One document matched: draft-schulzrinne-ecrit-unauthenticated-access-01.xml
<?xml version="1.0"?>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="no"?>
<?rfc iprnotified="no" ?>
<?rfc strict="no" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="yes" ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY I-D.ietf-geopriv-http-location-delivery PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-http-location-delivery.xml'>
<!ENTITY I-D.ietf-ecrit-lost PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-lost.xml'>
<!ENTITY I-D.ietf-geopriv-l7-lcp-ps PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-l7-lcp-ps.xml'>
<!ENTITY I-D.ietf-sip-location-conveyance PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sip-location-conveyance.xml'>
<!ENTITY I-D.ietf-ecrit-framework PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-framework.xml'>
<!ENTITY I-D.marshall-geopriv-lbyr-requirements PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.marshall-geopriv-lbyr-requirements.xml'>
<!ENTITY I-D.ietf-ecrit-service-urn PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-service-urn.xml'>
<!ENTITY I-D.ietf-ecrit-mapping-arch PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-mapping-arch.xml'>
<!ENTITY RFC4776 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4776.xml'>
<!ENTITY RFC3825 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3825.xml'>
<!ENTITY RFC4119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4119.xml'>
<!ENTITY I-D.ietf-geopriv-pdif-lo-profile PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-pdif-lo-profile.xml'>
<!ENTITY I-D.ietf-geopriv-revised-civic-lo PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-revised-civic-lo.xml'>
<!ENTITY I-D.ietf-ecrit-requirements PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-requirements.xml'>
<!ENTITY I-D.ietf-ecrit-phonebcp PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-phonebcp.xml'>
<!ENTITY I-D.ietf-ecrit-security-threats PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-security-threats.xml'>
<!ENTITY I-D.schulzrinne-ecrit-location-hiding-requirements PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.schulzrinne-ecrit-location-hiding-requirements.xml'>
<!ENTITY RFC3361 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3361.xml'>
<!ENTITY RFC3319 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3319.xml'>
<!ENTITY RFC3261 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3261.xml'>
<!ENTITY I-D.ietf-sip-gruu PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sip-gruu.xml'>
<!ENTITY I-D.rosen-iptel-dialstring PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.rosen-iptel-dialstring.xml'>
<!ENTITY I-D.ietf-sipping-toip PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sipping-toip.xml'>
<!ENTITY RFC2396 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2396.xml'>
<!ENTITY RFC3264 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3264.xml'>
<!ENTITY RFC3550 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3550.xml'>
<!ENTITY RFC3551 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3551.xml'>
<!ENTITY RFC3428 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3428.xml'>
<!ENTITY RFC4103 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4103.xml'>
<!ENTITY RFC3984 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3984.xml'>
<!ENTITY RFC3920 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3920.xml'>
<!ENTITY I-D.tschofenig-ecrit-architecture-overview PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.tschofenig-ecrit-architecture-overview.xml'>
<!ENTITY I-D.winterbottom-geopriv-held-identity-extensions PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.winterbottom-geopriv-held-identity-extensions.xml'>
<!ENTITY I-D.winterbottom-geopriv-lis2lis-req PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.winterbottom-geopriv-lis2lis-req.xml'>
<!ENTITY RFC2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY I-D.barnes-geopriv-lo-sec PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.barnes-geopriv-lo-sec.xml'>
<!ENTITY I-D.winterbottom-geopriv-deref-protocol PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.winterbottom-geopriv-deref-protocol.xml'>
]>
<rfc category="std" ipr="full3978" docName="draft-schulzrinne-ecrit-unauthenticated-access-01.txt">
<front>
<title abbrev="Unauthenticated Emergency Service">Extensions to the Emergency Services
Architecture for dealing with Unauthenticated and Unauthorized Devices</title>
<author initials="H." surname="Schulzrinne" fullname="Henning Schulzrinne">
<organization>Columbia University</organization>
<address>
<postal>
<street>Department of Computer Science</street>
<street>450 Computer Science Building</street>
<city>New York</city>
<region>NY</region>
<code>10027</code>
<country>US</country>
</postal>
<phone>+1 212 939 7004</phone>
<email>hgs+ecrit@cs.columbia.edu</email>
<uri>http://www.cs.columbia.edu</uri>
</address>
</author>
<author fullname="Stephen McCann" initials="S." surname="McCann">
<organization>Siemens/Roke Manor Research</organization>
<address>
<email>stephen.mccann@roke.co.uk</email>
</address>
</author>
<author fullname="Gabor Bajko" initials="G." surname="Bajko">
<organization>Nokia</organization>
