One document matched: draft-ietf-drinks-spp-framework-07.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY rfc2277 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2277.xml">
<!ENTITY rfc2609 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2609.xml">
<!ENTITY rfc2616 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2616.xml">
<!ENTITY rfc2781 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.2781.xml">
<!ENTITY rfc3261 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3261.xml">
<!ENTITY rfc3263 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3263.xml">
<!ENTITY rfc3403 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3403.xml">
<!ENTITY rfc3629 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
<!ENTITY rfc3688 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3688.xml">
<!ENTITY rfc3761 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3761.xml">
<!ENTITY rfc3986 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml">
<!ENTITY rfc4725 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.4725.xml">
<!ENTITY rfc4732 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.4732.xml">
<!ENTITY rfc4949 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.4949.xml">
<!ENTITY rfc5067 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5067.xml">
<!ENTITY rfc5226 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5226.xml">
<!ENTITY rfc5234 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5234.xml">
<!ENTITY rfc5246 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5246.xml">
<!ENTITY rfc5321 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5321.xml">
<!ENTITY rfc5486 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5486.xml">
<!ENTITY rfc5646 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.5646.xml">
<!ENTITY rfc6116 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6116.xml">
<!ENTITY rfc6461 PUBLIC ""
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6461.xml">
]>
<rfc category="std" docName="draft-ietf-drinks-spp-framework-07"
ipr="trust200902">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<front>
<title abbrev="draft-drinks-spp-framework">Session Peering
Provisioning Framework (SPPF)</title>
<author initials="K.C." surname="Cartwright"
fullname="Kenneth Cartwright">
<organization>TNS</organization>
<address>
<postal>
<street>1939 Roland Clarke Place</street>
<city>Reston</city>
<region>VA</region>
<code>20191</code>
<country>USA</country>
</postal>
<email>kcartwright@tnsi.com</email>
</address>
</author>
<author initials="V.B." surname="Bhatia" fullname="Vikas Bhatia">
<organization>TNS</organization>
<address>
<postal>
<street>1939 Roland Clarke Place</street>
<city>Reston</city>
<region>VA</region>
<code>20191</code>
<country>USA</country>
</postal>
<email>vbhatia@tnsi.com</email>
</address>
</author>
<author initials="S.A." surname="Ali" fullname="Syed Wasim Ali">
<organization>NeuStar</organization>
<address>
<postal>
<street>46000 Center Oak Plaza</street>
<city>Sterling</city>
<region>VA</region>
<code>20166</code>
<country>USA</country>
</postal>
<email>syed.ali@neustar.biz</email>
</address>
</author>
<author initials="D.S." surname="Schwartz"
fullname="David Schwartz">
<organization>XConnect</organization>
<address>
<postal>
<street>316 Regents Park Road</street>
<city>London</city>
<region> </region>
<code>N3 2XJ</code>
<country>United Kingdom</country>
</postal>
<email>dschwartz@xconnect.net</email>
</address>
</author>
<date year="2014"/>
<area>Real-time Applications and Infrastructure Area</area>
<workgroup>DRINKS</workgroup>
<abstract>
<t> This document specifies the data model and the overall
structure for a framework to provision session establishment
data into Session Data Registries and SIP Service Provider
data stores. The framework is called the Session Peering
Provisioning Framework (SPPF). The provisioned data is
typically used by network elements for session establishment.
</t>
</abstract>
</front>
<middle>
<!-- Note: this is how you can put a note in the draft for
yourself or for the co-authors to check on -->
<section anchor="introduction" title="Introduction">
<t> Service providers and enterprises use routing databases
known as registries to make session routing decisions for
Voice over IP, SMS and MMS traffic exchanges. This document is
narrowly focused on the provisioning framework for these
registries. This framework prescribes a way for an entity to
provision session-related data into a Registry. The data being
provisioned can be optionally shared with other participating
peering entities. The requirements and use cases driving this
framework have been documented in <xref target="RFC6461"/>.
<vspace blankLines="1"/> Three types of provisioning flows
have been described in the use case document: client to
Registry, Registry to local data repository and Registry to
Registry. This document addresses client to Registry flow
enabling the need to provision Session Establishment Data
(SED). The framework that supports flow of messages to
facilitate client to Registry provisioning is referred to as
Session Peering Provisioning Framework (SPPF).</t>
<t>The role of the "client" and the "server" only applies to the
connection, and those roles are not related in any way to the
type of entity that participates in a protocol exchange. For
example, a Registry might also include a "client" when such a
Registry initiates a connection (for example, for data
distribution to SSP).</t>
<t>
<vspace blankLines="10"/>
</t>
<t>
<figure align="center" anchor="RegFlows">
<artwork align="center"><![CDATA[
*--------* *------------* *------------*
| | (1). Client | | (3).Registry | |
| Client | ------------> | Registry |<------------->| Registry |
| | to Registry | | to Registry | |
*--------* *------------* *------------*
/ \ \
/ \ \
/ \ \
/ \ v
/ \ ...
/ \
/ (2). Distrib \
/ Registry data \
/ to local data \
V store V
+----------+ +----------+
|Local Data| |Local Data|
|Repository| |Repository|
+----------+ +----------+
]]></artwork>
<postamble> Three Registry Provisioning Flows </postamble>
</figure>
</t>
<t>A "terminating" SIP Service Provider (SSP) provisions Session
Establishment Data or SED into the Registry to be selectively
shared with other peer SSPs. <vspace blankLines="1"/> SED is
typically used by various downstream SIP signaling systems to
route a call to the next hop associated with the called
domain. These systems typically use a local data store ("Local
Data Repository") as their source of session routing
information. More specifically, the SED data is the set of
parameters that the outgoing signaling path border elements
(SBEs) need to initiate the session. See <xref
target="RFC5486"/> for more details. <vspace blankLines="1"
/> A Registry may distribute the provisioned data into local
data repositories or may additionally offer a central query
resolution service (not shown in the above figure) for query
purposes. </t>
<t> A key requirement for the SPPF is to be able to accommodate
two basic deployment scenarios: <list style="numbers">
<t> A resolution system returns a Look-Up Function (LUF)
that comprises the target domain to assist in call routing
(as described in <xref target="RFC5486"/>). In this case,
the querying entity may use other means to perform the
Location Routing Function (LRF) which in turn helps
determine the actual location of the Signaling Function in
that domain. </t>
<t> A resolution system returns a Location Routing Function
(LRF) that comprises the location (address) of the
signaling function in the target domain (as described in
<xref target="RFC5486"/>). </t>
</list>
</t>
<t> In terms of framework design, SPPF is agnostic to the
transport protocol. This document includes the specification
of the data model and identifies, but does not specify, the
means to enable protocol operations within a request and
response structure. That aspect of the specification has been
delegated to the "protocol" specification for the framework.
To encourage interoperability, the framework supports
extensibility aspects. </t>
<t>In this document, XML schema is used to describe the building
blocks of the SPPF and to express the data types, the semantic
relationships between the various data types, and the various
constraints as a binding construct. However, the "protocol"
specification is free to choose any data representation format
as long as it meets the requirements laid out in the SPPF XML
schema definition. As an example, XML and JSON are two widely
used data representation formats.</t>
<t> This document is organized as follows: <list style="symbols"
hangIndent="5">
<t><xref target="terminology"/> provides the terminology</t>
<t><xref target="highleveldesign"/> provides an overview of
SPPF, including functional entities and data model</t>
<t><xref target="transportreq"/> specifies requirements for
SPPF transport protocols</t>
<t><xref target="basicdatastructures"/> describes the base
framework data structures, the generic response types that
MUST be supported by a conforming transport "protocol"
specification, and the basic object type most first class
objects extend from</t>
<t><xref target="protocolDataModelObjects"/> provides a
detailed description of the data model object
specifications</t>
<t><xref target="protocol_oper"/> describes the operations
that are supported by the data model</t>
<t><xref target="xmlconsiderations"/> defines XML
considerations XML parsers must meet to conform to this
specification</t>
<t>Sections 9 - 11 discuss security, internationalization
and IANA considerations</t>
<t><xref target="formalspecification"/> normatively defines
the SPPF using its XML Schema Definition. </t>
</list>
</t>
</section>
<section anchor="terminology" title="Terminology">
<t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in <xref target="RFC2119"/>. </t>
<t> This document reuses terms from <xref target="RFC3261"/>,
<xref target="RFC5486"/>, use cases and requirements
documented in <xref target="RFC6461"/> and the ENUM Validation
Architecture <xref target="RFC4725"/>. </t>
<t> In addition, this document specifies the following
additional terms: <vspace blankLines="1"/>
<list style="hanging">
<t hangText="SPPF: "> Session Peering Provisioning
Framework, the framework used by a transport protocol to
provision data into a Registry (see arrow labeled "1." in
Figure 1 of <xref target="RFC6461"/>). It is the primary
scope of this document. <vspace blankLines="1"/>
</t>
<t hangText="Client: "> In the context of SPPF, this is an
application that initiates a provisioning request. It is
sometimes referred to as a "Registry client". <vspace
blankLines="1"/>
</t>
<t hangText="Server: "> In the context of SPPF, this is an
application that receives a provisioning request and
responds accordingly. It is sometimes referred to as a
Registry. <vspace blankLines="1"/>
</t>
<t hangText="Registry: "> The Registry operates a master
database of Session Establishment Data for one or more
Registrants.<vspace blankLines="1"/>
</t>
<t hangText="Registrant: "> The definition of a Registrant
is based on <xref target="RFC4725"/>. It is the end-user,
the person or organization that is the "holder" of the
Session Establishment Data being provisioned into the
Registry by a Registrar. For example, in <xref
target="RFC6461"/>, a Registrant is pictured as a SIP
Service Provider in Figure 2. <vspace blankLines="1"/>
Within the confines of a Registry, a Registrant is
uniquely identified by a well-known ID.<vspace
blankLines="1"/>
</t>
<t hangText="Registrar: "> The definition of a Registrar is
based on <xref target="RFC4725"/>. It is an entity that
performs provisioning operations on behalf of a Registrant
by interacting with the Registry via SPPF operations. In
other words the Registrar is the SPPF Client. The
Registrar and Registrant roles are logically separate to
allow, but not require, a single Registrar to perform
provisioning operations on behalf of more than one
Registrant. </t>
<t hangText="Peering Organization: "> A Peering Organization
is an entity to which a Registrant's SED Groups are made
visible using the operations of SPPF. </t>
</list>
</t>
</section>
<section anchor="highleveldesign"
title="Framework High Level Design">
<t> This section introduces the structure of the data model and
provides the information framework for the SPPF. The data
model is defined along with all the objects manipulated by a
conforming transport protocol and their relationships. </t>
<section anchor="datamodel" title="Framework Data Model">
<t> The data model illustrated and described in <xref
target="SPPF_datamodel"/> defines the logical objects and
the relationships between these objects supported by SPPF.
