WDIFF

draft-ietf-sip-events-00.txt --> draft-ietf-sip-events-01.txt

Internet Draft Ericsson Inc.
Category: Standards Track July November 2001
Expires January May 2002
<draft-ietf-sip-events-00.txt>
<draft-ietf-sip-events-01.txt>

SIP-Specific Event Notification

Status of this Memo

This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or cite them other than as "work in
progress".

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/lid-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html

This document is an individual submission to the IETF. Comments
should be directed to the authors.

Abstract

This document describes an extension to the Session Initiation
Protocol (SIP). The purpose of this extension is to provide an
extensible framework by which SIP nodes can request notification
from remote nodes indicating that certain events have occurred.

Concrete uses of the mechanism described in this document may be
standardized in the future.

Note that the event notification mechanisms defined herein are
NOT intended to be a general-purpose infrastructure for all
classes of event subscription and notification.

1. Table of Contents

1. Table of Contents...................................... 1
2. Introduction........................................... 3
2.1. Overview of Operation.................................. 3 4
3. Event Packages......................................... Syntax................................................. 4

Roach [Page 1]

Internet Draft SIP-Specific Event Notification July November 2001

3.1. Appropriateness of Usage............................... 4
3.2. Additional Guidelines.................................. 4
3.3. Sub-packages........................................... 5
3.4. Event Package Responsibilities......................... 5
3.4.1. Event Package Name..................................... 6
3.4.2. Event Package Parameters............................... 6
3.4.3. SUBSCRIBE Bodies....................................... 6
3.4.4. Subscription Duration.................................. 6
3.4.5. NOTIFY Bodies.......................................... 6
3.4.6. Subscriber generation of SUBSCRIBE requests............ 7
3.4.7. Notifier processing of SUBSCRIBE requests.............. 7
3.4.8. Notifier generation of NOTIFY requests................. 7
3.4.9. Subscriber processing of NOTIFY requests............... 7
3.4.10. Handling of forked requests............................ 7
3.4.11. Rate of notifications.................................. 8
3.4.12. State Agents and Notifier Migration.................... 8
3.4.13. Examples............................................... 8
4. Syntax................................................. 8
4.1. New Methods............................................ 9
4.1.1. 4
3.1.1. SUBSCRIBE method....................................... 10
4.1.2. 5
3.1.2. NOTIFY method.......................................... 11
4.2. 6
3.2. New Headers............................................ 11
4.2.1. 6
3.2.1. "Event" header......................................... 11
4.2.2. 6
3.2.2. "Allow-Events" Header.................................. 12
4.3. 7
3.2.3. "Subscription-Expires" Header.......................... 7
3.3. New Response Codes..................................... 12
4.3.1. 7
3.3.1. "202 Accepted" Response Code........................... 12
4.3.2. 8
3.3.2. "489 Bad Event" Response Code.......................... 12
5. 8
4. Node Behavior.......................................... 13
5.1. 8
4.1. General................................................ 8
4.1.1. Route Handling......................................... 8
4.1.2. Detecting support for SUBSCRIBE and NOTIFY............. 9
4.1.3. CANCEL requests........................................ 9
4.1.4. State Agents and Notifier Migration.................... 9
4.2. Description of SUBSCRIBE Behavior...................... 13
5.1.1. 10
4.2.1. Correlation to legs, dialogs, calls, and terminals.............. 13
5.1.2. terminals........... 10
4.2.2. Subscription duration.................................. 14
5.1.3. 11
4.2.3. Identification of Subscribed Events and Event Classes.. 14
5.1.4. 11
4.2.4. Additional SUBSCRIBE Header Values..................... 15
5.1.5. 12
4.2.5. Subscriber SUBSCRIBE Behavior.......................... 15
5.1.6. 12
4.2.6. Proxy SUBSCRIBE Behavior............................... 17
5.1.7. 14
4.2.7. Notifier SUBSCRIBE Behavior............................ 17
5.2. 14
4.3. Description of NOTIFY Behavior......................... 19
5.2.1. 17
4.3.1. Correlation............................................ 20
5.2.2. 17
4.3.2. Identification of reported events, event classes, and c 20
5.2.3. 18
4.3.3. Notifier NOTIFY Behavior............................... 21
5.2.4. 18
4.3.4. Proxy NOTIFY Behavior.................................. 22
5.2.5. 20
4.3.5. Subscriber NOTIFY Behavior............................. 22
5.3. 20
4.4. Polling Resource State................................. 23
5.4. 21
4.5. Allow-Events header usage.............................. 21
5. Event Packages......................................... 21
5.1. Appropriateness of Usage............................... 22
5.2. Sub-packages........................................... 22
5.3. Amount of State to be Conveyed......................... 23
6. Security Considerations................................
5.3.1. Complete State Information............................. 23
7. IANA Considerations....................................
5.3.2. State Deltas........................................... 23
5.4. Event Package Responsibilities......................... 24
7.1. Registration Template..................................
5.4.1. Event Package Name..................................... 24
8. Open Issues............................................
5.4.2. Event Package Parameters............................... 24
5.4.3. SUBSCRIBE Bodies....................................... 24
5.4.4. Subscription Duration.................................. 25
8.1. Denial-of-Service attacks..............................
5.4.5. NOTIFY Bodies.......................................... 25
8.2.
5.4.6. Notifier processing of SUBSCRIBE Forking...................................... requests.............. 25
5.4.7. Notifier generation of NOTIFY requests................. 25
5.4.8. Subscriber processing of NOTIFY requests............... 25
5.4.9. Handling of forked requests............................ 26
5.4.10. Rate of notifications.................................. 26
5.4.11. State Agents........................................... 26

Roach [Page 2]

Internet Draft SIP-Specific Event Notification July November 2001

9. Changes................................................

5.4.12. Examples............................................... 26
6. Security Considerations................................ 27
9.1. Changes from draft-roach-...-03........................
6.1. Access Control......................................... 27
6.2. Release of Sensitive Policy Information................ 27
6.3. Denial-of-Service attacks.............................. 27
7. IANA Considerations.................................... 27
7.1. Registration Template.................................. 28
8. Open Issues............................................ 29
8.1. CANCEL Handling........................................ 29
8.2. Version of SIP to reference............................ 29
8.3. Immediate NOTIFYs...................................... 30
9. Changes................................................ 30
9.1. Changes from draft-ietf-...-00......................... 30
9.2. Changes from draft-roach-...-02........................ 29 draft-roach-...-03........................ 31
9.3. Changes from draft-roach-...-02........................ 33
9.4. Changes from draft-roach-...-01........................ 30 35
10. References............................................. 31 35
11. Acknowledgements....................................... 32 36
12. Feedback and Discussion................................ 32
13. Author's Address....................................... 32 36

2. Introduction

The ability to request asynchronous notification of events proves
useful in many types of services for which cooperation between
end-nodes is required. Examples of such services include
automatic callback services (based on terminal state events),
buddy lists (based on user presence events), message waiting
indications (based on mailbox state change events), and PINT
status (based on call state events).

The methods described in this document allow a framework by which
notification of these events can be ordered.

The event notification mechanisms defined herein are NOT intended
to be a general-purpose infrastructure for all classes of event
subscription and notification. Meeting requirements for the
general problem set of subscription and notification is far too
complex for a single protocol. Our goal is to provide a
SIP-specific framework for event notification which is not so
complex as to be unusable for simple features, but which is still
flexible enough to provide powerful services. Note, however, that
extensions
event packages based on this framework may define arbitrarily
complex rules which govern the subscription and notification for
the events or classes of events they describe.

This draft does not describe an extension which may be used
directly; it must be extended by other drafts (herein referred to
as "event packages.") In object-oriented design terminology, it
may be thought of as an abstract base class which must be derived

Roach [Page 3]

Internet Draft SIP-Specific Event Notification November 2001

into an instantiatable class by further extensions. Guidelines
for creating these extensions are described in section 3. 5.

2.1. Overview of Operation

The general concept is that entities in the network can subscribe
to resource or call state for various resources or calls in the
network, and those entities (or entities acting on their behalf)
can send notifications when those states change.

A typical flow of messages would be:

Roach [Page 3]

Internet Draft SIP-Specific Event Notification July 2001

Subscriber Notifier
|-----SUBSCRIBE---->| Request state subscription
|<-------200--------| Acknowledge subscription
|<------NOTIFY----- | Return current state information
|--------200------->|
|<------NOTIFY----- | Return current state information
|--------200------->|

The subscriber and notifier entities need not necessarily be UAs,
but often will be.

Subscriptions are expired and must be refreshed in exactly the
same manner as registrations (see RFC 2543 [1] ).

3. Event Packages Syntax

This section covers several issues which should be taken into
consideration when event packages based on SUBSCRIBE and NOTIFY
are proposed.

3.1. Appropriateness of Usage

When designing an event package using describes the methods described in
this draft for event notification, it is important to consider:
is SIP an appropriate mechanism syntax extensions required for the problem set? Is SIP being
selected because of some unique feature provided by the protocol
(e.g. user mobility), or merely because "it can be done?" If you
find yourself defining event packages for notifications related
to, for example, network management or the temperature inside
your car's engine, you may want to reconsider your selection of
protocols.

Those interested
notification in extending the mechanism defined SIP. Semantics are described in this section 4.

3.1. New Methods

This document are urged to read "Guidelines for Authors of describes two new SIP
Extensions" [3] for further guidance regarding appropriate uses
of SIP.

Further, it is expected that this mechanism is not to be used methods: "SUBSCRIBE" and
"NOTIFY."

This table expands on tables 4 and 5 in
applications where the frequency of reportable events is
excessively rapid (e.g. more than about once per second). A SIP
network is generally going to be provisioned for a reasonable
signalling volume; sending a notification every time a user's GPS
position changes by one hundreth of a second could easily
overload such a network.

3.2. Additional Guidelines

When designing event packages, it is important to consider the RFC 2543 [1] .

Roach [Page 4]

Internet Draft SIP-Specific Event Notification July November 2001

type of information which will be conveyed during a notification.

A natural temptation is to convey merely the event (e.g. "a new
voice message just arrived") without accompanying state (e.g. "7
total voice messages"). This complicates implementation of
subscribing entities (since they have to maintain complete state
for the entity to which they have subscribed), and also is
particularly susceptible to synchronization problems.

It is therefore suggested that event packages are designed so as
to notify of new state when an event occurs. In the circumstances
that state may not be sufficient for a particular class of
events, the event packages should include complete state
information along with the event that occurred. (For example, "no
customer service representatives available" may not be as useful
"no customer service representatives available; representative
sip:46@cs.xyz.int just logged off".)

3.3. Sub-packages

Normal event packages define a set of state applied to a specific
type of resource, such as user presence, call state, and
messaging mailbox state.

Sub-packages are a special type of package which define a set of
state applied to other packages, such as statistics, access
policy, and subscriber lists. Sub-packages may even be applied to
other sub-packages.

To extend the object-oriented analogy made earlier, sub-packages
can be thought of as templatized C++ packages which must be
applied to other packages to be useful.

The name of a sub-package as applied to a package

Header Where SUB NOT
------ ----- --- ---
Accept R o o
Accept-Encoding R o o
Accept-Language R o o
Allow 200 - -
Allow 405 o o
Authorization R o o
Call-ID gc m m
Contact R m m
Contact 1xx o o
Contact 2xx m o
Contact 3xx m m
Contact 485 o o
Content-Encoding e o o
Content-Length e o o
Content-Type e * *
CSeq gc m m
Date g o o
Encryption g o o
Expires g o -
From gc m m
Hide R o o
Max-Forwards R o o
Organization g o o
Priority R o o
Proxy-Authenticate 407 o o
Proxy-Authorization R o o
Proxy-Require R o o
Require R o o
Retry-After R - -
Retry-After 404,480,486 o o
Retry-After 503 o o
Retry-After 600,603 o o
Response-Key R o o
Record-Route R o o
Record-Route 2xx o o
Route R o o
Server r o o
Subject R o o
Timestamp g o o
To gc(1) m m
Unsupported 420 o o
User-Agent g o o
Via gc(2) m m
Warning r o o
WWW-Authenticate 401 o o

3.1.1. SUBSCRIBE method

Roach [Page 5]

Internet Draft SIP-Specific Event Notification November 2001

"SUBSCRIBE" is formed by
appending a period followed by the sub-package name added to the end definition of the package. For example, if a subpackage called "watcherinfo"
were being applied to a package called "presence," the event
token used element "Method" in "Event" and "Allow-Events" would be
"presence.watcherinfo".