<address>
<email>Gabor.Bajko@nokia.com</email>
</address>
</author>
<author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
<organization abbrev="Nokia Siemens Networks">Nokia Siemens Networks</organization>
<address>
<postal>
<street>Otto-Hahn-Ring 6</street>
<city>Munich</city>
<region>Bavaria</region>
<code>81739</code>
<country>Germany</country>
</postal>
<email>Hannes.Tschofenig@nsn.com</email>
<uri>http://www.tschofenig.com</uri>
</address>
</author>
<date year="2007"/>
<area>Real-time Applications and Infrastructure</area>
<workgroup>ECRIT</workgroup>
<keyword>Internet-Draft</keyword>
<abstract>
<t>The IETF emergency services architecture assumes that access to a network has already
happened using the traditional network access authentication procedures or that no
authentication for network access is needed (e.g., in case of public hotspots). Subsequent
protocol interactions, such as obtaining location information, learning the address of the
Public Safety Answering Point (PSAP) and the emergency call itself are largely decoupled
from the underlying network access procedures.</t>
<t>There are, however, cases where a device is not in possession of credentials for network
access, does not have a VoIP provider, or where the credentials are available but became
invalid due to various reasons (e.g., credit exhaustion, expired accounts, etc.). </t>
<t>This document provides a problem statement, introduces terminology and describes an
extension for the base IETF emergency services architecture.</t>
</abstract>
</front>
<middle>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="introduction" title="Introduction">
<t> Summoning police, the fire department or an ambulance in emergencies is one of the
fundamental and most-valued functions of the telephone. As telephone functionality moves
from circuit-switched telephony to Internet telephony, its users rightfully expect that this
core functionality will continue to work at least as well as it has for the older
technology. New devices and services are being made available that could be used to make a
request for help, which are not traditional telephones, and users are increasingly expecting
them to be used to place emergency calls. </t>
<t>Based on the communication model of the Session Initiation Protocol (SIP) as excercised in
the IETF it is not necessary to deploy SIP entities in access networks (or associated to
them). Instead, VoIP provider may deploy their SIP entities at any place on the Internet.
The IETF emergency services architecture acknowledges this deployment model and even goes a
step further by recognizing that there are potentially other, non-SIP VoIP providers, that
might want to offer emergency service support to their customers. Hence, the interaction
between a SIP User Agent and its VoIP provider does not need to be standardized although
<xref target="I-D.ietf-ecrit-phonebcp"/> provides best current practise recommendations
regarding the usage of certain features as excercised in the case of SIP.</t>
<t>This flexibility has implications for the architecture, as briefly described in <xref
target="I-D.tschofenig-ecrit-architecture-overview"/>, but allows access networks to be
application layer agnostic. Furthermore, since the normal VoIP communication exchanges do
not traverse these entities in the access network it is quite likely that interoperability
problems will occur especially in an emergency case.</t>
<t>There are essentially three environments that need to be considered:</t>
<t>
<list style="numbers">
<t>The emergency caller does not credentials for access to the network but it still has
credentials for his VoIP provider. <vspace blankLines="1"/> This is often the case with
enterprise networks, home networks, or governmental networks. In other cases the user
might be able to obtain such credentials, for example in hotspots found in hotels, at
airports, and in many coffee shops. Unfortunately, users have to go through a lengthy
procedure (often involving captive portals) to obtain a temporary account in exchange of
money. In emergency situations it is certainly not desirable to let the user find their
way through a number of webpages and to type-in their credit card details. </t>
<t>The emergency caller has credentials for network access but does not have credentials
for a VoIP provider. This case is rather unlikely. </t>
<t>The emergency caller has credentials (for either network access or it's VoIP provider)
but they do not provide enough authorization to make a call. This use case essentially
refers to lack of authorization. Examples are: Insufficient credits, lack of a roaming
agreement (between visited network and home network), disabled account, and other
authorization failures. </t>
</list>
</t>
<t>Scenario (1) is the most likely scenario and the main focus of this document. </t>
<t>In all these cases it is not possible to place an emergency call as envisioned in the IETF
emergency services architecture, described in <xref target="I-D.ietf-ecrit-framework"/>.</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="A Warning Note">
<t>At the time of writing there is no regulation in place that demands the functionality