SPPF defines protocol operations through which an SPPF
client populates a Registry with these logical objects.
SPPF clients belonging to different Registrars may
provision data into the Registry using a conforming
transport protocol that implements these operations</t>
<t> The logical structure presented below is consistent with
the terminology and requirements defined in <xref
target="RFC6461"/>. </t>
<t>
<vspace blankLines="16"/>
</t>
<figure align="center" anchor="SPPF_datamodel">
<preamble> </preamble>
<artwork align="center"><![CDATA[
+-------------+ +-----------------+
| all object | |Egress Route: |
| types | 0..n | rant, |
+-------------+ +--| egrRteName, |
|0..n / | pref, |
| / | regxRewriteRule,|
|2 / | ingrSedGrp, |
+----------------------+ / | svcs |
|Organization: | / +-----------------+
| orgId | /
+----------------------+ /
|0..n /
| /
|A SED Group is /
|associated with /
|zero or more / +---[abstract]----+
|Peering / | SED Record: |
|Organizations / | rant, |
| / | sedName, |0..n
|0..n / | sedFunction, |------|
+--------+--------------+0..n 0..n| isInSvc, | |
|SED Group: |------------------| ttl | |
| rant, | +-----------------+ |
| sedGrpName, | ^ Various types |
| isInSvc, | | of SED Records |
| sedRecRef, | | |
| peeringOrg, | +-----+------------+ |
| sourceIdent, | | | | |
| priority, | +----+ +-------+ +----+ |
| dgName | | URI| | NAPTR | | NS | |
+-----------------------+ +----+ +-------+ +----+ |
|0..n |
| +-----[abstract]------+ |
|0..n |Public Identifier: | |
+----------------------+0..n 0..n| rant, | |
| Dest Group: |--------------| publicIdentifier, | |
| rant, | | dgName | |
| dgName | | | |
+----------------------+ +---------------------+ |
^ Various types |
+---------+-------+------+----------+ of Public |
| | | | | Identifiers |
+------+ +-----+ +-----+ +-----+ +------+ |
| URI | | TNP | | TNR | | RN | | TN |-------------|
+------+ +-----+ +-----+ +-----+ +------+ 0..n
]]></artwork>
</figure>
<t> The objects and attributes that comprise the data model
can be described as follows (objects listed from the bottom
up): <list style="symbols">
<t> Public Identifier: <vspace blankLines="0"/> From a
broad perspective a public identifier is a well-known
attribute that is used as the key to perform resolution
lookups. Within the context of SPPF, a public identifier
object can be a Telephone Number (TN), a range of
Telephone Numbers, a PSTN Routing Number (RN), a TN
prefix, or a URI. <vspace blankLines="1"/> An SPPF
Public Identifier may be a member of zero or more Destination Groups
to create logical groupings of Public Identifiers that
share a common set of Session Establishment Data (e.g.
routes). <vspace blankLines="1"/> A TN Public Identifier
may optionally be associated with zero or more
individual SED Records. This ability for a Public
Identifier to be directly associated with a SED Record,
as opposed to forcing membership in one or more Destination Groups,
supports use cases where the SED Record contains
data specifically tailored to an individual TN Public
Identifier. </t>
<t> Destination Group: <vspace blankLines="0"/> A named
logical grouping of zero or more Public Identifiers that can
be associated with one or more SED Groups for the
purpose of facilitating the management of their common
session establishment information. </t>
<t> SED Group: <vspace blankLines="0"/> A SED Group
contains a set of SED Record references, a set of
Destination Group references, and a set of peering
organization identifiers. This is used to establish a
three part relationships between a set of Public
Identifiers, the session establishment information (SED)
shared across these Public Identifiers, and the list of
peering organizations whose query responses from the
resolution system may include the session establishment
information contained in a given SED group. In addition,
the sourceIdent element within a SED Group, in concert
with the set of peering organization identifiers,
enables fine-grained source based routing. For further
details about the SED Group and source based routing,
refer to the definitions and descriptions in <xref
target="destGroup"/>.</t>
<t> SED Record: <vspace blankLines="0"/> A SED Record
contains the data that a resolution system returns in
response to a successful query for a Public Identifier.
SED Records are generally associated with a SED Group
when the SED within is not specific to a Public
Identifier. <vspace blankLines="0"/> To support the use
cases defined in <xref target="RFC6461"/>, SPPF
framework defines three type of SED Records: URIType,
NAPTRType, and NSType. These SED Records extend the
abstract type SedRecType and inherit the common
attribute 'priority' that is meant for setting
precedence across the SED records defined within a SED
Group in a protocol agnostic fashion. </t>
<t> Egress Route: <vspace blankLines="0"/> In a
high-availability environment, the originating SSP
likely has more than one egress paths to the ingress SBE
of the target SSP. The Egress Route allows the
originating SSP to choose a specific egress SBE to be
associated with the target ingress SBE. the 'svcs'
element specifies ENUM services ((e.g.,E2U+pstn:sip+sip)
that are used to identify the SED records associated with
the SED Group that will be modified by the originating SSP.
</t>
<t> Organization: <vspace blankLines="0"/> An Organization
is an entity that may fulfill any combination of three
roles: Registrant, Registrar, and Peering Organization.
All objects in SPPF are associated with two
organization identifiers to identify each object's
Registrant and Registrar. A SED Group object is also
associated with a set of zero or more organization
identifiers that identify the peering organization(s)
whose resolution query responses may include the session
establishment information (SED) defined in the SED
Records within that SED Group. A peering organization is
an entity that the Registrant intends to share the SED
data with.</t>
</list>
</t>
</section>
<section anchor="timestamp" title="Time Value">
<t>Some request and response messages in SPPF
include time value(s) defined as type xs:dateTime, a
built-in W3C XML Schema Datatype. Use of unqualified local
time value is disallowed as it can lead to interoperability
issues. The value of time attribute MUST be expressed in
Coordinated Universal Time (UTC) format without the timezone
digits.</t>
<t>"2010-05-30T09:30:10Z" is an example of an
acceptable time value for use in SPPF messages.
"2010-05-30T06:30:10+3:00" is a valid UTC time,
but it is not approved for use in SPPF messages.</t>
</section>
<section anchor="extensibility" title="Extensibility">
<t>The framework contains various points of extensibility in
form of the "ext" elements. Extensions used beyond the scope
of private SPPF installations MUST be documented in an RFC
level document, and the first such extension SHOULD define
an IANA registry, holding a list of documented extensions.
</t>
</section>
</section>
<section anchor="transportreq"
title="Transport Protocol Requirements">
<t> This section provides requirements for transport protocols
suitable for SPPF. More specifically, this section
specifies the services, features, and assumptions that SPPF
framework delegates to the chosen transport and envelope
technologies. </t>
<section anchor="transpconnreq" title="Connection Oriented">
<t> The SPPF follows a model where a client establishes a
connection to a server in order to further exchange SPPF
messages over such point-to-point connection. A transport
protocol for SPPF MUST therefore be connection oriented.
</t>
</section>
<section anchor="requestresponse"
title="Request and Response Model">
<t> Provisioning operations in SPPF follow the
request-response model, where a client sends a request
message to initiate a transaction and the server responds
with a response. Multiple subsequent request-response
exchanges MAY be performed over a single persistent
connection. </t>
<t> Therefore, a transport protocol for SPPF MUST follow the
request-response model by allowing a response to be sent to
the request initiator.</t>
</section>
<section anchor="connectionlength" title="Connection Lifetime">
<t> Some use cases involve provisioning a single request to a
network element. Connections supporting such provisioning
requests might be short-lived, and may be established only
on demand. Other use cases involve either provisioning a
large dataset, or a constant stream of small updates, either
of which would likely require long-lived connections. </t>
<t> Therefore, a protocol suitable for SPPF SHOULD be able to
support both short-lived as well as long-lived connections.
</t>
</section>
<section anchor="authentication" title="Authentication">
<t> All SPPF objects are associated with a Registrant
identifier. An SPPF Client provisions SPPF objects on behalf
of Registrants. An authenticated SPP Client is a Registrar.
Therefore, the SPPF transport protocol MUST provide means
for an SPPF server to authenticate an SPPF Client. </t>
</section>
<section anchor="authorization" title="Authorization">
<t>After successful authentication of the SPPF client as a
Registrar the Registry performs authorization checks to
determine if the Registrar is authorized to act on behalf of
the Registrant whose identifier is included in the SPPF
request. Refer to the Security Considerations section for
further guidance. </t>
</section>
<section anchor="confidentiality"
title="Confidentiality and Integrity">
<t>SPPF objects that the Registry manages can be private
in nature. Therefore, the transport protocol MUST provide
means for end-to-end encryption between the SPPF client and
Registry.</t>
<t>If the data is compromised in-flight between the SPPF
client and Registry, it will seriously affect the stability
and integrity of the system. Therefore, the transport
protocol MUST provide means for data integrity
protection.</t>
</section>
<section anchor="timing" title="Near Real Time">
<t> Many use cases require near real-time responses from the
server. Therefore, a DRINKS transport protocol MUST support
near real-time response to requests submitted by the client.