Sub-packages must be defined so that they can be applied to any
arbitrary package. In other words, sub-packages cannot be
specifically tied
the SIP message grammar.

Like all SIP method names, the SUBSCRIBE method name is case
sensitive. The SUBSCRIBE method is used to one request asynchronous
notification of an event or set of events at a few "parent" packages in such a way
that they will not work with other packages.

3.4. Event Package Responsibilities

Event packages are not required later time.

3.1.2. NOTIFY method

"NOTIFY" is added to re-iterate any the definition of the behavior
described element "Method" in this document, although they may choose to do so for
clarity or emphasis. In general, though, such packages are

Roach [Page 5]

Internet Draft SIP-Specific Event Notification July 2001

expected to describe only the behavior that extends or modifies
the behavior described in this document.

Note that any behavior designated with "SHOULD" or "MUST" in this
document SIP message grammar.

The NOTIFY method is not allowed used to be changed notify a SIP node that an event
which has been requested by extension documents;
however, such documents an earlier SUBSCRIBE method has
occurred. It may elect to strengthen "SHOULD"
requirements to "MUST" strength if required by their application.

In addition to also provide further details about the normal sections expected by "Instructions to
RFC Authors" [7] event.

3.2. New Headers

This table expands on tables 4 and "Guidelines for Authors of SIP Extensions"
[3] 5 in RFC 2543 [1] , authors of event packages should take as amended
by the following
sections into consideration.

3.4.1. Event Package Name

This mandatory section of an event package defines the token name
to be used to designate the event package. It should include the
information which appears changes described in the IANA registration of the token.
For information on registering such types, see section 7.

3.4.2. 3.1.

Header field where proxy ACK BYE CAN INV OPT REG SUB NOT
-----------------------------------------------------------------
Allow-Events g o o o o o o o o
Allow-Events 489 - - - - - - m m
Event Package Parameters

If parameters are to be used on the R - - - - - - m m
Subscription-Expires R - - - - - - - o

3.2.1. "Event" header

The following header is defined for the purposes of this
specification.

Event = ( "Event" | "o" ) ":" event-type
*(( ";" parameter-name
["=" ( token | quoted-string ) ] )
event-type = event-package *( "." event-subpackage )
event-package = token-nodot
event-subpackage = token-nodot
token-nodot = 1*( alphanum | "-" | "!" | "%" | "*"
| "_" | "+" | "`" | "'" | "~" )

Event is added to modify the
behavior definition of the event package, element "request-header"
in the syntax and semantics of such
headers must be clearly defined.

3.4.3. SUBSCRIBE Bodies

It is expected that most, but SIP message grammar.

This document does not all, event packages will define
syntax and semantics values for SUBSCRIBE method bodies; these bodies event-types. These
values will typically modify, expand, filter, throttle, and/or set
thresholds for the class of events being requested. Designers of be defined by individual event packages are strongly encouraged to re-use existing MIME
types for message bodies where practical.

This mandatory section of an event package defines what type or
types of event bodies are expected in SUBSCRIBE requests (or
specify that no event bodies are expected). It should point to
detailed definitions of syntax packages, and semantics for all referenced
body types.

3.4.4. Subscription Duration

It is recommended that event packages give a suggested range of
times considered reasonable for the duration of a subscription.
Such packages should also define a default "Expires" value to MUST be
used if none is specified.

3.4.5. NOTIFY Bodies

Roach [Page 6]

Internet Draft SIP-Specific Event Notification July November 2001

The NOTIFY body is used to report state on

registered with the resource being
monitored. Each package IANA.

There must define a what be exactly one event type or types of listed per event
bodies header.
Multiple events per message are expected in NOTIFY requests. Such packages must
specify or cite detailed specifications for disallowed.

For the syntax and
semantics associated with such event body.

Event packages also need to define which MIME type curious, the "o" short form is chosen to be
assumed if none are specified in the "Accept" represent
"occurrence."

3.2.2. "Allow-Events" Header

The following header of is defined for the
SUBSCRIBE request.

3.4.6. Subscriber generation purposes of SUBSCRIBE requests

This section this
specification.

Allow-Events = ( "Allow-Events" | "u" ) ":" 1#event-type

Allow-Events is added to the definition of an event package describes the process by which element
"general-header" in the subscriber generates and sends a SUBSCRIBE request and
processes SIP message grammar.

For the subsequent response. Such a section curious, the "u" short form is optional,
but encouraged chosen to represent
"understands."

3.2.3. "Subscription-Expires" Header

The following header is defined for the sake of clarity.

3.4.7. Notifier processing purposes of SUBSCRIBE requests

This section describes the processing this
specification.

Subscription-Expires = "Subscription-Expires" ":"
( SIP-date | delta-seconds )
*( ";" subexp-params )

subexp-params = "reason" "=" reason-code
| generic-param

reason-code = "migration"
| "maint"
| "refused"
| "timeout"
| reason-extension

reason-extension = token

Subscription-Expires is added to be performed by the
notifier upon receipt definition of a SUBSCRIBE request. Such a section the element
"request-header" in the SIP message grammar.

3.3. New Response Codes

Roach [Page 7]

Internet Draft SIP-Specific Event Notification November 2001

3.3.1. "202 Accepted" Response Code

The 202 response is
required.

3.4.8. Notifier generation of NOTIFY requests

This section of an event package describes added to the process by which "Success" header field
definition:

Success = "200" ; OK
| "202" ; Accepted

"202 Accepted" has the notifier generates and sends a NOTIFY request. It may
optionally describe same meaning as that defined in HTTP/1.1
[5] .

3.3.2. "489 Bad Event" Response Code

The 489 event response is added to the behavior "Client-Error" header
field definition:

Client-Error = "400" ; Bad Request
...
| "489" ; Bad Event

"489 Bad Event" is used to processes indicate that the subsequent
response. Such server did not
understand the event package specified in a section is required.

3.4.9. Subscriber processing of "Event" header field.

4. Node Behavior

4.1. General

Unless noted otherwise, SUBSCRIBE and NOTIFY requests

This section follow the
same protocol rules governing the usage of an event package describes tags, Route handling,
Record-Route handling, Via handling, and Contact handling as
INVITE; retransmission, reliability, CSeq handling and
provisional responses are the process followed
by same as those defined for BYE.

For the subscriber upon receipt purposes of this document, a NOTIFY request, including any
logic required to form a coherent resource state (if applicable).

3.4.10. Handling "dialog" is defined as all
messages sharing the tuple of forked requests

Each event package should specify whether forked SUBSCRIBE "To" (including tag), "From"
(including tag), and "Call-Id." As in INVITE-initiated dialogs,
requests containg no "To" tag are allowed to install multiple subscriptions. If such
behavior is not allowed, any NOTIFY messages not matching the
200-class response to the initial SUBSCRIBE message are responded also considered to with a 481.

In the case that multiple subscriptions are allowed, the event
package must specify whether merging be part of
the notifications to form same dialog as messages which contain a single state is required, "To" tag but
otherwise match.

4.1.1. Route Handling

Route and how such merging is to be
performed. Note that it Record-Route handling for SUBSCRIBE and NOTIFY dialogs
is possible that some event packages may
be defined generally the same as for INVITE and its subsequent responses.
The exact method for echoing Record-Route headers in such a way that each leg is tied responses
and using them to a mutually
exclusive state which form Route headers in subsequent requests is unaffected by
described in RFC2543 [1] . For the other legs; this must purposes of the following

Roach [Page 7] 8]

Internet Draft SIP-Specific Event Notification July November 2001

be clearly stated if it is

discussion, the case.

3.4.11. Rate of notifications

Each event package "Contact" header is expected to define a requirement
(RECOMMENDED, SHOULD or MUST strength) which defines an absolute
maximum on considered part of the rate at which notifications are allowed to be
generated by a single notifier.

Such packages may further define
"Record-Route" set.

From a throttle mechanism which
allows subscribers to further limit subscriber perspective, the rate of notification.

3.4.12. State Agents "Record-Route" headers
received in a SUBSCRIBE response are stored locally and Notifier Migration

Designers placed in
the "Route" headers for SUBSCRIBE refreshes. To support forking
of event packages should consider whether their package
can benefit from network aggregation points ("State Agents")
and/or nodes which act on behalf of other nodes. (For example,
nodes which provide state information about a resource when such
a resource is unable or unwilling to provide such state
information itself). An example of such an application is a node
which tracks SUBSCRIBE requests, "Record-Route" headers received in NOTIFY
requests MUST be echoed back in the presence NOTIFY responses; if no route
for the dialog has been established, these "Record-Route" headers
MUST be stored locally and availability of a user MUST be placed in the
network.

When state agents "Route" headers
for SUBSCRIBE refreshes.

From a notifier perspective, SUBSCRIBE request "Record-Route"
headers are used, it may make sense to allow migration
of subscriptions between state agents echoed back in the SUBSCRIBE response and stored
locally. The locally stored copy of the nodes for which
they are providing state aggregation (or even among various state
agents). Designers "Record-Route" headers is
placed in the "Route" headers when generating NOTIFY requests.

The result of packages using state agents are encouraged the forgoing rules is that proxies wishing to
remain on the signalling path for subsequent requests in the
dialog MUST include such themselves in a feature with detailed description "Record-Route" for all
requests, not just the initial SUBSCRIBE.

4.1.2. Detecting support for SUBSCRIBE and NOTIFY

Neither SUBSCRIBE nor NOTIFY necessitate the use of how such
migration "Require" or
"Proxy-Require" headers; similarly, there is performed.

Note that no token defined for
"Supported" headers. If necessary, clients may probe for the mechanism
support of sending a "NOTIFY" with an "Expires"
header SUBSCRIBE and NOTIFY using the OPTIONS request defined
in RFC2543 [1] .

The presence of "0" the "Allow-Events" header in a message is an effective way to force a subscriber
sufficient to
re-subscribe, which indicate support for SUBSCRIBE and NOTIFY.

The "methods" parameter for Contact may come in useful also be used to
specifically announce support for SUBSCRIBE and NOTIFY messages
when designing a migration
scheme.

3.4.13. Examples

Event packages should include several demonstrative message flow
diagrams paired with several typical, syntactically correct registering. (See reference [8] for details on the "methods"
parameter).

4.1.3. CANCEL requests

For the purposes of generality, both SUBSCRIBE and
complete messages.

It NOTIFY MAY be
canceled; however, doing so is recommended that documents describing event packages
clearly indicate that such examples are informative and not
normative, recommended. Successfully
cancelled SUBSCRIBE and NOTIFY requests MUST be completed with instructions that implementors refer to the main
text of a
"487 Request Cancelled" response; the draft for exact protocol details.

4. Syntax

This section describes server acts as if the syntax extensions required for event
notification in SIP. Semantics
request were never received. In general, since neither SUBSCRIBE
nor NOTIFY are described in section 5. allowed to have protracted transactions, attempts
to cancel them are expected to fail.

4.1.4. State Agents and Notifier Migration

Roach [Page 8] 9]

Internet Draft SIP-Specific Event Notification July November 2001

4.1. New Methods

This document describes two new SIP methods: "SUBSCRIBE"

When state agents (see section 5.4.11. ) are used, it is often
useful to allow migration of subscriptions between state agents
and
"NOTIFY." the nodes for which they are providing state aggregation (or
even among various state agents). Such migration may be effected
by sending a "NOTIFY" with an "Subscription-Expires" header of
"0," and a reason parameter of "migration." This table expands on tables 4 NOTIFY request
is otherwise normal, and 5 is formed as described in RFC 2543 [1] .

Roach [Page 9]

Internet Draft SIP-Specific Event Notification July 2001

Header Where SUB NOT
------ ----- --- ---
Accept R o o
Accept-Encoding R o o
Accept-Language R o o
Allow 200 - -
Allow 405 o o
Authorization R o o section 4.3.3.

