WDIFF

draft-ietf-sip-events-01.txt --> draft-ietf-sip-events-02.txt

Internet Draft Ericsson Inc. dynamicsoft
Category: Standards Track November 2001 February 2002
Expires May August 2002
<draft-ietf-sip-events-01.txt>
<draft-ietf-sip-events-02.txt>

SIP-Specific Event Notification

Status of this Memo

This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or cite them other than as "work in
progress".

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/lid-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html

This document is an individual submission to the IETF. Comments
should be directed to the authors.

Abstract

This document describes an extension to the Session Initiation
Protocol (SIP). The purpose of this extension is to provide an
extensible framework by which SIP nodes can request notification
from remote nodes indicating that certain events have occurred.

Concrete uses of the mechanism described in this document may be
standardized in the future.

Note that the event notification mechanisms defined herein are
NOT intended to be a general-purpose infrastructure for all
classes of event subscription and notification.

1. Table of Contents

1. Table of Contents...................................... 1
2. Introduction........................................... 3
2.1. Overview of Operation.................................. 4
3. Syntax................................................. Definitions............................................ 4

Roach [Page 1]

Internet Draft SIP-Specific Event Notification November 2001

3.1. New Methods............................................ 4
3.1.1. SUBSCRIBE method....................................... 5
3.1.2. NOTIFY method.......................................... 6
3.2. New Headers............................................ 6
3.2.1. "Event" header......................................... 6
3.2.2. "Allow-Events" Header.................................. 7
3.2.3. "Subscription-Expires" Header.......................... 7
3.3. New Response Codes..................................... 7
3.3.1. "202 Accepted" Response Code........................... 8
3.3.2. "489 Bad Event" Response Code.......................... 8 February 2002

4. Node Behavior.......................................... 8 5
4.1. General................................................ 8
4.1.1. Route Handling......................................... 8
4.1.2. Detecting support for SUBSCRIBE and NOTIFY............. 9
4.1.3. CANCEL requests........................................ 9
4.1.4. State Agents and Notifier Migration.................... 9
4.2. Description of SUBSCRIBE Behavior...................... 10
4.2.1. Correlation to dialogs, calls, and terminals........... 10
4.2.2. 5
4.1.1. Subscription duration.................................. 11
4.2.3. 5
4.1.2. Identification of Subscribed Events and Event Classes.. 11
4.2.4. 6
4.1.3. Additional SUBSCRIBE Header Values..................... 12
4.2.5. 6
4.1.4. Subscriber SUBSCRIBE Behavior.......................... 12
4.2.6. 7
4.1.5. Proxy SUBSCRIBE Behavior............................... 14
4.2.7. 8
4.1.6. Notifier SUBSCRIBE Behavior............................ 14
4.3. 9
4.2. Description of NOTIFY Behavior......................... 17
4.3.1. Correlation............................................ 17
4.3.2. 11
4.2.1. Identification of reported events, event classes, and c 18
4.3.3. 12
4.2.2. Notifier NOTIFY Behavior............................... 18
4.3.4. 12
4.2.3. Proxy NOTIFY Behavior.................................. 20
4.3.5. 14
4.2.4. Subscriber NOTIFY Behavior............................. 20
4.4. 14
4.3. General................................................ 16
4.3.1. Detecting support for SUBSCRIBE and NOTIFY............. 16
4.3.2. CANCEL requests........................................ 16
4.3.3. Forking................................................ 16
4.3.4. Dialog creation and termination........................ 17
4.3.5. State Agents and Notifier Migration.................... 18
4.3.6. Polling Resource State................................. 21
4.5. 18
4.3.7. Allow-Events header usage.............................. 21 19
4.3.8. PINT Compatibility..................................... 19
5. Event Packages......................................... 21 19
5.1. Appropriateness of Usage............................... 22 19
5.2. Sub-packages........................................... 22 Event Template-packages................................ 20
5.3. Amount of State to be Conveyed......................... 23 20
5.3.1. Complete State Information............................. 23 21
5.3.2. State Deltas........................................... 23 21
5.4. Event Package Responsibilities......................... 24 22
5.4.1. Event Package Name..................................... 24 22
5.4.2. Event Package Parameters............................... 24 22
5.4.3. SUBSCRIBE Bodies....................................... 24 22
5.4.4. Subscription Duration.................................. 25 22
5.4.5. NOTIFY Bodies.......................................... 25 23
5.4.6. Notifier processing of SUBSCRIBE requests.............. 25 23
5.4.7. Notifier generation of NOTIFY requests................. 25 23
5.4.8. Subscriber processing of NOTIFY requests............... 25 23
5.4.9. Handling of forked requests............................ 26 23
5.4.10. Rate of notifications.................................. 26 24
5.4.11. State Agents........................................... 26

Roach [Page 2]

Internet Draft SIP-Specific Event Notification November 2001 24
5.4.12. Examples............................................... 26 25
5.4.13. URI List handling...................................... 25
6. Security Considerations................................ 27 25
6.1. Access Control......................................... 27 25
6.2. Release of Sensitive Policy Information................ 27 25
6.3. Denial-of-Service attacks.............................. 26
6.4. Replay Attacks......................................... 26
6.5. Man-in-the middle attacks.............................. 26
6.6. Confidentiality........................................ 27
7. IANA Considerations.................................... 27

Roach [Page 2]