</t>
</section>
<section anchor="respsizes" title="Request and Response Sizes">
<t>Use of SPPF may involve simple updates that may consist of
small number of bytes, such as, update of a single public
identifier. Other provisioning operations may constitute
large number of dataset as in adding millions records to a
Registry. As a result, a suitable transport protocol for
SPPF SHOULD accommodate dataset of various sizes.</t>
</section>
<section anchor="reqorder"
title="Request and Response Correlation">
<t> A transport protocol suitable for SPPF MUST allow
responses to be correlated with requests. </t>
</section>
<section anchor="ack" title="Request Acknowledgement">
<t> Data transported in the SPPF is likely crucial for the
operation of the communication network that is being
provisioned. A SPPF client responsible for provisioning SED
to the Registry has a need to know if the submitted requests
have been processed correctly.</t>
<t>Failed transactions can lead to situations where a subset
of public identifiers or even SSPs might not be reachable,
or the provisioning state of the network is inconsistent. </t>
<t> Therefore, a transport protocol for SPPF MUST provide a
response for each request, so that a client can identify
whether a request succeeded or failed. </t>
</section>
<section anchor="mandatorytransport" title="Mandatory Transport">
<t>At the time of this writing, a choice of transport protocol
has been provided in SPP Protocol over SOAP document. To
encourage interoperability, the SPPF server MUST provide
support for this transport protocol. With time, it is
possible that other transport layer choices may surface that
agree with the requirements discussed above.</t>
</section>
</section>
<section anchor="basicdatastructures"
title="Base Framework Data Structures and Response Codes">
<t>SPPF contains some common data structures for most of the
supported object types. This section describes these common
data structures.</t>
<section anchor="BasicObjType"
title="Basic Object Type and Organization Identifiers">
<t>All first class objects extend the type BasicObjType. It
consists of the Registrant organization, the Registrar
organization, the date and time of object creation, and the
last date and time the object was updated. The Registry MUST
store the date and time of the object creation and update, if
applicable, for all Get operations (see <xref
target="protocol_oper"/>). If the client passed in either
date and time values, the Registry MUST ignore it. The
Registrar performs the SPPF operations on behalf of the
Registrant, the organization that owns the object.</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="BasicObjType" abstract="true">
<sequence>
<element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
]]></artwork>
</figure>
</t>
<t> The identifiers used for Registrants (rant) and Registrars
(rar) are instances of OrgIdType. The OrgIdType is defined
as a string and all OrgIdType instances MUST follow the
textual convention: "namespace:value" (for example
"iana-en:32473"). See the IANA Consideration section for
more details. </t>
</section>
<section anchor="objkeytypes" title="Various Object Key Types">
<t> The SPPF data model contains various object relationships.
In some cases, these object relationships are established by
embedding the unique identity of the related object inside
the relating object. Note that an object's unique identity
is required to Delete or Get the details of an object. The
following sub-sections normatively define the various object
keys in SPPF and the attributes of those keys.</t>
<t> "Name" attributes that are used as components of object key types
MUST be treated case insensitive, more specifically, comparison
operations MUST use the toCasefold() function, as specified
in Section 3.13 of <xref target='Unicode6.1'/>.</t>
<section anchor="objkeytype" title="Generic Object Key Type">
<t>Most objects in SPPF are uniquely identified by an object
key that has the object's name, object's type and its
Registrant's organization ID as its attributes. The
abstract type called ObjKeyType is where this unique
identity is housed. Any concrete representation of the
ObjKeyType MUST contain the following: <list>
<t>Object Name: The name of the object.</t>
<t>Registrant Id: The unique organization ID that
identifies the Registrant.</t>
<t>Type: The value that represents the type of SPPF
object that. This is required as different types of
objects in SPPF, that belong to the same Registrant,
can have the same name.</t>
</list>
</t>
<t>The structure of abstract ObjKeyType is as follows:</t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="ObjKeyType" abstract="true">
<annotation>
<documentation>
---- Generic type that represents the
key for various objects in SPPF. ----
</documentation>
</annotation>
</complexType>
]]></artwork>
</figure>
</section>
<section anchor="Derived_Types"
title="Derived Object Key Types">
<t> The SPPF data model contains certain objects that are
uniquely identified by attributes, different from or in
addition to, the attributes in the generic object key
described in previous section. These kind of object keys
are derived from the abstract ObjKeyType and defined in
their own abstract key types. Because these object key
types are abstract, they MUST be specified in a concrete
form in any SPPF conforming transport protocol
specification. These are used in Delete and Get
operations, and may also be used in Accept and Reject
operations. </t>
<t>Following are the derived object keys in SPPF data model:
<list style="symbols" hangIndent="5">
<t>SedGrpOfferKeyType: This uniquely identifies a SED
Group object offer. This key type extends from
ObjKeyType and MUST also have the organization ID of
the Registrant to whom the object is being offered, as
one of its attributes. In addition to the Delete and
Get operations, these key types are used in Accept and
Reject operations on a SED Group Offer object. The
structure of abstract SedGrpOfferKeyType is as
follows: <figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedGrpOfferKeyType"
abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
---- Generic type that represents
the key for a object offer. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure> A SED Group Offer object MUST use
SedGrpOfferKeyType. Refer the "Framework Data Model
Objects" section of this document for description of
SED Group Offer object. </t>
<t> PubIdKeyType: This uniquely identifies a Public
Identity object. This key type extends from abstract
ObjKeyType. Any concrete definition of PubIdKeyType
MUST contain the elements that identify the value and
type of Public Identity and also contain the
organization ID of the Registrant that is the owner of
the Public Identity object. A Public Identity object
in SPPF is uniquely identified by the
Registrant's organization ID, the value of the public
identity, and the type of the public identity object.
Consequently, any concrete representation of the
PubIdKeyType MUST contain the following attributes: <list>
<t>Registrant Id: The unique organization ID that
identifies the Registrant.</t>
<t>Value: The value of the Public Identity.</t>
<t>Type: The type of the Public Identity Object.</t>
</list> The PubIdKeyType is used in Delete and Get
operations on a Public Identifier object. </t>
<t>The structure of abstract PubIdKeyType is as follows:
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="PubIdKeyType" abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
---- Generic type that represents the key for a Pub Id. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
</list>
</t>
<t>A Public Identity object MUST use attributes of
PubIdKeyType for its unique identification . Refer to
<xref target="protocolDataModelObjects"/>
for a description of Public Identity object.</t>
</section>
</section>
<section anchor="responseMessages"
title="Response Message Types">
<t> This section contains the listing of response types that
MUST be defined by the SPPF conforming transport protocol
specification and implemented by a conforming SPPF server. </t>
<texttable anchor="Table1" title="Response Types">
<ttcol align="left" width="30%">Response Type</ttcol>
<ttcol align="left" width="60%">Description</ttcol>
<c> Request Succeeded</c>
<c> Any conforming specification MUST define a response to
indicate that a given request succeeded.</c>
<c> Request syntax invalid</c>
<c> Any conforming specification MUST define a response to
indicate that a syntax of a given request was found
invalid. </c>
<c> Request too large</c>
<c> Any conforming specification MUST define a response to
indicate that the count of entities in the request is
larger than the server is willing or able to process.</c>
<c> Version not supported</c>
<c> Any conforming specification MUST define a response to
indicate that the server does not support the version of
the SPPF protocol specified in the request.</c>
<c> Command invalid</c>
<c> Any conforming specification MUST define a response to
indicate that the operation and/or command being requested
by the client is invalid and/or not supported by the
server.</c>
<c> System temporarily unavailable</c>
<c> Any conforming specification MUST define a response to
indicate that the SPPF server is temporarily not available
to serve client request.</c>
<c> Unexpected internal system or server error.</c>
<c>Any conforming specification MUST define a response to
indicate that the SPPF server encountered an unexpected
error that prevented the server from fulfilling the
request.</c>
<c> Attribute value invalid</c>
<c> Any conforming specification MUST define a response to
indicate that the SPPF server encountered an attribute or
property in the request that had an invalid/bad value.
Optionally, the specification MAY provide a way to
indicate the Attribute Name and the Attribute Value to
identify the object that was found to be invalid. </c>
<c> Object does not exist</c>
<c> Any conforming specification MUST define a response to
indicate that an object present in the request does not
exist on the SPPF server. Optionally, the specification
MAY provide a way to indicate the Attribute Name and the
Attribute Value that identifies the non-existent
object.</c>
<c> Object status or ownership does not allow for
operation.</c>
<c> Any conforming specification MUST define a response to
indicate that the operation requested on an object present
in the request cannot be performed because the object is
in a status that does not allow the said operation or the
user requesting the operation is not authorized to perform
the said operation on the object. Optionally, the
specification MAY provide a way to indicate the Attribute
Name and the Attribute Value that identifies the
object.</c>
</texttable>
<t> When the response messages are "parameterized" with the
Attribute Name and Attribute Value, then the use of these
parameters MUST adhere to the following rules: <list
style="symbols" hangIndent="5">
<t hangText=""> Any value provided for the Attribute Name
parameter MUST be an exact XSD element name of the
protocol data element that the response message is
referring to. For example, valid values for "attribute
name" are "dgName", "sedGrpName", "sedRec", etc. </t>
<t hangText=""> The value for Attribute Value MUST be the
value of the data element to which the preceding
Attribute Name refers. </t>
<t hangText=""> Response type "Attribute value invalid"
MUST be used whenever an element value does not adhere
to data validation rules. </t>
<t hangText=""> Response types "Attribute value invalid"
and "Object does not exist" MUST not be used
interchangeably. Response type "Object does not exist"
MUST be returned by an Update/Del/Accept/Reject operation
when the data element(s) used to uniquely identify a
pre-existing object do not exist. If the data elements
used to uniquely identify an object are malformed, then
response type "Attribute value invalid" MUST be
returned. </t>
</list>
</t>
</section>
</section>
<section anchor="protocolDataModelObjects"
title="Framework Data Model Objects">
<t> This section provides a description of the specification of
each supported data model object (the nouns) and identifies
the commands (the verbs) that MUST be supported for each data
model object. However, the specification of the data
structures necessary to support each command is delegated to
an SPPF conforming transport protocol specification.</t>
<section anchor="destGroup" title="Destination Group">
<t> Destination Group represents a logical grouping of Public Identifiers
with common session establishment information. The transport
protocol MUST support the ability to Create, Modify, Get,
and Delete Destination Groups (refer the "Framework
Operations" section of this document for a generic
description of various operations). </t>
<t> A Destination Group object MUST be uniquely identified by
attributes as defined in the description of "ObjKeyType" in
the section "Generic Object Key Type" of this document.</t>
<t> The DestGrpType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="DestGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName" type="sppfb:ObjNameType"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>The DestGrpType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend BasicObjType (see
<xref target="BasicObjType"></xref>).</t>
<t> dgName: The character string that contains the name of
the Destination Group. </t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>. </t>
</list>
</t>
</section>
<section anchor="pubId" title="Public Identifier">
<t>A Public Identifier is the search key used for locating the
session establishment data (SED). In many cases, a Public
Identifier is attributed to the end user who has a retail
relationship with the service provider or Registrant
organization. SPPF supports the notion of the
carrier-of-record as defined in <xref target="RFC5067"/>.