Upon receipt of this NOTIFY message, the subscriber SHOULD
attempt to re-subscribe (as described in the following sections).
The resulting SUBSCRIBE message can then be proxied or redirected
to the node to which notification responsibility is passing.

4.2. Description of SUBSCRIBE Behavior

The SUBSCRIBE method is used to request current state and state
updates from a remote node.

4.2.1. Correlation to dialogs, calls, and terminals

A subscription is uniquely identified by the combination of the
To, From, and Call-ID gc m m
Contact R m m
Contact 1xx o o
Contact 2xx m o
Contact 3xx m m
Contact 485 o o
Content-Encoding e o o
Content-Length e o o
Content-Type e * *
CSeq gc m m
Date g o o
Encryption g o o
Expires g m o
From gc m m
Hide R o o
Max-Forwards R o o
Organization g o o
Priority R o o
Proxy-Authenticate 407 o o
Proxy-Authorization R o o
Proxy-Require R o o
Require R o o
Retry-After R - -
Retry-After 404,480,486 o o
Retry-After 503 o o
Retry-After 600,603 o o
Response-Key R o o
Record-Route R o o
Record-Route 2xx o o
Route R o o
Server r o o
Subject R o o
Timestamp g o o
To gc(1) m m
Unsupported 420 o o
User-Agent g o o
Via gc(2) m m
Warning r o o
WWW-Authenticate 401 o o

4.1.1. fields in the SUBSCRIBE request. Refreshes
of subscriptions SHOULD reuse the same Call-ID if possible, since
subscriptions are uniquely identified at presence servers using
the Call-ID. Two subscriptions from the same user, for the same
user, but with different Call-IDs, are considered different
subscriptions. Note this is exactly the same as usage of Call-ID
in registrations.

Initial SUBSCRIBE requests MUST contain a "tag" parameter (as
defined in RFC 2543 [1] ) in the "From" header, and MUST NOT
contain a "tag" parameter in the "To" header. Responses to
SUBSCRIBE requests MUST contain a "tag" parameter in the "To"
header.

The "tag" in the "To" header allows the subscriber to
differentiate between NOTIFY requests from different clients in
the case that the SUBSCRIBE request was forked. SUBSCRIBE
requests for re-subscription MUST contain "tag" parameters in
both the "To" and "From" headers (matching those previously
established for the dialog).

The relationship between subscriptions and (INVITE-initiated)
sessions sharing the same dialog correlation information is
undefined. Re-using dialog correlation information for
subscriptions is allowed, but sharing of such information does
not change the semantics of the INVITE session or the SUBSCRIBE
dialog.

Similarly, the relationship between a subscription in one

Roach [Page 10]

Internet Draft SIP-Specific Event Notification November 2001

direction (e.g. from node A to node B) and a subscription in the
opposite direction (from B to A) with the same dialog correlation
information is undefined. While re-using such information is
allowed, the sharing of such information does not change the
semantics of either SUBSCRIBE dialog.

4.2.2. Subscription duration

SUBSCRIBE requests SHOULD contain an "Expires" header. This
expires value indicates the duration of the subscription. The
formatting of these is described in RFC 2543. In order to keep
subscriptions effective beyond the duration communicated in the
"Expires" header, subscribers need to refresh subscriptions on a
periodic basis. This refreshing is performed in the same way as
REGISTER refreshes: the To, From, and Call-ID match those in the
SUBSCRIBE being refreshed, while the CSeq number is incremented.

If no "Expires" header is present in a SUBSCRIBE request, the
implied default is defined by the event package being used.

200-class responses to SUBSCRIBE requests also MUST contain an
"Expires" header. The period of time in the response MAY be
shorter or longer than specified in the request. The period of
time in the response is the one which defines the duration of the
subscription.

Similar to REGISTER requests, SUBSCRIBE requests may be renewed
at any time to prevent them from expiring at the end of the
"Expires" period. These renewals will contain a the same "To,"
"From," and "Call-ID" as the original request, and an incremented
"CSeq" number.

Also similar to REGISTER requests, a natural consequence of this
scheme is that a SUBSCRIBE with an "Expires" of 0 constitutes a
request to unsubscribe from an event.

Notifiers may also wish to cancel subscriptions to events; this
is useful, for example, when the resource to which a subscription
refers is no longer available. Further details on this mechanism
are discussed in section 4.3.3.

4.2.3. Identification of Subscribed Events and Event Classes

Identification of events is provided by three pieces of
information: Request URI, Event Type, and (optionally) message
body.

The Request URI of a SUBSCRIBE method request, most importantly,
contains enough information to route the request to the
appropriate entity. It also contains enough information to

Roach [Page 10] 11]

Internet Draft SIP-Specific Event Notification July November 2001

"SUBSCRIBE" is added to the definition of the element "Method" in
the SIP message grammar.

Like all SIP method names,

identify the SUBSCRIBE method name is case
sensitive. The SUBSCRIBE method is used to request asynchronous
notification of an resource for which event or set of events at a later time.

4.1.2. NOTIFY method

"NOTIFY" notification is added desired,
but not necessarily enough information to uniquely identify the definition
nature of the element "Method" in
the SIP message grammar.

The NOTIFY method is used to notify a SIP node that an event
which has been requested by (e.g. "sip:adam.roach@ericsson.com" would be
an earlier SUBSCRIBE method has
occurred. It may appropriate URI to subscribe to for my presence state; it
would also provide further details about the event.

4.2. New Headers

This table expands on tables 4 and 5 in RFC 2543 [1] , as amended
by the changes described in section 4.1.

Header field where proxy ACK BYE CAN INV OPT REG SUB NOT
-----------------------------------------------------------------
Allow-Events g o o o o o o o o
Event R - - - - - - m m
Event r - - - - - - - -

4.2.1. be an appropriate URI to subscribe to the state of my
voice mailbox).

Subscribers MUST include exactly one "Event" header in SUBSCRIBE
requests, indicating to which event or class of events they are
subscribing. The following "Event" header will contain a token which
indicates the type of state for which a subscription is defined being
requested. This token will be registered with the IANA and will
correspond to an event package which further describes the
semantics of the event or event class.

The "Event" header is considered mandatory for the purposes of
this
specification.

Event = ( document. However, to maintain compatibility with PINT (see
[3] ), servers MAY interpret a SUBSCRIBE request with no "Event" | "o" ) ":" event-type
*(( ";" parameter-name
["=" ( token | quoted-string ) ] )
event-type = event-package *( "." event-subpackage )
event-package = token-nodot
event-subpackage = token-nodot
token-nodot = 1*( alphanum | "-" | "!" | "%" | "*"
| "_" | "+" | "`" | "'" | "~" )

Event is added
header as requesting a subscription to PINT events. If the definition of
servers do not support PINT, they SHOULD return "489 Bad Event"
to any SUBSCRIBE messages without an EVENT header.

If the element "general-header"
in event package to which the SIP message grammar. event token corresponds defines
behavior associated with the body of its SUBSCRIBE requests,
those semantics apply.

4.2.4. Additional SUBSCRIBE Header Values

Each SUBSCRIBE request MUST have exactly one "Contact:" header,
to be used as part of route handling, as described in section
4.1.1.

SUBSCRIBE requests MAY contain an "Accept" header. This document does not header,
if present, indicates the body formats allowed in subsequent
NOTIFY requests. Event packages MUST define values the behavior for event-types. These
values
SUBSCRIBE requests without "Accept" headers; usually, this will
connote a single, default body type.

Header values not described in this document are to be defined by individual event packages, and MUST be
registered
interpreted as described in RFC 2543 [1] .

4.2.5. Subscriber SUBSCRIBE Behavior

4.2.5.1. Requesting a Subscription

When a subscriber wishes to subscribe to a particular state for a
resource, it forms a SUBSCRIBE message.

The dialog correlation information is formed as if for an
original INVITE: the Call-ID is a new call ID with the IANA. syntax

Roach [Page 11] 12]

Internet Draft SIP-Specific Event Notification July November 2001

Experimental event types

described in RFC 2543; the To: field indicates the subscribed
resource's persistent address (which will generally match the
Request URI used to form the message); and the From: field will
indicate the subscriber's persistent address (typically
sip:user@domain).

This SUBSCRIBE request will be confirmed with a final response.
200-class responses indicate that the subscription has been
accepted, and that a NOTIFY will be sent immediately. A 200
response indicates that the subscription has been accepted and
that the user is authorized to subscribe to the requested
resource. A 202 response merely indicates that the subscription
has been understood, and that authorization may or may not have
been granted.

The "Expires" header in a 200-class response to SUBSCRIBE
indicates the actual duration for which the subscription will
remain active (unless refreshed).

Non-200 class final responses indicate that the subscription has
not been created, and no subsequent NOTIFY message will be created by prepending an "x-"
followed by sent.
All non-200 class responses (with the organization's internet domain, with exception of "489,"
described herein) have the field
order reversed, same meanings and "." characters replaced by dashes (e.g.
"Event: x-com-ericsson-foo").

There must be exactly one event type listed per event header.
Multiple events per message are disallowed.

For handling as
described in RFC 2543 [1] .

4.2.5.2. Refreshing of Subscriptions

At any time before a subscription expires, the curious, subscriber may
refresh the "o" short form is chosen to represent
"occurrence."

4.2.2. "Allow-Events" Header timer on such a subscription by re-sending a
SUBSCRIBE request. The following header is defined handling for the purposes of this
specification.

Allow-Events = ( "Allow-Events" | "u" ) ":" 1#event-type

Allow-Events such a request is added to the definition same as
for the initial creation of a subscription except as described
below.

Subscription renewals will contain a "To" field matching the element
"general-header"
"From" field in the SIP message grammar.

For first NOTIFY request for the curious, dialog
containing the "u" short form is chosen subscription to represent
"understands."

4.3. New Response Codes

4.3.1. "202 Accepted" Response Code

The 202 response be refreshed. They will contain
the same "From" and "Call-ID" fields as the original SUBSCRIBE
request, and an incremented "CSeq" number from the original
SUBSCRIBE request. Route handling is added as discussed in section
4.1.1.

If a SUBSCRIBE request to refresh a subscription receives a "481"
response, this indicates that the "Success" header field
definition:

Success = "200" ; OK
| "202" ; Accepted

"202 Accepted" subscription has the same meaning as been
terminated and that defined in HTTP/1.1
[6] .

4.3.2. "489 Bad Event" Response Code

The 489 event response is added the subscriber did not receive notification
of this fact. In this case, the subscriber should consider the
subscription invalid. If the subscriber wishes to re-subscribe to
the "Client-Error" header
field definition:

Client-Error = "400" ; Bad Request
...
| "489" ; Bad Event state, he does so by composing an unrelated initial SUBSCRIBE
request with a freshly-generated Call-ID and a new, unique "From"
tag (see section 4.2.5.1. )

Roach [Page 12] 13]

Internet Draft SIP-Specific Event Notification July November 2001

"489 Bad Event" is used to indicate that the server did not
understand the event package specified in

If a "Event" header field.

5. Node Behavior

Unless noted otherwise, SUBSCRIBE and NOTIFY requests follow the
same protocol rules governing the usage of tags, Route,
Record-Route, Via handling, retransmission, reliability, CSeq
handling, Contact handling, provisional responses, and message
formatting as those defined in RFC 2543 [1] for BYE.

Neither SUBSCRIBE nor NOTIFY necessitate request to refresh a subscription fails, the use of "Require" or
"Proxy-Require" headers; similarly, there
original subscription is no token defined for
"Supported" headers. If necessary, clients may probe still considered valid for the
support duration
of the most recently known "Expires" value as negotiated by
SUBSCRIBE and its response, or as communicated by NOTIFY using the OPTIONS request defined in RFC2543. Note also that the presence of the "Allow-Events"
header in a message
"Subscription-Expires," except as described above.

4.2.5.3. Unsubscribing

Unsubscribing is sufficient to indicate support for
SUBSCRIBE and NOTIFY.