described in this memo. SDOs have started their work on this subject in a proactive fashion
in the anticipation that national regulation in some countries might demand this
functionality for a subset of network types.</t>
<t>There are also indications that the functionality of unauthenticated emergency calls in
today's cellular system (called SIM-less calls) in certain countries leads to a fair amount
of hoaks calls or test calls leading to overload situations at PSAPs.</t>
<t>As an example, Federal Office of Communications (OFCOM, Switzerland) provided statistics
about 112 calls in Switzerland from Jan. 1997 to Nov. 2001. Switzerland did not offer
SIM-less emergency calls except for almost a month in July 2000 where a significant increase
in hoaks and test calls was reported. As a consequence, the functionality was disabled
again. More details can be found in the panel presentations of the 3rd SDO Emergency
Services Workshop <xref target="esw07"/>.</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="terminology" title="Terminology">
<t>In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in RFC 2119 <xref target="RFC2119"/>.</t>
<t>This document introduces the following new terms: </t>
<t>
<list style="hanging">
<t hangText="Un-initialized Device:">
<vspace blankLines="1"/>A device without VoIP client software. <vspace blankLines="1"/>
</t>
<t hangText="Non-service-initialized Device:"><vspace blankLines="1"/> A device for which
there is no valid service contract with a provider of the services enumerated in
paragraph (a) of this section. Other terms: "un-activated", "un-provisioned”,
“unbranded”, “non-service-initialized” device. <vspace blankLines="1"/></t>
<t hangText="Unauthenticated Emergency Service:">
<vspace blankLines="1"/> The term "unauthenticated emergency services" refers to the
case where an emergency caller does not have credentials (e.g., no SIM card, no username
and password, no private key) to either attach to network or for usage with a VoIP
service or both. Still, the device is granted (limited) access to perform emergency
calling. It is important to differentiate between the unavailability of credentials for
network access and for VoIP access as the network provider and the VoIP provider are
often distinct entities and therefore the user might have different credentials with the
two. <vspace blankLines="1"/></t>
<t hangText="Unauthorized Emergency Service:">
<vspace blankLines="1"/> The term "unauthorized emergency services" refers to the case
where a device aims to attach to the network or to use a VoIP service but the
authorization procedure fails. The authorization step may fail as a consequence of
triggering different procedures (such as network access authentication or registration
at the VoIP providers registrar). Still, the device is granted (limited) access to
perform emergency calling. It is important to differentiate between network operator and
VoIP provider as they often refer to different parties and therefore the authorization
decision might be executed by a different backend infrastructure. <vspace blankLines="1"
/> Lack of authorization might be caused by a number of reasons, including credit
exhaustion, expired accounts, locked account, missing access rights (e.g., access to the
competitors enterprise network), etc. <vspace blankLines="1"/>
</t>
</list>
</t>
<t>This document reuses terminology from <xref target="I-D.ietf-geopriv-l7-lcp-ps"/> and <xref
target="I-D.ietf-ecrit-requirements"/>, namely Internet Access Provider (IAP), Internet
Service Provider (ISP), Application Service Provider (ASP), Voice Service Provider (VSP),
Emergency Service Routing Proxy (ESRP), Public Safety Answering Point (PSAP), Location
Configuration Server (LCS), (emergency) service dial string, and (emergency) service
identifier. </t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="architecture" title="Architecture">
<t>For unauthenticated emergency services support it is insufficient to provide mechanisms
only at the link layer in order to bypass authentication. A modification to the emergency
services architecture is necessary since the IAP and the ISP need to make sure that the
claimed emergency caller indeed performs an emergency call rather than using the network for
other purposes, and thereby acting fraudulent by skipping any authentication, authorization
and accounting procedures. Hence, without introducing some understanding of the specific
application the ISP (and consequently the IAP) will not be able to detect and filter
malicious activities. This leads to the architecture described in <xref target="arch-fig"/>
where the IAP needs to implement extensions to link layer procedures for unauthenticated
emergency service access and the ISP needs to deploy emergency services related entities
used for call routing, such as the Emergency Services Routing Proxy (ESRP), a Location
Configuration Server (LCS) and a mapping database.</t>
<t>On a very high-level, the interaction is as follows starting with the end host not being
attached to the network and the user starting to make an emergency call. </t>
<t>
<list style="symbols">
<!-- <t>With the exchange shown in (1) a link layer device, such as base stations and access
