/> specifies requirements for
SPPF transport protocols; </t>
<t><xref target="basicdatastructures"/> describes the base framework
data structures, the generic response types that MUST be supported
by a conforming "protocol" specification, and the basic object type
most first class objects extend from;</t>
<t><xref target="protocolDataModelObjects"/> detailed description of
the data model object specifications;</t>
<t><xref target="xmlconsiderations"/> defines XML considerations
XML parsers must meet to conform to this specification;</t>
<t><xref target="formalspecification"/> normatively defines the
SPPF using its XML Schema Definition. </t>
</list>
</t>
</section>
<section anchor="terminology" title="Terminology">
<t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in <xref target="RFC2119"/>. </t>
<t> This document reuses terms from <xref target="RFC3261"/>,
<xref target="RFC5486"/>, use cases and requirements
documented in <xref target="RFC6461"/> and the
ENUM Validation Architecture <xref target="RFC4725"/>. </t>
<t> In addition, this document specifies the following
additional terms: <vspace blankLines="1"/>
<list style="hanging">
<t hangText="SPPF: "> Session Peering Provisioning Framework,
the framework used by a transport protocol to provision data
into a Registry (see arrow labeled "1." in Figure 1 of
<xref target="RFC6461"/>). It is the primary scope of
this document. <vspace blankLines="1"/>
</t>
<t hangText="SPDP: "> Session Peering Distribution Protocol,
the protocol used to distribute data to Local Data
Repository (see arrow labeled "2." in Figure 1 of <xref target="RFC6461"/>).
<vspace blankLines="1"/>
</t>
<t hangText="Client: "> An application that supports an SPPF
client; it is sometimes referred to as a "registry
client". <vspace blankLines="1"/>
</t>
<t hangText="Registry: "> The Registry operates a master
database of Session Establishment Data for one or more
Registrants. <vspace blankLines="1"/>A Registry acts as an SPPF server. <vspace blankLines="1"/>
</t>
<t hangText="Registrant: "> In this document we extend the
definition of a Registrant based on <xref target="RFC4725"/>. The Registrant is the end-user, the person or
organization that is the "holder" of the Session
Establishment Data being provisioned into the Registry by a Registrar.
For example, in <xref target="RFC6461"/>, a
Registrant is pictured as a SIP Service Provider in Figure
2. <vspace blankLines="1"/> Within the confines of a Registry, a Registrant is uniquely identified by a well-known ID.<vspace blankLines="1"/>
</t>
<t hangText="Registrar: "> In this document we extend
the definition of a Registrar from <xref target="RFC4725"/>. A Registrar is an entity that performs provisioning operations on behalf
of a Registrant by interacting with the Registry via SPPF
operations. In other words the Registrar is the SPPF Client. The Registrar
and Registrant roles are logically separate to allow, but not require, a single Registrar to
perform provisioning operations on behalf of more than one Registrant.
</t>
<t hangText="Peering Organization: "> A Peering Organization is
an entity to which a Registrant's SED Groups are made visible using
the operations of SPPF.
</t>
</list>
</t>
</section>
<section anchor="highleveldesign" title="Framework High Level Design">
<t> This section introduces the structure of the data model and
provides the information framework for the SPPF. The data model is defined
along with all the objects manipulated by the protocol and
their relationships. </t>
<section anchor="datamodel" title="Framework Data Model">
<t> The data model illustrated and described in <xref target="SPPF_datamodel"/> defines the logical objects and
the relationships between these objects that the SPPF
protocol supports. SPPF defines the protocol operations
through which an SPPF client populates a registry with these
logical objects. Various clients belonging to different
registrars may use the protocol for populating the
registry's data. </t>
<t> The logical structure presented below is consistent with
the terminology and requirements defined in <xref target="RFC6461"/>. </t>
<t>
<vspace blankLines='70' />
</t>
<figure align="center" anchor="SPPF_datamodel">
<preamble> </preamble>
<artwork align="center"><![CDATA[
+-------------+ +-----------------+
| all object | |Egress Route: |
| types | 0..n | rant, |
+-------------+ +--| egrRteName, |
|0..n / | pref, |
| / | regxRewriteRule,|
|2 / | ingrSedGrp, |
+----------------------+ / | svcs |
|Organization: | / +-----------------+
| orgId | /
+----------------------+ /
|0..n /
| /
|A SED Group is /
|associated with /
|zero or more / +---[abstract]----+
|Peering / | SED Record: |
|Organizations / | rant, |
| / | sedName, |0..n
|0..n / | sedFunction, |------|
+--------+--------------+0..n 0..n| isInSvc, | |
|SED Group: |------------------| ttl | |
| rant, | +-----------------+ |
| sedGrpName, | ^ |
| isInSvc, | |Various types |
| sedRecRef, | |of SED |
| peeringOrg, | |Records |
| sourceIdent, | +-----+------------+ |
| priority, | | | | |
| dgName | +----+ +-------+ +----+ |
+-----------------------+ | URI| | NAPTR | | NS | |
|0..n +----+ +-------+ +----+ |
| |
| +-----[abstract]------+ |
| |Public Identifier: | |
|0..n | rant, | |
+----------------------+0..n 0..n| publicIdentifier, | |
| Dest Group: |--------------| destGrpRef, | |
| rant, | | sedRecRef | |
| dgName | +---------------------+ |
+----------------------+ ^Various types |
|of Public |
|Identifiers |
+---------+-------+------+----------+ |
| | | | | |
+------+ +-----+ +-----+ +-----+ +------+ |
| URI | | TNP | | TNR | | RN | |TN |----------|
+------+ +-----+ +-----+ +-----+ +------+ 0..n
]]></artwork>
</figure>
<t> The objects and attributes that comprise the data model
can be described as follows (objects listed from the
bottom up): <list style="symbols">
<t> Public Identifier: <vspace blankLines="0"/>
From a broad perspective a public identifier is a well-known
attribute that is used as the key to perform resolution
lookups. Within the context of SPPF, a public identifier
object can be a Telephone Number (TN), a range of Telephone
Numbers, a PSTN Routing Number (RN), a TN prefix, or a URI.
<vspace blankLines="1"/> An SPPF Public Identifier is associated
with a Destination Group to create a logical grouping
of Public Identifiers that share a common set of
Session Establishment Data (e.g. routes).
<vspace blankLines="1"/> A TN Public Identifier
may optionally be associated with zero or more
individual SED Records. This ability for a Public
Identifier to be directly associated with a SED
Record, as opposed to being
associated with a Destination Group, supports the use
cases where the SED Record contains data specifically
tailored to an individual TN Public Identifier. </t>
<t> Destination Group: <vspace blankLines="0"/>
A named collection of zero or more Public Identifiers that
can be associated with one or more SED Groups for the
purpose of facilitating the management of their common
session establishment information. </t>
<t> SED Group: <vspace blankLines="0"/>
A SED Group contains a set of SED Record references,
a set of Destination Group references, and a set of
peering organization identifiers. This is used to
establish a three part relationships between a set of
Public Identifiers, the session establishment information
(SED) shared across these Public Identifiers, and the list of
peering organizations whose query responses from the
resolution system may include the session establishment
information contained in a given SED group. In addition,
the sourceIdent element within a SED Group, in concert
with the set of peering organization identifiers, enables
fine-grained source based routing. For further details
about the SED Group and source based routing,
refer to the definitions and descriptions of the SED
Group operations found later in this document.</t>
<t> SED Record: <vspace blankLines="0"/>
A SED Record contains the data that a resolution system
returns in response to a successful query for a Public
Identifier. SED Records are generally associated with a SED
Group when the SED within is not specific to a Public Identifier.
<vspace blankLines="0"/> To support the use cases defined in
<xref target="RFC6461"/>,
SPPF framework defines three type of SED Records:
URIType, NAPTRType, and NSType. These SED Records
extend the abstract type SedRecType and inherit the
common attribute 'priority' that is meant for setting
precedence across the SED records defined within a
SED Group in a protocol agnostic fashion. </t>
<t> Egress Route: <vspace blankLines="0"/>
In a high-availability environment, the originating SSP
likely has more than one egress paths to the ingress SBE
of the target SSP. The Egress Route allows the originating
SSP to choose a specific egress SBE to be associated with
the target ingress SBE. the 'svcs' element identifies the
SED records associated with the SED Group that will be
modified by the originating SSP. </t>
<t> Organization: <vspace blankLines="0"/>
An Organization is an entity that may fulfill any combination of
three roles: Registrant, Registrar, and Peering Organization. All
objects in SPPF framework are associated with two organization identifiers to
identify each object's registrant and registrar.
