One document matched: draft-schulzrinne-ecrit-unauthenticated-access-02.xml
<?xml version="1.0"?>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="no"?>
<?rfc iprnotified="no" ?>
<?rfc strict="no" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="yes" ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY I-D.ietf-geopriv-http-location-delivery PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-http-location-delivery.xml'>
<!ENTITY I-D.ietf-ecrit-lost PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-lost.xml'>
<!ENTITY I-D.ietf-geopriv-l7-lcp-ps PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-l7-lcp-ps.xml'>
<!ENTITY I-D.ietf-sip-location-conveyance PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sip-location-conveyance.xml'>
<!ENTITY I-D.ietf-ecrit-framework PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-framework.xml'>
<!ENTITY I-D.marshall-geopriv-lbyr-requirements PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.marshall-geopriv-lbyr-requirements.xml'>
<!ENTITY I-D.ietf-ecrit-service-urn PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-service-urn.xml'>
<!ENTITY I-D.ietf-ecrit-mapping-arch PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-mapping-arch.xml'>
<!ENTITY RFC4776 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4776.xml'>
<!ENTITY RFC3825 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3825.xml'>
<!ENTITY RFC4119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4119.xml'>
<!ENTITY I-D.ietf-geopriv-pdif-lo-profile PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-pdif-lo-profile.xml'>
<!ENTITY I-D.ietf-geopriv-revised-civic-lo PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-geopriv-revised-civic-lo.xml'>
<!ENTITY I-D.ietf-ecrit-requirements PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-requirements.xml'>
<!ENTITY I-D.ietf-ecrit-phonebcp PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-phonebcp.xml'>
<!ENTITY I-D.ietf-ecrit-security-threats PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-ecrit-security-threats.xml'>
<!ENTITY I-D.schulzrinne-ecrit-location-hiding-requirements PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.schulzrinne-ecrit-location-hiding-requirements.xml'>
<!ENTITY RFC3361 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3361.xml'>
<!ENTITY RFC3319 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3319.xml'>
<!ENTITY RFC3261 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3261.xml'>
<!ENTITY I-D.ietf-sip-gruu PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sip-gruu.xml'>
<!ENTITY I-D.rosen-iptel-dialstring PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.rosen-iptel-dialstring.xml'>
<!ENTITY I-D.ietf-sipping-toip PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sipping-toip.xml'>
<!ENTITY RFC2396 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2396.xml'>
<!ENTITY RFC3264 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3264.xml'>
<!ENTITY RFC3550 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3550.xml'>
<!ENTITY RFC3551 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3551.xml'>
<!ENTITY RFC3428 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3428.xml'>
<!ENTITY RFC4103 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4103.xml'>
<!ENTITY RFC3984 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3984.xml'>
<!ENTITY RFC3920 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3920.xml'>
<!ENTITY I-D.tschofenig-ecrit-architecture-overview PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.tschofenig-ecrit-architecture-overview.xml'>
<!ENTITY I-D.winterbottom-geopriv-held-identity-extensions PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.winterbottom-geopriv-held-identity-extensions.xml'>
<!ENTITY I-D.winterbottom-geopriv-lis2lis-req PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.winterbottom-geopriv-lis2lis-req.xml'>
<!ENTITY RFC2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY I-D.barnes-geopriv-lo-sec PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.barnes-geopriv-lo-sec.xml'>
<!ENTITY I-D.winterbottom-geopriv-deref-protocol PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.winterbottom-geopriv-deref-protocol.xml'>
]>
<rfc category="std" ipr="full3978" docName="draft-schulzrinne-ecrit-unauthenticated-access-02.txt">
<front>
<title abbrev="Unauthenticated Emergency Service">Extensions to the Emergency Services
Architecture for dealing with Unauthenticated and Unauthorized Devices</title>
<author initials="H." surname="Schulzrinne" fullname="Henning Schulzrinne">
<organization>Columbia University</organization>
<address>
<postal>
<street>Department of Computer Science</street>
<street>450 Computer Science Building</street>
<city>New York</city>
<region>NY</region>
<code>10027</code>
<country>US</country>
</postal>
<phone>+1 212 939 7004</phone>
<email>hgs+ecrit@cs.columbia.edu</email>
<uri>http://www.cs.columbia.edu</uri>