Therefore, the Registrant under whom the Public Identity is
being created can optionally claim to be a
carrier-of-record.</t>
<t>SPPF identifies three types of Public Identifiers:
telephone numbers (TN), routing numbers (RN), and URI.
SPPF provides structures to manage a
single TN, a contiguous range of TNs, and a TN prefix. The
transport protocol MUST support the ability to Create,
Modify, Get, and Delete Public Identifiers (refer the
"Framework Operations" section of this document for a
generic description of various operations).</t>
<t> A Public Identity object MUST be uniquely identified by
attributes as defined in the description of "PubIdKeyType"
in the section <xref target="Derived_Types"/>. </t>
<t>The abstract XML schema type definition PubIdType is a
generalization for the concrete Public Identifier schema
types. PubIdType element 'dgName' represents the name of a
destination group that a given Public Identifier may be a
member of. Note that this element may be present multiple times
so that a given Public Identifier may be a member of multiple
destination groups. The PubIdType object structure is defined as
follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="PubIdType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>A Public Identifier may be a member of zero or more
Destination Groups. When a Public Identifier is member
of a Destination Group, it is intended to be associated with
SED(s) through the SED Group(s) that are associated with the
Destination Group. When a Public Identifier is
not member of any Destination Group, it is
intended to be associated with SED through the SED
Records that are directly associated with the Public
Identifier.</t>
<t>A telephone number is provisioned using the TNType, an
extension of PubIdType. Each TNType
object is uniquely identified by the combination of its
value contained within <![CDATA[<tn>]]> element, and its
Registrant ID. TNType is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="TNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="CORInfoType">
<sequence>
<element name="corClaim" type="boolean" default="true"/>
<element name="cor" type="boolean" default="false" minOccurs="0"/>
<element name="corDate" type="dateTime" minOccurs="0"/>
</sequence>
</complexType>
<simpleType name="NumberValType">
<restriction base="token">
<maxLength value="20"/>
<pattern value="\+?\d\d*"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>TNType consists of the following attributes: <list
style="symbols" hangIndent="5">
<t>tn: Telephone number to be added to the Registry.</t>
<t>sedRecRef: Optional reference to SED records that are
directly associated with the TN Public Identifier.
Following the SPPF data model, the SED record could be a
protocol agnostic URIType or another type.</t>
<t>corInfo: corInfo is an optional parameter of type
CORInfoType that allows the Registrant organization to
set forth a claim to be the carrier-of-record (see <xref
target="RFC5067"/>). This is done by setting the value
of <corClaim> element of the CORInfoType object
structure to "true". The other two parameters
of the CORInfoType, <cor> and <corDate> are
set by the Registry to describe the outcome of the
carrier-of-record claim by the Registrant. In general,
inclusion of <corInfo> parameter is useful if the
Registry has the authority information, such as, the
number portability data, etc., in order to qualify
whether the Registrant claim can be satisfied. If the
carrier-of-record claim disagrees with the authority
data in the Registry, whether the TN add operation fails
or not is a matter of policy and it is beyond the scope
of this document.</t>
</list>
</t>
<t>A routing number is provisioned using the RNType, an
extension of PubIDType. The Registrant organization can
add the RN and associate it with the appropriate destination
group(s) to share the route information. This allows SSPs to use the RN
search key to derive the ingress routes for session
establishment at the runtime resolution process (see <xref
target="RFC3761"/>. Each RNType object is
uniquely identified by the combination of its value inside
the <![CDATA[<rn>]]> element, and its Registrant ID. RNType is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="RNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="rn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>RNType has the following attributes: <list style="symbols"
hangIndent="5">
<t>rn: Routing Number used as the search key.</t>
<t>corInfo: corInfo is an optional parameter of type
CORInfoType that allows the Registrant organization to
set forth a claim to be the carrier-of-record (see
[RFC5067])</t>
</list>
</t>
<t>TNRType structure is used to provision a contiguous range
of telephone numbers. The object definition requires a
starting TN and an ending TN that together define the span
of the TN range. Use of TNRType is particularly useful when
expressing a TN range that does not include all the TNs
within a TN block or prefix. The TNRType definition
accommodates the open number plan as well such that the TNs
that fall between the start and end TN range may include TNs
with different length variance. Whether the Registry can
accommodate the open number plan semantics is a matter of
policy and is beyond the scope of this document. Each
TNRType object is uniquely identified by the combination of
its value that in turn is a combination of the
<![CDATA[<startTn>]]> and <![CDATA[<endTn>]]> elements, and
its Registrant ID. TNRType object structure definition is as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="TNRType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="range" type="sppfb:NumberRangeType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NumberRangeType">
<sequence>
<element name="startTn" type="sppfb:NumberValType"/>
<element name="endTn" type="sppfb:NumberValType"/>
</sequence>
</complexType>
]]></artwork>
</figure>
</t>
<t>TNRType has the following attributes: <list style="symbols"
hangIndent="5">
<t>startTn: Starting TN in the TN range</t>
<t>endTn: The last TN in the TN range</t>
<t>corInfo: corInfo is an optional parameter of type
CORInfoType that allows the Registrant organization to
set forth a claim to be the carrier-of-record (see
[RFC5067])</t>
</list>
</t>
<t>In some cases, it is useful to describe a set of TNs with
the help of the first few digits of the telephone number,
also referred to as the telephone number prefix or a block.
A given TN prefix may include TNs with different length
variance in support of open number plan. Once again, whether
the Registry supports the open number plan semantics is a
matter of policy and it is beyond the scope of this
document. The TNPType data structure is used to provision a
TN prefix. Each TNPType object is uniquely identified by the
combination of its value in the <![CDATA[<tnPrefix>]]>
element, and its Registrant ID. TNPType is defined as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="TNPType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tnPrefix" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>TNPType consists of the following attributes: <list
style="symbols" hangIndent="5">
<t>tnPrefix: The telephone number prefix</t>
<t>corInfo: corInfo is an optional parameter of type
CORInfoType that allows the Registrant organization to
set forth a claim to be the carrier-of-record (see
[RFC5067])</t>
</list>
</t>
<t>In some cases, a Public Identifier may be a URI, such as an
email address. The URIPubIdType object is comprised of the
data element necessary to house such Public Identifiers.
Each URIPubIdType object is uniquely identified by the
combination of its value in the <![CDATA[<uri>]]> element,
and its Registrant ID. URIPubIdType is defined as follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="URIPubIdType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>URIPubIdType consists of the following attributes: <list
style="symbols" hangIndent="5">
<t>uri: The value that acts a Public Identifier.</t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>.</t>
</list>
</t>
</section>
<section anchor="sedGrp" title="SED Group">
<t>SED Group is a grouping of one or more Destination Group,
the common SED Records, and the list of peer organizations
with access to the SED Records associated with a given SED
Group. It is this indirect linking of public identifiers to
their Session Establishment Data that significantly improves
the scalability and manageability of the peering data.
Additions and changes to SED information are reduced to a
single operation on a SED Group or SED Record , rather than
millions of data updates to individual public identifier
records that individually contain their peering data. The
transport protocol MUST support the ability to Create,
Modify, Get, and Delete SED Groups (refer the "Framework
Operations" section of this document for a generic
description of various operations). </t>
<t> A SED Group object MUST be uniquely identified by
attributes as defined in the description of "ObjKeyType" in
the section "Generic Object Key Type" of this document.</t>
<t> The SedGrpType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpName" type="sppfb:ObjNameType"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="peeringOrg" type="sppfb:OrgIdType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="sourceIdent" type="sppfb:SourceIdentType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="isInSvc" type="boolean"/>
<element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedRecRefType">
<sequence>
<element name="sedKey" type="sppfb:ObjKeyType"/>
<element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
]]></artwork>
</figure>
</t>
<t>The SedGrpType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend BasicObjType (see
<xref target="BasicObjType"></xref>).</t>
<t> sedGrpName: The character string that contains the
name of the SED Group. It uniquely identifies this
object within the context of the Registrant ID (a child
element of the base element as described above). </t>
<t> sedRecRef: Set of zero or more objects of type
SedRecRefType that house the unique keys of the SED
Records (containing the session establishment data) that
the SedGrpType object refers to and their relative
priority within the context of this SED Group.</t>
<t> dgName: Set of zero or more names of DestGrpType
object instances. Each dgName name, in association with
this SED Group's Registrant ID, uniquely identifies a
DestGrpType object instance whose associated public identifiers are
reachable using the session establishment information
housed in this SED Group. An intended side affect of
this is that a SED Group cannot provide session
establishment information for a Destination Group
belonging to another Registrant. </t>
<t> peeringOrg: Set of zero or more peering organization
IDs that have accepted an offer to receive this SED
Group's information. Note that this identifier
"peeringOrg" is an instance of OrgIdType. The set of
peering organizations in this list is not directly
settable or modifiable using the addSedGrpsRqst
operation. This set is instead controlled using the SED
offer and accept operations. </t>
<t> sourceIdent: Set of zero or more SourceIdentType
object instances. These objects, described further
below, house the source identification schemes and
identifiers that are applied at resolution time as part
of source based routing algorithms for the SED Group. </t>
<t> isInSvc: A boolean element that defines whether this
SED Group is in service. The session establishment
information contained in a SED Group that is in service
is a candidate for inclusion in resolution responses for
public identities residing in the Destination Group
associated with this SED Group. The session
establishment information contained in a SED Group that
is not in service is not a candidate for inclusion in
resolution responses. </t>
<t> priority: Priority value that can be used
to provide a relative value weighting of one SED Group
over another. The manner in which this value is used,
perhaps in conjunction with other factors, is a matter
of policy.</t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>. </t>
</list>
</t>
<t> As described above, the SED Group contains a set of
references to SED record objects. A SED record object is
based on an abstract type: SedRecType. The concrete types
that use SedRecType as an extension base are NAPTRType,
NSType, and URIType. The definitions of these types are
included the SED Record section of this document. </t>
<t> The SedGrpType object provides support for source-based
routing via the peeringOrg data element and more granular
source base routing via the source identity element. The
source identity element provides the ability to specify zero
or more of the following in association with a given SED
Group: a regular expression that is matched against the
resolution client IP address, a regular expression that is
matched against the root domain name(s), and/or a regular
expression that is matched against the calling party URI(s).