points, advertise their capability, for example using link layer beacons, to allow
unauthenticated emergency service network access. </t>
-->
<t>Some radio networks have added support for unauthenticated emergency access, some other
type of networks advertise these capabilities using layer beacons. The end host learns
about these unauthenticated emergency services capabilities either from the link layer
type or from advertisement. </t>
<t>The end host uses the link layer specific network attachment procedures defined for
unauthenticated network access in order to get access to emergency services.</t>
<!--
<t>The end host executes an EAP method that is suitable for unauthenticated network access
that does not require client-side authentication.</t>
-->
<t>When the link layer network attachment procedure is completed the end host learns basic
configuration information using DHCP from the ISP, including the address of the ESRP, as
shown in (2).</t>
<t>When the IP address configuration is completed then the SIP UA initiates a SIP INVITE
towards the indicated ESRP, as shown in (3). The INVITE message contains all the
necessary parameters required by <xref target="sip-client"/>.</t>
<t>The ESRP receives the INVITE and processes it according to the description in <xref
target="esrp-sip"/>. The location of the end host may need to be determined using a
protocol interaction shown in (4).</t>
<t>Potentially, an interaction between the LCS of the ISP and the LCS of the IAP may be
necessary, see (5).</t>
<t>Finally, the correct PSAP for the location of the end host has to be evaluated, see
(6).</t>
<t>The ESRP routes the call to the PSAP, as shown in (7).</t>
<t>The PSAP evaluates the initial INVITE and acts according to SIP and the description in
<xref target="psap-sip"/> in order to complete the call setup. </t>
<t>Finally, when the call setup is completed media traffic can be exchanged between the
PSAP operator and the emergency caller, according to <xref target="psap-media"/> and
<xref target="client-media"/>.</t>
</list>
</t>
<t>For editorial reasons the end-to-end SIP and media exchange between the PSAP and SIP UA are
not shown in <xref target="arch-fig"/>.</t>
<t>Two important aspects are worth to highlight: </t>
<t>
<list style="symbols">
<t>The IAP/ISP needs to understand the concept of emergency calls and the SIP profile
described in this document. No other VoIP protocol profile, such as XMPP, Skype, etc.,
are supported for emergency calls in this particular architecture. Other profiles may be
added in the future, but the deployment effort is enormous since they have to be
universally deployed. </t>
<t>The end host has no obligation to determine location information. It may attach
location information if it has location available (e.g., from a GPS receiver).</t>
</list>
</t>
<t><xref target="arch-fig"/> shows that the ISP needs to deploy SIP-based emergency services
functionality. It is important to note that the ISP itself may outsource the functionality
by simply providing access to them (e.g., it puts the IP address of an ESRP or a LoST server
into an allow-list). For editorial reasons this outsourcing is not shown.</t>
<t>
<figure anchor="arch-fig" title="Unauthenticated Emergency Services Architecture">
<artwork><![CDATA[
+---------------------------+
| |
| Emergency Network |
| Infrastructure |
| |
| +----------+ +----------+ |
| | PSAP | | ESRP | |
| | | | | |
| +----------+ +----------+ |
+-------------------^-------+
|
| (7)
+------------------------+-----------------------+
| ISP | |
| | |
|+----------+ v |
|| Mapping | (6) +----------+ |
|| Database |<----->| ESRP / | |
|+----------+ | SIP Proxy|<-+ |
|+----------+ +----------+ | +----------+|
|| LCS-ISP | ^ | | DHCP ||
|| |<---------+ | | Server ||
|+----------+ (4) | +----------+|
+-------^-------------------------+-----------^--+
+-------|-------------------------+-----------|--+
| IAP | (5) | | |
| V | | |
|+----------+ | | |
|| LCS-IAP | +----------+ | | |
|| | | Link | |(3) | |
|+----------+ | Layer | | | |
| | Device | | (2)| |
| +----------+ | | |
| ^ | | |
| | | | |
+------------------------+--------+-----------+--+
| | |
(1)| | |
| | |
| +----+ |
v v |
+----------+ |
| End |<-------------+
| Host |
+----------+
]]></artwork>
</figure>
</t>
<t>It is important to note that a single ESRP may also offer it's service to several ISPs.</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Profiles">
<section anchor="end-host" title="End Host Profile">
<section title="ESRP Discovery">
<t>The end host MUST use the "Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option
for Session Initiation Protocol (SIP) Servers" <xref target="RFC3361"/> (for IPv6) and /
or the "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation
Protocol (SIP) Servers" <xref target="RFC3319"/>. This SIP proxy located in the ISP
network will be used as the ESRP for routing emergency calls. There is no need to
discovery a separate SIP proxy with specific emergency call functionality since the
internal procedure for emergency call processing is subject of ISP internal
operation.</t>
</section>
<section title="Location Determination and Location Configuration">
<t>There is no requirement for end hosts to support any Location Configuration Protocol.