A SED Group object is also associated with a set of zero
or more organization identifiers that identify the peering
organization(s) whose resolution query responses may include
the session establishment information (SED) defined in the
SED Records within that SED Group. A peering organization is
an entity that the registrant intends to share the SED data with.</t>
</list>
</t>
</section>
<section anchor="timestamp" title="Time Value">
<t>Some request and response messages in SPPF framework include time value(s) defined as type xs:dateTime, a built-in W3C XML Schema Datatype. Use of unqualified local time value is discouraged as it can lead to interoperability issues. The value of time attribute MUST BE expressed in Coordinated Universal Time (UTC) format without the timezone digits.</t>
<t>"2010-05-30T09:30:10Z" is an example of an acceptable time value for use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC time, but it is not approved for use in SPPF messages.</t>
</section>
</section>
<section anchor="transportreq" title="Transport Protocol Requirements">
<t> This section provides requirements for transport protocols
suitable for SPPF framework. More specifically, this section specifies
the services, features, and assumptions that SPPF framework delegates to
the chosen transport and envelope technologies. </t>
<section anchor="transpconnreq" title="Connection Oriented">
<t> The SPPF follows a model where a client
establishes a connection to a server in order to further
exchange SPPF messages over such point-to-point
connection. A transport protocol for SPPF MUST therefore be
connection oriented. </t>
</section>
<section anchor="requestresponse" title="Request and Response Model">
<t> Provisioning operations in SPPF follow the request-response
model, where a client sends a request message to initiate a transaction
and the server responds with a response.
Multiple subsequent request-response exchanges MAY be
performed over a single persistent connection. </t>
<t> Therefore, a transport protocol for SPPF MUST follow the
request-response model by allowing a response to be sent to
the request initiator.</t>
</section>
<section anchor="connectionlength" title="Connection Lifetime">
<t> Some use cases involve provisioning a single request to a
network element. Connections supporting such provisioning
requests might be short-lived, and may be established only on
demand. Other use cases involve either provisioning a large dataset,
or a constant stream of small updates, either of which would likely
require long-lived connections. </t>
<t> Therefore, a protocol suitable for SPPF SHOULD be able to support
both short-lived as well as long-lived connections. </t>
</section>
<section anchor="authentication" title="Authentication">
<t> All SPPF objects are associated with a registrant identifier. SPPF Clients
provisions SPPF objects on behalf of registrants. An authenticated SPP Client is a registrar. Therefore, the SPPF transport protocol MUST provide means for an SPPF server to authenticate an SPPF Client. </t>
</section>
<section anchor="authorization" title="Authorization">
<t>After successful authentication of the SPPF client as a registrar the registry performs authorization checks to determine if the registrar is authorized to act on behalf of the
Registrant whose identifier is included in the SPPF request. Refer to the Security Considerations section for further guidance.
</t>
</section>
<section anchor="confidentiality" title="Confidentiality and Integrity">
<t>In some deployments, the SPPF objects that an SPPF registry manages can be private in nature. As a result it MAY NOT be appropriate to for transmission in plain text over a connection to the SPPF registry. Therefore, the transport protocol SHOULD provide means for end-to-end encryption between the SPPF client and server.</t>
<t>For some SPPF implementations, it may be acceptable for the data to be transmitted in plain text, but the failure to detect a change in data after it leaves the SPPF client and before it is received at the server, either by accident or with a malicious intent, will adversely affect the stability and integrity of the registry. Therefore, the transport protocol SHOULD provide means for data integrity protection.</t>
</section>
<section anchor="timing" title="Near Real Time">
<t> Many use cases require near real-time responses from the
server. Therefore, a DRINKS transport protocol MUST support
near real-time response to requests submitted by the client.
</t>
</section>
<section anchor="respsizes" title="Request and Response Sizes">
<t>Use of SPPF may involve simple updates that may consist of small number of bytes, such as, update of a single public identifier. Other provisioning operations may constitute large number of dataset as in adding millions records to a registry. As a result, a suitable transport protocol for SPPF SHOULD accommodate dataset of various sizes.</t>
</section>
<section anchor="reqorder" title="Request and Response Correlation">
<t> A transport protocol suitable for SPPF MUST allow
responses to be correlated with requests. </t>
</section>
<section anchor="ack" title="Request Acknowledgement">
<t> Data transported in the SPPF is likely crucial
for the operation of the communication network that is being
provisioned. A SPPF client responsible for provisioning SED to the registry
has a need to know if the submitted requests have been processed
correctly.</t>
<t>Failed transactions
can lead to situations where a subset of public identifiers
or even SSPs might not be reachable, or
the provisioning state of the network is inconsistent. </t>
<t> Therefore, a transport protocol for SPPF MUST provide a
response for each request, so that a client can identify
whether a request succeeded or failed. </t>
</section>
<section anchor="mandatorytransport" title="Mandatory Transport">
<t>At the time of this writing, a choice of transport protocol has been provided in SPP Protocol over SOAP document. To encourage interoperability, the SPPF server MUST provide support for this transport protocol. With time, it is possible that other transport layer choices may surface that agree with the requirements discussed above.</t>
</section>
</section>
<section anchor="basicdatastructures" title="Base Framework Data Structures and Response Codes">
<t>SPPF contains some common data structures for most of the supported object types.
This section describes these common data structures.</t>
<section anchor="BasicObjType" title="Basic Object Type and Organization Identifiers">
<t> This section introduces the basic object type that most first
class objects derive from. </t>
<t> All first class objects extend the basic object type
BasicObjType that contains the identifier of the
registrant organization that owns this object, the identifier of the
registrar organization that created this object, the date
and time that the object was created
by the server, and the date and time that the object
was last modified.</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="BasicObjType" abstract="true">
<sequence>
<element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
]]></artwork>
</figure>
</t>
<t>
The identifiers used for registrants (rant), registrars (rar),
and peering organizations (peeringOrg) are instances of
OrgIdType. The OrgIdType is defined as a string and all
OrgIdType instances SHOULD follow the textual
convention: "namespace:value" (for example "iana-en:32473"). See
the IANA Consideration section for more details.
</t>
</section>
<section anchor="objkeytypes" title="Various Object Key Types">
<t> The SPPF data model contains various object relationships. In some cases, these object
relationships are established by embedding the unique identity of the related object
inside the relating object. In addition, an object's unique identity is required to Delete or Get the
details of an object. The following sub-sections normatively define
the various object keys in SPPF and the attributes of those keys .</t>
<t>
"Name" attributes that are used as components of object key types MUST be treated case insensitive.
</t>
<section anchor="objkeytype" title="Generic Object Key Type">
<t>Most objects in SPPF are uniquely identified by an object key that has the object's name, object's type and its registrant's organization ID as its attributes.
The abstract type called ObjKeyType is where this unique
identity is housed. Any concrete representation of the ObjKeyType MUST contain the following:
<list>
<t>Object Name: The name of the object.</t>
<t>Registrant Id: The unique organization ID that identifies the Registrant.</t>
<t>Type: The value that represents the type of SPPF object that.
This is required as different types of objects in SPPF, that belong to the same registrant, can have the same name.</t>
</list>
</t>
<t>The structure of abstract ObjKeyType is as follows:</t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="ObjKeyType" abstract="true">
<annotation>
<documentation>
---- Generic type that represents the
key for various objects in SPPF. ----
</documentation>
</annotation>
</complexType>
]]></artwork>
</figure>
</section>
<section anchor="Dervied_Types" title="Derived Object Key Types">
<t> The SPPF data model contains certain objects that are uniquely identified by attributes, different from or in addition to, the attributes
in the generic object key described in previous section. These kind of object keys are derived from the abstract ObjKeyType and defined
in there own abstract key types. Because these object key types are abstract, these MUST be specified in a concrete
form in any conforming SPPF "protocol" specification. These are used in Delete and Get operations, and may also be used in Accept and Reject operations. </t>
<t>Following are the derived object keys in SPPF data model:
<list style="symbols" hangIndent="5">
<t>SedGrpOfferKeyType: This uniquely identifies a SED Group object offer. This key type extends from ObjKeyType and MUST also have the organization ID of the Registrant to whom the object is being offered, as one of its attributes.
In addition to the Delete and Get operations, these key types are used in Accept and Reject operations on a SED Group Offer object.
The structure of abstract SedGrpOfferKeyType is as follows:
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedGrpOfferKeyType"
abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
---- Generic type that represents
the key for a object offer. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
A SED Group Offer object MUST use SedGrpOfferKeyType. Refer the "Framework Data Model Objects" section of this document for description of SED Group Offer object.
</t>
<t>
PubIdKeyType: This uniquely identifies a Public Identity object. This key type extends
from abstract ObjKeyType. Any concrete definition of PubIdKeyType MUST contain the elements
that identify the value and type of Public Identity and also contain the organization ID of the Registrant that
is the owner of the Public Identity object.
A Public Identity object key in SPPF is uniquely identified by the the registrant's organization ID, the value of the public identity, and, optionally, the Destination Group name
the public identity belongs to.