For handled in the purposes same way as refreshing of generality, both SUBSCRIBE and NOTIFY MAY be
canceled; however, doing so is not recommended. Successfully
cancelled SUBSCRIBE and NOTIFY requests MUST be completed with a
"487 Request Cancelled" response; the server acts as if
subscription, with the
request were never received. In general, since neither SUBSCRIBE
nor NOTIFY are allowed to have protracted transactions, attempts
to cancel them are expected to fail.

5.1. Description "Expires" header set to "0." Note that a
successful unsubscription will also trigger a final "NOTIFY".

4.2.5.4. Confirmation of SUBSCRIBE Behavior Subscription Creation

The SUBSCRIBE method is used subscriber can expect to request current state and state
updated receive a NOTIFY message from each
node which has registered a remote node.

5.1.1. Correlation to legs, calls, and terminals

A successful subscription is uniquely identified by or
subscription refresh. Until the combination of first NOTIFY message arrives, the
To, From, and Call-ID fields in
subscriber should consider the SUBSCRIBE request. Refreshes state of subscriptions SHOULD reuse the same Call-ID if possible, since
subscriptions are uniquely identified at presence servers using the Call-ID. Two subscriptions from subscribed resource
to be in a neutral state. Event packages which define new event
packages MUST define this "neutral state" in such a way that
makes sense for their application (see section 5.4.7. ).

Due to the same user, potential for both out-of-order messages and forking,
the same
user, but with different Call-IDs, are considered different
subscriptions. Note subscriber MUST be prepared to receive NOTIFY messages before
the SUBSCRIBE transaction has completed.

Except as noted above, processing of this NOTIFY is exactly the same as usage of Call-ID
in registrations.

Initial section 4.3.5.

4.2.6. Proxy SUBSCRIBE requests MUST contain a "tag" parameter (as
defined Behavior

Proxies need no additional behavior beyond that described in RFC
2543 [1] ) in to support SUBSCRIBE. If a proxy wishes to see all of
the "From" header, SUBSCRIBE and NOTIFY requests for a given dialog, it MUST
record-route all SUBSCRIBE and NOTIFY requests.

4.2.7. Notifier SUBSCRIBE Behavior

4.2.7.1. SUBSCRIBE Transaction Processing

In no case should a SUBSCRIBE transaction extend for any longer
than the time necessary for automated processing. In particular,
notifiers MUST NOT
contain wait for a user response before returning a "tag" parameter in the "To" header. Responses
final response to
SUBSCRIBE requests MUST contain a "tag" parameter in the "To"
header. SUBSCRIBE request.

The "tag" notifier SHOULD check that the event package specified in the "To"
"Event" header allows is understood. If not, the subscriber notifier SHOULD return
a "489 Bad Event" response to
differentiate between NOTIFY requests from different clients in
the case indicate that the SUBSCRIBE request was forked. SUBSCRIBE specified
event/event class is not understood.

Roach [Page 13] 14]

Internet Draft SIP-Specific Event Notification July November 2001

requests for re-subscription MUST contain "tag" parameters

The notifier SHOULD also perform any necessary authentication and
authorization per its local policy. See section 4.2.7.3.

If the SUBSCRIBE request contains a tag parameter in
both the "To" and "From" headers (matching those previously
established for
field, but the leg).

The relationship between subscriptions notifier has no record of the indicated dialog,
the notifier has two options. If the notifier is able and (INVITE-initiated)
sessions sharing willing
to reconstruct subscription state, he may accept the same call leg identification information subscription
as an initial subscription. If the notifier cannot or is
undefined. Re-using call leg information for subscriptions not
willing to reconstitute such state, it should respond with a "481
Subscription does not exist."

If the notifier is
discouraged.

Similarly, able to immediately determine that it
understands the relationship between a subscription in one
direction (e.g. from node A event package, that the authenticated subscriber
is authorized to node B) subscribe, and a that there are no other barriers
to creating the subscription, it creates the subscription and
returns a "200 OK" response, unless doing so would reveal
authorization policy in an undesirable fashion (see section 6.2.
).

If the
opposite direction (from B to A) with notifier cannot immediately create the same call leg
identification information subscription (e.g.
it needs to wait for user input for authorization, or is undefined. Re-using subscription
correlation information in two directions acting
for another node which is discouraged.

5.1.2. Subscription duration

SUBSCRIBE requests MUST contain an "Expires" header. not currently reachable), or wishes to
mask authorization policy, it will return a "202 Accepted"
response. This expires
value response indicates that the duration of request has been
received and understood, but does not necessarily imply that the subscription.
subscription has been created yet.

The formatting
of these is described in RFC 2543. In order to keep subscriptions
effective beyond the duration communicated in the "Expires"
header, subscribers need to refresh subscriptions on a periodic
basis. This refreshing is performed values present in SUBSCRIBE 200-class responses
behave in the same way as REGISTER
refreshes: the To, From, and Call-ID match those they do in REGISTER responses: the SUBSCRIBE
being refreshed, while
server MAY shorten or lengthen the CSeq number is incremented. interval.

200-class responses to SUBSCRIBE requests also MUST will not generally
contain an
"Expires" header. The period of time in the response MAY be
shorter than specified in the request, but MUST NOT be longer.
The period of time in the response is the one which defines the
duration of the subscription.

Similar to REGISTER requests, SUBSCRIBE requests may be renewed
at any time useful information beyond subscription duration;
their primary purpose is to prevent them from expiring at the end of the
"Expires" period. These renewals will contain a the same "To,"
"From," and "Call-ID" serve as the original request, and an incremented
"CSeq" number.

Also similar to REGISTER requests, a natural consequence of this
scheme is that a SUBSCRIBE with an "Expires" of 0 constitutes reliability mechanism.
State information will be communicated via a subsequent NOTIFY
request to unsubscribe from an event.

Notifiers the notifier.

The other response codes defined in RFC 2543 may also wish be used in
response to cancel subscriptions SUBSCRIBE requests, as appropriate.

4.2.7.2. Confirmation of Subscription Creation/Refreshing

Upon successfully accepting or refreshing of a subscription,
notifiers MUST send a NOTIFY message immediately to events; this
is useful, for example, when communicate
the current resource state to which a subscription
refers is the subscriber. If the resource has
no longer available. Further details on meaningful state at the time that the SUBSCRIBE message is
processed, this mechanism
are discussed in NOTIFY message MAY contain an empty or neutral
body. See section 5.2.3.

5.1.3. Identification of Subscribed Events and Event Classes

Identification of events is provided by three pieces of 4.3.3. for further details on NOTIFY message
generation.

Roach [Page 14] 15]

Internet Draft SIP-Specific Event Notification July November 2001

information: Request URI, Event Type, and (optionally)

Note that a NOTIFY message
body.

The Request URI of is always sent immediately after any
200-class response to a SUBSCRIBE request, most importantly,
contains enough information regardless of whether
the subscription has already been authorized.

4.2.7.3. Authentication/Authorization of SUBSCRIBE requests

Privacy concerns may require that notifiers either use access
lists or ask the notifier owner, on a per-subscription basis,
whether a particular remote node is authorized to subscribe to a
certain set of events. In general, authorization of users prior
to authentication is not particularly useful.

SIP authentication mechanisms are discussed in RFC2543 [1] . Note
that, even if the notifier node typically acts as a proxy,
authentication for SUBSCRIBE requests will always be performed
via a "401" response, not a "407;" notifiers always act as a user
agents when accepting subscriptions and sending notifications.

If authorization fails based on an access list or some other
automated mechanism (i.e. it can be automatically authoritatively
determined that the subscriber is not authorized to route subscribe),
the request notifier SHOULD reply to the
appropriate entity. It also contains enough request with a "403 Forbidden"
or "603 Decline" response, unless doing so might reveal
information to
identify that should stay private; see section 6.2.

If the resource for which event notification notifier owner is desired,
but not necessarily enough information interactively queried to uniquely identify determine
whether a subscription is allowed, a "202 Accept" response is
returned immediately. Note that a NOTIFY message is still formed
and sent under these circumstances, as described in the
nature of previous
section.

If subscription authorization was delayed and the event (e.g. "sip:adam.roach@ericsson.com" would be
an appropriate URI to subscribe notifier wishes
to for my presence state; convey that such authorization has been declined, it
would also be an appropriate URI to subscribe to the state of my
voice mailbox).

Subscribers MUST include exactly one "Event" may do so
by sending a NOTIFY message containting a "Subscription-Expires"
header in SUBSCRIBE
requests, indicating to which event or class with a value of events they are
subscribing. The "Event" header will contain "0" and a single opaque
token which identifies the event or class reason parameter of events for which "refused."

4.2.7.4. Refreshing of Subscriptions

When a notifier receives a subscription refresh, assuming that
the subscriber is being requested. This token will be registered
with still authorized, the IANA and will correspond to an event package which
further describes notifier updates the semantics of
expiration time for subscription. As with the event initial
subscription, the server MAY shorten or event class. increase the amount of
time until expiration. The "Event" header final expiration time is considered mandatory placed in the
"Expires" header in the response.

If no refresh for a notification address is received before its
expiration time, the purposes of
this document. However, to maintain compatibility with PINT (see
[4] ), servers subscription is removed. When removing a
subscription, the notifier MAY interpret send a SUBSCRIBE request NOTIFY message with no "Event"
header as requesting a subscription
"Subscription-Expires" value of "0" to PINT events. inform it that the
subscription is being removed. If such a message is sent, the
servers do not support PINT, they

Roach [Page 16]

Internet Draft SIP-Specific Event Notification November 2001

"Subscription-Expires" header SHOULD return "489 Bad Event"
to any SUBSCRIBE contain a "reason=timeout"
parameter.

4.3. Description of NOTIFY Behavior

NOTIFY messages without an EVENT header.

If the event package are sent to inform subscribers of changes in
state to which the event token corresponds defines
behavior associated with subscriber has a subscription. Subscriptions
are typically put in place using the body of its SUBSCRIBE requests, method; however,
it is possible that other means have been used.

If any non-SUBSCRIBE mechanisms are defined to create
subscriptions, it is the responsibility of the parties defining
those semantics apply.

5.1.4. Additional SUBSCRIBE Header Values

The "Contact:" header in mechanisms to ensure that correlation of a SUBSCRIBE message will contain
information about where resulting NOTIFY requests message
to the corresponding subscription is possible. Designers of such
mechanisms are also warned to be sent.
Each SUBSCRIBE request must have exactly one "Contact:" header.

SUBSCRIBE requests MAY contain an "Accept" header. This header,
if present, indicates make a distinction between sending
a NOTIFY message to a subscriber who is aware of the body formats allowed in subsequent
subscription, and sending a NOTIFY requests. Event packages MUST define the message to an unsuspecting
node. The latter behavior for
SUBSCRIBE requests without "Accept" headers; usually, this will
connote is invalid, and MUST receive a single, default body type.

Header values "481
Subscription does not described in this document are to be
interpreted exist" response (unless some other 400- or
500-class error code is more applicable), as described in RFC 2543 [1] .

5.1.5. Subscriber SUBSCRIBE Behavior

5.1.5.1. Requesting a Subscription

Roach [Page 15]

Internet Draft SIP-Specific Event Notification July 2001

When section
4.3.5. In other words, knowlege of a subscription must exist in
both the subscriber wishes to subscribe and the notifier to (or refresh be valid, even if
installed via a
subscription to) an event class, he forms non-SUBSCRIBE mechanism.

A NOTIFY does not cancel its corresponding subscription; in other
words, a single SUBSCRIBE message.

The call leg information is formed as if for an original INVITE: request may trigger several NOTIFY
requests.

4.3.1. Correlation

NOTIFY requests MUST contain the same Call-ID is a new call ID with as the syntax described in RFC
2543; SUBSCRIBE
request which ordered them; the To: "To" field indicates MUST match the subscribed resource's
persistent address (which will generally "From"
field in the SUBSCRIBE that ordered them, and the "From" field
MUST match the Request URI
used "To" field that was sent in the 200-class response
to form the message); and SUBSCRIBE. In other words, NOTIFY requests MUST be in the From:
same dialog as the SUBSCRIBE that ordered them.

The From field will indicate of a NOTIFY request, like the
subscriber's persistent address (typically sip:user@machine for
UAs, or sip:machine "To" field of a
SUBSCRIBE response, MUST contain a tag; this allows for other entities).