Internet Draft SIP-Specific Event Notification February 2002

7.1. Registration Information............................... 28
7.2. Registration Template.................................. 28
8. Open Issues............................................ 29
8.1. CANCEL Handling........................................
7.3. Syntax................................................. 29
8.2. Version of SIP to reference............................
7.4. New Methods............................................ 29
8.3. Immediate NOTIFYs...................................... 30
9. Changes................................................ 30
9.1. Changes from draft-ietf-...-00......................... 30
9.2. Changes from draft-roach-...-03........................
7.4.1. SUBSCRIBE method....................................... 31
9.3. Changes from draft-roach-...-02........................
7.4.2. NOTIFY method.......................................... 31
7.5. New Headers............................................ 31
7.5.1. "Event" header......................................... 31
7.5.2. "Allow-Events" Header.................................. 32
7.5.3. "Subscription-State" Header............................ 32
7.6. New Response Codes..................................... 33
9.4. Changes from draft-roach-...-01........................ 35
10. References.............................................
7.6.1. "202 Accepted" Response Code........................... 33
7.6.2. "489 Bad Event" Response Code.......................... 33
8. Changes................................................ 33
8.1. Changes from draft-ietf-...-01......................... 33
8.2. Changes from draft-ietf-...-00......................... 35
11. Acknowledgements.......................................
8.3. Changes from draft-roach-...-03........................ 36
12.
8.4. Changes from draft-roach-...-02........................ 38
8.5. Changes from draft-roach-...-01........................ 39
9. References............................................. 40
10. Acknowledgements....................................... 41
11. Author's Address....................................... 36 41

2. Introduction

The ability to request asynchronous notification of events proves
useful in many types of services for which cooperation between
end-nodes is required. Examples of such services include
automatic callback services (based on terminal state events),
buddy lists (based on user presence events), message waiting
indications (based on mailbox state change events), and PINT
status (based on call state events).

The methods described in this document allow a framework by which
notification of these events can be ordered.

The event notification mechanisms defined herein are NOT intended
to be a general-purpose infrastructure for all classes of event
subscription and notification. Meeting requirements for the
general problem set of subscription and notification is far too
complex for a single protocol. Our goal is to provide a
SIP-specific framework for event notification which is not so
complex as to be unusable for simple features, but which is still
flexible enough to provide powerful services. Note, however, that
event packages based on this framework may define arbitrarily
complex rules which govern the subscription and notification for
the events or classes of events they describe.

This draft does not describe an extension which may be used

Roach [Page 3]

Internet Draft SIP-Specific Event Notification February 2002

directly; it must be extended by other drafts (herein referred to
as "event packages.") In object-oriented design terminology, it
may be thought of as an abstract base class which must be derived

Roach [Page 3]

Internet Draft SIP-Specific Event Notification November 2001
into an instantiatable class by further extensions. Guidelines
for creating these extensions are described in section 5.

2.1. Overview of Operation

The general concept is that entities in the network can subscribe
to resource or call state for various resources or calls in the
network, and those entities (or entities acting on their behalf)
can send notifications when those states change.

A typical flow of messages would be:

Subscriber Notifier
|-----SUBSCRIBE---->| Request state subscription
|<-------200--------| Acknowledge subscription
|<------NOTIFY----- | Return current state information
|--------200------->|
|<------NOTIFY----- | Return current state information
|--------200------->|

The subscriber and notifier entities need not necessarily be UAs,
but often will be.

Subscriptions are expired and must be refreshed in exactly the
same manner as registrations (see RFC 2543 [1] ). by subsequent
SUBSCRIBE messages.

3. Syntax

This section describes the syntax extensions required for Definitions

Event Package: An event
notification in SIP. Semantics are described in section 4.

3.1. New Methods

This document describes two new SIP methods: "SUBSCRIBE" package is an additional specification
which defines a set of state information to be reported by a
notifier to a subscriber. Event packages also define further
syntax and
"NOTIFY."

This table expands semantics based on tables 4 and 5 in RFC 2543 [1] .

Roach [Page 4]

Internet Draft SIP-Specific the framework defined by this
document required to convey such state information.

Event Template-Package: An event template-package is a special
kind of event package which defines a set of state which may
be applied to all possible event packages, including itself.

Notification: Notification November 2001

Header Where SUB NOT
------ ----- --- ---
Accept R o o
Accept-Encoding R o o
Accept-Language R o o
Allow 200 - -
Allow 405 o o
Authorization R o o
Call-ID gc m m
Contact R m m
Contact 1xx o o
Contact 2xx m o
Contact 3xx m m
Contact 485 o o
Content-Encoding e o o
Content-Length e o o
Content-Type e * *
CSeq gc m m
Date g o o
Encryption g o o
Expires g o -
From gc m m
Hide R o o
Max-Forwards R o o
Organization g o o
Priority R o o
Proxy-Authenticate 407 o o
Proxy-Authorization R o o
Proxy-Require R o o
Require R o o
Retry-After R - -
Retry-After 404,480,486 o o
Retry-After 503 o o
Retry-After 600,603 o o
Response-Key R o o
Record-Route R o o
Record-Route 2xx o o
Route R o o
Server r o o
Subject R o o
Timestamp g o o
To gc(1) m m
Unsupported 420 o o
User-Agent g o o
Via gc(2) m m
Warning r o o
WWW-Authenticate 401 o o

3.1.1. SUBSCRIBE method

Roach [Page 5]

Internet Draft SIP-Specific Event Notification November 2001

"SUBSCRIBE" is added to the definition act of the element "Method" in
the SIP a notifier sending a
NOTIFY message grammar.

Like all SIP method names, the SUBSCRIBE method name is case
sensitive. The SUBSCRIBE method is used to request asynchronous
notification a subscriber to inform the subscriber of an event or set
the state of events at a later time.

3.1.2. NOTIFY method

"NOTIFY" resource.

Notifier: A notifier is added to a user agent which generates NOTIFY
requests for the definition purpose of notifying subscribers of the element "Method" in
the SIP message grammar.

The NOTIFY method is used
state of a resource. Notifiers typically also accept
SUBSCRIBE requests to notify create subscriptions.

State Agent: A state agent is a SIP node that an event notifier which has been requested by an earlier SUBSCRIBE method has
occurred. It may also provide further details about the event.

3.2. New Headers

This table expands publishes state
information on tables 4 and 5 in RFC 2543 [1] , as amended
by the changes described in section 3.1.

Header field where proxy ACK BYE CAN INV OPT REG SUB NOT
-----------------------------------------------------------------
Allow-Events g o o o o o o o o
Allow-Events 489 - - - - - - m m
Event R - - - - - - m m
Subscription-Expires R - - - - - - - o

3.2.1. "Event" header

The following header is defined for the purposes of this
specification.