</address>
</author>
<author fullname="Stephen McCann" initials="S." surname="McCann">
<organization>Siemens/Roke Manor Research</organization>
<address>
<email>stephen.mccann@roke.co.uk</email>
</address>
</author>
<author fullname="Gabor Bajko" initials="G." surname="Bajko">
<organization>Nokia</organization>
<address>
<email>Gabor.Bajko@nokia.com</email>
</address>
</author>
<author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
<organization>Nokia Siemens Networks</organization>
<address>
<postal>
<street>Linnoitustie 6</street>
<city>Espoo</city>
<code>02600</code>
<country>Finland</country>
</postal>
<phone>+358 (50) 4871445</phone>
<email>Hannes.Tschofenig@nsn.com</email>
<uri>http://www.tschofenig.com</uri>
</address>
</author>
<date year="2008"/>
<area>Real-time Applications and Infrastructure</area>
<workgroup>ECRIT</workgroup>
<keyword>Internet-Draft</keyword>
<abstract>
<t>The IETF emergency services architecture assumes that access to a network has already
happened using the traditional network access authentication procedures or that no
authentication for network access is needed (e.g., in case of public hotspots).
Subsequent protocol interactions, such as obtaining location information, learning the
address of the Public Safety Answering Point (PSAP) and the emergency call itself are
largely decoupled from the underlying network access procedures.</t>
<t>There are, however, cases where a device is not in possession of credentials for network
access, does not have a VoIP provider, or where the credentials are available but became
invalid due to various reasons (e.g., credit exhaustion, expired accounts, etc.). </t>
<t>This document provides a problem statement, introduces terminology and describes an
extension for the base IETF emergency services architecture.</t>
</abstract>
</front>
<middle>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="introduction" title="Introduction">
<t> Summoning police, the fire department or an ambulance in emergencies is one of the
fundamental and most-valued functions of the telephone. As telephone functionality moves
from circuit-switched telephony to Internet telephony, its users rightfully expect that
this core functionality will continue to work at least as well as it has for the older
technology. New devices and services are being made available that could be used to make
a request for help, which are not traditional telephones, and users are increasingly
expecting them to be used to place emergency calls. </t>
<t>Based on the communication model of the Session Initiation Protocol (SIP) as excercised
in the IETF it is not necessary to deploy SIP entities in access networks (or associated
to them). Instead, VoIP provider may deploy their SIP entities at any place on the
Internet. The IETF emergency services architecture acknowledges this deployment model
and even goes a step further by recognizing that there are potentially other, non-SIP
VoIP providers, that might want to offer emergency service support to their customers.
Hence, the interaction between a SIP User Agent and its VoIP provider does not need to
be standardized although <xref target="I-D.ietf-ecrit-phonebcp"/> provides best current
practise recommendations regarding the usage of certain features as excercised in the
case of SIP.</t>
<t>This flexibility has implications for the architecture, as briefly described in <xref
target="I-D.tschofenig-ecrit-architecture-overview"/>, but allows access networks to
be application layer agnostic. Furthermore, since the normal VoIP communication
exchanges do not traverse these entities in the access network it is quite likely that
interoperability problems will occur especially in an emergency case.</t>
<t>There are essentially three environments that need to be considered (and the terms are described
in <xref target="terminology"/>):</t>
<t>
<list style="numbers">
<t>Emergency Services with non-service-initialized devices</t>
<t>Unauthenticated Emergency Services</t>
<t>Unauthorized Emergency Service</t>
<!--
<t>The emergency caller does not credentials for access to the network but it still
has credentials for his VoIP provider. <vspace blankLines="1"/> This is often the
case with enterprise networks, home networks, or governmental networks. In other
cases the user might be able to obtain such credentials, for example in hotspots
found in hotels, at airports, and in many coffee shops. Unfortunately, users have
to go through a lengthy procedure (often involving captive portals) to obtain a
temporary account in exchange of money. In emergency situations it is certainly
not desirable to let the user find their way through a number of webpages and to
type-in their credit card details. </t>
<t>The emergency caller has credentials for network access but does not have
credentials for a VoIP provider. In this case we speak about a so-called non-service-initialized device.