This the
subscriber to differentiate between events from different
notifiers.

Successful SUBSCRIBE request requests will be confirmed with a final response. receive only one 200-class responses indicate that
response; however, due to forking, the subscription may have been
accepted by multiple nodes. The subscriber will MUST therefore be
receiving a confirmation of subscription
prepared to receive NOTIFY requests with "From:" tags which
differ from the "To:" tag received in the form of a SUBSCRIBE 200-class
response.

If multiple NOTIFY
message. A 200 messages are received in response can be interpreted to mean that the
requested subscription has succeeded and that a NOTIFY is single

Roach [Page 17]

Internet Draft SIP-Specific Event Notification November 2001

SUBSCRIBE message, they represent different destinations to be
expected immediately. A 202 response indicates that there may be
a sizable delay before a notification is received, pending which
the
actual creation of SUBSCRIBE request was forked. Unless the subscription. For most implementations,
there will be no difference in handling these two response codes.

The "Expires" header in event package
specifies otherwise, the subscriber may either accept all such
notifications as representing different dialogs (which are then
refreshed separately), or send a 200-class 481 response to SUBSCRIBE
indicates the actual duration for which the subscription will
remain active (unless refreshed).

Non-200 class final responses indicate any NOTIFYs on
dialogs that the subscription has it does not been created, and no subsequent NOTIFY message will be sent.
All non-200 class responses (with the exception of "489,"
described herein) have the same meanings and handling as
described want to keep alive.

As expected, CSeq spaces are unique for each node; in RFC 2543 [1] .

5.1.5.2. Refreshing of Subscriptions

At any time before other
words, the notifier uses a subscription expires, different CSeq space than the
subscriber may
refresh the timer on such and any other notifiers.

4.3.2. Identification of reported events, event classes, and current
state

Identification of events being reported in a notification is very
similar to that described for subscription by re-sending a
SUBSCRIBE request. to events (see section
4.2.3. ).

The handling for such Request URI of a NOTIFY request contains enough information
to route the request to the party which is subscribed to receive
notifications. It is derived from the "Contact" header present in
the corresponding SUBSCRIBE request.

If the same as events for different resources are being subscribed
to, implementors are expected to use different dialogs in order
to be able to differentiate between notifications for them,
unless the initial creation of a subscription, with body for the exception
that these renewals event contains enough information for
this correlation.

As in SUBSCRIBE requests, NOTIFY "Event" headers will contain a
single token which identifies the same "To," "From," and
"Call-ID" as the original SUBSCRIBE request, and an incremented
"CSeq" number.

If event or class of events for
which a SUBSCRIBE request notification is being generated.

If the event package to refresh a subscription fails, which the
original subscription event token corresponds defines
behavior associated with the body of its NOTIFY requests, those
semantics apply. This information is still considered valid for expected to provide
additional details about the duration nature of the most recently known "Expires" value as negotiated by
SUBSCRIBE event which has
occurred and its response, or as communicated by NOTIFY.

5.1.5.3. Unsubscribing

Unsubscribing the resultant resource state.

When present, the body of the NOTIFY request MUST be formatted
into one of the body formats specified in the "Accept" header of
the corresponding SUBSCRIBE request.

4.3.3. Notifier NOTIFY Behavior

When a SUBSCRIBE request is handled successfully processed or a relevant
change in the same way as refreshing of subscribed state occurs, the notifier will
immediately construct and send a NOTIFY request to the
subscriber(s), per standard Route/Record-Route handling, as
described in section 4.1.1.

Roach [Page 16] 18]

Internet Draft SIP-Specific Event Notification July November 2001

subscription, with

If the "Expires" header set notifier is able, through any means, to "0." Note determine that a
successful unsubscription will also trigger a final "NOTIFY".

5.1.5.4. Confirmation of Subscription Creation

The the
subscriber can expect is no longer available to receive notifications, it
MAY elect to not send a notification. An example of a method by
which such information may be known is the "SIP for Presence"
event set (see [4] ).

A NOTIFY message from each
node request is considered failed if the response times out,
or a non-200 class response code is received which has registered a successful subscription or
subscription refresh. Until no
"Retry-After" header and no implied further action which can be
taken to retry the request (e.g. "401 Authorization Required.")

If the first NOTIFY message(s) arrive, request fails (as defined above) due to a timeout
condition, and the subscriber should consider subscription was installed using a soft-state
mechanism (such as SIP signalling), the state of notifier SHOULD remove
the subscribed
resource subscription.

If the NOTIFY request fails (as defined above) due to be in an undefined state. Event packages which define
new event packages MUST define this "undefined state" in such error
response, and the subscription was installed using a
way that makes sense for their application.

Due to soft-state
mechanism, the potential for both out-of-order messages and forking, notifier MUST remove the corresponding
subscription.

If a NOTIFY request receives a 481 response, the subscriber notifier MUST be prepared to receive NOTIFY messages before
remove the SUBSCRIBE transaction has completed.

Except corresponding subscription even if such subscription
was installed by non-SUBSCRIBE means (such as noted above, processing of this an administrative
interface).

NOTIFY is requests SHOULD contain an "Subscription-Expires" header
which indicates the same as remaining duration of the subscription (such
a header is useful in section 5.2.5.

5.1.6. Proxy case the SUBSCRIBE Behavior

Proxies need no additional behavior beyond that described in RFC
2543 [1] request forks, since
the response to support SUBSCRIBE. Note a forked subscribe -- which contains the "Expire"
header that SIP proxies specifies the agreed-upon expiration time -- may also act
as subscribers or notifiers, as appropriate; under these
circumstances, they will act as described in 5.1.5. and 5.1.7.

5.1.7. Notifier SUBSCRIBE Behavior

5.1.7.1. SUBSCRIBE Transaction Processing

In no case should a SUBSCRIBE transaction extend for any longer
than not
be received by the subscriber). The notifier SHOULD use this
header to adjust the time necessary for automated processing. In particular,
notifiers remaining on the subscription; however,
this mechanism MUST NOT wait for a user response before returning a
final response not be used to lengthen a SUBSCRIBE request. subscription, only
to shorten it. The notifier SHOULD check may inform a subscriber that a
subscription has been removed by sending a NOTIFY message with an
"Subscription-Expires" value of "0."

If the event package specified in duration of a subscription has been shortened or
terminated by the
"Event" "Subscription-Expires" header is understood. If not, as compared to
the notifier SHOULD return
a "489 Bad Event" most recent 200-class SUBSCRIBE response to indicate sent, that the specified
event/event class is not understood.

The notifier header
SHOULD also perform any necessary authentication and
authorization per its local policy. See section 5.1.7.3.

If include a "reason" parameter indicating the reason that
such action was taken. Currently, four such values are defined:
"migration" indicates that the node acting as notifier is able
transferring responsibility for maintaing such state information
to immediately determine that it
understands the event package, another node; this only makes sense when subscriptions are
terminated, not when they are shortened. "Maint" indicates that
the authenticated subscriber subscription is authorized being truncated or terminated due to subscribe, server
maintainance, and "refused" indicates that there are no other barriers
to creating the subscriptions, it creates the subscription and
returns a "200 OK" response. has

Roach [Page 17] 19]

Internet Draft SIP-Specific Event Notification July November 2001

been removed or shortened administratively (e.g. by a change in
ACL policy). Finally, if the notifier cannot immediately create the subscription (e.g.
it needs elects to wait for user input for authorization, or is acting
for another node which is not currently reachable), it will
return send a "202 Accepted" response. This response indicates that
the request has been received and understood, but that no action
has yet taken place.

The "Expires" values present in SUBSCRIBE 200-class responses
behave in NOTIFY
upon timeout of the same way as subscription, they do in REGISTER responses: the
server MAY shorten the interval, but MUST not increase it.

200-class responses to SUBSCRIBE requests will not generally
contain any useful information beyond subscription duration;
their primary purpose is to serve as SHOULD include a reliability mechanism.
State information will be communicated via
"Subscription-Expires" header with a subsequent value of "0" and a reason
parameter of "timeout."

4.3.4. Proxy NOTIFY
request from the notifier.

The other response codes defined Behavior

Proxies need no additional behavior beyond that described in RFC
2543 may be used in
response [1] to SUBSCRIBE requests, as appropriate.

5.1.7.2. Confirmation of Subscription Creation/Refreshing

Upon successful creation or refreshing support NOTIFY. If a proxy wishes to see all of the
SUBSCRIBE and NOTIFY requests for a subscription,
notifiers given dialog, it MUST send
record-route all SUBSCRIBE and NOTIFY requests.

4.3.5. Subscriber NOTIFY Behavior

Upon receiving a NOTIFY message as soon as practical to
communicate the current resource state to the subscriber. If request, the
resource has no meaningful state subscriber should check that
it matches at least one of its outstanding subscriptions; if not,
it MUST return a "481 Subscription does not exist" response
unless another 400- or 500-class response is more appropriate.

If, for some reason, the time that event package designated in the SUBSCRIBE
message "Event"
header of the NOTIFY request is processed, this not supported, the subscriber
will respond with a "489 Bad Event" response.

To prevent spoofing of events, NOTIFY message requests MAY contain an empty
body. See section 5.2.3. for further details on be
authenticated, using any defined SIP authentication mechanism.

NOTIFY message
generation.

If requests SHOULD contain "Subscription-Expires" headers
which indicate the response to time remaining on the SUBSCRIBE message was 202, subscription. If this initial
NOTIFY will serve as indication that the subscription has finally
been processed. In the case that
header is present, the subscription has not been
created (e.g. subscriber SHOULD take it as the notifier was waiting for authorization
authoritative duration and such
authorization failed), the notifier SHOULD indicate to adjust accordingly. If an expires
value of "0" is present, the subscriber that should consider the
subscription does has not been created by
setting terminated.

When the "Expires" header to "0" in this initial NOTIFY
response.

5.1.7.3. Authentication/Authorization of SUBSCRIBE requests

Privacy concerns may require that notifiers either use access
lists subscription is terminated or ask shortened using the notifier owner, on a per-subscription basis,
whether
"Subscription-Expires" mechanism, there SHOULD be a particular remote node reason
parameter present. If it is authorized to subscribe present and the subscriber is still
interested in receiving updates to a
certain the state information, the
subscriber SHOULD attempt re-subscribe upon expiration if it is
set of events. In general, authorization of users prior to authentication "migration," "timeout," is not particularly useful.

SIP authentication mechanisms are discussed in RFC2543 [1] . Note
that, even if present, or is set to an
unknown value. Such a resubscription will be completely
independant of the notifier node typically acts as original subscription, and will not share a proxy,
authentication for SUBSCRIBE requests
dialog with it; it will always be performed generated as described in section
4.2.5.1.

If the "reason" parameter on a "Subscription-Expires" header is
set to either "maint" or "refused," the subscriber SHOULD NOT
attempt re-subscription.

Once the notification is deemed acceptable to the subscriber, the

Roach [Page 18] 20]

Internet Draft SIP-Specific Event Notification July November 2001

via

subscriber SHOULD return a "401" response, 200 response. In general, it is not a "407;" notifiers always act
expected that NOTIFY responses will contain bodies; however, they
MAY, if the NOTIFY request contained an "Accept" header.

Other responses defined in RFC 2543 [1] may also be returned, as
appropriate.

4.4. Polling Resource State

A natural consequence of the behavior described in the preceding
sections is that an immediate fetch without a user
agents when accepting subscriptions and persistent
subscription may be effected by sending notifications.

If authorization fails based on an access list or some other
automated mechanism (i.e. it can be automatically authoritatively
determined that the subscriber appropriate SUBSCRIBE
with an "Expires" of 0.

Of course, an immediate fetch while a subscription is not authorized to subscribe), active may
be effected by sending an appropriate SUBSCRIBE with an "Expires"
greater than 0.

Upon receipt of this SUBSCRIBE request, the notifier SHOULD reply to (or
notifiers, if the SUBSCRIBE request with was forked) will send a "403 Forbidden"
or "603 Decline" response, as appropriate. Depending on
NOTIFY request containing resource state to the
situation, such a response may have security implications; address in the
SUBSCRIBE "Contact" field. Note that normal Route and
Record-Route handle still applies; see section 6.