Event = ( "Event" | "o" ) ":" event-type
*(( ";" parameter-name
["=" ( token | quoted-string ) ] )
event-type = event-package *( "." event-subpackage )
event-package = token-nodot
event-subpackage = token-nodot
token-nodot = 1*( alphanum | "-" | "!" | "%" | "*"
| "_" | "+" | "`" | "'" | "~" )

Event is added to the definition behalf of the element "request-header" a resource; in the SIP message grammar.

This document does not define values for event-types. These
values will be defined by individual event packages, and MUST be order to do so, it

Roach [Page 6] 4]

Internet Draft SIP-Specific Event Notification November 2001

registered with the IANA.

There must be exactly one event type listed per event header.
Multiple events per message are disallowed.

For the curious, February 2002

may need gather such state information from multiple sources.
State Agents always have complete state information for the "o" short form
resource for which it is chosen to represent
"occurrence."

3.2.2. "Allow-Events" Header

The following header creating notifications.

Subscriber: A subscriber is defined for a user agent which receives NOTIFY
requests from notifiers; these NOTIFY requests contain
information about the purposes state of this
specification.

Allow-Events = ( "Allow-Events" | "u" ) ":" 1#event-type

Allow-Events is added to the definition of the element
"general-header" a resource in which the SIP message grammar.

For the curious, the "u" short form
subscriber is chosen interested. Subscribers typically also generate
SUBSCRIBE requests and send them to represent
"understands."

3.2.3. "Subscription-Expires" Header

The following header notifiers to create
subscriptions.

Subscription: A subscription is defined for the purposes a set of this
specification.

Subscription-Expires = "Subscription-Expires" ":"
( SIP-date | delta-seconds )
*( ";" subexp-params )

subexp-params = "reason" "=" reason-code
| generic-param

reason-code = "migration"
| "maint"
| "refused"
| "timeout"
| reason-extension

reason-extension = token

Subscription-Expires is added application state
associated with a dialog. This application state includes a
pointer to the definition of associated dialog, the element
"request-header" event package name, and
possibly an identification token. Event packages will define
additional subscription state information. By definition,
subscriptions exist in both a subscriber and a notifier.

Subscription Migration: Subscription migration is the SIP message grammar.

3.3. New Response Codes

Roach [Page 7]

Internet Draft SIP-Specific Event Notification November 2001

3.3.1. "202 Accepted" Response Code act of
moving a subscription from one notifier to another notifier.

4. Node Behavior

4.1. Description of SUBSCRIBE Behavior

The 202 response SUBSCRIBE method is added used to the "Success" request current state and state
updates from a remote node.

4.1.1. Subscription duration

SUBSCRIBE requests SHOULD contain an "Expires" header field
definition:

Success = "200" ; OK
| "202" ; Accepted

"202 Accepted" has (defined in
SIP [1] ). This expires value indicates the duration of the
subscription. In order to keep subscriptions effective beyond the
duration communicated in the "Expires" header, subscribers need
to refresh subscriptions on a periodic basis using a new
SUBSCRIBE message on the same meaning dialog as that defined in HTTP/1.1
[5] SIP [1] .

3.3.2. "489 Bad Event" Response Code

The 489 event response is added to the "Client-Error"

If no "Expires" header
field definition:

Client-Error = "400" ; Bad Request
...
| "489" ; Bad Event

"489 Bad Event" is used to indicate that present in a SUBSCRIBE request, the server did not
understand
implied default is defined by the event package specified in a "Event" header field.

4. Node Behavior

4.1. General

Unless noted otherwise, being used.

200-class responses to SUBSCRIBE and NOTIFY requests follow the
same protocol rules governing the usage also MUST contain an
"Expires" header. The period of tags, Route handling,
Record-Route handling, Via handling, and Contact handling as
INVITE; retransmission, reliability, CSeq handling and
provisional responses are time in the same as those defined for BYE.

For response MAY be
shorter or longer than specified in the purposes request. The period of this document, a "dialog"
time in the response is defined as all
messages sharing the tuple of "To" (including tag), "From"
(including tag), and "Call-Id." As in INVITE-initiated dialogs,
requests containg no "To" tag are also considered to be part one which defines the duration of the same dialog as messages which contain a "To" tag but
otherwise match.

4.1.1. Route Handling

Route and Record-Route handling
subscription.

An "expires" parameter on the "Contact" header has no semantics
for SUBSCRIBE and NOTIFY dialogs is generally the same as for INVITE and its subsequent responses.
The exact method for echoing Record-Route headers in responses
and using them explicitly not equivalent to form Route headers in subsequent requests is
described an "Expires"
header in RFC2543 [1] . For the purposes of the following a SUBSCRIBE request or response.

Roach [Page 8] 5]

Internet Draft SIP-Specific Event Notification November 2001

discussion, the "Contact" header is considered part February 2002

A natural consequence of the
"Record-Route" set.

From a subscriber perspective, the "Record-Route" headers
received in this scheme is that a SUBSCRIBE response are stored locally and placed in
the "Route" headers for SUBSCRIBE refreshes. To support forking with an
"Expires" of SUBSCRIBE requests, "Record-Route" headers received in NOTIFY
requests MUST be echoed back in the NOTIFY responses; if no route 0 constitutes a request to unsubscribe from an
event.

Notifiers may also wish to cancel subscriptions to events; this
is useful, for example, when the dialog has been established, these "Record-Route" headers
MUST be stored locally and MUST be placed in the "Route" headers
for SUBSCRIBE refreshes.

From resource to which a notifier perspective, SUBSCRIBE request "Record-Route"
headers subscription
refers is no longer available. Further details on this mechanism
are echoed back discussed in the SUBSCRIBE response section 4.2.2.

4.1.2. Identification of Subscribed Events and stored
locally. The locally stored copy Event Classes

Identification of the "Record-Route" headers events is
placed in the "Route" headers when generating NOTIFY requests. provided by three pieces of
information: Request URI, Event Type, and (optionally) message
body.