This case is rather unlikely. </t>
<t>The emergency caller has credentials (for either network access or it's VoIP
provider) but they do not provide enough authorization to make a call.
Examples are: Insufficient
credits, lack of a roaming agreement (between visited network and home network),
disabled account, and other authorization failures. </t>
-->
</list>
</t>
<t>The implications
of un-initialized device, scenario (1) for emergency services are ignored
in this specification. Scenario (2) is quite likely and therefore the main focus of this document.
Scenario (3) is relevant to this specification if the outcome of the lack of authorization leads to
falling back to a scenario where no valid credentials are assumed.
</t>
<t>In all these cases it is not possible to place an emergency call as envisioned in the
IETF emergency services architecture, described in <xref
target="I-D.ietf-ecrit-framework"/>, unless the ISP grants access to certain entities
(as described in <xref target="architecture-1"/>) or the ISP extends the emergency
services architecture (as described in <xref target="architecture-2"/>). </t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="A Warning Note">
<t>At the time of writing there is no regulation in place that demands the functionality
described in this memo. SDOs have started their work on this subject in a proactive
fashion in the anticipation that national regulation will demand it
for a subset of network environments.</t>
<t>There are also indications that the functionality of unauthenticated emergency calls (called SIM-less calls) in
today's cellular system in certain countries leads to a fair
amount of hoaks or test calls. This causes overload situations at PSAPs with .</t>
<t><list style="empty">
<t>As an example, Federal Office of Communications (OFCOM, Switzerland) provided statistics
about 112 calls in Switzerland from Jan. 1997 to Nov. 2001. Switzerland did not offer
SIM-less emergency calls except for almost a month in July 2000 where a significant
increase in hoaks and test calls was reported. As a consequence, the functionality was
disabled again. More details can be found in the panel presentations of the 3rd SDO
Emergency Services Workshop <xref target="esw07"/>.</t>
</list>
</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="terminology" title="Terminology">
<t>In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in RFC 2119 <xref target="RFC2119"/>.</t>
<t>This document introduces the following new terms: </t>
<t>
<list style="hanging">
<t hangText="Un-initialized Device:">
<vspace blankLines="1"/>A device without VoIP client software. <vspace
blankLines="1"/>
</t>
<t hangText="Non-Service-Initialized Device:"><vspace blankLines="1"/> A device for
which there is no valid service contract with a provider of the services.
Other terms: "un-activated",
"un-provisioned", or "unbranded" device. <vspace
blankLines="1"/></t>
<t hangText="Unauthenticated Emergency Service:">
<vspace blankLines="1"/> The term "unauthenticated emergency services" refers to
the case where an emergency caller does not have credentials (e.g., no SIM card,
no username and password, no private key) to successfully complete network access authentication procedures
or to use
a VoIP service or both.
<vspace blankLines="1"/>
The case of no credentials for network access is likely case in
enterprise networks, home networks, or governmental networks. In other
cases the user might be able to obtain such credentials, for example in hotspots
found in hotels, at airports, and in many coffee shops. Unfortunately, users have
to go through a lengthy procedure (often involving captive portals) to obtain a
temporary account in exchange of money. In emergency situations it is certainly
not desirable to let the user find their way through a number of webpages and to
type-in their credit card details.