If 4.1.1.

4.5. Allow-Events header usage

The "Allow-Events" header, if present, includes a list of tokens
which indicates the notifier owner is interactively queried to determine
whether event packages supported by the client (if
sent in a subscription is allowed, request) or server (if sent in a "202 Accept" response response). In other
words, a node sending an "Allow-Events" header is
returned immediately, advertising
that it can process SUBSCRIBE requests and the subsequent generate NOTIFY request is
suppressed until the notifier owner responds.

5.1.7.4. Refreshing
requests for all of Subscriptions

When a notifier receives a subscription refresh, assuming that the subscriber event packages listed in that header.

Any node implementing one or more event packages SHOULD include
an appropriate "Allow-Events" header indicating all supported
events in INVITE requests and responses, OPTIONS responses, and
REGISTER requests. "Allow-Events" headers MAY be included in any
other type of request or response.

This information is still authorized, the notifier updates the
expiration time very useful, for the "Contact:" address present example, in allowing user
agents to render particular interface elements appropriately
according to whether the
SUBSCRIBE. As with the initial subscription, events required to implement the server MAY lower
features they represent are supported by the amount appropriate nodes.

Note that "Allow-Events" headers MUST NOT be inserted by proxies.

5. Event Packages

This section covers several issues which should be taken into
consideration when event packages based on SUBSCRIBE and NOTIFY

Roach [Page 21]

Internet Draft SIP-Specific Event Notification November 2001

are proposed.

5.1. Appropriateness of time until expiration, but MUST NOT increase it.
The final expiration time is placed in Usage

When designing an event package using the Expires header methods described in the
response.

If no refresh
this draft for a notification address is received before its
expiration time, that address event notification, it is removed from the list of
addresses. When removing a contact, the notifier MAY send a
NOTIFY message important to that contact with consider:
is SIP an "Expires" value of "0" to
inform it that appropriate mechanism for the subscription is problem set? Is SIP being removed.
selected because of some unique feature provided by the protocol
(e.g. user mobility), or merely because "it can be done?" If all
notification addresses are removed, you
find yourself defining event packages for notifications related
to, for example, network management or the entire subscription is
deleted.

5.2. Description of NOTIFY Behavior

NOTIFY messages are sent temperature inside
your car's engine, you may want to inform subscribers reconsider your selection of changes
protocols.

Those interested in
state to which extending the subscriber has a subscription. Subscriptions
are typically put mechanism defined in place using the SUBSCRIBE method; however,
it is possible that other means have been used.

If any non-SUBSCRIBE mechanisms this
document are defined urged to create
subscriptions, read "Guidelines for Authors of SIP
Extensions" [2] for further guidance regarding appropriate uses
of SIP.

Further, it is the responsibility of the parties defining
those mechanisms to ensure expected that correlation of a NOTIFY message this mechanism is not to be used in
applications where the corresponding subscription frequency of reportable events is
excessively rapid (e.g. more than about once per second). A SIP
network is possible. Designers of such
mechanisms are also warned generally going to make be provisioned for a distinction between reasonable
signalling volume; sending a NOTIFY message to notification every time a subscriber who is aware user's GPS
position changes by one hundreth of the
subscription, and sending a NOTIFY message second could easily
overload such a network.

5.2. Sub-packages

Normal event packages define a set of state applied to an unsuspecting
node. The latter behavior is invalid, and MUST receive a "481
Subscription does not exist" response (unless some other 400- or

Roach [Page 19]

Internet Draft SIP-Specific Event Notification July 2001

500-class error code is more applicable), specific
type of resource, such as described in section
5.2.5. In other words, subscriptions must exist in both the
subscriber user presence, call state, and the notifier to be valid, even if installed via a
non-SUBSCRIBE mechanism.

A NOTIFY does not cancel its corresponding subscription; in other
words,
messaging mailbox state.

Sub-packages are a single SUBSCRIBE request may trigger several NOTIFY
requests.

5.2.1. Correlation

NOTIFY requests MUST contain the same Call-ID, local URI, and
remote URI as the SUBSCRIBE request which ordered them. This is
the same set special type of criteria that package which define a call leg.

The From field set of a NOTIFY request MUST contain a tag; this
allows for the subscriber to differentiate between events from
different notifiers.

Successful SUBSCRIBE requests will receive only one 200-class
response; however, due
state applied to forking, the subscription may have been
accepted by multiple nodes. The other packages, such as statistics, access
policy, and subscriber MUST therefore lists. Sub-packages may even be
prepared applied to receive NOTIFY requests with "From:" tags which
differ from the "To:" tag received in
other sub-packages.

To extend the SUBSCRIBE 200-class
response.

Handling object-oriented analogy made earlier, sub-packages
can be thought of the situation in as templatized C++ packages which multiple distinct NOTIFY
requests are received for must be
applied to other packages to be useful.

The name of a SUBSCRIBE sub-package as applied to a package is still an open issue; see
section 8.2.

As expected, CSeq spaces are unique for each node; in other
words, formed by
appending a period followed by the notifier uses sub-package name to the end of
the package. For example, if a different CSeq space than subpackage called "watcherinfo"
were being applied to a package called "presence," the
subscriber event
token used in "Event" and "Allow-Events" would be
"presence.watcherinfo".

Sub-packages must be defined so that they can be applied to any

Roach [Page 22]

Internet Draft SIP-Specific Event Notification November 2001

arbitrary package. In other notifiers.

5.2.2. Identification words, sub-packages cannot be
specifically tied to one or a few "parent" packages in such a way
that they will not work with other packages.

5.3. Amount of reported events, State to be Conveyed

When designing event classes, and current
state

Identification packages, it is important to consider the
type of events being reported in information which will be conveyed during a notification notification.

A natural temptation is very
similar to that described for subscription to events (see section
5.1.3. ).

The Request URI convey merely the event (e.g. "a new
voice message just arrived") without accompanying state (e.g. "7
total voice messages"). This complicates implementation of a NOTIFY request contains enough information
subscribing entities (since they have to route maintain complete state
for the request entity to the party which they have subscribed), and also is subscribed
particularly susceptible to receive
notifications. It is derived from the "Contact" header present in
the corresponding SUBSCRIBE request.

If the same events for different resources are being subscribed
to, implementors synchronization problems.

There are expected two possible solutions to use different "Call Legs" (To,
From, Call-ID) in order this problem that event
packages may choose to be able implement.

5.3.1. Complete State Information

For packages which typically convey state information that is
reasonably small (on the order of 1 kb or so), it is suggested
that event packages are designed so as to differentiate between
notifications for them, unless send complete state
information when an event occurs.

In the body circumstances that state may not be sufficient for a
particular class of events, the event contains

Roach [Page 20]

Internet Draft SIP-Specific Event Notification July 2001

enough packages should include
complete state information for this correlation.

As in SUBSCRIBE requests, NOTIFY "Event" headers will contain a
single opaque token which identifies along with the event or class of events
for which a notification that occurred.
For example, "no customer service representatives available" may
not be as useful "no customer service representatives available;
representative sip:46@cs.xyz.int just logged off".

5.3.2. State Deltas

In the case that the state information to be conveyed is being generated.

If large,
the event package may choose to detail a scheme by which the event token corresponds defines
behavior associated with the body NOTIFY
messages contain state deltas instead of its complete state.

Such a scheme would work as follows: any NOTIFY requests, those
semantics apply. This information is expected sent in immediate
response to provide
additional details about the nature a SUBSCRIBE contains full state information. NOTIFY
messages sent because of a state change will contain only the event which
state information that has
occurred and changed; the resultant resource state.

When present, subscriber will then
merge this information into its current knowledge about the body state
of the NOTIFY request resource.

Any event package that supports delta changes to states MUST be formatted
into use
a payload which contains a version number that increases by
exactly one of for each NOTIFY message. Note that the body formats specified state version
number appears in the "Accept" header body of the corresponding SUBSCRIBE request. The formatting rules and
behavior when no "Accept" header message, not in a SIP header.

Roach [Page 23]

Internet Draft SIP-Specific Event Notification November 2001

If a NOTIFY arrives that has a version number that is present are expected to be
defined incremented
by more than one, the document which describes subscriber knows that a state delta has
been missed; it ignores the relevant event
package.

5.2.3. Notifier NOTIFY Behavior

When a SUBSCRIBE request is successfully processed or a relevant
change in message containing the subscribed state occurs,
delta (except for the notifier will
construct version number, which it retains to detect
message loss), and send re-sends a SUBSCRIBE to force a NOTIFY request
containing a complete state snapshot.

5.4. Event Package Responsibilities

Event packages are not required to the subscriber(s), as
specified in the "Contact" field re-iterate any of the SUBSCRIBE request. Such a
message should be sent behavior
described in as timely a manner as is practical.

If the notifier is able, through any means, this document, although they may choose to determine do so for
clarity or emphasis. In general, though, such packages are
expected to describe only the behavior that extends or modifies
the
subscriber is no longer available to receive notifications, it
MAY elect to behavior described in this document.

Note that any behavior designated with "SHOULD" or "MUST" in this
document is not send a notification. An example of a method allowed to be changed by
which extension documents;
however, such information documents may be known is elect to strengthen "SHOULD"
requirements to "MUST" strength if required by their application.

In addition to the "SIP normal sections expected by "Instructions to
RFC Authors" [6] and "Guidelines for Presence" Authors of SIP Extensions"
[2] , authors of event set (see [5] ).

If the original subscription contained a "Record-Route" header,
notifications are sent according to packages MUST address each of the rules outlined issues
detailed in RFC
2543 [1] , as if the SUBSCRIBE were following subsections, whenever applicable.

5.4.1. Event Package Name

This mandatory section of an INVITE, and event package defines the NOTIFY
were any subsequent message (e.g. BYE).

Notify requests MUST contain a "Contact" header. This contact
header is token name
to be used by to designate the subscriber in building "Route" headers for
subsequent subscriptions (i.e. refreshes).

A NOTIFY request is considered failed if event package. It MUST include the response times out,
or a non-200 class response code is received which has no
"Retry-After" header and no implied further action
information which can be
taken to retry appears in the request (e.g. "401 Authorization Required.") IANA registration of the token.
For information on registering such types, see section 7.

5.4.2. Event Package Parameters

If parameters are to be used on the NOTIFY request fails (as defined above), "Event" header to modify the notifier MUST
remove
behavior of the contact from event package, the syntax and semantics of such
headers must be clearly defined.

5.4.3. SUBSCRIBE Bodies

It is expected that most, but not all, event packages will define
syntax and semantics for SUBSCRIBE method bodies; these bodies
will typically modify, expand, filter, throttle, and/or set
thresholds for the appropriate subscription. If removal class of the contact leaves no remaining contacts, the entire events being requested. Designers of
event packages are strongly encouraged to re-use existing MIME
types for message bodies where practical.

This mandatory section of an event package defines what type or
types of event bodies are expected in SUBSCRIBE requests (or

Roach [Page 21] 24]

Internet Draft SIP-Specific Event Notification July November 2001

subscription

specify that no event bodies are expected). It should point to
detailed definitions of syntax and semantics for all referenced
body types.

5.4.4. Subscription Duration

It is removed.

NOTIFY requests MAY contain an "Expires" header which indicates recommended that event packages give a suggested range of
times considered reasonable for the remaining duration of the a subscription. The notifier MAY use
this header to adjust the time remaining on the subscription;
however, this mechanism
Such packages MUST not be used to lengthen a
subscription, only to shorten it. The notifier may inform a
subscriber that a subscription has been removed by sending also define a
NOTIFY message with an default "Expires" value of "0."

5.2.4. Proxy NOTIFY Behavior

Proxies need no additional behavior beyond that described in RFC
2543 [1] to support NOTIFY.

5.2.5. Subscriber be
used if none is specified.

5.4.5. NOTIFY Behavior

Upon receiving a Bodies

The NOTIFY request, body is used to report state on the subscriber should check that
it matches at least one of its outstanding subscriptions; if not,
it MUST return resource being
monitored. Each package must define a "481 Subscription does not exist" response
unless another 400- what type or types of event
bodies are expected in NOTIFY requests. Such packages must
specify or 500-class response is more appropriate.