The result Request URI of a SUBSCRIBE request, most importantly,
contains enough information to route the forgoing rules is that proxies wishing request to
remain on the signalling path for subsequent requests in
appropriate entity. It also contains enough information to
identify the
dialog MUST include themselves in a "Record-Route" resource for all
requests, which event notification is desired,
but not just the initial SUBSCRIBE.

4.1.2. Detecting support for SUBSCRIBE and NOTIFY

Neither SUBSCRIBE nor NOTIFY necessitate necessarily enough information to uniquely identify the use
nature of "Require" or
"Proxy-Require" headers; similarly, there is no token defined for
"Supported" headers. If necessary, clients may probe the event (e.g. "sip:adam@dynamicsoft.com" would be an
appropriate URI to subscribe to for my presence state; it would
also be an appropriate URI to subscribe to the
support state of my voice
mailbox).

Subscribers MUST include exactly one "Event" header in SUBSCRIBE and NOTIFY using the OPTIONS request defined
in RFC2543 [1] .
requests, indicating to which event or class of events they are
subscribing. The presence "Event" header will contain a token which
indicates the type of state for which a subscription is being
requested. This token will be registered with the IANA and will
correspond to an event package which further describes the
semantics of the "Allow-Events" event or event class. The "Event" header in MAY
also contain an "id" parameter. This "id" parameter, if present,
contains an opaque token which identifies the specific
subscription within a message dialog. An "id" parameter is
sufficient only valid
within the scope of a single dialog.

If the event package to indicate support for which the event token corresponds defines
behavior associated with the body of its SUBSCRIBE and NOTIFY.

The "methods" parameter for Contact requests,
those semantics apply.

Event packages may also be used to
specifically announce support for SUBSCRIBE and NOTIFY messages
when registering. (See reference [8] define parameters for details on the "methods"
parameter).

4.1.3. CANCEL requests

For Event header;
if they do so, they must define the purposes of generality, both semantics for such
parameters.

4.1.3. Additional SUBSCRIBE and NOTIFY MAY be
canceled; however, doing so is not recommended. Successfully
cancelled Header Values

Because SUBSCRIBE and NOTIFY requests MUST be completed with create a
"487 Request Cancelled" response; the server acts dialog as defined in SIP [1]
, they MAY contain an "Accept" header. This header, if present,
indicates the
request were never received. In general, since neither SUBSCRIBE
nor NOTIFY are body formats allowed to have protracted transactions, attempts
to cancel them are expected to fail.

4.1.4. State Agents and Notifier Migration in subsequent NOTIFY requests.

Roach [Page 9] 6]

Internet Draft SIP-Specific Event Notification November 2001

When state agents (see section 5.4.11. ) are used, it is often
useful to allow migration of subscriptions between state agents
and February 2002

Event packages MUST define the nodes behavior for which they SUBSCRIBE requests
without "Accept" headers; usually, this will connote a single,
default body type.

Header values not described in this document are providing state aggregation (or
even among various state agents). Such migration may to be effected
by sending a "NOTIFY" with an "Subscription-Expires" header of
"0," and
interpreted as described in SIP [1] .

4.1.4. Subscriber SUBSCRIBE Behavior

4.1.4.1. Requesting a reason parameter of "migration." This NOTIFY request
is otherwise normal, and Subscription

SUBSCRIBE is formed a dialog-creating method, as described in section 4.3.3.

Upon receipt of this NOTIFY message, the SIP [1] .

When a subscriber SHOULD
attempt wishes to re-subscribe (as described in subscribe to a particular state for a
resource, it forms a SUBSCRIBE message. If the following sections).
The resulting initial SUBSCRIBE message can then be proxied or redirected
to
represents a request outside of a dialog (as it typically will),
its construction follows the node to which notification responsibility is passing.

4.2. Description procedures outlined in SIP [1] for
UAC request generation outside of a dialog.

This SUBSCRIBE Behavior

The SUBSCRIBE method is used to request current state and state
updates from will be confirmed with a remote node.

4.2.1. Correlation to dialogs, calls, final response.
200-class responses indicate that the subscription has been
accepted, and terminals that a NOTIFY will be sent immediately. A 200
response indicates that the subscription has been accepted and
that the user is uniquely identified by authorized to subscribe to the combination of requested
resource. A 202 response merely indicates that the
To, From, subscription
has been understood, and Call-ID fields that authorization may or may not have
been granted.

The "Expires" header in the a 200-class response to SUBSCRIBE request. Refreshes
of subscriptions SHOULD reuse the same Call-ID if possible, since
subscriptions are uniquely identified at presence servers using
the Call-ID. Two subscriptions from
indicates the same user, actual duration for which the same
user, but with different Call-IDs, are considered different
subscriptions. Note this is exactly subscription will
remain active (unless refreshed).

Non-200 class final responses indicate that no subscription or
dialog has been created, and no subsequent NOTIFY message will be
sent. All non-200 class responses (with the same as usage exception of Call-ID
in registrations.

Initial SUBSCRIBE requests MUST contain a "tag" parameter (as
defined in RFC 2543 [1] ) in "489,"
described herein) have the "From" header, same meanings and MUST NOT
contain a "tag" parameter handling as
described in the "To" header. Responses to SIP [1] .

A SUBSCRIBE requests MUST contain a "tag" request MAY include an "id" parameter in the "To"
header.

The "tag" in the "To" its "Event"
header allows the subscriber to
differentiate allow differentiation between NOTIFY requests from different clients multiple subscriptions in
the case that same dialog.

4.1.4.2. Refreshing of Subscriptions

At any time before a subscription expires, the subscriber may
refresh the timer on such a subscription by sending another
SUBSCRIBE request was forked. SUBSCRIBE
requests for re-subscription MUST contain "tag" parameters in
both on the "To" and "From" headers (matching those previously
established for same dialog as the dialog).