If clients are in possession of location information, for example, based on a built-in
GPS receiver then they SHOULD attach the location information in a PIDF-LO. When
constructing the PIDF-LO the guidelines in PIDF-LO profile <xref
target="I-D.ietf-geopriv-pdif-lo-profile"/> MUST be followed. For civic location
information the format defined in <xref target="I-D.ietf-geopriv-revised-civic-lo"/>
MUST be supported.</t>
</section>
<section title="Emergency Call Identification">
<t> To determine which calls are emergency calls, some entity needs to map a user entered
dialstring into this URN scheme. A user may "dial" 1-1-2, but the call would be sent to
urn:service:sos. This mapping SHOULD be performed at the endpoint device. </t>
<t>End hosts MUST use the Service URN mechanism <xref target="I-D.ietf-ecrit-service-urn"
/> to mark calls as emergency calls for their home emergency dial string (if known). For
visited emergency dial string the translation into the Service URN mechanism is not
mandatory since the ESRP in the ISPs network knows the visited emergency dial strings.
</t>
</section>
<section anchor="sip-client" title="SIP Emergency Call Signaling">
<t> SIP signaling capabilities <xref target="RFC3261"/> are mandated for end hosts. </t>
<t> The initial SIP signaling method is an INVITE. The SIP INVITE request MUST be
constructed according to the requirements in Section 9.2 <xref
target="I-D.ietf-ecrit-phonebcp"/>.</t>
<t>Regarding callback behavior SIP UAs MUST have a globally routable URI in a Contact:
header. </t>
</section>
<section anchor="client-media" title="Media">
<t>End points MUST comply with the media requirements for end points placing an emergency
call found in Section 14 of <xref target="I-D.ietf-ecrit-phonebcp"/>. </t>
</section>
<section anchor="client-testing" title="Testing">
<t>The description in Section 15 of <xref target="I-D.ietf-ecrit-phonebcp"/> is fully
applicable to this document.</t>
</section>
</section>
<section anchor="isp" title="ISP Profile">
<section title="ESRP Discovery">
<t>The ISP MUST implement the server side part of "Dynamic Host Configuration Protocol
(DHCP-for-IPv4) Option for Session Initiation Protocol (SIP) Servers" <xref
target="RFC3361"/> (for IPv4) and / or the "Dynamic Host Configuration Protocol
(DHCPv6) Options for Session Initiation Protocol (SIP) Servers" <xref target="RFC3319"
/>.</t>
</section>
<section title="Location Determination and Location Configuration">
<t>The ISP must perform the neccesary steps to determine the location of the end host. It
is not necessary to standardize a specific mechanism.</t>
<t>The role of the ISP is to operate the LIS. The usage of HELD <xref
target="I-D.ietf-geopriv-http-location-delivery"/> with the identity extensions <xref
target="I-D.winterbottom-geopriv-held-identity-extensions"/> may be a possible choice.