Consequently, any concrete representation of the PubIdKeyType MUST contain the following attributes:
<list>
<t>Registrant Id: The unique organization ID that identifies the Registrant.</t>
<t>Destination Group name: The name of the Destination Group the Public Identity is associated with. This is an optional attribute.</t>
<t>Type: The type of Public Identity.</t>
<t>Value: The value of the Public Identity.</t>
</list>
The .PubIdKeyType is used in Delete and Get operations on a Public Identifier object.
</t>
<t>The structure of abstract PubIdKeyType is as follows:
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="PubIdKeyType" abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
---- Generic type that represents the key for a Pub Id. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
</list>
</t>
<t>A Public Identity object MUST use attributes of PubIdKeyType for its unique identification . Refer the "Framework Data Model Objects" section of this document for a description of Public Identity object.</t>
</section>
</section>
<section anchor="responseMessages" title="Response Message Types">
<t> This section contains the listing of response types that MUST be
defined by the conforming "protocol" specification and implemented by a conforming
SPPF server. </t>
<texttable anchor="Table1" title="Response Types">
<ttcol align="left" width="30%">Response Type</ttcol>
<ttcol align="left" width="60%">Description</ttcol>
<c> Request Succeeded</c>
<c> Any conforming specification MUST define a response to indicate that a given request succeeded.</c>
<c> Request syntax invalid</c>
<c> Any conforming specification MUST define a response to indicate that a syntax of a given request
was found invalid. </c>
<c> Request too large</c>
<c> Any conforming specification MUST define a response to indicate that the count of entities in the
request is larger than the server is willing or able to process.</c>
<c> Version not supported</c>
<c> Any conforming specification MUST define a response to indicate that the server does
not support the version of the SPPF protocol specified in the request.</c>
<c> Command invalid</c>
<c> Any conforming specification MUST define a response to indicate that the operation and/or command
being requested by the client is invalid and/or not supported by the server.</c>
<c> System temporarily unavailable</c>
<c> Any conforming specification MUST define a response to indicate that the SPPF server is temporarily
not available to serve client request.</c>
<c> Unexpected internal system or server error.</c>
<c>Any conforming specification MUST define a response to indicate that the SPPF server encountered
an unexpected error that prevented the server from fulfilling the request.</c>
<c> Attribute value invalid</c>
<c> Any conforming specification MUST define a response to indicate that the SPPF server encountered
an attribute or property in the request that had an invalid/bad value. Optionally, the specification MAY provide
a way to indicate the Attribute Name and the Attribute Value to identify the object that was found to be invalid. </c>
<c> Object does not exist</c>
<c> Any conforming specification MUST define a response to indicate that an object present
in the request does not exist on the SPPF server. Optionally, the specification MAY provide
a way to indicate the Attribute Name and the Attribute Value that identifies the non-existent
object.</c>
<c> Object status or ownership does not allow for operation.</c>
<c> Any conforming specification MUST define a response to indicate that the operation requested
on an object present in the request cannot be performed because the object is in a status that
does not allow the said operation or the user requesting the operation is not authorized
to perform the said operation on the object. Optionally, the specification MAY provide
a way to indicate the Attribute Name and the Attribute Value that identifies the object.</c>
</texttable>
<t> When the response messages are "parameterized" with the
Attribute Name and Attribute Value, then the use of these parameters MUST adhere to the following
rules: <list style="symbols" hangIndent="5">
<t hangText=""> Any value provided for the Attribute Name
parameter MUST be an exact XSD element name of the protocol
data element that the response message is referring to.
For example, valid values for "attribute name" are
"dgName", "sedGrpName", "sedRec", etc. </t>
<t hangText=""> The value for Attribute Value MUST be the
value of the data element to which the preceding
Attribute Name refers. </t>
<t hangText=""> Response type "Attribute value invalid" SHOULD be used whenever an element value does not
adhere to data validation rules. </t>
<t hangText="">
Response types "Attribute value invalid" and "Object does not exist" MUST NOT be used
interchangeably. Response type "Object does not exist" SHOULD be returned
by an Add/Del/Accept/Reject operation when the data element(s) used to uniquely identify a
pre-existing object do not exist. If the data elements
used to uniquely identify an object are malformed, then
response type "Attribute value invalid" SHOULD be returned. </t>
</list>
</t>
</section>
</section>
<section anchor="protocolDataModelObjects"
title="Framework Data Model Objects">
<t> This section provides a description of the specification of each supported data model object (the nouns) and
identifies the commands (the verbs) that MUST be supported for each data model object. However,
the specification of the data structures necessary to support each command is delegated to the
"protocol" specification.</t>
<section anchor="destGroup" title="Destination Group">
<t> As described in the introductory sections, a Destination Group
represents a set of Public Identifiers with common session establishment information. The transport
protocol MUST support the ability to Create, Modify, Get, and Delete Destination Groups (refer the "Framework Operations" section of this document
for a generic description of various operations).
</t>
<t> A Destination Group object MUST be uniquely identified by attributes as defined in the description of "ObjKeyType" in the section "Generic Object Key Type" of this document.</t>
<t> The DestGrpType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="DestGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName" type="sppfb:ObjNameType"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>The DestGrpType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend
BasicObjType that contains the ID of the
registrant organization that owns this object,
registrar organization that provisioned this object on behalf of the registrant,
the date and time that the object was created
by the server, and the date and time that the object
was last modified. If the client passed in either the
created date or the modification date, the server will
ignore them. The server sets these two date/time values.</t>
<t> dgName: The character string that contains the
name of the Destination Group. </t>
<t> ext: Point of extensibility described in a previous
section of this document. </t>
</list>
</t>
</section>
<section anchor="pubId" title="Public Identifier">
<t>A Public Identifier is the search key used for locating the session
establishment data (SED). In many cases, a Public Identifier is attributed
to the end user who has a retail relationship with the service provider or
registrant organization. SPPF supports the notion of the carrier-of-record
as defined in <xref target="RFC5067"/>. Therefore, the registrant under whom the Public
Identity is being created can optionally claim to be a carrier-of-record.</t>
<t>SPPF identifies three types of Public Identifiers: telephone numbers (TN),
routing numbers (RN), and URI type of Public Identifiers (like an email address).
SPPF provides structures to manage a single
TN, a contiguous range of TNs, and a TN prefix. The transport protocol
MUST support the ability to Create, Modify, Get, and Delete Public Identifiers (refer the "Framework Operations" section of this document
for a generic description of various operations).</t>
<t> A Public Identity object MUST be uniquely identified by attributes as defined in the description of "PubIdKeyType" in the section "Derived Object Key Types" of this document. </t>
<t>The abstract XML schema type definition PubIDType is a generalization
for the concrete Public Identifier schema types. PubIDType element 'dgName'
represents the name of the destination group that a given Public Identifier MAY be
a member of. The PubIDType object structure
is defined as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="PubIdType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName" type="sppfb:ObjNameType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>A Public Identifier may be provisioned as a member of a Destination Group or
provisioned outside of a Destination Group. A Public Identifier that
is provisioned as a member of a Destination Group is intended to be
associated with its SED through the SED Group(s) that are associated
with its containing Destination Group. A Public Identifier that is not
provisioned as a member of a Destination Group is intended to be
associated with its SED through the SED Records that are directly
associated with the Public Identifier.</t>
<t>A telephone number is provisioned using the TNType, an extension of
PubIDType. When a Public Identifier is provisioned as a member of a Destination Group, each TNType object is uniquely identified by the combination
of its value contained within <![CDATA[<tn>]]> element, and the unique key of its parent Destination Group
(dgName and rantId). In other words a given telephone number string
may exist within one or more Destination Groups, but must not exist
more than once within a Destination Group. A Public Identifier that is not provisioned as a member
of a Destination Group is uniquely identified by the combination of its value, and its registrant ID.
TNType is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="TNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<simpleType name="NumberValType">
<restriction base="token">
<maxLength value="20"/>
<pattern value="\+?\d\d*"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>TNType consists of the following attributes:
<list style="symbols" hangIndent="5">
<t>tn: Telephone number to be added to the registry.</t>
<t>sedRecRef: Optional reference to SED records that are directly
associated with the TN Public Identifier. Following the SPPF
data model, the SED record could be a protocol agnostic
URIType or another type.</t>
<t>corInfo: corInfo is an optional parameter of type
CORInfoType that allows the registrant organization to
set forth a claim to be the carrier-of-record (see <xref target="RFC5067"/>).
This is done by setting the value of <corClaim> element
of the CORInfoType object structure to "true". The
other two parameters of the CORInfoType, <cor>
and <corDate> are set by the registry to describe the
outcome of the carrier-of-record claim by the registrant.