The relationship between subscriptions existing
subscription, and (INVITE-initiated)
sessions sharing with the same dialog correlation information is
undefined. Re-using dialog correlation information "Event" header "id" parameter (if
one was present in the initial subscription). The handling for
subscriptions is allowed, but sharing of
such information does
not change the semantics of the INVITE session or a request is the SUBSCRIBE
dialog.

Similarly, same as for the relationship between initial creation of a subscription in one

Roach [Page 10] 7]

Internet Draft SIP-Specific Event Notification November 2001

direction (e.g. from node A to node B) and a February 2002

subscription in the
opposite direction (from B to A) with except as described below.

If the same dialog correlation
information is undefined. While re-using such information is
allowed, initial SUBSCRIBE message contained an "id" parameter
on the sharing "Event" header, then refreshes of such information does not change the
semantics of either SUBSCRIBE dialog.

4.2.2. Subscription duration

SUBSCRIBE requests SHOULD subscription
must also contain an "Expires" header. This
expires value identical "id" parameter; they will
otherwise be considered new subscriptions in an existing
dialog.

If a SUBSCRIBE request to refresh a subscription receives a "481"
response, this indicates that the duration of subscription has been
terminated and that the subscription. The
formatting subscriber did not receive notification
of these is described in RFC 2543. this fact. In order to keep
subscriptions effective beyond this case, the duration communicated in subscriber should consider the
"Expires" header, subscribers need
subscription invalid. If the subscriber wishes to re-subscribe to
the state, he does so by composing an unrelated initial SUBSCRIBE
request with a freshly-generated Call-ID and a new, unique "From"
tag (see section 4.1.4.1. )

If a SUBSCRIBE request to refresh subscriptions on a
periodic basis. This refreshing subscription fails with a
non-481 response, the original subscription is performed in still considered
valid for the same way as
REGISTER refreshes: duration of the To, From, most recently known "Expires" value
as negotiated by SUBSCRIBE and Call-ID match those its response, or as communicated
by NOTIFY in the
SUBSCRIBE being refreshed, while the CSeq number is incremented.

If no "Expires" "Subscription-State" header "expires" parameter.

4.1.4.3. Unsubscribing

Unsubscribing is present handled in a SUBSCRIBE request, the
implied default is defined by same way as refreshing of a
subscription, with the event package being used.

200-class responses "Expires" header set to SUBSCRIBE requests "0." Note that a
successful unsubscription will also MUST contain an
"Expires" header. The period trigger a final "NOTIFY".

4.1.4.4. Confirmation of time in the response MAY be
shorter or longer than specified in the request. Subscription Creation

The period of
time in subscriber can expect to receive a NOTIFY message from each
node which has processed a successful subscription or
subscription refresh. Until the response is first NOTIFY message arrives, the one which defines
subscriber should consider the duration state of the
subscription.

Similar subscribed resource
to REGISTER requests, SUBSCRIBE requests may be renewed
at any time to prevent them from expiring at the end of the
"Expires" period. These renewals will contain in a neutral state. Event packages which define new event
packages MUST define this "neutral state" in such a way that
makes sense for their application (see section 5.4.7. ).

Due to the same "To,"
"From," potential for both out-of-order messages and "Call-ID" as forking,
the original request, and an incremented
"CSeq" number.

Also similar subscriber MUST be prepared to REGISTER requests, a natural consequence of this
scheme is that a receive NOTIFY messages before
the SUBSCRIBE with an "Expires" transaction has completed.

Except as noted above, processing of 0 constitutes a
request to unsubscribe from an event.

Notifiers may also wish to cancel subscriptions to events; this NOTIFY is useful, for example, when the resource to which a subscription
refers is no longer available. Further details on this mechanism
are discussed same as
in section 4.3.3.

4.2.3. Identification of Subscribed Events and Event Classes

Identification of events is provided by three pieces of
information: Request URI, Event Type, and (optionally) message
body.

The Request URI of a 4.2.4.

4.1.5. Proxy SUBSCRIBE request, most importantly,
contains enough information Behavior

Proxies need no additional behavior beyond that described in SIP
[1] to route the request support SUBSCRIBE. If a proxy wishes to see all of the
appropriate entity. It also contains enough information to

Roach [Page 11] 8]

Internet Draft SIP-Specific Event Notification November 2001

identify the resource for which event notification is desired,
but not necessarily enough information to uniquely identify the
nature of the event (e.g. "sip:adam.roach@ericsson.com" would be
an appropriate URI to subscribe to February 2002

SUBSCRIBE and NOTIFY requests for my presence state; a given dialog, it
would also be an appropriate URI to subscribe to the state of my
voice mailbox).

Subscribers MUST include exactly one "Event" header in
record-route all SUBSCRIBE
requests, indicating to which event or class of events they are
subscribing. The "Event" header will contain and NOTIFY requests.

4.1.6. Notifier SUBSCRIBE Behavior

4.1.6.1. Initial SUBSCRIBE Transaction Processing

In no case should a token which
indicates SUBSCRIBE transaction extend for any longer
than the type of state time necessary for automated processing. In particular,
notifiers MUST NOT wait for which a subscription is being
requested. user response before returning a
final response to a SUBSCRIBE request.

This token will be registered requirement is imposed primarily to prevent timer F from
firing during the SUBSCRIBE transaction, since interaction
with a user would often exceed 64*T1 seconds.

The notifier SHOULD check that the IANA and will
correspond to an event package which further describes the
semantics of specified in the event or event class.

The
"Event" header is considered mandatory for the purposes of
this document. However, to maintain compatibility with PINT (see
[3] ), servers MAY interpret a SUBSCRIBE request with no "Event"
header as requesting a subscription to PINT events. understood. If not, the
servers do not support PINT, they notifier SHOULD return
a "489 Bad Event" response to any SUBSCRIBE messages without an EVENT header.

If indicate that the event package specified
event/event class is not understood.

The notifier SHOULD also perform any necessary authentication and
authorization per its local policy. See section 4.1.6.3.