The result will be that, after identifying the visible SED
Groups whose associated Destination Group(s) contain the
lookup key being queried and whose peeringOrg list contains
the querying organizations organization ID, the resolution
server will evaluate the characteristics of the Source URI,
and Source IP address, and root domain of the lookup key
being queried. The resolution server then compares these
criteria against the source identity criteria associated
with the SED Groups. The session establishment information
contained in SED Groups that have source based routing
criteria will only be included in the resolution response if
one or more of the criteria matches the source criteria from
the resolution request. The Source Identity data element is
of type SourceIdentType, whose structure is defined as
follows:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SourceIdentType">
<sequence>
<element name="sourceIdentRegex" type="sppfb:RegexType"/>
<element name="sourceIdentScheme"
type="sppfb:SourceIdentSchemeType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<simpleType name="SourceIdentSchemeType">
<restriction base="token">
<enumeration value="uri"/>
<enumeration value="ip"/>
<enumeration value="rootDomain"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The SourceIdentType object is composed of the following
data elements: <list style="symbols" hangIndent="5">
<t> sourceIdentScheme: The source identification scheme
that this source identification criteria applies to and
that the associated sourceIdentRegex should be matched
against. </t>
<t> sourceIdentRegex: The regular expression that should
be used to test for a match against the portion of the
resolution request that is dictated by the associated
sourceIdentScheme. </t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>. </t>
</list>
</t>
</section>
<section anchor="sedRec" title="SED Record">
<t> SED Group represents a combined grouping of SED Records
that define session establishment information. However, SED
Records need not be created to just serve a single SED
Group. SED Records can be created and managed to serve
multiple SED Groups. As a result, a change for example to
the properties of a network node used for multiple routes,
would necessitate just a single update operation to change
the properties of that node. The change would then be
reflected in all the SED Groups whose SED record set
contains a reference to that node. The transport protocol
MUST support the ability to Create, Modify, Get, and Delete
SED Records (refer the "Framework Operations" section of
this document for a generic description of various
operations). </t>
<t> A SED Record object MUST be uniquely identified by
attributes as defined in the description of "ObjKeyType" in
the section "Generic Object Key Type" of this document.</t>
<t> The SedRecType object structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedRecType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedName" type="sppfb:ObjNameType"/>
<element name="sedFunction" type="sppfb:SedFunctionType"
minOccurs="0"/>
<element name="isInSvc" type="boolean"/>
<element name="ttl" type="positiveInteger" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<simpleType name="SedFunctionType">
<restriction base="token">
<enumeration value="routing"/>
<enumeration value="lookup"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The SedRecType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend BasicObjType (see
<xref target="BasicObjType"></xref>).</t>
<t> sedName: The character string that contains the name
of the SED Record. It uniquely identifies this object
within the context of the Registrant ID (a child element
of the base element as described above). </t>
<t> sedFunction: As described in <xref target="RFC6461"/>,
SED or Session Establishment Data falls primarily into
one of two categories or functions, LUF and LRF. To
remove any ambiguity as to the function a SED record is
intended to provide, this optional element allows the
provisioning party to make his or her intentions
explicit. </t>
<t> isInSvc: A boolean element that defines whether this
SED Record is in service or not. The session
establishment information contained in a SED Record
which is in service is a candidate for inclusion in
resolution responses for Telephone Numbers that are
either directly associated to this SED Record, or for
Public Identities residing in a Destination Group that
is associated to a SED Group which in turn has an
association to this SED Record.</t>
<t> ttl: Number of seconds that an addressing server may
cache a particular SED Record. </t>
</list>
</t>
<t> As described above, SED records are based on an abstract
type: SedRecType. The concrete types that use SedRecType as
an extension base are NAPTRType, NSType, and URIType. The
definitions of these types are included below. The NAPTRType
object is comprised of the data elements necessary for a
NAPTR (see <xref target="RFC3403"/>that contains routing
information for a SED Group. The NSType object is comprised
of the data elements necessary for a DNS name server that
points to another DNS server that contains the desired
routing information. The NSType is relevant only when the
resolution protocol is ENUM (see <xref target="RFC3761"/>).
The URIType object is comprised of the data elements
necessary to house a URI. </t>
<t> The data provisioned in a Registry can be leveraged for
many purposes and queried using various protocols including
SIP, ENUM and others. As such, the resolution data
represented by the SED records must be in a form suitable
for transport using one of these protocols. In the NAPTRType
for example, if the URI is associated with a destination
group, the user part of the replacement string <uri>
that may require the Public Identifier cannot be preset. As
a SIP Redirect, the resolution server will apply <ere>
pattern on the input Public Identifier in the query and
process the replacement string by substituting any back
reference(s) in the <uri> to arrive at the final URI
that is returned in the SIP Contact header. For an ENUM
query, the resolution server will simply return the values
of the <ere> and <uri> members of the URI.</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="NAPTRType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="order" type="unsignedShort"/>
<element name="flags" type="sppfb:FlagsType" minOccurs="0"/>
<element name="svcs" type="sppfb:SvcType"/>
<element name="regx" type="sppfb:RegexParamType" minOccurs="0"/>
<element name="repl" type="sppfb:ReplType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NSType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="hostName" type="token"/>
<element name="ipAddr" type="sppfb:IPAddrType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="IPAddrType">
<sequence>
<element name="addr" type="sppfb:AddrStringType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
<attribute name="type" type="sppfb:IPType" default="v4"/>
</complexType>
<simpleType name="IPType">
<restriction base="token">
<enumeration value="IPv4"/>
<enumeration value="IPv6"/>
</restriction>
</simpleType>
<complexType name="URIType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="ere" type="token" default="^(.*)$"/>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<simpleType name="flagsType">
<restriction base="token">
<length value="1"/>
<pattern value="[A-Z]|[a-z]|[0-9]"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The NAPTRType object is composed of the following elements:
<list style="symbols" hangIndent="5">
<t> order: Order value in an ENUM NAPTR, relative to other
NAPTRType objects in the same SED Group. </t>
<t> svcs: ENUM service(s) that are served by the SBE. This
field's value must be of the form specified in <xref
target="RFC6116"/> (e.g., E2U+pstn:sip+sip). The
allowable values are a matter of policy and not limited
by this protocol. </t>
<t> regx: NAPTR’s regular expression field. If this is not
included then the Repl field must be included. </t>
<t> repl: NAPTR replacement field, should only be provided
if the Regex field is not provided, otherwise the server
will ignore it</t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>. </t>
</list>
</t>
<t>The NSType object is composed of the following elements:
<list style="symbols" hangIndent="5">
<t> hostName: Root-relative host name of the name
server. </t>
<t> ipAddr: Zero or more objects of type IpAddrType. Each
object holds an IP Address and the IP Address type, IPv4
or IP v6. </t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>. </t>
</list>
</t>
<t>The URIType object is composed of the following elements:
<list style="symbols" hangIndent="5">
<t>ere: The POSIX Extended Regular Expression (ere) as
defined in <xref target="RFC3986"/>. </t>
<t>uri: the URI as defined in <xref target="RFC3986"/>. In
some cases, this will serve as the replacement string
and it will be left to the resolution server to arrive
at the final usable URI. </t>
</list>
</t>
</section>
<section anchor="sedgrpoffer" title="SED Group Offer">
<t> The list of peer organizations whose resolution responses
can include the session establishment information contained
in a given SED Group is controlled by the organization to
which a SED Group object belongs (its Registrant), and the
peer organization that submits resolution requests (a data
recipient, also know as a peering organization). The
Registrant offers access to a SED Group by submitting a SED
Group Offer. The data recipient can then accept or reject
that offer. Not until access to a SED Group has been offered
and accepted will the data recipient's organization ID be
included in the peeringOrg list in a SED Group object, and
that SED Group's peering information become a candidate for
inclusion in the responses to the resolution requests
submitted by that data recipient. The transport protocol
MUST support the ability to Create, Modify, Get, Delete,
Accept and Reject SED Group Offers (refer the "Framework
Operations" section of this document for a generic
description of various operations).</t>
<t> A SED Group Offer object MUST be uniquely identified by
attributes as defined in the description of
"SedGrpOfferKeyType" in the section "Derived Object Key
Types" of this document.</t>
<t> The SedGrpOfferType object structure is defined as
follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="SedGrpOfferType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpOfferKey" type="sppfb:SedGrpOfferKeyType"/>
<element name="status" type="sppfb:SedGrpOfferStatusType"/>
<element name="offerDateTime" type="dateTime"/>
<element name="acceptDateTime" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedGrpOfferKeyType" abstract="true">
<annotation>
<documentation>
-- Generic type that represents the key for a SED group offer. Must
be defined in concrete form in the transport specification. --
</documentation>
</annotation>
</complexType>
<simpleType name="SedGrpOfferStatusType">
<restriction base="token">
<enumeration value="offered"/>
<enumeration value="accepted"/>
</restriction>
</simpleType>
]]></artwork>
</figure>
</t>
<t>The SedGrpOfferType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend BasicObjType (see
<xref target="BasicObjType"></xref>).</t>
<t> sedGrpOfferKey: The object that identifies the SED
that is or has been offered and the organization that it
is or has been offered to.</t>
<t> status: The status of the offer, offered or accepted.