In general, inclusion of <corInfo> parameter is useful
if the registry has the authority information, such as, the
number portability data, etc., in order to qualify whether
the registrant claim can be satisfied. If the carrier-of-record
claim disagrees with the authority data in the registry, whether
the TN add operation fails or not is a matter of policy and it
is beyond the scope of this document.</t>
</list>
</t>
<t>A routing number is provisioned using the RNType, an
extension of PubIDType. SSPs that possess the number
portability data may be able to leverage the RN search
key to discover the ingress routes for session establishment.
Therefore, the registrant organization can add the RN and
associate it with the appropriate destination group to share
the route information. Each RNType object is uniquely
identified by the combination of its value inside the <![CDATA[<rn>]]> element, and the
unique key of its parent Destination Group (dgName and rantId).
In other words a given routing number string may exist within one
or more Destination Groups, but must not exist more than once
within a Destination Group. RNType is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="RNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="rn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>RNType has the following attributes:
<list style="symbols" hangIndent="5">
<t>rn: Routing Number used as the search key.</t>
<t>corInfo: Optional <corInfo> element of type CORInfoType.</t>
</list>
</t>
<t>TNRType structure is used to provision a contiguous range of
telephone numbers. The object definition requires a starting TN
and an ending TN that together define the span of the TN range.
Use of TNRType is particularly useful when expressing a TN range
that does not include all the TNs within a TN block or prefix. The
TNRType definition accommodates the open number plan as well such
that the TNs that fall between the start and end TN range may
include TNs with different length variance. Whether the registry
can accommodate the open number plan semantics is a matter of
policy and is beyond the scope of this document. Each TNRType
object is uniquely identified by the combination of its value that in turn is a combination of the <![CDATA[<startTn>]]>
and <![CDATA[<endTn>]]> elements, and the unique key of its parent Destination
Group (dgName and rantId). In other words a given TN Range may
exist within one or more Destination Groups, but must not exist
more than once within a Destination Group. TNRType object
structure definition is as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="TNRType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="range" type="sppfb:NumberRangeType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NumberRangeType">
<sequence>
<element name="startTn" type="sppfb:NumberValType"/>
<element name="endTn" type="sppfb:NumberValType"/>
</sequence>
</complexType>
]]></artwork>
</figure>
</t>
<t>TNRType has the following attributes:
<list style="symbols" hangIndent="5">
<t>startTn: Starting TN in the TN range</t>
<t>endTn: The last TN in the TN range</t>
<t>corInfo: Optional <corInfo> element of type CORInfoType</t>
</list>
</t>
<t>In some cases, it is useful to describe a set of TNs with the help of
the first few digits of the telephone number, also referred to as the telephone
number prefix or a block. A given TN prefix may include TNs with different
length variance in support of open number plan. Once again, whether the registry
supports the open number plan semantics is a matter of policy and it is beyond
the scope of this document. The TNPType data structure is used to provision a
TN prefix. Each TNPType object is uniquely identified by the combination of
its value in the <![CDATA[<tnPrefix>]]> element, and the unique key of its parent Destination Group
(dgName and rantId). TNPType is defined as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="TNPType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tnPrefix" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>TNPType consists of the following attributes:
<list style="symbols" hangIndent="5">
<t>tnPrefix: The telephone number prefix</t>
<t>corInfo: Optional <corInfo> element of type CORInfoType.</t>
</list>
</t>
<t>In some cases, a Public Identifier may be a URI, such as an email address.
The URIPubIdType object is comprised of the data element
necessary to house such Public Identifiers. Each URIPubIdType object is uniquely identified by the combination of
its value in the <![CDATA[<uri>]]> element, and the unique key of its parent Destination Group
(dgName and rantId). URIPubIdType is defined as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="URIPubIdType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>URIPubIdType consists of the following attributes:
<list style="symbols" hangIndent="5">
<t>uri: The value that acts a Public Identifier.</t>
<t> ext: Point of extensibility.</t>
</list>
</t>
</section>
<section anchor="sedGrp" title="SED Group">
<t> As described in the introductory sections, a SED Group
represents a combined grouping of Destination Groups
containing a set of Public Identifiers with common
Session Establishment Data(SED), The common Session
Establishment Data Records, and the list of peer
organizations that have access to these public
identifiers using the associated SED information. It is this
indirect linking of public identifiers to their Session
Establishment Data that significantly improves the scalability and
manageability of the peering data. Additions and changes to
SED information are reduced to a single operation on a
SED Group or SED Record , rather than millions of data updates
to individual public identifier records that individually contain
their peering data. The transport protocol MUST support the
ability to Create, Modify, Get, and Delete SED Groups (refer the "Framework Operations" section of this document
for a generic description of various operations). </t>
<t> A SED Group object MUST be uniquely identified by attributes as defined in the description of "ObjKeyType" in the section "Generic Object Key Type" of this document.</t>
<t>
The SedGrpType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpName" type="sppfb:ObjNameType"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="peeringOrg" type="sppfb:OrgIdType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="sourceIdent" type="sppfb:SourceIdentType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="isInSvc" type="boolean"/>
<element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedRecRefType">
<sequence>
<element name="sedKey" type="sppfb:ObjKeyType"/>
<element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
]]></artwork>
</figure>
</t>
<t>The SedGrpType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend
BasicObjType that contains the ID of the
registrant organization that owns this object,
the date and time that the object was created
by the server, and the date and time that the object
was last modified. If the client passes in either the
created date or the modification date, the server will
ignore them. The server sets these two date/time values.</t>
<t> sedGrpName: The character string that contains the
name of the SED Group. It uniquely identifies this
object within the context of the registrant ID (a child
element of the base element as described above). </t>
<t> sedRecRef: Set of zero or more objects of type SedRecRefType
that house the unique keys of the SED Records (containing
the session establishment data) that the SedGrpType object
refers to and their relative priority within the context of
this SED Group.</t>
<t> dgName: Set of zero or more names of DestGrpType
object instances. Each dgName name, in association with
this SED Group's registrant ID, uniquely identifies a
DestGrpType object instance whose public identifiers are
reachable using the session establishment information
housed in this SED Group. An intended side affect of
this is that a SED Group cannot provide session establishment
information for a Destination Group belonging to another registrant. </t>
<t> peeringOrg: Set of zero or more peering organization
IDs that have accepted an offer to receive this SED
Group's information. The set of peering organizations in
this list is not directly settable or modifiable using
the addSedGrpsRqst operation. This set is instead
controlled using the SED offer and accept operations. </t>
<t> sourceIdent: Set of zero or more SourceIdentType
object instances. These objects, described further
below, house the source identification schemes and
identifiers that are applied at resolution time as part
of source based routing algorithms for the SED Group. </t>
<t> isInSvc: A boolean element that defines whether this
SED Group is in service. The session establishment
information contained in a SED Group that is in service is a
candidate for inclusion in resolution responses for
public identities residing in the Destination Group
associated with this SED Group. The session establishment
information contained in a SED Group that is not in
service is not a candidate for inclusion in resolution
responses. </t>
<t> priority: Zero or one priority value that can be used
to provide a relative value weighting of one SED Group
over another. The manner in which this value is used,
perhaps in conjunction with other factors, is a matter of
policy.</t>
<t> ext: Point of extensibility described in a previous
section of this document. </t>
</list>
</t>
<t> As described above, the SED Group contains a set of references
to SED record objects. A SED record object is based on an
abstract type: SedRecType. The concrete types that use
SedRecType as an extension base are NAPTRType, NSType, and
URIType. The definitions of these types are included the SED
Record section of this document. </t>
<t> The SedGrpType object provides support for source-based
routing via the peeringOrg data element and more granular
source base routing via the source identity element. The
source identity element provides the ability to specify zero or
more of the following in association with a given SED
Group: a regular expression that is matched against the
resolution client IP address, a regular expression that is
matched against the root domain name(s), and/or a regular
expression that is matched against the calling party URI(s).
The result will be that, after identifying the visible SED
Groups whose associated Destination Group(s) contain the
lookup key being queried and whose peeringOrg list contains
the querying organizations organization ID, the resolution server
will evaluate the characteristics of the Source URI, and Source
IP address, and root domain of the lookup key being queried.
The resolution server then compares these criteria against the
source identity criteria associated with the SED Groups. The
session establishment information contained
in SED Groups that have source based routing criteria will
only be included in the resolution response if one or more
of the criteria matches the source criteria from the resolution
request. The Source Identity data element is of type
SourceIdentType, whose structure is defined as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SourceIdentType">
<sequence>
<element name="sourceIdentRegex" type="sppfb:RegexType"/>
<element name="sourceIdentScheme"
type="sppfb:SourceIdentSchemeType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<simpleType name="SourceIdentSchemeType">
<restriction base="token">
<enumeration value="uri"/>
<enumeration value="ip"/>
<enumeration value="rootDomain"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The SourceIdentType object is composed of the following
data elements: <list style="symbols" hangIndent="5">
<t> sourceIdentScheme: The source identification scheme
that this source identification criteria applies to and
that the associated sourceIdentRegex should be matched
against. </t>
<t> sourceIdentRegex: The regular expression that should
be used to test for a match against the portion of the
resolution request that is dictated by the associated
sourceIdentScheme. </t>
<t> ext: Point of extensibility described in a previous
section of this document. </t>
</list>
</t>
</section>
<section anchor="sedRec" title="SED Record">
<t> As described in the introductory sections, a SED Group
represents a combined grouping of SED Records that define
session establishment information.