<vspace blankLines="1"/>
It is important to differentiate between the
unavailability of credentials for network access and for VoIP access as the
network provider and the VoIP provider are often distinct entities and therefore
the user might have different credentials with the two. <vspace blankLines="1"/></t>
<t hangText="Unauthorized Emergency Service:">
<vspace blankLines="1"/> The term "unauthorized emergency services" refers to the
case where a device aims to attach to the network or to use a VoIP service but the
authorization procedure fails. The authorization step may fail as a consequence of
triggering different procedures (such as network access authentication or
registration at the VoIP providers registrar). Still, the device is granted
(limited) access to perform emergency calling. It is important to differentiate
between network operator and VoIP provider as they often refer to different
parties and therefore the authorization decision might be executed by a different
backend infrastructure. <vspace blankLines="1"/> Lack of authorization might be
caused by a number of reasons, including credit exhaustion, expired accounts,
locked account, missing access rights (e.g., access to the competitors enterprise
network), etc. <vspace blankLines="1"/>
</t>
</list>
</t>
<t>This document reuses terminology from <xref target="I-D.ietf-geopriv-l7-lcp-ps"/> and
<xref target="I-D.ietf-ecrit-requirements"/>, namely Internet Access Provider (IAP),
Internet Service Provider (ISP), Application Service Provider (ASP), Voice Service
Provider (VSP), Emergency Service Routing Proxy (ESRP), Public Safety Answering Point
(PSAP), Location Configuration Server (LCS), (emergency) service dial string, and
(emergency) service identifier. </t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="architecture-1"
title="Considerations for ISPs to support Unauthenticated Emergency Services without Architecture Extensions">
<t> On a very high-level, the steps to be performed by an end host not being attached to
the network and the user starting to make an emergency call are the following: </t>
<t>
<list style="symbols">
<t>Some radio networks have added support for unauthenticated emergency access, some
other type of networks advertise these capabilities using layer beacons. The end
host learns about these unauthenticated emergency services capabilities either
from the link layer type or from advertisement.</t>
<t>The end host uses the link layer specific network attachment procedures defined
for unauthenticated network access in order to get access to emergency services.</t>
<t>When the link layer network attachment procedure is completed the end host learns
basic configuration information using DHCP from the ISP, including the address of
the LoST server.
</t>
<t>The end host MUST use a Location Configuration Protocol (LCP) supported by the IAP or
ISP to learn its own location. </t>
<t>The end host MUST use the LoST protocol <xref target="I-D.ietf-ecrit-lost"/> to query the LoST
server and ask for the PSAP URI responsible for that location.</t>
<t>After the PSAP URI has been returned to the end host, the SIP UA in the end host
directly initiates a SIP INVITE towards the PSAP URI.</t>
</list>
</t>
<t> The IAP and the ISP will probably want to make sure that the claimed emergency caller
indeed performs an emergency call rather than using the network for other purposes, and
thereby acting fraudulent by skipping any authentication, authorization and accounting
procedures. By restricting access of the unauthenticated emergency caller to the LoST
server and the PSAP URI, traffic can be restricted only to emergency calls. </t>
<t> Using the above procedures, the unauthenticated emergency caller will be successful
only if: </t>
<t>
<list style="symbols">
<t>the ISP (or the IAP) support an LCP that the end host can use to learn its
location. A list of mandatory-to-implement LCPs can be found in <xref target="I-D.ietf-ecrit-phonebcp"/>). </t>
<t>the ISP configures it's firewalls appropriately to allow emergency calls to traverse the network
towards the PSAP.