If, cite detailed specifications for some reason, the syntax and
semantics associated with such event package designated body.

Event packages also need to define which MIME type is to be
assumed if none are specified in the "Event" "Accept" header of the NOTIFY request is not supported, the subscriber
will respond with a "489 Bad Event" response.

To prevent spoofing
SUBSCRIBE request.

5.4.6. Notifier processing of events, NOTIFY requests MAY be
authenticated, using any defined SIP authentication mechanism.

NOTIFY SUBSCRIBE requests may contain "Expires" headers which indicate the
time remaining on the subscription. If this header is present,

This section describes the subscriber SHOULD take it as processing to be performed by the authoritative duration and
adjust accordingly. If an expires value
notifier upon receipt of "0" is present, the
subscriber should consider the subscription terminated. Note that
this does not prevent the subscriber from re-sending a SUBSCRIBE
if he wishes to re-initiate the subscription.

Once the notification request. Such a section is deemed acceptable
required.

Information in this section includes details of how to
authenticate subscribers and authorization issues for the subscriber, the
subscriber SHOULD return a 200 response. In general, it is not
expected that NOTIFY
package. Such authorization issues may include, for example,
whether all SUBSCRIBE requests for this package are answered with
202 responses will contain bodies; however, they
MAY, if the (see section 6.2. ).

5.4.7. Notifier generation of NOTIFY request contained requests

This section of an "Accept" header.

Other responses defined in RFC 2543 [1] may also event package describes the process by which
the notifier generates and sends a NOTIFY request. This includes
detailed information about what events cause a NOTIFY to be returned, as
appropriate.

Event packages should describe appropriate handling for sent,
how to compute the
situation state information in which NOTIFY requests are received from multiple
notifiers. In general, such handling will involve a simple
merging of the received NOTIFY, how to
generate "neutral" or "fake" state information to hide
authorization delays and decisions from users, and whether state
information is complete or deltas for notifications into (see section
5.3. )

It may optionally describe the behavior used to processes the
subsequent response. Such a single, overall
state. section is required.

5.4.8. Subscriber processing of NOTIFY requests

Roach [Page 22] 25]

Internet Draft SIP-Specific Event Notification July November 2001

5.3. Polling Resource State

A natural consequence of the behavior described in the preceding
sections is that an immediate fetch without a persistent
subscription may be effected by sending an appropriate SUBSCRIBE
with an "Expires"

This section of 0.

Of course, an immediate fetch while a subscription is active may
be effected event package describes the process followed
by sending an appropriate SUBSCRIBE with an "Expires"
greater than 0.

Upon the subscriber upon receipt of this SUBSCRIBE request, the notifier (or
notifiers, if the SUBSCRIBE request was forked) will send a NOTIFY request containing request, including any
logic required to form a coherent resource state (if applicable).

5.4.9. Handling of forked requests

Each event package should specify whether forked SUBSCRIBE
requests are allowed to install multiple subscriptions. If such
behavior is not allowed, any NOTIFY messages not matching the address in
200-class response to the initial SUBSCRIBE "Contact" field.

5.4. Allow-Events header usage

The "Allow-Events" header, if present, includes message are responded
to with a list of tokens
which indicates 481.

In the case that multiple subscriptions are allowed, the event packages supported by
package must specify whether merging of the client (if
sent in a request) or server (if sent in a response). In other
words, notifications to form
a node sending an "Allow-Events" header single state is advertising required, and how such merging is to be
performed. Note that it can process SUBSCRIBE requests and generate NOTIFY
requests for all of the is possible that some event packages listed may
be defined in such a way that header.

Any node implementing one or more each dialog is tied to a mutually
exclusive state which is unaffected by the other dialogs; this
must be clearly stated if it is the case.

5.4.10. Rate of notifications

Each event packages package is expected to define a requirement
(RECOMMENDED, SHOULD include or MUST strength) which defines an appropriate "Allow-Events" header indicating all supported
events in INVITE requests and responses, OPTIONS responses, and
REGISTER requests. "Allow-Events" headers MAY absolute
maximum on the rate at which notifications are allowed to be included in any
other type
generated by a single notifier.

Such packages may further define a throttle mechanism which
allows subscribers to further limit the rate of request notification.

5.4.11. State Agents

Designers of event packages should consider whether their package
can benefit from network aggregation points ("State Agents")
and/or nodes which act on behalf of other nodes. (For example,
nodes which provide state information about a resource when such
a resource is unable or response.

This unwilling to provide such state
information itself). An example of such an application is very useful, for example, in allowing a node
which tracks the presence and availability of a user
agents to render particular interface elements appropriately
according in the
network.

If state agents are to whether be used by the events required to implement package, the
features package must
specify how such state agents aggregate information and how they represent
provide authentication and authorization.

5.4.12. Examples

Event packages should include several demonstrative message flow
diagrams paired with several typical, syntactically correct and

Roach [Page 26]

Internet Draft SIP-Specific Event Notification November 2001

complete messages.

It is recommended that documents describing event packages
clearly indicate that such examples are supported by informative and not
normative, with instructions that implementors refer to the appropriate nodes. main
text of the draft for exact protocol details.

6. Security Considerations

6.1. Access Control

The ability to accept subscriptions should be under the direct
control of the user, since many types of events may be considered
sensitive for the purposes of privacy. Similarly, the notifier
should have the ability to selectively reject subscriptions based
on the calling party (based on access control lists), and/or using
standard SIP authentication mechanisms. The methods for creation
and distribution of such access control lists is outside the
scope of this draft.

6.2. Release of Sensitive Policy Information

The mere act of returning a "403 Forbidden" 200 or "603 Decline"
response code certain 4xx and 6xx responses
to a SUBSCRIBE request requests may, under certain very rare

Roach [Page 23]

Internet Draft SIP-Specific Event Notification July 2001 circumstances, create
privacy concerns. Similarly, a delay in the
initial notification may create the same concerns. concerns by revealing sensitive policy information. In
these cases, the notifier may elect to should always return an immediate 200 or 202
response and send a 202 response.
While the subsequent NOTIFY message with (possibly erroneous)
state. Note that this behavior may not convey true state, it
MUST appear to contain a potentially correct piece of data from
the point of view of the subscriber, indistinguishable from a
valid response. Information about whether a user is authorized to
subscribe to the requested state is never conveyed back to the
original user under these circumstances.

6.3. Denial-of-Service attacks

The current model (one SUBSCRIBE request triggers a rare exception, SUBSCRIBE
response and should
not one or more NOTIFY requests) is a classic setup for
an amplifier node to be exhibited without justification. used in a smurf attack.

Also, the creation of state upon receipt of a SUBSCRIBE request
can be used by attackers to consume resources on a victim's
machine, rendering it unusable.

To reduce the chances of such an attack, implementations of
notifiers SHOULD require authentication. Authentication issues
are discussed in RFC2543 [1] .

7. IANA Considerations

(This section is not applicable until this document is published

Roach [Page 27]

Internet Draft SIP-Specific Event Notification November 2001

as an RFC.)

This document defines an event-type namespace which requires a
central coordinating body. The body chosen for this coordination
is the Internet Assigned Numbers Authority (IANA).

There are two different types of event-types: normal event
packages, and event sub-packages; see section 3.3. 5.2. To avoid
confusion, subpackage names and package names share the same
namespace; in other words, a sub-package MUST NOT share a name
with a package.

Following the policies outlined in "Guidelines for Writing an
IANA Considerations Section in RFCs" [8] [7] , normal event package
identification tokens are allocated as First Come First Served,
and event sub-package identification tokens are allocated on a
IETF Consensus basis. Package names beginning with "x-" are
experimental, and are reserved for Private Use. such names MUST
be formed according to the rules outlined in section 4.2.1.

Note that the naming scheme allows a certain level of
Hierarchical Allocation for experimental types. Organizations may
choose to centrally coordinate allocation of names within the
scope of the experimental namespace designated by their internet
domain name. Assignment of such authority is not in the scope of
this document, and will not be provided by the IANA.

Registrations with the IANA MUST include the token being
registered and whether the token is a package or a subpackage.
Further, packages MUST include contact information for the party
responsible for the registration and/or a published document
which describes the event package. Sub-package token
registrations MUST include a pointer to the published RFC which
defines the sub-package.

Registered tokens to designate packages and sub-packages MUST NOT
contain the character ".", which is used to separate sub-packages
from packages.

7.1. Registration Template

Roach [Page 24]

Internet Draft SIP-Specific Event Notification July 2001

As this document specifies no package or sub-package names, the
initial IANA registration for event types will be empty. The
remainder of the text in this section gives an example of the
type of information to be maintained by the IANA; it also
demonstrates all five possible permutations of package type,
contact, and reference.

The table below lists the event packages and sub-packages defined
in "SIP-Specific Event Notification" [RFC xxxx]. Each name is
designated as a package or a subpackage under "Type."

Package Name Type Contact Reference
------------ ---- ------- ---------
example1 package [Roach]
example2 package [Roach] [RFC xxxx]
example3 package [RFC xxxx]
example4 sub-package [Roach] [RFC xxxx]
example5 sub-package [RFC xxxx]

PEOPLE
------
[Roach] Adam Roach <adam.roach@ericsson.com>

REFERENCES
----------
[RFC xxxx] A. Roach "SIP-Specific Event Notification", RFC XXXX,
August 2002.

8. Open Issues

8.1. Denial-of-Service attacks

The current model (one SUBSCRIBE request triggers a SUBSCRIBE
response and one or more NOTIFY requests) is a classic setup for
an amplifier node to be used in a smurf attack.

Also, the creation of state upon receipt of a SUBSCRIBE request
can be used by attackers to consume resources on a victim's
machine, rendering it unusable.

These problems can be mitigated by requiring that all SUBSCRIBE
requests be authenticated (and that unauthenticated SUBSCRIBE
requests maintain zero state), but this doesn't actually solve
the problem, as much event packages and sub-packages defined
in "SIP-Specific Event Notification" [RFC xxxx]. Each name is
designated as it makes it somewhat less likely to be
exploited. a package or a subpackage under "Type."

Roach [Page 25] 28]

Internet Draft SIP-Specific Event Notification July November 2001

Suggestions for improvements

PEOPLE
------
[Roach] Adam Roach <adam.roach@ericsson.com>

REFERENCES
----------
[RFC xxxx] A. Roach "SIP-Specific Event Notification", RFC XXXX,
August 2002.

8. Open Issues

In addition to the three issues listed below, the BNF in this area are solicited, and
should
document needs to be taken on the mailing list (see section 12. ).

8.2. SUBSCRIBE Forking

Forking poses an interesting problem for SUBSCRIBE requests.

At first glance, everything would seem converted to work okay; a forked
SUBSCRIBE which successfully reaches more than one notifier will
install a subscription in all of explicit LWS to match the notifier nodes. Generally,
several 200 class responses
latest bis draft; this change will be received by the forking
proxy, and reflected in the first one will next
version.

8.1. CANCEL Handling

This is actually a protocol-wide open issue which has impacts on
this specification: there hasn't been a clear consensus about
cancellation of non-INVITE requests yet. If non-INVITE requests
cannot be returned cancelled, we need to the subscriber.

Upon receipt remove section 4.1.3.

8.2. Version of the 200 response, the subscriber could correctly
deduce that the subscription has been successfully created in at
least one node. Once the NOTIFY responses begin arriving, it is
trivial SIP to differentiate between the notifiers using the "To" tag
values. If the subscriber is happy having multiple outstanding
subscriptions, he can accept each reference

Much of them, and refresh them
independently. If multiple subscriptions don't make sense for the
event package, or introduce a level handling in this document is rather different than
what is described in RFC2543; in fact, many of complexity that the
subscriber implementor doesn't want recent changes
to worry about, all
subscriptions with correlation information (i.e. "To" tags)
differing from those received this document have been tracking changes in the 200-class response may be
rejected with a 481 response (which will remove the subscription
from "bis" versions
of the notifiers).

On closer examination, there appears SIP specification. We can continue to be a minor problem with
proxies inserting "Record-Route" headers: specifically, reference RFC2543
while pulling in huge chunks of the
200-class response to bis draft for compatibility
(for example, the SUBSCRIBE Route handling would essentially be copied
word-for-word from the bis draft), or we can only carry one route; start referencing
the
routes to bis drafts.