However, SED Records need not be created to
just serve a single SED Group. SED Records can be created
and managed to serve multiple SED Groups. As a result, a change
for example to the properties of a network node used for
multiple routes, would necessitate just a single update operation
to change the properties of that node. The change would then be
reflected in all the SED Groups whose SED record set contains
a reference to that node. The transport protocol MUST support the
ability to Create, Modify, Get, and Delete SED Records (refer the
"Framework Operations" section of this document
for a generic description of various operations). </t>
<t> A SED Record object MUST be uniquely identified by attributes as defined in the description of "ObjKeyType" in the section "Generic Object Key Type" of this document.</t>
<t>
The SedRecType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedRecType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedName" type="sppfb:ObjNameType"/>
<element name="sedFunction" type="sppfb:SedFunctionType"
minOccurs="0"/>
<element name="isInSvc" type="boolean"/>
<element name="ttl" type="positiveInteger" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<simpleType name="SedFunctionType">
<restriction base="token">
<enumeration value="routing"/>
<enumeration value="lookup"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The SedRecType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend
BasicObjType that contains the ID of the
registrant organization that owns this object,
the date and time that the object was created
by the server, and the date and time that the object
was last modified. If the client passes in either the
created date or the modification date, the server will
ignore them. The server sets these two date/time values.</t>
<t> sedName: The character string that contains the
name of the SED Record. It uniquely identifies this
object within the context of the registrant ID (a child
element of the base element as described above). </t>
<t> sedFunction: As described in <xref target="RFC6461"/>, SED
or Session Establishment Data falls primarily into one of
two categories or functions, LUF and LRF. To remove any
ambiguity as to the function a SED record is intended to
provide, this optional element allows the provisioning
party to make his or her intentions explicit. </t>
<t> isInSvc: A boolean element that defines whether this
SED Record is in service or not. The session establishment
information contained in a SED Record which is in service
is a candidate for inclusion in resolution responses for Telephone
Numbers that are either directly associated to this SED Record, or
for Public Identities residing in a Destination Group that is
associated to a SED Group which in turn has an
association to this SED Record.</t>
<t> ttl: Number of seconds that an addressing server may
cache a particular SED Record. </t>
</list>
</t>
<t> As described above, SED records are based on an
abstract type: SedRecType. The concrete types that use
SedRecType as an extension base are NAPTRType, NSType, and
URIType. The definitions of these types are included below.
The NAPTRType object is comprised of the data elements
necessary for a NAPTR that contains routing information for a
SED Group. The NSType object is comprised of the data
elements necessary for a DNS name server that points to another
DNS server that contains the desired routing information.
The NSType is relevant only when the resolution protocol is ENUM.
The URIType object is comprised of the data elements
necessary to house a URI. </t>
<t> The data provisioned in a registry can be leveraged for
many purposes and queried using various protocols including
SIP, ENUM and others. As such, the resolution data represented
by the SedRecords must be in a form suitable for transport using
one of these protocols. In the NPATRType for example, if the
URI is associated with a destination group, the user part of the
replacement string <uri> that may require the Public Identifier
cannot be preset. As a SIP Redirect, the resolution server will
apply <ere> pattern on the input Public Identifier in the query
and process the replacement string by substituting any back reference(s)
in the <uri> to arrive at the final URI that is returned
in the SIP Contact header. For an ENUM query, the resolution
server will simply return the values of the <ere>
and <uri> members of the URI.</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="NAPTRType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="order" type="unsignedShort"/>
<element name="flags" type="sppfb:FlagsType" minOccurs="0"/>
<element name="svcs" type="sppfb:SvcType"/>
<element name="regx" type="sppfb:RegexParamType" minOccurs="0"/>
<element name="repl" type="sppfb:ReplType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NSType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="hostName" type="token"/>
<element name="ipAddr" type="sppfb:IPAddrType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="IPAddrType">
<sequence>
<element name="addr" type="sppfb:AddrStringType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
<attribute name="type" type="sppfb:IPType" default="v4"/>
</complexType>
<simpleType name="IPType">
<restriction base="token">
<enumeration value="IPv4"/>
<enumeration value="IPv6"/>
</restriction>
</simpleType>
<complexType name="URIType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="ere" type="token" default="^(.*)$"/>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<simpleType name="flagsType">
<restriction base="token">
<length value="1"/>
<pattern value="[A-Z]|[a-z]|[0-9]"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The NAPTRType object is composed of the following elements:
<list style="symbols" hangIndent="5">
<t> order: Order value in an ENUM NAPTR, relative to other
NAPTRType objects in the same SED Group. </t>
<t> svcs: ENUM service(s) that are served by the SBE. This
field's value must be of the form specified in <xref target="RFC6116"/>
(e.g., E2U+pstn:sip+sip). The allowable values are a
matter of policy and not limited by this protocol. </t>
<t> regx: NAPTR’s regular expression field. If this is not
included then the Repl field must be included. </t>
<t> repl: NAPTR replacement field, should only be provided
if the Regex field is not provided, otherwise the server will ignore it</t>
<t> ext: Point of extensibility described in a previous
section of this document. </t>
</list>
</t>
<t>The NSType object is composed of the following elements:
<list style="symbols" hangIndent="5">
<t> hostName: Fully qualified host name of the name
server. </t>
<t> ipAddr: Zero or more objects of type IpAddrType. Each
object holds an IP Address and the IP Address type, IPv4
or IP v6. </t>
<t> ext: Point of extensibility described in a previous
section of this document. </t>
</list>
</t>
<t>The URIType object is composed of the following elements:
<list style="symbols" hangIndent="5">
<t>ere: The POSIX Extended Regular Expression (ere) as
defined in <xref target="RFC3986"/>.
</t>
<t>uri: the URI as defined in <xref target="RFC3986"/>. In some
cases, this will serve as the replacement string and it will be
left to the resolution server to arrive at the final usable URI.
</t>
</list>
</t>
</section>
<section anchor="sedgrpoffer" title="SED Group Offer">
<t> The list of peer organizations whose resolution responses
can include the session establishment information contained in a given
SED Group is controlled by the organization to which a
SED Group object belongs (its registrant), and the peer
organization that submits resolution requests (a data
recipient, also know as a peering organization). The registrant
offers access to a SED Group by submitting a SED Group Offer.
The data recipient can then accept or reject that offer.
Not until access to a SED Group has been offered and
accepted will the data recipient's organization ID be
included in the peeringOrg list in a SED Group object, and
that SED Group's peering information become a candidate
for inclusion in the responses to the resolution requests
submitted by that data recipient. The transport protocol MUST support the
ability to Create, Modify, Get, Delete, Accept and Reject SED Group Offers (refer the "Framework Operations" section of this document
for a generic description of various operations).</t>
<t> A SED Group Offer object MUST be uniquely identified by attributes as defined in the description of "SedGrpOfferKeyType" in the section "Derived Object Key Types" of this document.</t>
<t>
The SedGrpOfferType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedGrpOfferType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpOfferKey" type="sppfb:SedGrpOfferKeyType"/>
<element name="status" type="sppfb:SedGrpOfferStatusType"/>
<element name="offerDateTime" type="dateTime"/>
<element name="acceptDateTime" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedGrpOfferKeyType" abstract="true">
<annotation>
<documentation>
-- Generic type that represents the key for a SED group offer. Must
be defined in concrete form in the transport specificaiton. --
</documentation>
</annotation>
</complexType>
<simpleType name="SedGrpOfferStatusType">
<restriction base="token">
<enumeration value="offered"/>
<enumeration value="accepted"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The SedGrpOfferType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend
BasicObjType that contains the ID of the
registrant organization that owns this object,
the date and time that the object was created
by the server, and the date and time that the object
was last modified. If the client passed in either the
created date or the modification date, the will ignore
them. The server sets these two date/time values.</t>
<t> sedGrpOfferKey: The object that identifies the SED
that is or has been offered and the organization that it
is or has been offered to.</t>
<t> status: The status of the offer, offered or accepted.