If the notifier is able to which immediately determine that it
understands the event token corresponds defines
behavior associated with package, that the body of its SUBSCRIBE requests,
those semantics apply.

4.2.4. Additional SUBSCRIBE Header Values

Each SUBSCRIBE request MUST have exactly one "Contact:" header, authenticated subscriber
is authorized to be used as part of route handling, as described subscribe, and that there are no other barriers
to creating the subscription, it creates the subscription and a
dialog (if necessary), and returns a "200 OK" response (unless
doing so would reveal authorization policy in section
4.1.1.

SUBSCRIBE requests MAY contain an "Accept" header. This header,
if present, indicates undesirable
fashion; see section 6.2. ).

If the body formats allowed in subsequent
NOTIFY requests. Event packages MUST define notifier cannot immediately create the behavior subscription (e.g.
it needs to wait for
SUBSCRIBE requests without "Accept" headers; usually, this will
connote a single, default body type.

Header values user input for authorization, or is acting
for another node which is not described in this document are to be
interpreted as described in RFC 2543 [1] .

4.2.5. Subscriber SUBSCRIBE Behavior

4.2.5.1. Requesting a Subscription

When a subscriber currently reachable), or wishes to subscribe to a particular state for a
resource,
mask authorization policy, it forms will return a SUBSCRIBE message.

The dialog correlation information is formed as if for an
original INVITE: "202 Accepted"
response. This response indicates that the Call-ID is a new call ID with the syntax

Roach [Page 12]

Internet Draft SIP-Specific Event Notification November 2001

described in RFC 2543; the To: field indicates the subscribed
resource's persistent address (which will generally match the
Request URI used to form the message); and the From: field will
indicate the subscriber's persistent address (typically
sip:user@domain).

This SUBSCRIBE request will be confirmed with a final response.
200-class responses indicate that request has been
received and understood, but does not necessarily imply that the
subscription has been
accepted, and that authorized yet.

When a NOTIFY will be sent immediately. A 200
response indicates that the subscription has been accepted and
that the user is authorized to subscribe to created in the requested
resource. A 202 response merely indicates that notifier, it stores the subscription
has been understood,
event package name and that authorization may or may not have
been granted. the "Event" header "id" parameter (if
present) as part of the subscription information.

The "Expires" header values present in a 200-class response to SUBSCRIBE
indicates the actual duration for which the subscription will
remain active (unless refreshed).

Non-200 class final responses indicate that the subscription has
not been created, and no subsequent NOTIFY message will be sent.
All non-200 class 200-class responses (with the exception of "489,"
described herein) have
behave in the same meanings and handling way as
described they do in RFC 2543 [1] .

4.2.5.2. Refreshing of Subscriptions

At any time before a subscription expires, REGISTER responses: the subscriber may
refresh
server MAY shorten the timer on such a subscription by re-sending interval, but MUST NOT lengthen it. If the
duration specified in a SUBSCRIBE request. The handling for such a request message is unacceptably short,
the same as
for the initial creation of notifier SHOULD respond with a subscription except as described
below. "423 Subscription renewals will contain a "To" field matching the
"From" field in the first NOTIFY request for the dialog
containing the subscription to be refreshed. They will contain
the same "From" and "Call-ID" fields as the original SUBSCRIBE
request, and an incremented "CSeq" number from the original
SUBSCRIBE request. Route handling is as discussed in section
4.1.1.

If a SUBSCRIBE request to refresh a subscription receives a "481"
response, this indicates that the subscription has been
terminated and that the subscriber did not receive notification
of this fact. In this case, the subscriber should consider the
subscription invalid. If the subscriber wishes to re-subscribe to
the state, he does so by composing an unrelated initial SUBSCRIBE
request with a freshly-generated Call-ID and a new, unique "From"
tag (see section 4.2.5.1. ) Too Brief"
message.

Roach [Page 13] 9]

Internet Draft SIP-Specific Event Notification November 2001

If a SUBSCRIBE request February 2002

200-class responses to refresh a subscription fails, the
original SUBSCRIBE requests will not generally
contain any useful information beyond subscription duration;
their primary purpose is still considered valid for the duration
of the most recently known "Expires" value as negotiated by
SUBSCRIBE and its response, or to serve as a reliability mechanism.
State information will be communicated by via a subsequent NOTIFY
request from the notifier.

The other response codes defined in
"Subscription-Expires," except as described above.

4.2.5.3. Unsubscribing

Unsubscribing is handled SIP [1] may be used in the same way
response to SUBSCRIBE requests, as appropriate.

4.1.6.2. Confirmation of Subscription Creation/Refreshing

Upon successfully accepting or refreshing of a subscription, with the "Expires" header set to "0." Note that a
successful unsubscription will also trigger
notifiers MUST send a final "NOTIFY".

4.2.5.4. Confirmation of Subscription Creation

The subscriber can expect NOTIFY message immediately to receive a communicate
the current resource state to the subscriber. This NOTIFY message from each
node which has registered a successful subscription or
subscription refresh. Until
is sent on the first NOTIFY message arrives, same dialog as created by the
subscriber should consider SUBSCRIBE response.
If the resource has no meaningful state of at the subscribed resource
to be in a neutral state. Event packages which define new event
packages MUST define this "neutral state" in such a way time that
makes sense for their application (see section 5.4.7. ).

Due to the potential for both out-of-order messages and forking,
the subscriber MUST be prepared to receive NOTIFY messages before the
SUBSCRIBE transaction has completed.

Except as noted above, processing of message is processed, this NOTIFY is the same as
in message MAY contain
an empty or neutral body. See section 4.3.5.

4.2.6. Proxy SUBSCRIBE Behavior

Proxies need no additional behavior beyond 4.2.2. for further details
on NOTIFY message generation.

Note that described in RFC
2543 [1] to support SUBSCRIBE. If a proxy wishes NOTIFY message is always sent immediately after any
200-class response to see all a SUBSCRIBE request, regardless of whether
the subscription has already been authorized.