</t>
</list>
</t>
<t> Some IAPs/ISPs may not be able to fulfill the above requirements. If those IAPs/ISPs
want to support unauthenticated emergency calls, then they can deploy an extended
architecture as described in <xref target="architecture-2"/>. </t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section anchor="architecture-2"
title="Considerations for ISPs to support Unauthenticated Emergency Services with Architecture Extensions">
<t>For unauthenticated emergency services support it is insufficient to provide mechanisms
only at the link layer in order to bypass authentication for the cases when:</t>
<t>
<list style="symbols">
<t>the IAP/ISP does not support any Location Configuration Protocol</t>
<t>the IAP/ISP does not have knowledge of a LoST server (which would assist the
client to find the correct PSAP)</t>
</list>
</t>
<t> A modification to the emergency services architecture is necessary since the IAP and
the ISP need to make sure that the claimed emergency caller indeed performs an emergency
call rather than using the network for other purposes, and thereby acting fraudulent by
skipping any authentication, authorization and accounting procedures. Hence, without
introducing some understanding of the specific application the ISP (and consequently the
IAP) will not be able to detect and filter malicious activities. This leads to the
architecture described in <xref target="arch-fig"/> where the IAP needs to implement
extensions to link layer procedures for unauthenticated emergency service access and the
ISP needs to deploy emergency services related entities used for call routing, such as
the Emergency Services Routing Proxy (ESRP), a Location Configuration Server (LCS) and a
mapping database.</t>
<t>On a very high-level, the interaction is as follows starting with the end host not being
attached to the network and the user starting to make an emergency call. </t>
<t>
<list style="symbols">
<!-- <t>With the exchange shown in (1) a link layer device, such as base stations and access
points, advertise their capability, for example using link layer beacons, to allow
unauthenticated emergency service network access. </t>
-->
<t>Some radio networks have added support for unauthenticated emergency access, some
other type of networks advertise these capabilities using layer beacons. The end
host learns about these unauthenticated emergency services capabilities either
from the link layer type or from advertisement. </t>
<t>The end host uses the link layer specific network attachment procedures defined
for unauthenticated network access in order to get access to emergency services.</t>
<!--
<t>The end host executes an EAP method that is suitable for unauthenticated network access
that does not require client-side authentication.</t>
-->
<t>When the link layer network attachment procedure is completed the end host learns
basic configuration information using DHCP from the ISP, including the address of
the ESRP, as shown in (2).</t>
<t>When the IP address configuration is completed then the SIP UA initiates a SIP
INVITE towards the indicated ESRP, as shown in (3). The INVITE message contains
all the necessary parameters required by <xref target="sip-client"/>.</t>
<t>The ESRP receives the INVITE and processes it according to the description in
<xref target="esrp-sip"/>. The location of the end host may need to be
determined using a protocol interaction shown in (4).</t>
<t>Potentially, an interaction between the LCS of the ISP and the LCS of the IAP may
be necessary, see (5).</t>
<t>Finally, the correct PSAP for the location of the end host has to be evaluated,
see (6).</t>
<t>The ESRP routes the call to the PSAP, as shown in (7).</t>
<t>The PSAP evaluates the initial INVITE and aims to complete the call setup. </t>
<t>Finally, when the call setup is completed media traffic can be exchanged between
the PSAP and the emergency caller.</t>
</list>
</t>
<t>For editorial reasons the end-to-end SIP and media exchange between the PSAP and SIP UA
are not shown in <xref target="arch-fig"/>.</t>
<t>Two important aspects are worth to highlight: </t>
<t>
<list style="symbols">
<t>The IAP/ISP needs to understand the concept of emergency calls and the SIP profile
described in this document. No other VoIP protocol profile, such as XMPP, Skype,
etc., are supported for emergency calls in this particular architecture. Other
profiles may be added in the future, but the deployment effort is enormous since
they have to be universally deployed. </t>
<t>The end host has no obligation to determine location information. It may attach
location information if it has location available (e.g., from a GPS receiver).</t>
</list>
</t>