The server controls the status. It is automatically set
to "offered" when ever a new SED Group Offer is added,
and is automatically set to "accepted" if and when that
offer is accepted. The value of the element is ignored
when passed in by the client. </t>
<t> offerDateTime: Date and time in UTC when the SED Group
Offer was added. </t>
<t> acceptDateTime: Date and time in UTC when the SED
Group Offer was accepted. </t>
</list>
</t>
</section>
<section anchor="egressRte" title="Egress Route">
<t>In a high-availability environment, the originating SSP
likely has more than one egress path to the ingress SBE of
the target SSP. If the originating SSP wants to exercise
greater control and choose a specific egress SBE to be
associated to the target ingress SBE, it can do so using the
EgrRteType object.</t>
<t> An Egress Route object MUST be uniquely identified by
attributes as defined in the description of "ObjKeyType" in
the section "Generic Object Key Type" of this document.</t>
<t>Lets assume that the target SSP has offered as part of his
session establishment data, to share one or more ingress
routes and that the originating SSP has accepted the offer.
In order to add the egress route to the Registry, the
originating SSP uses a valid regular expression to rewrite
ingress route in order to include the egress SBE
information. Also, more than one egress route can be
associated with a given ingress route in support of
fault-tolerant configurations. The supporting SPPF structure
provides a way to include route precedence information to
help manage traffic to more than one outbound egress
SBE.</t>
<t>The transport protocol MUST support the ability to Add,
Modify, Get, and Delete Egress Routes (refer the "Framework
Operations" section of this document for a generic
description of various operations). The EgrRteType object
structure is defined as follows: </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<complexType name="EgrRteType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="egrRteName" type="sppfb:ObjNameType"/>
<element name="pref" type="unsignedShort"/>
<element name="regxRewriteRule" type="sppfb:RegexParamType"/>
<element name="ingrSedGrp" type="sppfb:ObjKeyType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="svcs" type="sppfb:SvcType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
]]></artwork>
</figure>
</t>
<t>The EgrRteType object is composed of the following
elements: <list style="symbols" hangIndent="5">
<t> base: All first class objects extend BasicObjType (see
<xref target="BasicObjType"></xref>).</t>
<t> egrRteName: The name of the egress route. </t>
<t> pref: The preference of this egress route relative to
other egress routes that may get selected when
responding to a resolution request.</t>
<t> regxRewriteRule: The regular expression re-write rule
that should be applied to the regular expression of the
ingress NAPTR(s) that belong to the ingress route.</t>
<t> ingrSedGrp: The ingress SED group that the egress
route should be used for. </t>
<t> svcs: ENUM service(s) that are served by an Egress
Route. This element is used to identify the ingress
NAPTRs associated with the SED Group to which an Egress
Route's regxRewriteRule should be applied. If no ENUM
service(s) are associated with an Egress Route, then the
Egress Route's regxRewriteRule should be applied to all
the NAPTRs associated with the SED Group. This field's
value must be of the form specified in [RFC6116] (e.g.,
E2U+pstn:sip+sip). The allowable values are a matter of
policy and not limited by this protocol.</t>
<t> ext: Point of extensibility described in <xref
target="extensibility"/>.</t>
</list>
</t>
</section>
</section>
<section anchor="protocol_oper" title="Framework Operations">
<t>In addition to the operation specific object types, all operations
MAY specify the minor version of the protocol that when used
in conjunction with the major version (that can be for instance
specified in the protocol namespace) can serve to identify the
version of the SPPF protocol that the client is using. If the minor
version is not specified, the latest minor version supported by the
SPPF server for the given major version will be used.
Additionally, operations that may potentially modify persistent
protocol objects SHOULD include a transaction ID as well.
</t>
<section anchor="add_oper" title="Add Operation">
<t>Any conforming transport protocol specification MUST
provide a definition for the operation that adds one or more
SPPF objects into the Registry. If the object, as identified
by the request attributes that form part of the object's
key, does not exist, then the Registry MUST create the
object. If the object does exist, then the Registry MUST
replace the current properties of the object with the
properties passed in as part of the Add operation.</t>
<t> If the entity that issued the command is not authorized to
perform this operation an appropriate error message MUST be
returned from amongst the response messages defined in
"Response Message Types" section of the document.</t>
</section>
<section anchor="del_oper" title="Delete Operation">
<t> Any conforming transport protocol specification MUST
provide a definition for the operation that deletes one or
more SPPF objects from the Registry using the object's key. </t>
<t>If the entity that issued the command is not authorized to
perform this operation an appropriate error message MUST be
returned from amongst the response messages defined in
"Response Message Types" section of the document.</t>
<t>When an object is deleted, any references to that object
must of course also be removed as the SPPF server
implementation fulfills the deletion request. Furthermore,
the deletion of a composite object must also result in the
deletion of the objects it contains. As a result, the
following rules apply to the deletion of SPPF object types:
<list style="symbols" hangIndent="5">
<t> Destination Groups: When a destination group is
deleted any references between that destination
group and any SED group must be automatically removed by
the SPPF implementation as part of fulfilling the
deletion request. Similarly, any references between that
destination group and any Public Identifier must be removed
by the SPPF implementation as part of fulfilling the deletion request.</t>
<t> SED Groups: When a SED group is deleted any references
between that SED group and any destination group must be
automatically removed by the SPPF implementation as part
of fulfilling the deletion request. Similarly any
references between that SED group and any SED records
must be removed by the SPPF implementation as part of
fulfilling the deletion request. Furthermore, SED group
offers relating that SED group must also be deleted as
part of fulfilling the deletion request.</t>
<t> SED Records: When a SED record is deleted any
references between that SED record and any SED group
must be removed by the SPPF implementation as part of
fulfilling the deletion request. Similarly, any reference between
that SED record and any Public Identifier must be removed by the
SPPF implementation as part of fulfilling the deletion request.</t>
<t> Public Identifiers: When a public identifier is
deleted any references between that public identifier
and any referenced destination group must be removed by
the SPPF implementation as part of fulfilling the
deletion request. Any references to SED records associated directly
to that Public Identifier must also be deleted by the
SPPF implementation as part of fulfilling the deletion
request.</t>
</list>
</t>
</section>
<section anchor="get_oper" title="Get Operations">
<t> At times, on behalf of the Registrant, the Registrar may
need to get information about SPPF objects that were
previously provisioned in the Registry. A few examples
include logging, auditing, and pre-provisioning dependency
checking. This query mechanism is limited to aid
provisioning scenarios and should not be confused with query
protocols provided as part of the resolution system (e.g.
ENUM and SIP). </t>
<t>Any conforming "protocol" specification MUST provide a
definition for the operation that queries the details of one
or more SPPF objects from the Registry using the object's
key. If the entity that issued the command is not authorized
to perform this operation an appropriate error message MUST
be returned from amongst the response messages defined in
<xref target="responseMessages"></xref>.</t>
<t>If the response to the Get operation includes object(s)
that extend the BasicObjType, the Registry MUST include the
'cDate' and 'mDate', if applicable. </t>
</section>
<section anchor="accept_oper" title="Accept Operations">
<t> In SPPF, a SED Group Offer can be accepted or rejected by,
or on behalf of, the Registrant to whom the SED Group has
been offered (refer "Framework Data Model Objects" section
of this document for a description of the SED Group Offer
object). The Accept operation is used to accept the SED
Group Offers. Any conforming transport protocol
specification MUST provide a definition for the operation to
accept SED Group Offers by, or on behalf of the Registrant,
using the SED Group Offer object key.</t>
<t>Not until access to a SED Group has been offered and
accepted will the Registrant's organization ID be included
in the peeringOrg list in that SED Group object, and that
SED Group's peering information become a candidate for
inclusion in the responses to the resolution requests
submitted by that Registrant. A SED Group Offer that is in
the "offered" status is accepted by, or on behalf of, the
Registrant to which it has been offered. When the SED Group
Offer is accepted the the SED Group Offer is moved to the
"accepted" status and adds that data recipient's
organization ID into the list of peerOrgIds for that SED
Group.</t>
<t>If the entity that issued the command is not authorized to
perform this operation an appropriate error message MUST be
returned from amongst the response messages defined in
"Response Message Types" section of the document.</t>
</section>
<section anchor="reject_oper" title="Reject Operations">
<t> In SPPF, a SED Group Offer object can be accepted or
rejected by, or on behalf of, the Registrant to whom the SED
Group has been offered (refer "Framework Data Model Objects"
section of this document for a description of the SED Group
Offer object). Furthermore, that offer may be rejected,
regardless of whether or not it has been previously
accepted. The Reject operation is used to reject the SED
Group Offers. When the SED Group Offer is rejected that SED
Group Offer is deleted, and, if appropriate, the data
recipient's organization ID is removed from the list of
peeringOrg IDs for that SED Group. Any conforming transport
protocol specification MUST provide a definition for the
operation to reject SED Group Offers by, or on behalf of the
Registrant, using the SED Group Offer object key.</t>
<t>If the entity that issued the command is not authorized to
perform this operation an appropriate error message MUST be
returned from amongst the response messages defined in
"Response Message Types" section of the document. </t>
</section>
<section anchor="server_status_menu_opr"
title="Get Server Details Operation">
<t> In SPPF, Get Server Details operation can be used to
request certain details about the SPPF server that include
the SPPF server's current status, the major/minor version of
the SPPF protocol supported by the SPPF server. </t>
<t>Any conforming transport protocol specification MUST
provide a definition for the operation to request such
details from the SPPF server. If the entity that issued the