4.1.6.3. Authentication/Authorization of SUBSCRIBE and NOTIFY requests for a given dialog, it MUST
record-route all SUBSCRIBE and NOTIFY requests.

4.2.7. Notifier SUBSCRIBE Behavior

4.2.7.1. SUBSCRIBE Transaction Processing

In no case should a SUBSCRIBE transaction extend for any longer
than the time necessary for automated processing. In particular,

Privacy concerns may require that notifiers MUST NOT wait for a user response before returning a
final response apply policy to
determine whether a SUBSCRIBE request.

The notifier SHOULD check that the event package specified in the
"Event" header particular subscriber is understood. If not, the notifier SHOULD return
a "489 Bad Event" response authorized to
subscribe to indicate that the specified
event/event class is not understood.

Roach [Page 14]

Internet Draft SIP-Specific Event Notification November 2001

The notifier SHOULD also perform any necessary authentication and
authorization per its local policy. See section 4.2.7.3.

If the SUBSCRIBE request contains a tag parameter in the "To"
field, but the notifier has no record certain set of the indicated dialog,
the notifier has two options. If the notifier is able and willing
to reconstruct subscription state, he events. Such policy may accept the subscription be defined
by mechanisms such as an initial subscription. If the notifier cannot access control lists or is not
willing to reconstitute such state, it should respond real-time
interaction with a "481
Subscription does user. In general, authorization of subscribers
prior to authentication is not exist."

If particularly useful.

SIP authentication mechanisms are discussed in SIP [1] . Note
that, even if the notifier is able to immediately determine that node typically acts as a proxy,
authentication for SUBSCRIBE requests will always be performed
via a "401" response, not a "407;" notifiers always act as a user
agents when accepting subscriptions and sending notifications.

If authorization fails based on an access list or some other
automated mechanism (i.e. it
understands the event package, can be automatically authoritatively
determined that the authenticated subscriber is not authorized to subscribe, and that there are no other barriers
to creating subscribe),
the subscription, it creates notifier SHOULD reply to the subscription and
returns request with a "200 OK" "403 Forbidden"
or "603 Decline" response, unless doing so would might reveal
authorization policy in an undesirable fashion (see
information that should stay private; see section 6.2.
).

If the notifier cannot immediately create the subscription (e.g.
it needs to wait for user input for authorization, or owner is acting
for another node which is not currently reachable), or wishes interactively queried to
mask authorization policy, it will return determine
whether a subscription is allowed, a "202 Accepted"
response. This Accept" response indicates is
returned immediately. Note that a NOTIFY message is still formed

Roach [Page 10]

Internet Draft SIP-Specific Event Notification February 2002

and sent under these circumstances, as described in the request previous
section.

If subscription authorization was delayed and the notifier wishes
to convey that such authorization has been
received declined, it may do so
by sending a NOTIFY message containing a "Subscription-State"
header with a value of "terminated" and understood, but does not necessarily imply a reason parameter of
"rejected."

4.1.6.4. Refreshing of Subscriptions

When a notifier receives a subscription refresh, assuming that
the
subscription has been created yet.

The "Expires" values present in SUBSCRIBE 200-class responses
behave in subscriber is still authorized, the same way as they do in REGISTER responses: notifier updates the
expiration time for subscription. As with the initial
subscription, the server MAY shorten or lengthen the interval.

200-class responses to SUBSCRIBE requests will not generally
contain any useful information beyond subscription duration;
their primary purpose amount of time until
expiration, but MUST NOT increase it. The final expiration time
is to serve as a reliability mechanism.
State information will be communicated via a subsequent NOTIFY
request from placed in the notifier.

The other response codes defined "Expires" header in RFC 2543 may be used the response. If the
duration specified in
response to SUBSCRIBE requests, as appropriate.

4.2.7.2. Confirmation of Subscription Creation/Refreshing

Upon successfully accepting or refreshing of a subscription,
notifiers MUST send a NOTIFY SUBSCRIBE message immediately to communicate
the current resource state to the subscriber. If is unacceptably short,
the resource has notifier SHOULD respond with a "423 Subscription Too Brief"
message.

If no meaningful state at refresh for a notification address is received before its
expiration time, the time that subscription is removed. When removing a
subscription, the SUBSCRIBE notifier SHOULD send a NOTIFY message with a
"Subscription-State" value of "terminated" to inform it that the
subscription is
processed, this NOTIFY being removed. If such a message MAY is sent, the
"Subscription-State" header SHOULD contain an empty or neutral
body. See section 4.3.3. for further details on a "reason=timeout"
parameter.

The sending of a NOTIFY message
generation.

Roach [Page 15]

Internet Draft SIP-Specific Event Notification November 2001

Note that when a subscription expires allows
the corresponding dialog to be terminated, if appropriate.

4.2. Description of NOTIFY message is always Behavior

NOTIFY messages are sent immediately after any
200-class response to a SUBSCRIBE request, regardless inform subscribers of whether changes in
state to which the subscription subscriber has already been authorized.

4.2.7.3. Authentication/Authorization of a subscription. Subscriptions
are typically put in place using the SUBSCRIBE requests

Privacy concerns may require method; however,
it is possible that notifiers either use access
lists or ask other means have been used.

If any non-SUBSCRIBE mechanisms are defined to create
subscriptions, it is the notifier owner, on a per-subscription basis,
whether responsibility of the parties defining
those mechanisms to ensure that correlation of a particular remote node NOTIFY message
to the corresponding subscription is authorized possible. Designers of such
mechanisms are also warned to subscribe make a distinction between sending
a NOTIFY message to a
certain set of events. In general, authorization subscriber who is aware of users prior the
subscription, and sending a NOTIFY message to authentication an unsuspecting
node. The latter behavior is not particularly useful.

SIP authentication mechanisms are discussed in RFC2543 [1] . Note
that, even if the notifier node typically acts as a proxy,
authentication for SUBSCRIBE requests will always be performed
via invalid, and MUST receive a "401" response, "481
Subscription does not a "407;" notifiers always act as a user
agents when accepting subscriptions and sending notifications.