The server controls the status. It is
automatically set to "offered" when ever a new SED
Group Offer is added, and is automatically set to
"accepted" if and when that offer is accepted. The value
of the element is ignored when passed in by the client. </t>
<t> offerDateTime: Date and time in UTC when the SED
Group Offer was added. </t>
<t> acceptDateTime: Date and time in UTC when the SED
Group Offer was accepted. </t>
</list>
</t>
</section>
<section anchor="egressRte" title="Egress Route">
<t>In a high-availability environment, the originating SSP likely has more
than one egress paths to the ingress SBE of the target SSP. If the
originating SSP wants to exercise greater control and choose a specific
egress SBE to be associated to the target ingress SBE, it can do so using
the EgrRteType object.</t>
<t> A Egress Route object MUST be uniquely identified by attributes as defined in the description of "ObjKeyType" in the section "Generic Object Key Type" of this document.</t>
<t>Lets assume that the target SSP has offered as part of his session
establishment data, to share one or more ingress routes and that the
originating SSP has accepted the offer. In order to add the egress route to the registry, the originating SSP uses a
valid regular expression to rewrite ingress route in order to include the
egress SBE information. Also, more than one egress route can be associated
with a given ingress route in support of fault-tolerant configurations. The
supporting SPPF structure provides a way to include route precedence
information to help manage traffic to more than one outbound egress SBE.</t>
<t>The transport protocol MUST support the ability to Add, Modify, Get,
and Delete Egress Routes (refer the "Framework Operations" section of this document
for a generic description of various operations). The EgrRteType object structure is defined as
follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="EgrRteType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="egrRteName" type="sppfb:ObjNameType"/>
<element name="pref" type="unsignedShort"/>
<element name="regxRewriteRule" type="sppfb:RegexParamType"/>
<element name="ingrSedGrp" type="sppfb:ObjKeyType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="svcs" type="sppfb:SvcType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>The EgrRteType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend
BasicObjType that contains the ID of the
registrant organization that owns this object,
the date and time that the object was created
by the server, and the date and time that the object
was last modified. If the client passes in either the
created date or the modification date, the server will
ignore them. The server sets these two date/time values.</t>
<t> egrRteName: The name of the egress route. </t>
<t> pref: The preference of this egress route relative to other
egress routes that may get selected when responding to a
resolution request.</t>
<t> regxRewriteRule: The regular expression re-write rule
that should be applied to the regular expression of the
ingress NAPTR(s) that belong to the ingress route.</t>
<t> ingrSedGrp: The ingress SED group that the
egress route should be used for. </t>
<t> svcs: ENUM service(s) that are served by an Egress Route.
This element is used to identify the ingress NAPTRs
associated with the SED Group to which an Egress Route's
regxRewriteRule should be applied. If no ENUM service(s)
are associated with an Egress Route, then the Egress
Route's regxRewriteRule should be applied to all the NAPTRs
associated with the SED Group. This field's value must be
of the form specified in [RFC6116] (e.g., E2U+pstn:sip+sip).
The allowable values are a matter of policy and not limited
by this protocol.</t>
<t> ext: Point of extensibility described in a previous
section of this document. </t>
</list>
</t>
</section>
</section>
<section anchor="protocol_oper" title="Framework Operations">
<section anchor="add_oper" title="Add Operation">
<t>Any conforming "protocol" specification MUST provide a definition for the operation that adds one or more SPPF objects
into the registry. If the object, as identified by the request attributes that form part of the object's key, does not exist,
then the registry MUST create the object. If the object does exist, then the registry MUST replace the current properties of the object
with the properties passed in as part of the Add operation.</t>
<t> If the entity that issued the command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the response messages defined in "Response Message Types" section of the document.</t>
</section>
<section anchor="del_oper" title="Delete Operation">
<t> Any conforming "protocol" specification MUST provide a definition for the operation that deletes one or more SPPF objects
from the registry using the object's key. </t>
<t>If the entity that issued the command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the response messages defined in "Response Message Types" section of the document.</t>
<t>When an object is deleted, any references to that object must of course also be
removed as the SPPF server implementation fulfills the deletion request.
Furthermore, the deletion of a composite object must also result in the
deletion of the objects it contains. As a result, the following rules apply to the
deletion of SPPF object types: <list style="symbols" hangIndent="5">
<t> Destination Groups: When a destination group is deleted all public identifiers
within that destination group must also be automatically deleted by the SPPF
implementation as part of fulfilling the deletion request. And any references
between that destination group and any SED group must be automatically removed
by the SPPF implementation as part of fulfilling the deletion request.</t>
<t> SED Groups: When a SED group is deleted any references between that SED group
and any destination group must be automatically removed by the SPPF implementation as
part of fulfilling the deletion request. Similarly any references between that SED group
and any SED records must be removed by the SPPF implementation as part of fulfilling
the deletion request. Furthermore, SED group offers relating that SED group must
also be deleted as part of fulfilling the deletion request.</t>
<t> SED Records: When a SED record is deleted any references between that SED record
and any SED group must be removed by the SPPF implementation as
part of fulfilling the deletion request.</t>
<t> Public Identifiers: When a public identifier is deleted any references between that
public identifier and its containing destination group must be removed by the SPPF
implementation as part of fulfilling the deletion request. Any SED records
contained directly within that Public Identifier must be deleted by the SPPF implementation
as part of fulfilling the deletion request.</t>
</list>
</t>
</section>
<section anchor="get_oper" title="Get Operations">
<t>
At times, on behalf of the registrant, the registrar may need to have access to SPPF objects that were previously provisioned in the registry.
A few examples include logging, auditing, and pre-provisioning dependency checking.
This query mechanism is limited to aid provisioning scenarios and should not be confused with query protocols provided as part of the resolution
system (e.g. ENUM and SIP).
Any conforming "protocol" specification MUST provide a definition for the operation that queries the details of one or more SPPF objects
from the registry using the object's key. If the entity that issued the command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the response messages defined in "Response Message Types" section of the document.</t>
</section>
<section anchor="accept_oper" title="Accept Operations">
<t>
In SPPF, a SED Group Offer can be accepted or rejected by, or on behalf of, the registrant to
whom the SED Group has been offered (refer "Framework Data Model Objects" section of this document for a description
of the SED Group Offer object). The Accept operation is used to accept the SED Group Offers. Any conforming "protocol" specification MUST
provide a definition for the operation to accept SED Group Offers by, or on behalf of the Registrant, using the SED Group Offer object key.</t>
<t>Not until access to a SED Group has
been offered and accepted will the registrant's organization ID be
included in the peeringOrg list in that SED Group object, and that
SED Group's peering information become a candidate for inclusion in
the responses to the resolution requests submitted by that
registrant. A SED Group Offer that is in the "offered" status is
accepted by, or on behalf of, the registrant to which it has been
offered. When the SED Group Offer is accepted the the SED Group
Offer is moved to the "accepted" status and adds that data
recipient's organization ID into the list of peerOrgIds for that
SED Group.</t>
<t>If the entity that issued the command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the response messages defined in "Response Message Types" section of the document.</t>
</section>
<section anchor="reject_oper" title="Reject Operations">
<t>
In SPPF, a SED Group Offer object can be accepted or rejected by, or on behalf of, the registrant to
whom the SED Group has been offered (refer "Framework Data Model Objects" section of this document for a description
of the SED Group Offer object). Furthermore, that offer may be rejected, regardless of whether or not
it has been previously accepted. The Reject operation is used to reject the SED Group Offers. When the SED Group Offer
is rejected that SED Group Offer is deleted, and, if appropriate,
the data recipient's organization ID is removed from the list of
peeringOrg IDs for that SED Group. Any conforming "protocol" specification MUST
provide a definition for the operation to reject SED Group Offers by, or on behalf of the Registrant, using the SED Group Offer object key.</t>
<t>If the entity that issued the command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the response messages defined in "Response Message Types" section of the document. </t>
</section>
<section anchor="server_status_menu_opr" title="Get Server Details Operation">
<t>
In SPPF, Get Server Details operation can be used to request certain details about the
SPPF server that include the SPPF server's current status, the major/minor version of the SPPF protocol
supported by the SPPF server. </t>
<t>Any conforming "protocol" specification MUST
provide a definition for the operation to request such details from the SPPF server. If the entity that issued the command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the response messages defined in "Response Message Types" section of the document. </t>
</section>
</section>
<section anchor="xmlconsiderations" title="XML Considerations">
<t> XML serves as the encoding format for SPPF, allowing complex
hierarchical data to be expressed in a text format that can be
read, saved, and manipulated with both traditional text tools
and tools specific to XML. <vspace blankLines="1"/> XML is
case sensitive. Unless stated otherwise, XML specifications
and examples provided in this document MUST be interpreted in
the character case presented to develop a conforming
implementation. <vspace blankLines="1"/> This section
discusses a small number of XML-related considerations
pertaining to SPPF. </t>
<section anchor="namespaces" title="Namespaces">
<t> All SPPF elements are defined in the namespaces
in the IANA Considerations section and in the Formal Framework
Specification section of this document.