It might be necessary for the ISP to talk to the IAP in order to determine the location
of the end host. The work on LIS-to-LIS communication may be relevant, see <xref
target="I-D.winterbottom-geopriv-lis2lis-req"/>.</t>
<!--
<t>Note that this architecture also fulfills the requirements for location hiding, see
<xref target="I-D.schulzrinne-ecrit-location-hiding-requirements"/>.</t>
-->
</section>
</section>
<section anchor="esrp" title="ESRP Profile">
<section title="Emergency Call Routing">
<t>The ESRP must route the emergency call to the PSAP responsible for the physical
location of the end host. However, a standardized approach for determining the correct
PSAP based on a given location is useful but not mandatory. </t>
<t>For cases where a standardized protocol is used LoST <xref target="I-D.ietf-ecrit-lost"
/> is a suitable mechanism.</t>
</section>
<section title="Emergency Call Identification">
<t>The ESRP MUST understand the Service URN mechanism <xref
target="I-D.ietf-ecrit-service-urn"/> (i.e., the 'urn:service:sos' tree) and
additionally the national emergency dial strings. The ESRP SHOULD perform a mapping of
national emergency dial strings to Service URNs to simplify processing at PSAPs. </t>
</section>
<section anchor="esrp-sip" title="SIP Emergency Call Signaling">
<t> SIP signaling capabilities <xref target="RFC3261"/> are mandated for the ESRP. The
ESRP MUST process the messages sent by the client, according to <xref
target="sip-client"/>. Furthermore, the ESRP MUST be able to add a reference to
location information, as described in SIP Location Conveyance <xref
target="I-D.ietf-sip-location-conveyance"/>, before forwarding the call to the PSAP.
The ISP MUST be prepared to receive incoming dereferencing requests to resolve the
reference to the location information.</t>
</section>
<section title="Location Retrieval">
<t>The ESRP acts a location recipient and the usage of HELD <xref
target="I-D.ietf-geopriv-http-location-delivery"/> with the identity extensions <xref
target="I-D.winterbottom-geopriv-held-identity-extensions"/> may be a possible choice.
The ESRP would thereby act as a HELD client and the corresponding LIS at the ISP as the
HELD server.</t>
<t>The ESRP needs to obtain enough information to route the call. The ESRP itself,
however, does not necessarily need to process location information obtained via HELD
since it may be used as input to LoST to obtain the PSAP URI.</t>
<!--
The exact detail of the location information that needs to be understood by the ESRP for determining
the route towards the PSAP depends on the specifics of the emergency services infrastructure in the
corresponding country. For some countries it is sufficient almost no location information needs to be
understood to correctly route the call. For a generic solution, however, it is important
for the ESRP (or an associated entity making location information available to the PSAP)
MUST understand the PIDF-LO format <xref target="RFC4119"/>, the PIDF-LO profile <xref
target="I-D.ietf-geopriv-pdif-lo-profile"/> and the revised civic format <xref
target="I-D.ietf-geopriv-revised-civic-lo"/>.
</t>-->
</section>
</section>
<section anchor="psap" title="PSAP Profile">
<!--
<section title="Handling of an Unauthenticated Emergency Call">
<t>
The PSAP MAY accept an unauthenticated emergency call or MAY reject it.
An 488 (Not Acceptable Here) MUST be returned if the PSAP does not accept Emergency Calls from endhost without valid or verifiable credentials or from specific ESRPs.
</t>
</section>
-->
<section title="Location Retrieval">
<t>The PSAP MUST act according to SIP Location Conveyance when processing a request with
location information. In particular, it MUST understand PIDF-LO format <xref
target="RFC4119"/>, the PIDF-LO profile <xref
target="I-D.ietf-geopriv-pdif-lo-profile"/> (including all shape types) and the
revised civic format <xref target="I-D.ietf-geopriv-revised-civic-lo"/> (including the
civic location tokens applicable for the geographial region the PSAP is responsible
for). Furthermore, the PSAP MUST understand the SIP or SIPS dereference scheme (see
<xref target="I-D.ietf-sip-location-conveyance"/>) and the HELD dereferencing protocol
(see <xref target="I-D.winterbottom-geopriv-deref-protocol"/>).</t>
</section>
<section title="Emergency Call Routing">
<t>There might be additional emergency call routing applied within the PSAP operators
network. This aspect is, however, outside the scope of this document. </t>
<t>LoST <xref target="I-D.ietf-ecrit-lost"/> might be an appropriate way to determine the
next ESRP or the final PSAP for routing the emergency call. </t>
</section>
<section title="Emergency Call Identification">
<t>The PSAP MUST understand the Service URN mechanism <xref
target="I-D.ietf-ecrit-service-urn"/> (i.e., the 'urn:service:sos' tree).</t>