<t><xref target="arch-fig"/> shows that the ISP needs to deploy SIP-based emergency
services functionality. It is important to note that the ISP itself may outsource the
functionality by simply providing access to them (e.g., it puts the IP address of an
ESRP or a LoST server into an allow-list). For editorial reasons this outsourcing is not
shown.</t>
<t>
<figure anchor="arch-fig" title="Overview">
<artwork><![CDATA[
+---------------------------+
| |
| Emergency Network |
| Infrastructure |
| |
| +----------+ +----------+ |
| | PSAP | | ESRP | |
| | | | | |
| +----------+ +----------+ |
+-------------------^-------+
|
| (7)
+------------------------+-----------------------+
| ISP | |
| | |
|+----------+ v |
|| Mapping | (6) +----------+ |
|| Database |<----->| ESRP / | |
|+----------+ | SIP Proxy|<-+ |
|+----------+ +----------+ | +----------+|
|| LCS-ISP | ^ | | DHCP ||
|| |<---------+ | | Server ||
|+----------+ (4) | +----------+|
+-------^-------------------------+-----------^--+
+-------|-------------------------+-----------|--+
| IAP | (5) | | |
| V | | |
|+----------+ | | |
|| LCS-IAP | +----------+ | | |
|| | | Link | |(3) | |
|+----------+ | Layer | | | |
| | Device | | (2)| |
| +----------+ | | |
| ^ | | |
| | | | |
+------------------------+--------+-----------+--+
| | |
(1)| | |
| | |
| +----+ |
v v |
+----------+ |
| End |<-------------+
| Host |
+----------+
]]></artwork>
</figure>
</t>
<t>It is important to note that a single ESRP may also offer it's service to several
ISPs.</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Profiles">
<section anchor="end-host" title="End Host Profile">
<section title="LoST Server Discovery">
<t> The end host MAY attempt to use <xref target="I-D.ietf-ecrit-lost"/> to discover
a LoST server. If that attempt fails, the end host SHOULD attempt to discover the
address of an ESRP. </t>
</section>
<section title="ESRP Discovery">
<t>The end host only needs an ESRP when location configuration or LoST server
discovery fails. If that is the case, then the end host MUST use the "Dynamic Host
Configuration Protocol (DHCP-for-IPv4) Option for Session Initiation Protocol
(SIP) Servers" <xref target="RFC3361"/> (for IPv6) and / or the "Dynamic Host
Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP)
Servers" <xref target="RFC3319"/> to discover the address of an ESRP. This SIP
proxy located in the ISP network will be used as the ESRP for routing emergency
calls. There is no need to discovery a separate SIP proxy with specific emergency
call functionality since the internal procedure for emergency call processing is
subject of ISP internal operation.</t>
</section>
<section title="Location Determination and Location Configuration">
<t>The end host SHOULD attempt to use the supported LCPs to configure its location.
If no LCP is supported in the end host or the location configuration is not
successful, then the end host MUST attempt to discover an ESRP, which would assist
the end host in providing the location to the PSAP. </t>
<t>The SIP UA in the end host SHOULD attach the location information in a PIDF-LO
when making an emergency call. When constructing the PIDF-LO the guidelines in
PIDF-LO profile <xref target="I-D.ietf-geopriv-pdif-lo-profile"/> MUST be
followed. For civic location information the format defined in <xref
target="I-D.ietf-geopriv-revised-civic-lo"/> MUST be supported.</t>
</section>
<section title="Emergency Call Identification">
<t> To determine which calls are emergency calls, some entity needs to map a user
entered dialstring into this URN scheme. A user may "dial" 1-1-2, but the call
would be sent to urn:service:sos. This mapping SHOULD be performed at the endpoint
device. </t>
<t>End hosts MUST use the Service URN mechanism <xref
target="I-D.ietf-ecrit-service-urn"/> to mark calls as emergency calls for
their home emergency dial string (if known). For visited emergency dial string the
translation into the Service URN mechanism is not mandatory since the ESRP in the
ISPs network knows the visited emergency dial strings. </t>
</section>
<section anchor="sip-client" title="SIP Emergency Call Signaling">
<t> SIP signaling capabilities <xref target="RFC3261"/> are mandated for end hosts. </t>
<t> The initial SIP signaling method is an INVITE. The SIP INVITE request MUST be
constructed according to the requirements in Section 9.2 <xref
target="I-D.ietf-ecrit-phonebcp"/>.</t>
<t>Regarding callback behavior SIP UAs MUST have a globally routable URI in a
Contact: header. </t>
</section>
<section anchor="client-media" title="Media">
<t>End points MUST comply with the media requirements for end points placing an
emergency call found in Section 14 of <xref target="I-D.ietf-ecrit-phonebcp"/>.