command is not authorized to perform this operation an
appropriate error message MUST be returned from amongst the
response messages defined in "Response Message Types"
section of the document. </t>
</section>
</section>
<section anchor="xmlconsiderations" title="XML Considerations">
<t> XML serves as the encoding format for SPPF, allowing complex
hierarchical data to be expressed in a text format that can be
read, saved, and manipulated with both traditional text tools
and tools specific to XML. <vspace blankLines="1"/> XML is
case sensitive. Unless stated otherwise, XML specifications
and examples provided in this document MUST be interpreted in
the character case presented to develop a conforming
implementation. <vspace blankLines="1"/> This section
discusses a small number of XML-related considerations
pertaining to SPPF. </t>
<section anchor="namespaces" title="Namespaces">
<t> All SPPF elements are defined in the namespaces in the
IANA Considerations section and in the Formal Framework
Specification section of this document. </t>
</section>
<section anchor="versioning"
title="Versioning and Character Encoding">
<t> All XML instances SHOULD begin with an
<![CDATA[ <?xml?> ]]> declaration to identify the version of
XML that is being used, optionally identify use of the
character encoding used, and optionally provide a hint to an
XML parser that an external schema file is needed to
validate the XML instance. <vspace blankLines="1"/>
Conformant XML parsers recognize both UTF-8 (defined in
<xref target="RFC3629"/>) and UTF-16 (defined in <xref
target="RFC2781"/>); per <xref target="RFC2277"/> UTF-8 is
the RECOMMENDED character encoding for use with SPPF. </t>
<t> Character encodings other than UTF-8 and UTF-16 are
allowed by XML. UTF-8 is the default encoding assumed by XML
in the absence of an "encoding" attribute or a byte order
mark (BOM); thus, the "encoding" attribute in the XML
declaration is OPTIONAL if UTF-8 encoding is used. SPPF
clients and servers MUST accept a UTF-8 BOM if present,
though emitting a UTF-8 BOM is NOT RECOMMENDED. </t>
<t> Example XML declarations: <vspace blankLines="1"
/><![CDATA[ <?xml version="1.0" encoding="UTF-8" standalone="no"?>]]></t>
</section>
</section>
<section anchor="securityconsiderations"
title="Security Considerations">
<t>Many SPPF implementations manage data that is considered
confidential and critical. Furthermore, SPPF implementations
can support provisioning activities for multiple Registrars
and Registrants. As a result any SPPF implementation must
address the requirements for confidentiality, authentication,
and authorization.</t>
<section anchor="confidentialityandauthentication"
title="Confidentiality and Authentication">
<t>With respect to confidentiality and authentication, the
transport protocol requirements section of this document
contains security properties that the transport protocol
must provide so that authenticated endpoints can exchange
data confidentially and with integrity protection. Refer to
that section and the resulting transport protocol
specification document for the specific solutions to
authentication and confidentiality.</t>
</section>
<section anchor="authorizationsecurity" title="Authorization">
<t>With respect to authorization, the SPPF server
implementation must define and implement a set of
authorization rules that precisely address (1) which
Registrars will be authorized to create/modify/delete each
SPPF object type for given Registrant(s) and (2) which
Registrars will be authorized to view/get each SPPF object
type for given Registrant(s). These authorization rules are
a matter of policy and are not specified within the context
of SPPF. However, any SPPF implementation must specify these
authorization rules in order to function in a reliable and
safe manner.</t>
</section>
<section anchor="denialofservice" title="Denial of Service">
<t>Guidance on Denial-of-Service (DoS) issues in general is
given in <xref target="RFC4732"/>, "Internet Denial of
Service Considerations", which also gives a general
vocabulary for describing the DoS issue.</t>
<t>SPPF is a high-level client-server protocol that can be
implemented on lower-level mechanisms such as remote
procedure call and web-service API protocols. As such, it
inherits any Denial-of-Service issues inherent to the
specific lower-level mechanism used for any implementation
of SPPF. SPPF also has its own set of higher-level exposures
that are likely to be independent of lower-layer mechanism
choices. </t>
<section anchor="dosinheritedfromtransport"
title="DoS Issues Inherited from Transport Mechanism">
<t>SPPF implementation is in general dependent on the
selection and implementation of a lower-level transport
protocol and a binding between that protocol and SPPF. The
archetypal SPPF implementation uses XML
(http://www.w3.org/TR/xml/) representation in a SOAP
(http://www.w3.org/TR/soap/) request/response framework
over HTTP (<xref target="RFC2616"/>), and probably also
uses TLS (<xref target="RFC5246"/>) for on-the wire data
integrity and participant authentication, and might use
HTTP Digest authentication (<xref target="RFC2609"/>).</t>
<t>The typical deployment scenario for SPPF is to have
servers in a managed facility, and therefore techniques
such as Network Ingress Filtering (<xref target="RFC2609"
/>) are generally applicable. In short, any DoS mechanism
affecting a typical HTTP implementation would affect such
an SPPF implementation, and the mitigation tools for HTTP
in general also therefore apply to SPPF.</t>
<t>SPPF does not directly specify an authentication
mechanism, instead relying on the lower-level transport
protocol to provide for authentication. In general,
authentication is an expensive operation, and one apparent
attack vector is to flood an SPPF server with repeated
requests for authentication, thereby exhausting its
resources. SPPF implementations SHOULD therefore be
prepared to handle authentication floods, perhaps by
noting repeated failed login requests from a given source
address and blocking that source address. </t>
</section>
<section anchor="dosspecifictosppf"
title="DoS Issues Specific to SPPF">
<t>The primary defense mechanism against DoS within SPPF is
authentication. Implementations MUST tightly control
access to the SPPF service, SHOULD implement DoS and other
policy control screening, and MAY employ a variety of
policy violation reporting and response measures such as
automatic blocking of specific users and alerting of
operations personnel. In short, the primary SPPF response
to DoS-like activity by a user is to block that user or
subject their actions to additional review.</t>
<t>SPPF allows a client to submit multiple-element or
"batch" requests that may insert or otherwise affect a
large amount of data with a single request. In the
simplest case, the server progresses sequentially through
each element in a batch, completing one and before
starting the next. Mid-batch failures are handled by
stopping the batch and rolling-back the data store to its
pre-request state. This "stop and roll-back" design
provides a DoS opportunity. A hostile client could
repeatedly issue large batch requests with one or more
failing elements, causing the server to repeatedly stop
and roll-back large transactions. The suggested response
is to monitor clients for such failures, and take
administrative action (such as blocking the user) when an
excessive number of roll-backs is reported.</t>
<t>An additional suggested response is for an implementer to
set their maximum allowable XML message size, and their
maximum allowable batch size at a level that they feel
protects their operational instance, given the hardware
sizing they have in place and the expected load and size
needs that their users expect. </t>
</section>
</section>
<section anchor="informationdisclosure"
title="Information Disclosure">
<t>It is not uncommon for the logging systems to document
on-the-wire messages for various purposes, such as, debug,
audit, and tracking. At the minimum, the various support and
administration staff will have access to these logs. Also,
if an unprivileged user gains access to the SPPF deployments
and/or support systems, it will have access to the
information that is potentially deemed confidential. To
manage information disclosure concerns beyond the transport
level, SPPF implementations MAY provide support for
encryption at the SPPF object level. </t>
</section>
<section anchor="nonrepudiation" title="Non Repudiation">
<t>In some situations, it may be required to protect against
denial of involvement (see <xref target="RFC4949"/>) and
tackle non-repudiation concerns in regards to SPPF messages.
This type of protection is useful to satisfy authenticity
concerns related to SPPF messages beyond the end-to-end
connection integrity, confidentiality, and authentication
protection that the transport layer provides. This is an
optional feature and some SPPF implementations MAY provide
support for it. </t>
</section>
<section anchor="replay" title="Replay Attacks">
<t>Anti-replay protection ensures that a given SPPF object
replayed at a later time doesn't affect the integrity of the
system. SPPF provides at least one mechanism to fight
against replay attacks. Use of the optional client
transaction identifier allows the SPPF client to correlate
the request message with the response and to be sure that it
is not a replay of a server response from earlier exchanges.
Use of unique values for the client transaction identifier
is highly encouraged to avoid chance matches to a potential
replay message. </t>
</section>
<section anchor="maninthemiddle" title="Man in the Middle">
<t>The SPPF client or Registrar can be a separate entity
acting on behalf of the Registrant in facilitating
provisioning transactions to the Registry. Further, the
transport layer provides end-to-end connection protection
between SPPF client and the SPPF server. Therefore,
man-in-the-middle attack is a possibility that may affect
the integrity of the data that belongs to the Registrant
and/or expose peer data to unintended actors in case
well-established peering relationships already exist. </t>
</section>
</section>
<section anchor="i18n" title="Internationalization Considerations">
<t>Character encodings to be used for SPPF elements are
described in <xref target="versioning"/>. The use of time
elements in the protocol is specified in <xref
target="timestamp"/>. Where human-readable languages are
used in the protocol, those messages SHOULD be tagged
according to <xref target="RFC5646"/>, and the transport
protocol MUST support a respective mechanism to transmit such
tags together with those human-readable messages. If tags are
absent, the language of the message defaults to "en"
(English). </t>
</section>
<section anchor="IANA" title="IANA Considerations">
<section anchor="URN" title="URN Assignments">
<t>This document uses URNs to describe XML namespaces and XML
schemas conforming to a Registry mechanism described in <xref
target="RFC3688"/>. </t>
<t>Two URI assignments are requested. <vspace blankLines="1"/>
Registration request for the SPPF XML namespace: <vspace
blankLines="0"/> urn:ietf:params:xml:ns:sppf:base:1 <vspace
blankLines="0"/> Registrant Contact: IESG <vspace
blankLines="0"/> XML: None. Namespace URIs do not represent
an XML specification. </t>
<t>Registration request for the XML schema: <vspace
blankLines="0"/> URI: urn:ietf:params:xml:schema:sppf:1
<vspace blankLines="0"/> Registrant Contact: IESG <vspace
blankLines="0"/> XML: See the "Formal Specification" section
of this document (<xref target="formalspecification"/>).