</section>
<section anchor="psap-sip" title="SIP Emergency Call Signaling">
<t> SIP signaling <xref target="RFC3261"/> is expected be supported by the PSAP. The PSAP
MUST process the messages sent by the client, as indicated in <xref target="sip-client"
/>. When receiving an emergency call the ESRP will dereference the reference to location
information for dispatch.</t>
</section>
<section anchor="psap-media" title="Media">
<t>The PSAP MUST process the media traffic sent by the client, as indicated in <xref
target="client-media"/>.</t>
</section>
<section title="Testing">
<t> The PSAP MUST process the signaling messages sent by the client, as indicated in <xref
target="client-testing"/>.</t>
</section>
</section>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Example">
<t>[Editor's Note: A WLAN hotspot or a DSL home network example could go in here.]</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Security Considerations">
<t>The security threats discussed in <xref target="I-D.ietf-ecrit-security-threats"/> are
applicable to this document. A number of security vulnerabilities discussed in <xref
target="I-D.barnes-geopriv-lo-sec"/> around faked location information are less
problematic in this case since location information does not need to be provided by the end
host itself or it can be verified to fall within a specific geographical area. </t>
<t>There are a couple of new vulnerabilities raised with unauthenticated emergency services
since the PSAP operator does is not in possession of any identity information about the
emergency call via the signaling path itself. In countries where this functionality is used
for GSM networks today this has lead to a significant amount of misuse. </t>
<t>The link layer mechanisms need to provide a special way of handling unauthenticated
emergency services. Although this subject is not a topic for the IETF itself but there are
at least a few high-level assumptions that may need to be collected. This includes security
features that may be desirable. </t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Acknowledgments">
<t>We would like to thank the authors of <xref target="I-D.ietf-ecrit-phonebcp"/> (James Polk
and Brian Rosen) for their good work. This document makes heavy use of their document.</t>
<t>We would like to thank members from the Wimax Forum for their help with the terminology. We
would also like to thank the participants of the 2nd and 3rd SDO Emergency Services Workshop
for their input regarding this subject.</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Open Issues">
<t>The following three high-level topics have been determined as open issues: <list
style="symbols">
<t>NAT Traversal: A certain NAT traversal story needs to be described and mandated. Most
likely ICE for both the PSAP and the end host.</t>
<t>A DNS-based discovery procedure that discovers an ESRP in the local access network may
need to be provided.</t>
<t>Text about link layer requirements are missing. These are necessary to make the "big
picture" complete. </t>
<t>EAP method for emergency calls: Some of the discussions around the liaison request from
the IEEE to the IETF EMU WG need to get reflected.</t>
<t>Quality of Service treatment for emergency calls has not been described in this
document</t>
</list>
</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
</middle>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<back>
<references title="Normative References"> &I-D.ietf-sip-location-conveyance;
&I-D.ietf-ecrit-service-urn; &RFC4776; &RFC3825; &RFC4119;
&I-D.ietf-geopriv-pdif-lo-profile; &I-D.ietf-geopriv-revised-civic-lo; &RFC3361;
&RFC3319; &RFC3261; &I-D.rosen-iptel-dialstring; &I-D.ietf-sip-gruu;
&RFC2396; &RFC3264; &RFC3550; &RFC3551; &RFC3428; &RFC4103;
&RFC3984; &I-D.ietf-sipping-toip; &RFC3920; &RFC2119; &I-D.winterbottom-geopriv-deref-protocol;
&I-D.ietf-ecrit-phonebcp; </references>
<references title="Informative References"> &I-D.ietf-ecrit-lost;
&I-D.tschofenig-ecrit-architecture-overview; &I-D.ietf-geopriv-l7-lcp-ps;
&I-D.ietf-ecrit-framework; &I-D.marshall-geopriv-lbyr-requirements;
&I-D.ietf-geopriv-http-location-delivery; &I-D.ietf-ecrit-mapping-arch;
&I-D.ietf-ecrit-requirements; &I-D.winterbottom-geopriv-held-identity-extensions;
&I-D.winterbottom-geopriv-lis2lis-req; &I-D.ietf-ecrit-security-threats;
&I-D.schulzrinne-ecrit-location-hiding-requirements; &I-D.barnes-geopriv-lo-sec;
<reference anchor="esw07">
<front>
<title>3rd SDO Emergency Services Workshop,
http://www.emergency-services-coordination.info/2007Nov/</title>
<author fullname="" initials="" surname="">
<organization/>
</author>
<date month="October 30th - November 1st" year="2007"/>
</front>
<format target="http://www.emergency-services-coordination.info/2007Nov/" type="html"/>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 14:24:36 |