</t>
</section>
<section anchor="client-testing" title="Testing">
<t>The description in Section 15 of <xref target="I-D.ietf-ecrit-phonebcp"/> is fully
applicable to this document.</t>
</section>
</section>
<section anchor="isp" title="IAP/ISP Profile">
<section title="ESRP Discovery">
<t>An ISP hosting an ESRP MUST implement the server side part of "Dynamic Host
Configuration Protocol (DHCP-for-IPv4) Option for Session Initiation Protocol
(SIP) Servers" <xref target="RFC3361"/> (for IPv4) and / or the "Dynamic Host
Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP)
Servers" <xref target="RFC3319"/>.</t>
</section>
<section title="Location Determination and Location Configuration">
<t>The ISP not hosting an ESRP MUST support at least one widely used LCP. The ISP
hosting an ESRP MUST perform the neccesary steps to determine the location of the
end host. It is not necessary to standardize a specific mechanism.</t>
<t>The role of the ISP is to operate the LIS. The usage of HELD <xref
target="I-D.ietf-geopriv-http-location-delivery"/> with the identity extensions
<xref target="I-D.winterbottom-geopriv-held-identity-extensions"/> may be a
possible choice. It might be necessary for the ISP to talk to the IAP in order to
determine the location of the end host. The work on LIS-to-LIS communication may
be relevant, see <xref target="I-D.winterbottom-geopriv-lis2lis-req"/>.</t>
<!--
<t>Note that this architecture also fulfills the requirements for location hiding, see
<xref target="I-D.schulzrinne-ecrit-location-hiding-requirements"/>.</t>
-->
</section>
</section>
<section anchor="esrp" title="ESRP Profile">
<section title="Emergency Call Routing">
<t>The ESRP must route the emergency call to the PSAP responsible for the physical
location of the end host. However, a standardized approach for determining the
correct PSAP based on a given location is useful but not mandatory. </t>
<t>For cases where a standardized protocol is used LoST <xref
target="I-D.ietf-ecrit-lost"/> is a suitable mechanism.</t>
</section>
<section title="Emergency Call Identification">
<t>The ESRP MUST understand the Service URN mechanism <xref
target="I-D.ietf-ecrit-service-urn"/> (i.e., the 'urn:service:sos' tree) and
additionally the national emergency dial strings. The ESRP SHOULD perform a
mapping of national emergency dial strings to Service URNs to simplify processing
at PSAPs. </t>
</section>
<section anchor="esrp-sip" title="SIP Emergency Call Signaling">
<t> SIP signaling capabilities <xref target="RFC3261"/> are mandated for the ESRP.
The ESRP MUST process the messages sent by the client, according to <xref
target="sip-client"/>. Furthermore, the ESRP MUST be able to add a reference to
location information, as described in SIP Location Conveyance <xref
target="I-D.ietf-sip-location-conveyance"/>, before forwarding the call to the
PSAP. The ISP MUST be prepared to receive incoming dereferencing requests to
resolve the reference to the location information.</t>
</section>
<section title="Location Retrieval">
<t>The ESRP acts a location recipient and the usage of HELD <xref
target="I-D.ietf-geopriv-http-location-delivery"/> with the identity extensions
<xref target="I-D.winterbottom-geopriv-held-identity-extensions"/> may be a
possible choice. The ESRP would thereby act as a HELD client and the corresponding
LIS at the ISP as the HELD server.</t>
<t>The ESRP needs to obtain enough information to route the call. The ESRP itself,
however, does not necessarily need to process location information obtained via
HELD since it may be used as input to LoST to obtain the PSAP URI.</t>
<!--
The exact detail of the location information that needs to be understood by the ESRP for determining
the route towards the PSAP depends on the specifics of the emergency services infrastructure in the
corresponding country. For some countries it is sufficient almost no location information needs to be
understood to correctly route the call. For a generic solution, however, it is important
for the ESRP (or an associated entity making location information available to the PSAP)
MUST understand the PIDF-LO format <xref target="RFC4119"/>, the PIDF-LO profile <xref
target="I-D.ietf-geopriv-pdif-lo-profile"/> and the revised civic format <xref
target="I-D.ietf-geopriv-revised-civic-lo"/>.