</t>
</section>
<section anchor="versioning" title="Versioning and Character Encoding">
<t> All XML instances SHOULD begin with an
<![CDATA[ <?xml?> ]]> declaration to identify the version of
XML that is being used, optionally identify use of the
character encoding used, and optionally provide a hint to an
XML parser that an external schema file is needed to
validate the XML instance. <vspace blankLines="1"/>
Conformant XML parsers recognize both UTF-8 (defined in
<xref target="RFC3629"/>) and UTF-16 (defined in <xref target="RFC2781"/>); per <xref target="RFC2277"/> UTF-8 is
the RECOMMENDED character encoding for use with SPPF. </t>
<t> Character encodings other than UTF-8 and UTF-16 are
allowed by XML. UTF-8 is the default encoding assumed by XML
in the absence of an "encoding" attribute or a byte order
mark (BOM); thus, the "encoding" attribute in the XML
declaration is OPTIONAL if UTF-8 encoding is used. SPPF
clients and servers MUST accept a UTF-8 BOM if present,
though emitting a UTF-8 BOM is NOT RECOMMENDED. </t>
<t> Example XML declarations: <vspace blankLines="1"/><![CDATA[ <?xml version="1.0" encoding="UTF-8" standalone="no"?>]]></t>
</section>
</section>
<section anchor="securityconsiderations" title="Security Considerations">
<t>Many SPPF implementations manage data that is considered confidential and critical. Furthermore, SPPF implementations can support provisioning activities for multiple registrars and registrants. As a result any SPPF implementation must address the requirements for confidentiality, authentication, and authorization.</t>
<section anchor="confidentialityandauthentication" title="Confidentiality and Authentication">
<t>With respect to confidentiality and authentication, the transport
protocol requirements section of this document contains security properties
that the transport protocol must provide so that authenticated endpoints
can exchange data confidentially and with integrity protection. Refer to
that section and the resulting transport protocol specification document
for the specific solutions to authentication and confidentiality.</t>
</section>
<section anchor="authorizationsecurity" title="Authorization">
<t>With respect to authorization, the SPPF server implementation must define
and implement a set of authorization rules that precisely address (1) which
registrars will be authorized to create/modify/delete each SPPF object type
for given registrant(s) and (2) which registrars will be authorized to view/get
each SPPF object type for given registrant(s). These authorization rules are
a matter of policy and are not specified within the context of SPPF. However,
any SPPF implementation must specify these authorization rules in order to
function in a reliable and safe manner.</t>
</section>
<section anchor="denialofservice" title="Denial of Service">
<t>Guidance on Denial-of-Service (DoS) issues in general is given in
<xref target="RFC4732"/>, "Internet Denial of Service Considerations",
which also gives a general vocabulary for describing the DoS issue.</t>
<t>SPPF is a high-level client-server protocol that can be implemented on
lower-level mechanisms such as remote procedure call and web-service API
protocols. As such, it inherits any Denial-of-Service issues inherent to
the specific lower-level mechanism used for any implementation of SPPF.
SPPF also has its own set of higher-level exposures that are likely to be
independent of lower-layer mechanism choices.
</t>
<section anchor="dosinheritedfromtransport" title="DoS Issues Inherited from Transport Mechanism">
<t>SPPF implementation is in general dependent on the selection and
implementation of a lower-level transport protocol and a binding between
that protocol and SPPF. The archetypal SPPF implementation uses XML
(http://www.w3.org/TR/xml/) representation in a SOAP (http://www.w3.org/TR/soap/)
request/response framework over HTTP (<xref target="RFC2616"/>), and probably also
uses TLS (<xref target="RFC5246"/>) for on-the wire data integrity and participant
authentication, and might use HTTP Digest authentication (<xref target="RFC2609"/>).</t>
<t>The typical deployment scenario for SPPF is to have servers in a managed
facility, and therefor techniques such as Network Ingress Filtering (<xref target="RFC2609"/>)
are generally applicable. In short, any DoS mechanism affecting a typical HTTP
implementation would affect such an SPPF implementation, and the mitigation
tools for HTTP in general also therefore apply to SPPF.</t>
<t>SPPF does not directly specify an authentication mechanism, instead
relying on the lower-level transport protocol to provide for authentication.
In general, authentication is an expensive operation, and one apparent attack
vector is to flood an SPPF server with repeated requests for authentication,
thereby exhausting its resources. SPPF implementations SHOULD therefore be
prepared to handle authentication floods, perhaps by noting repeated failed
login requests from a given source address and blocking that source address.
</t>
</section>
<section anchor="dosspecifictosppf" title="DoS Issues Specific to SPPF">
<t>The primary defense mechanism against DoS within SPPF is authentication.
Implementations MUST tightly control access to the SPPF service, SHOULD implement
DoS and other policy control screening, and MAY employ a variety of policy
violation reporting and response measures such as automatic blocking of
specific users and alerting of operations personnel. In short, the primary
SPPF response to DoS-like activity by a user is to block that user or subject
their actions to additional review.</t>
<t>SPPF allows a client to submit multiple-element or "batch" requests that
may insert or otherwise affect a large amount of data with a single request.
In the simplest case, the server progresses sequentially through each element
in a batch, completing one and before starting the next. Mid-batch failures
are handled by stopping the batch and rolling-back the data store to its
pre-request state. This "stop and roll-back" design provides a DoS
opportunity. A hostile client could repeatedly issue large batch
requests with one or more failing elements, causing the server to
repeatedly stop and roll-back large transactions. The suggested
response is to monitor clients for such failures, and take
administrative action (such as blocking the user) when an excessive
number of roll-backs is reported.</t>
<t>An additional suggested response is for an implementer to set their maximum
allowable XML message size, and their maximum allowable batch size at a level
that they feel protects their operational instance, given the hardware sizing
they have in place and the expected load and size needs that their users expect.
</t>
</section>
</section>
<section anchor="informationdisclosure" title="Information Disclosure">
<t>It is not uncommon for the logging systems to document on-the-wire
messages for various purposes, such as, debug, audit, and tracking.
At the minimum, the various support and administration staff will
have access to these logs. Also, if an unprivileged user gains access
to the SPPF deployments and/or support systems, it will have access to
the information that is potentially deemed confidential. To manage
information disclosure concerns beyond the transport level, SPPF
implementations MAY provide support for encryption at the SPPF object
level.
</t>
</section>
<section anchor="nonrepudiation" title="Non Repudiation">
<t>In some situations, it may be required to protect against denial of
involvement (see <xref target="RFC4949"/>) and tackle non-repudiation
concerns in regards to SPPF messages. This type of protection is useful
to satisfy authenticity concerns related to SPPF messages beyond the
end-to-end connection integrity, confidentiality, and authentication
protection that the transport layer provides. This is an optional
feature and some SPPF implementations MAY provide support for it.
</t>
</section>
<section anchor="replay" title="Replay Attacks">
<t>Anti-replay protection ensures that a given SPPF object replayed at a
later time doesn't affect the integrity of the system. SPPF provides at
least one mechanism to fight against replay attacks. Use of the optional
client transaction identifier allows the SPPF client to correlate the
request message with the response and to be sure that it is not a replay
of a server response from earlier exchanges. Use of unique values for the
client transaction identifier is highly encouraged to avoid chance matches
to a potential replay message.
</t>
</section>
<section anchor="maninthemiddle" title="Man in the Middle">
<t>The SPPF client or registrar can be a separate entity acting on behalf of
the registrant in facilitating provisioning transactions to the registry. Further,
the transport layer provides end-to-end connection protection between SPPF client
and the SPPF server. Therefore, man-in-the-middle attack is a possibility that
may affect the integrity of the data that belongs to the registrant and/or expose
peer data to unintended actors in case well-established peering relationships
already exist.
</t>
</section>
</section>
<section anchor="i18n" title="Internationalization Considerations">
<t>
Character encodings to be used for SPPF elements are described in
<xref target="versioning"/>. The use of time elements in the protocol
is specified in <xref target="timestamp"/>. Where human-readable
languages are used in the protocol, those messages SHOULD be tagged
according to <xref target="RFC5646"/>, and the transport protocol
MUST support a respective mechanism to transmit such tags together
with those human-readable messages. If tags are absent, the language
of the message defaults to "en" (English).
</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t> This document uses URNs to describe XML namespaces and XML
schemas conforming to a registry mechanism described in <xref target="RFC3688"/>. </t>
<t> Two URI assignments are requested. <vspace blankLines="1"/>
Registration request for the SPPF XML namespace: <vspace blankLines="0"/> urn:ietf:params:xml:ns:sppf:base:1 <vspace blankLines="0"/> Registrant Contact: IESG <vspace blankLines="0"/> XML: None. Namespace URIs do not represent
an XML specification. </t>
<t> Registration request for the XML schema: <vspace blankLines="0"/> URI: urn:ietf:params:xml:schema:sppf:1
<vspace blankLines="0"/> Registrant Contact: IESG <vspace blankLines="0"/> XML: See the "Formal Specification" section
of this document (<xref target="formalspecification"/>). </t>
<t>
IANA is requested to create a new SPPF registry for Organization Identifiers that will indicate valid strings to be used for well-known enterprise namespaces.