Of course, referencing the other notifiers appears bis drafts allows us to be effectively lost.
This problem is rather trivial pick up
changes to overcome; in particular, protocol semantics "for free," while importing chunks
of it requires constant maintanance and runs the
newest versions risk of SIP have getting
out of sync.

Roach [Page 29]

Internet Draft SIP-Specific Event Notification November 2001

On the other hand, placing a "SHOULD" strength requirement that
proxies wishing to stay in dependency on the path include "Record-Route"
headers in all requests. This means that bis draft pushes
the incoming NOTIFYs
themselves will contain this routing information timeframe for proxies this draft (and the drafts that
comply with depend on it)
out past the newer SIP specification.

Since time that the draft you are currently reading technically references next SIP RFC 2543 (which is published.

8.3. Immediate NOTIFYs

There has been discussion, but no such provision), we can describe this
behavior in here. Proxies which have no notion consensus, on the issue of what
"SUBSCRIBE" and "NOTIFY" mean don't know that "SUBSCRIBE" has a
long-running leg associated with it. Record-Routing a "SUBSCRIBE"
without knowing what it means should cause no problems, but those
proxies certainly won't know
whether each SUBSCRIBE must have an immediate NOTIFY message sent
in response. In attempts to expect "NOTIFY" messages. On follow the
other hand, proxies wishing prevailing sentiment, this
draft had become internally inconsistent.

This version of this document has eliminated these
inconsistancies by requiring notifiers always to track subscriptions send a NOTIFY
immediately upon receiving a SUBSCRIBE. This decision does not
necessarily represent group consensus, and
notifications are doubtless aware further discussion may
be warranted.

9. Changes

9.1. Changes from draft-ietf-...-00

- Fixed confusing typo in section describing correlation
of this draft; if we SUBSCRIBE requests

- Added explanitory text to clarify tag handling when
generating re-subscriptions

- Expanded general handling section to include specific
discussion of Route/Record-Route handling.

- Included use of "methods" parameter on Contact as
a
provision that proxies interested in tracking these types means for detecting support for SUBSCRIBE and NOTIFY.

- Added definition of legs
MUST include Record-Route headers in all term "dialog"; changed "leg" to
"dialog" everwhere.

- Added syntax for "Subscription-Expires" header.

- Changed NOTIFY requests, it
solves our routing problem -- and it's completely compatible with messages to refer to "Subscription-Expires"
everywhere (instead of "Expires.")

Roach [Page 26] 30]

Internet Draft SIP-Specific Event Notification July November 2001

the remainder

- Added information about generation and handling of SIP, since we're just strengthening a
requirement already presented in the newer SIP specification.

So, there's a rather airtight technical solution
481 responses to the problem;
currently, no one seems SUBSCRIBE requests

- Changed having Expires header in SUBSCRIBE from
MUST to be disputing that fact. However, there
are SHOULD; this aligns more closely with
REGISTER behavior

- Removed experimental/private event package names,
per list consensus

- Cleaned up some theory-of-knowledge type philosophical arguments that
claim legacy text left over from very early
drafts that installing allowed multiple subscriptions with one
subscription request is a fundamentally flawed concept.

The arguments, if I understand them correctly, roughly state that
a contacts per subscription is to a particular single state, and that only one
node in the network can possibly be considered

- Strengthened language requiring the authoritative
source removal of that state. I would counterargue that for certain event
packages -- like user presence -- this is absolutely correct.
Those packages should mandate that all but one subscriptions
if a NOTIFY is rejected request fails with a 481. In circumstances where the node reached Clarified that such
removal is the
authoritative source required for one instance all subscriptions, including
administrative ones.

- Removed description of a set delaying NOTIFY requests until
authorization is granted. Such behavior was inconsistent
with other parts of state (such as
terminal state), it makes a lot this document.

- Moved description of sense event packages to have the ability later in document,
to
install a subscription into every end-node reached.

Of course, the forgoing discussion reflects the author's
viewpoint; others would certainly cast reduce the situation in different
light. In any case, without a group consensus on this topic, it
is considered an number of forward references.

- Minor editorial and nits changes

- Added new open issue.

9. Changes

9.1. issues to open issues section. All
previous open issues have been resolved.

9.2. Changes from draft-roach-...-03

- Added DOS attacks section to open issues.

- Added discussion of forking to open issues

- Changed response to PINT request for notifiers who don't
support PINT from 400 to 489.

Roach [Page 31]

Internet Draft SIP-Specific Event Notification November 2001

- Added sentence to security section to call attention to
potential privacy issues of delayed NOTIFY responses.

- Added clarification: access control list handling is out
of scope.

- (Hopefully) Final resolution on out-of-band subscriptions:
mentioned in section

Roach [Page 27]

Internet Draft SIP-Specific Event Notification July 2001

5.2.
4.3.
Removed from open issues.

- Made "Contact" header optional for SUBSCRIBE 1xx responses.

- Added description clarifying tag handling (section
5.1.1.
4.2.1.
)

- Removed event throttling from open issues.

- Editorial cleanup to remove term "extension draft" and
similar; "event package" is now (hopefully) used consistently
throughout the document.

- Remove discussion of event agents from open issues.
This is covered in the event packages section now.

- Added discussion of forking to open issues.

- Added discussion of sub-packages

- Added clarification that, upon receiving a "NOTIFY"
with an expires of "0", the subscriber can re-subscribe.
This allows trivial migration of subscriptions between
nodes.

- Added preliminary IANA Considerations section

Roach [Page 32]

Internet Draft SIP-Specific Event Notification November 2001

- Changed syntax for experimental event tokens to avoid
possibly ambiguity between experimental tokens and
sub-packages.

- Slight adjustment to "Event" syntax to accommodate sub-packages.

- Added section describing the information which is to be
included in documents describing event packages.

Roach [Page 28]

Internet Draft SIP-Specific Event Notification July 2001

- Made 481 responses mandatory for unexpected notifications
(allowing notifiers to remove subscriptions in error cases)

- Several minor non-semantic editorial changes.

9.2.

9.3. Changes from draft-roach-...-02

- Clarification under "Notifier SUBSCRIBE behavior" which
indicates that the first NOTIFY message (sent immediately
in response to a SUBSCRIBE) may contain an empty body, if
resource state doesn't make sense at that point in time.

- Text on message flow in overview section corrected

- Removed suggestion that clients attempt to unsubscribe
whenever they receive a NOTIFY for an unknown event.
Such behavior opens up DOS attacks, and will lead to
message loops unless additional precautions are taken.
The 481 response to the NOTIFY should serve the same
purpose.

- Changed processing of non-200 responses to NOTIFY from
"SHOULD remove contact" to "MUST remove contact" to support
the above change.

- Re-added discussion of out-of-band subscription mechanisms
(including open issue of resource identification).

Roach [Page 33]

Internet Draft SIP-Specific Event Notification November 2001

- Added text specifying that SUBSCRIBE transactions are not
to be prolonged. This is based on the consensus that non-INVITE
transactions should never be prolonged; such consensus within
the SIP working group was reached at the 49th IETF.

- Added "202 Accepted" response code to support the above
change. The behavior of this 202 response code is a
generalization of that described in the presence draft.

- Updated to specify that the response to an unauthorized
SUBSCRIBE request is 603 or 403.

Roach [Page 29]

Internet Draft SIP-Specific Event Notification July 2001

- Level-4 subheadings added to particularly long sections to
break them up into logical units. This helps make the
behavior description seem somewhat less rambling. This also
caused some re-ordering of these paragraphs (hopefully in a
way that makes them more readable).

- Some final mopping up of old text describing "call related"
and "third party" subscriptions (deprecated concepts).

- Duplicate explanation of subscription duration removed from
subscriber SUBSCRIBE behavior section.

- Other text generally applicable to SUBSCRIBE (instead of just
subscriber handling of SUBSCRIBE) moved to parent section.

- Updated header table to reflect mandatory usage of "Expires"
header in SUBSCRIBE requests and responses

- Removed "Event" header usage in responses

- Added sentence suggesting that notifiers may notify
subscribers when a subscription has timed out.

- Clarified that a failed attempt to refresh a subscription
does not imply that the original subscription has been
cancelled.

Roach [Page 34]

Internet Draft SIP-Specific Event Notification November 2001

- Clarified that 489 is a valid response to "NOTIFY" requests.

- Minor editorial changes to clean up awkward and/or unclear
grammar in several places

9.3.

9.4. Changes from draft-roach-...-01

- Multiple contacts per SUBSCRIBE message disallowed.

- Contact header now required in NOTIFY messages.

Roach [Page 30]

Internet Draft SIP-Specific Event Notification July 2001

- Distinction between third party/call member events removed.

- Distinction between call-related/resource-related events removed.

- Clarified that subscribers must expect NOTIFY messages before
the SUBSCRIBE transaction completes

- Added immediate NOTIFY message after successful SUBSCRIBE;
this solves a myriad of issues, most having to do with forking.

- Added discussion of "undefined state" (before a NOTIFY arrives).

- Added mechanism for notifiers to shorten/cancel outstanding
subscriptions.

- Removed open issue about appropriateness of new "489" response.

- Removed all discussion of out-of-band subscriptions.

- Added brief discussion of event state polling.

10. References

[1] M. Handley/H. Schulzrinne/E. Schooler/J. Rosenberg, "SIP:
Session Initiation Protocol", RFC 2543, IETF; March 1999.

[2] Adam Roach, "Automatic Call Back Service in SIP",

Roach [Page 35]

Internet Draft <draft-roach-sip-acb-00.txt>, IETF; March 2000. Work in
progress.

[3] SIP-Specific Event Notification November 2001

[2] J. Rosenberg, H. Schulzrinne, "Guidelines for Authors of SIP
Extensions", <draft-ietf-sip-guidelines-01.txt>, <draft-ietf-sip-guidelines-02.txt>, IETF; July
2000. March
2001. Work in progress.

[4]

[3] S. Petrack, L. Conroy, "The PINT Service Protocol", RFC 2848,
IETF; June 2000.

[5]

[4] J. Rosenberg et. al., "SIP Extensions for Presence",
<draft-rosenberg-impp-presence-00.txt>,
<draft-ietf-simple-presence-03.txt>, IETF; June 2000. September 2001.
Work in progress.

Roach [Page 31]

Internet Draft SIP-Specific Event Notification July 2001

[6]

[5] R. Fielding et. al., "Hypertext Transfer Protocol --
HTTP/1.1", RFC2068, IETF, January 1997.

[7]

[6] J. Postel, J. Reynolds, "Instructions to RFC Authors",
RFC2223, IETF, October 1997.

[8]

[7] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, IETF, October 1998.

[8] Schulzrinne/Rosenberg, "SIP Caller Preferences and Callee
Capabilities", <draft-ietf-sip-callerprefs-04.txt>, IETF;
June 2001. Work in progress.

11. Acknowledgements

Thanks to the participants in the Events BOF at the 48th IETF
meeting in Pittsburgh, as well as those who gave ideas and
suggestions on the SIP Events mailing list. In particular, I wish
to thank Henning Schulzrinne of Columbia University for coming up
with the final three-tiered event identification scheme, Sean
Olson of Ericsson for miscellaneous guidance, Jonathan Rosenberg
for a thorough scrubbing of the -00 draft, and the authors of the
"SIP Extensions for Presence" draft for their input to SUBSCRIBE
and NOTIFY request semantics.

12. Feedback and Discussion

Comments regarding this draft are welcomed at the author's
address listed below.

General-purpose discussion of asynchronous event topics,
including this draft, should be taken on the sip-events mailing
list (and NOT the general-purpose SIP mailing list). To
subscribe, send mail to "sip-events@standards.ericsson.net" with
the word "SUBSCRIBE" in the body.

13. Author's Address

Adam Roach
Ericsson Inc.
Mailstop L-04
851 International Pkwy.
740 E. Campbell Rd.
Richardson, TX 75081
USA
Phone: +1 972 583 7594
Fax: +1 972 669 0154
E-Mail: adam.roach@ericsson.com

Roach [Page 32] 36]
----