</t>-->
</section>
</section>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Example">
<t>[Editor's Note: A WLAN hotspot or a DSL home network example could go in here.]</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Security Considerations">
<t>The security threats discussed in <xref target="I-D.ietf-ecrit-security-threats"/> are
applicable to this document. A number of security vulnerabilities discussed in <xref
target="I-D.barnes-geopriv-lo-sec"/> around faked location information are less
problematic in this case since location information does not need to be provided by the
end host itself or it can be verified to fall within a specific geographical area. </t>
<t>There are a couple of new vulnerabilities raised with unauthenticated emergency services
since the PSAP operator does is not in possession of any identity information about the
emergency call via the signaling path itself. In countries where this functionality is
used for GSM networks today this has lead to a significant amount of misuse. </t>
<t>The link layer mechanisms need to provide a special way of handling unauthenticated
emergency services. Although this subject is not a topic for the IETF itself but there
are at least a few high-level assumptions that may need to be collected. This includes
security features that may be desirable. </t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<section title="Acknowledgments">
<t>We would like to thank the authors of <xref target="I-D.ietf-ecrit-phonebcp"/> (James
Polk and Brian Rosen) for their good work. This document makes heavy use of their
document.</t>
<t>We would like to thank members from the Wimax Forum for their help with the terminology.
We would also like to thank the participants of the 2nd and 3rd SDO Emergency Services
Workshop for their input regarding this subject.</t>
</section>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<!-- <section title="Open Issues">
<t>The following three high-level topics have been determined as open issues: <list
style="symbols">
<t>NAT Traversal: A certain NAT traversal story needs to be described and mandated.
Most likely ICE for both the PSAP and the end host.</t>
<t>A DNS-based discovery procedure that discovers an ESRP in the local access network
may need to be provided.</t>
<t>Text about link layer requirements are missing. These are necessary to make the
"big picture" complete. </t>
<t>EAP method for emergency calls: Some of the discussions around the liaison request
from the IEEE to the IETF EMU WG need to get reflected.</t>
<t>Quality of Service treatment for emergency calls has not been described in this
document</t>
</list>
</t>
</section>
-->
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
</middle>
<!-- ////////////////////////////////////////////////////////////////////////////////// -->
<back>
<references title="Normative References"> &I-D.ietf-sip-location-conveyance;
&I-D.ietf-ecrit-service-urn; &RFC4776; &RFC3825; &RFC4119;
&I-D.ietf-geopriv-pdif-lo-profile; &I-D.ietf-geopriv-revised-civic-lo;
&RFC3361; &RFC3319; &RFC3261; &I-D.rosen-iptel-dialstring;
&I-D.ietf-sip-gruu; &RFC2396; &RFC3264; &RFC3550; &RFC3551;
&RFC3428; &RFC4103; &RFC3984; &I-D.ietf-sipping-toip; &RFC3920;
&RFC2119; &I-D.winterbottom-geopriv-deref-protocol; &I-D.ietf-ecrit-phonebcp; </references>
<references title="Informative References"> &I-D.ietf-ecrit-lost;
&I-D.tschofenig-ecrit-architecture-overview; &I-D.ietf-geopriv-l7-lcp-ps;
&I-D.ietf-ecrit-framework; &I-D.marshall-geopriv-lbyr-requirements;
&I-D.ietf-geopriv-http-location-delivery; &I-D.ietf-ecrit-mapping-arch;
&I-D.ietf-ecrit-requirements; &I-D.winterbottom-geopriv-held-identity-extensions;
&I-D.winterbottom-geopriv-lis2lis-req; &I-D.ietf-ecrit-security-threats;
&I-D.schulzrinne-ecrit-location-hiding-requirements; &I-D.barnes-geopriv-lo-sec;
<reference anchor="esw07">
<front>
<title>3rd SDO Emergency Services Workshop,
http://www.emergency-services-coordination.info/2007Nov/</title>
<author fullname="" initials="" surname="">
<organization/>
</author>
<date month="October 30th - November 1st" year="2007"/>
</front>
<format target="http://www.emergency-services-coordination.info/2007Nov/" type="html"/>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-22 15:42:54 |