<vspace blankLines="0"/>
This document makes the following assignments for the OrgIdType namespaces:
</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
Namespace OrgIdType namespace string
---- ----------------------------
IANA Enterprise Numbers iana-en
]]></artwork>
</figure>
</t>
</section>
<section anchor="formalspecification"
title="Formal Specification">
<t> This section provides the draft XML Schema Definition for
SPPF Protocol. </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns:sppfb="urn:ietf:params:xml:ns:sppf:base:1"
xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:ietf:params:xml:ns:sppf:base:1"
elementFormDefault="qualified" xml:lang="EN">
<annotation>
<documentation>
---- Generic Object key types to be defined by specific
Transport/Architecture. The types defined here can
be extended by the specific architecture to
define the Object Identifiers ----
</documentation>
</annotation>
<complexType name="ObjKeyType"
abstract="true">
<annotation>
<documentation>
---- Generic type that represents the
key for various objects in SPPF. ----
</documentation>
</annotation>
</complexType>
<complexType name="SedGrpOfferKeyType" abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
---- Generic type that represents
the key for a SED group offer. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
<complexType name="PubIdKeyType" abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
----Generic type that
represents the key
for a Pub Id. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
<annotation>
<documentation>
---- Object Type Definitions ----
</documentation>
</annotation>
<complexType name="SedGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpName" type="sppfb:ObjNameType"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="peeringOrg" type="sppfb:OrgIdType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="sourceIdent" type="sppfb:SourceIdentType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="isInSvc" type="boolean"/>
<element name="priority" type="unsignedShort"/>
<element name="ext"
type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="DestGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName"
type="sppfb:ObjNameType"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="PubIdType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName" type="sppfb:ObjNameType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="TNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="TNRType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="range" type="sppfb:NumberRangeType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="TNPType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tnPrefix" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="RNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="rn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="URIPubIdType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedRecType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedName" type="sppfb:ObjNameType"/>
<element name="sedFunction" type="sppfb:SedFunctionType"
minOccurs="0"/>
<element name="isInSvc" type="boolean"/>
<element name="ttl" type="positiveInteger" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NAPTRType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="order" type="unsignedShort"/>
<element name="flags" type="sppfb:FlagsType" minOccurs="0"/>
<element name="svcs" type="sppfb:SvcType"/>
<element name="regx" type="sppfb:RegexParamType" minOccurs="0"/>
<element name="repl" type="sppfb:ReplType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NSType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="hostName" type="token"/>
<element name="ipAddr" type="sppfb:IPAddrType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="URIType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="ere" type="token" default="^(.*)$"/>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedGrpOfferType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpOfferKey" type="sppfb:SedGrpOfferKeyType"/>
<element name="status" type="sppfb:SedGrpOfferStatusType"/>
<element name="offerDateTime" type="dateTime"/>
<element name="acceptDateTime" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="EgrRteType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="egrRteName" type="sppfb:ObjNameType"/>
<element name="pref" type="unsignedShort"/>
<element name="regxRewriteRule" type="sppfb:RegexParamType"/>
<element name="ingrSedGrp" type="sppfb:ObjKeyType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="svcs" type="sppfb:SvcType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<annotation>
<documentation>
---- Abstract Object and Element Type Definitions ----
</documentation>
</annotation>
<complexType name="BasicObjType" abstract="true">
<sequence>
<element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="RegexParamType">
<sequence>
<element name="ere" type="sppfb:RegexType" default="^(.*)$"/>
<element name="repl" type="sppfb:ReplType"/>
</sequence>
</complexType>
<complexType name="IPAddrType">
<sequence>
<element name="addr" type="sppfb:AddrStringType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
<attribute name="type" type="sppfb:IPType" default="v4"/>
</complexType>
<complexType name="SedRecRefType">
<sequence>
<element name="sedKey" type="sppfb:ObjKeyType"/>
<element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="SourceIdentType">
<sequence>
<element name="sourceIdentRegex" type="sppfb:RegexType"/>
<element name="sourceIdentScheme"
type="sppfb:SourceIdentSchemeType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="CORInfoType">
<sequence>
<element name="corClaim" type="boolean" default="true"/>
<element name="cor" type="boolean" default="false" minOccurs="0"/>
<element name="corDate" type="dateTime" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="SvcMenuType">
<sequence>
<element name="serverStatus" type="sppfb:ServerStatusType"/>
<element name="majMinVersion" type="token" maxOccurs="unbounded"/>
<element name="objURI" type="anyURI" maxOccurs="unbounded"/>
<element name="extURI" type="anyURI"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="ExtAnyType">
<sequence>
<any namespace="##other" maxOccurs="unbounded"/>
</sequence>
</complexType>
<simpleType name="FlagsType">
<restriction base="token">
<length value="1"/>
<pattern value="[A-Z]|[a-z]|[0-9]"/>
</restriction>
</simpleType>
<simpleType name="SvcType">
<restriction base="token">
<minLength value="1"/>
</restriction>
</simpleType>
<simpleType name="RegexType">
<restriction base="token">
<minLength value="1"/>
</restriction>
</simpleType>
<simpleType name="ReplType">
<restriction base="token">
<minLength value="1"/>
<maxLength value="255"/>
</restriction>
</simpleType>
<simpleType name="OrgIdType">
<restriction base="token"/>
</simpleType>
<simpleType name="ObjNameType">
<restriction base="token">
<minLength value="3"/>
<maxLength value="80"/>
</restriction>
</simpleType>
<simpleType name="TransIdType">
<restriction base="token">
<minLength value="3"/>
<maxLength value="120"/>
</restriction>
</simpleType>
<simpleType name="MinorVerType">
<restriction base="unsignedLong"/>
</simpleType>
<simpleType name="AddrStringType">
<restriction base="token">
<minLength value="3"/>
<maxLength value="45"/>
</restriction>
</simpleType>
<simpleType name="IPType">
<restriction base="token">
<enumeration value="v4"/>
<enumeration value="v6"/>
</restriction>
</simpleType>
<simpleType name="SourceIdentSchemeType">
<restriction base="token">
<enumeration value="uri"/>
<enumeration value="ip"/>
<enumeration value="rootDomain"/>
</restriction>
</simpleType>
<simpleType name="ServerStatusType">
<restriction base="token">
<enumeration value="inService"/>
<enumeration value="outOfService"/>
</restriction>
</simpleType>
<simpleType name="SedGrpOfferStatusType">
<restriction base="token">
<enumeration value="offered"/>
<enumeration value="accepted"/>
</restriction>
</simpleType>
<simpleType name="NumberValType">
<restriction base="token">
<maxLength value="20"/>
<pattern value="\+?\d\d*"/>
</restriction>
</simpleType>
<simpleType name="NumberTypeEnum">
<restriction base="token">
<enumeration value="TN"/>
<enumeration value="TNPrefix"/>
<enumeration value="RN"/>
</restriction>
</simpleType>
<simpleType name="SedFunctionType">
<restriction base="token">
<enumeration value="routing"/>
<enumeration value="lookup"/>
</restriction>
</simpleType>
<complexType name="NumberType">
<sequence>
<element name="value" type="sppfb:NumberValType"/>
<element name="type" type="sppfb:NumberTypeEnum"/>
</sequence>
</complexType>
<complexType name="NumberRangeType">
<sequence>
<element name="startRange" type="sppfb:NumberValType"/>
<element name="endRange" type="sppfb:NumberValType"/>
</sequence>
</complexType>
</schema>
]]></artwork>
</figure>
</t>
</section>
<section title="Acknowledgments">
<t>This document is a result of various discussions held in the
DRINKS working group and within the DRINKS protocol design team,
with contributions from the following individuals, in alphabetical
order: Alexander Mayrhofer, David Schwartz, Deborah A Guyton,
Lisa Dusseault, Manjul Maharishi, Mickael Marrache, Otmar Lendl,
Richard Shockey, Samuel Melloul, Sumanth Channabasappa, Syed Ali, and Vikas Bhatia .</t>
</section>
</middle>
<back>
<references title="Normative References"> &rfc2119; &rfc2277;
&rfc3629; &rfc3688; &rfc3986; &rfc5067; &rfc4949;
</references>
<references title="Informative References">
&rfc2616; &rfc4732; &rfc5246; &rfc2609;
&rfc6461; &rfc5321; &rfc3261; &rfc6116; &rfc4725; &rfc5486;
&rfc2781; &rfc5646;
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 14:43:56 |