</t>
</section>
<section anchor="ORG_ID" title="Organization Identifier Namespace Registry">
<t>IANA is requested to create and maintain a Registry entitled
"SPPF OrgIdType Namespaces". Strings used as OrgIdType Namespace
identifiers MUST conform to the following syntax in the Augmented
Backus-Naur Form (ABNF) <xref target="RFC5234"/></t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
namespace = ALPHA * (ALPHA/DIGIT/"-")]]></artwork>
</figure>
</t>
<t>Assignments consist of the OrgIdType namespace string, and the
definition of the associated namespace. This document makes the
following initial assignment for the OrgIdType Namespaces:</t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
OrgIdType namespace string Namespace
-------------------------- ---------
IANA Enterprise Numbers iana-en]]></artwork>
</figure>
</t>
<t>Future assignments are to be made through the well known IANA
Policy "RFC Required" (see section 4.1 of <xref target="RFC5226"/>)</t>
</section>
</section>
<section anchor="formalspecification" title="Formal Specification">
<t> This section provides the draft XML Schema Definition for
SPPF Protocol. </t>
<t>
<figure title="">
<artwork align="left"><![CDATA[
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns:sppfb="urn:ietf:params:xml:ns:sppf:base:1"
xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:ietf:params:xml:ns:sppf:base:1"
elementFormDefault="qualified" xml:lang="EN">
<annotation>
<documentation>
---- Generic Object key types to be defined by specific
Transport/Architecture. The types defined here can
be extended by the specific architecture to
define the Object Identifiers ----
</documentation>
</annotation>
<complexType name="ObjKeyType"
abstract="true">
<annotation>
<documentation>
---- Generic type that represents the
key for various objects in SPPF. ----
</documentation>
</annotation>
</complexType>
<complexType name="SedGrpOfferKeyType" abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
---- Generic type that represents
the key for a SED group offer. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
<complexType name="PubIdKeyType" abstract="true">
<complexContent>
<extension base="sppfb:ObjKeyType">
<annotation>
<documentation>
----Generic type that
represents the key
for a Pub Id. ----
</documentation>
</annotation>
</extension>
</complexContent>
</complexType>
<annotation>
<documentation>
---- Object Type Definitions ----
</documentation>
</annotation>
<complexType name="SedGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpName" type="sppfb:ObjNameType"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="peeringOrg" type="sppfb:OrgIdType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="sourceIdent" type="sppfb:SourceIdentType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="isInSvc" type="boolean"/>
<element name="priority" type="unsignedShort"/>
<element name="ext"
type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="DestGrpType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName"
type="sppfb:ObjNameType"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="PubIdType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="dgName" type="sppfb:ObjNameType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="TNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
<element name="sedRecRef" type="sppfb:SedRecRefType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="TNRType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="range" type="sppfb:NumberRangeType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="TNPType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="tnPrefix" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="RNType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="rn" type="sppfb:NumberValType"/>
<element name="corInfo" type="sppfb:CORInfoType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="URIPubIdType">
<complexContent>
<extension base="sppfb:PubIdType">
<sequence>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedRecType" abstract="true">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedName" type="sppfb:ObjNameType"/>
<element name="sedFunction" type="sppfb:SedFunctionType"
minOccurs="0"/>
<element name="isInSvc" type="boolean"/>
<element name="ttl" type="positiveInteger" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NAPTRType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="order" type="unsignedShort"/>
<element name="flags" type="sppfb:FlagsType" minOccurs="0"/>
<element name="svcs" type="sppfb:SvcType"/>
<element name="regx" type="sppfb:RegexParamType" minOccurs="0"/>
<element name="repl" type="sppfb:ReplType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NSType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="hostName" type="token"/>
<element name="ipAddr" type="sppfb:IPAddrType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="URIType">
<complexContent>
<extension base="sppfb:SedRecType">
<sequence>
<element name="ere" type="token" default="^(.*)$"/>
<element name="uri" type="anyURI"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="SedGrpOfferType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="sedGrpOfferKey" type="sppfb:SedGrpOfferKeyType"/>
<element name="status" type="sppfb:SedGrpOfferStatusType"/>
<element name="offerDateTime" type="dateTime"/>
<element name="acceptDateTime" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="EgrRteType">
<complexContent>
<extension base="sppfb:BasicObjType">
<sequence>
<element name="egrRteName" type="sppfb:ObjNameType"/>
<element name="pref" type="unsignedShort"/>
<element name="regxRewriteRule" type="sppfb:RegexParamType"/>
<element name="ingrSedGrp" type="sppfb:ObjKeyType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="svcs" type="sppfb:SvcType" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<annotation>
<documentation>
---- Abstract Object and Element Type Definitions ----
</documentation>
</annotation>
<complexType name="BasicObjType" abstract="true">
<sequence>
<element name="rant" type="sppfb:OrgIdType"/>
<element name="rar" type="sppfb:OrgIdType"/>
<element name="cDate" type="dateTime" minOccurs="0"/>
<element name="mDate" type="dateTime" minOccurs="0"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="RegexParamType">
<sequence>
<element name="ere" type="sppfb:RegexType" default="^(.*)$"/>
<element name="repl" type="sppfb:ReplType"/>
</sequence>
</complexType>
<complexType name="IPAddrType">
<sequence>
<element name="addr" type="sppfb:AddrStringType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
<attribute name="type" type="sppfb:IPType" default="v4"/>
</complexType>
<complexType name="SedRecRefType">
<sequence>
<element name="sedKey" type="sppfb:ObjKeyType"/>
<element name="priority" type="unsignedShort"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="SourceIdentType">
<sequence>
<element name="sourceIdentRegex" type="sppfb:RegexType"/>
<element name="sourceIdentScheme"
type="sppfb:SourceIdentSchemeType"/>
<element name="ext" type="sppfb:ExtAnyType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="CORInfoType">
<sequence>
<element name="corClaim" type="boolean" default="true"/>
<element name="cor" type="boolean" default="false" minOccurs="0"/>
<element name="corDate" type="dateTime" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="SvcMenuType">
<sequence>
<element name="serverStatus" type="sppfb:ServerStatusType"/>
<element name="majMinVersion" type="token" maxOccurs="unbounded"/>
<element name="objURI" type="anyURI" maxOccurs="unbounded"/>
<element name="extURI" type="anyURI"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="ExtAnyType">
<sequence>
<any namespace="##other" maxOccurs="unbounded"/>
</sequence>
</complexType>
<simpleType name="FlagsType">
<restriction base="token">
<length value="1"/>
<pattern value="[A-Z]|[a-z]|[0-9]"/>
</restriction>
</simpleType>
<simpleType name="SvcType">
<restriction base="token">
<minLength value="1"/>
</restriction>
</simpleType>
<simpleType name="RegexType">
<restriction base="token">
<minLength value="1"/>
</restriction>
</simpleType>
<simpleType name="ReplType">
<restriction base="token">
<minLength value="1"/>
<maxLength value="255"/>
</restriction>
</simpleType>
<simpleType name="OrgIdType">
<restriction base="token"/>
</simpleType>
<simpleType name="ObjNameType">
<restriction base="token">
<minLength value="3"/>
<maxLength value="80"/>
</restriction>
</simpleType>
<simpleType name="TransIdType">
<restriction base="token">
<minLength value="3"/>
<maxLength value="120"/>
</restriction>
</simpleType>
<simpleType name="MinorVerType">
<restriction base="unsignedLong"/>
</simpleType>
<simpleType name="AddrStringType">
<restriction base="token">
<minLength value="3"/>
<maxLength value="45"/>
</restriction>
</simpleType>
<simpleType name="IPType">
<restriction base="token">
<enumeration value="v4"/>
<enumeration value="v6"/>
</restriction>
</simpleType>
<simpleType name="SourceIdentSchemeType">
<restriction base="token">
<enumeration value="uri"/>
<enumeration value="ip"/>
<enumeration value="rootDomain"/>
</restriction>
</simpleType>
<simpleType name="ServerStatusType">
<restriction base="token">
<enumeration value="inService"/>
<enumeration value="outOfService"/>
</restriction>
</simpleType>
<simpleType name="SedGrpOfferStatusType">
<restriction base="token">
<enumeration value="offered"/>
<enumeration value="accepted"/>
</restriction>
</simpleType>
<simpleType name="NumberValType">
<restriction base="token">
<maxLength value="20"/>
<pattern value="\+?\d\d*"/>
</restriction>
</simpleType>
<simpleType name="NumberTypeEnum">
<restriction base="token">
<enumeration value="TN"/>
<enumeration value="TNPrefix"/>
<enumeration value="RN"/>
</restriction>
</simpleType>
<simpleType name="SedFunctionType">
<restriction base="token">
<enumeration value="routing"/>
<enumeration value="lookup"/>
</restriction>
</simpleType>
<complexType name="NumberType">
<sequence>
<element name="value" type="sppfb:NumberValType"/>
<element name="type" type="sppfb:NumberTypeEnum"/>
</sequence>
</complexType>
<complexType name="NumberRangeType">
<sequence>
<element name="startRange" type="sppfb:NumberValType"/>
<element name="endRange" type="sppfb:NumberValType"/>
</sequence>
</complexType>
</schema>
]]></artwork>
</figure>
</t>
</section>
<section title="Acknowledgments">
<t>This document is a result of various discussions held in the
DRINKS working group and within the DRINKS protocol design
team, with contributions from the following individuals, in
alphabetical order: Alexander Mayrhofer, David Schwartz,
Deborah A Guyton, Lisa Dusseault, Manjul Maharishi, Mickael
Marrache, Otmar Lendl, Richard Shockey, Samuel Melloul,
Sumanth Channabasappa, Syed Ali, Vikas Bhatia, and Jeremy
Barkan</t>
</section>
</middle>
<back>
<references title="Normative References"> &rfc2119; &rfc2277;
&rfc3629; &rfc3688; &rfc3986; &rfc5234; &rfc5067; &rfc4949;
&rfc5226;</references>
<references title="Informative References"> &rfc2616; &rfc4732;
&rfc5246; &rfc2609; &rfc6461; &rfc5321; &rfc3261; &rfc6116;
&rfc4725; &rfc5486; &rfc2781; &rfc5646; &rfc3761; &rfc3403;
<reference anchor="Unicode6.1">
<front>
<title>The Unicode Standard - Version 6.1</title>
<author>
<organization>The Unicode Consortium</organization>
</author>
<date month="January" year="2012" />
</front>
<seriesInfo name="Unicode" value="6.1" />
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 14:44:03 |