If authorization fails based on an access list or exist" response (unless some other
automated mechanism (i.e. it can be automatically authoritatively
determined that the subscriber is not authorized to subscribe),
the notifier SHOULD reply to the request with a "403 Forbidden" 400- or "603 Decline" response, unless doing so might reveal
information that should stay private; see section 6.2.

If the notifier owner is interactively queried to determine
whether a subscription is allowed, a "202 Accept" response is
returned immediately. Note that a NOTIFY message
500-class error code is still formed
and sent under these circumstances, more applicable), as described in the previous
section.

If section
4.2.4. In other words, knowledge of a subscription authorization was delayed must exist in

Roach [Page 11]

Internet Draft SIP-Specific Event Notification February 2002

both the subscriber and the notifier wishes to convey that such authorization has been declined, it may do so
by sending be valid, even if
installed via a non-SUBSCRIBE mechanism.

A NOTIFY message containting a "Subscription-Expires"
header with does not terminate its corresponding subscription; in
other words, a value single SUBSCRIBE request may trigger several
NOTIFY requests.

4.2.1. Identification of "0" reported events, event classes, and a reason parameter of "refused."

4.2.7.4. Refreshing current
state

Identification of Subscriptions

When a notifier receives events being reported in a subscription refresh, assuming that
the subscriber notification is still authorized, the notifier updates the
expiration time very
similar to that described for subscription. subscription to events (see section
4.1.2. ).

As with the initial
subscription, the server MAY shorten or increase the amount of
time until expiration. The final expiration time in SUBSCRIBE requests, NOTIFY "Event" headers will contain a
single event package name for which a notification is placed being
generated. The package name in the
"Expires" "Event" header MUST match the
"Event" header in the response. corresponding SUBSCRIBE message. If no refresh for a notification address is received before its
expiration time, an "id"
parameter was present in the subscription is removed. When removing a
subscription, SUBSCRIBE message, that "id"
parameter MUST also be present in the notifier MAY send a corresponding NOTIFY message
messages.

If the event package to which the event package name corresponds
defines behavior associated with a
"Subscription-Expires" value the body of "0" its NOTIFY requests,
those semantics apply. This information is expected to inform it that provide
additional details about the
subscription is being removed. If such a message is sent, nature of the

Roach [Page 16]

Internet Draft SIP-Specific Event Notification November 2001

"Subscription-Expires" header SHOULD contain a "reason=timeout"
parameter.

4.3. Description event which has
occurred and the resultant resource state.

When present, the body of the NOTIFY Behavior

NOTIFY messages are sent to inform subscribers request MUST be formatted
into one of changes the body formats specified in the "Accept" header of
the corresponding SUBSCRIBE request. This body will contain
either the state to which of the subscriber has subscribed resource or a subscription. Subscriptions
are typically put pointer to such
state in place using the form of a URI.

4.2.2. Notifier NOTIFY Behavior

When a SUBSCRIBE method; however,
it request is possible that other means have been used.

If any non-SUBSCRIBE mechanisms are defined to create
subscriptions, it is the responsibility of the parties defining
those mechanisms to ensure that correlation of answered with a NOTIFY message
to 200-class response,
the corresponding subscription is possible. Designers of such
mechanisms are also warned to make a distinction between sending notifier MUST immediately construct and send a NOTIFY message request
to the subscriber. When a subscriber who is aware of change in the
subscription, subscribed state occurs,
the notifier SHOULD immediately construct and sending send a NOTIFY message
request, subject to an unsuspecting
node. The latter behavior is invalid, authorization, local policy, and MUST receive a "481
Subscription does not exist" throttling
considerations.

A NOTIFY request is considered failed if the response (unless some other 400- times out,
or
500-class error a non-200 class response code is more applicable), as described in section
4.3.5. In other words, knowlege of a subscription must exist in
both the subscriber received which has no
"Retry-After" header and the notifier to no implied further action which can be valid, even if
installed via a non-SUBSCRIBE mechanism.

A NOTIFY does not cancel its corresponding subscription; in other
words, a single SUBSCRIBE request may trigger several NOTIFY
requests.

4.3.1. Correlation

NOTIFY requests MUST contain the same Call-ID as
taken to retry the SUBSCRIBE request which ordered them; the "To" field MUST match the "From"
field in (e.g. "401 Authorization Required.")

If the SUBSCRIBE that ordered them, NOTIFY request fails (as defined above) due to a timeout
condition, and the "From" field
MUST match the "To" field that subscription was sent in installed using a soft-state

Roach [Page 12]

Internet Draft SIP-Specific Event Notification February 2002

mechanism (such as SUBSCRIBE), the 200-class response
to the SUBSCRIBE. In other words, NOTIFY requests MUST be in notifier SHOULD remove the
same dialog as
subscription.

This behavior prevents unnecessary transmission of state
information for subscribers who have crashed or disappeared
from the SUBSCRIBE that ordered them.

The From field network. Because such transmissions will be sent 11
times (instead of a NOTIFY request, like the "To" field typical single transmission for
functioning clients), continuing to service them when no
client is available to acknowledge them could place undue
strain on a network. Upon client restart or reestablishment
of a network connection, it is expected that clients will
send SUBSCRIBE response, MUST contain a tag; this allows for the
subscriber messages to differentiate between events from different
notifiers.

Successful SUBSCRIBE requests refresh potentially stale state
information; such messages will receive only one 200-class
response; however, re-install subscriptions in
all relevant nodes.

If the NOTIFY request fails (as defined above) due to forking, an error
response, and the subscription may have been
accepted by multiple nodes. The subscriber was installed using a soft-state
mechanism, the notifier MUST therefore be
prepared to receive NOTIFY requests remove the corresponding
subscription.

A notify error response would generally indicate that
something has gone wrong with "From:" tags which
differ from the "To:" tag received in subscriber or with some
proxy on the SUBSCRIBE 200-class
response. way to the subscriber. If multiple NOTIFY messages are received the subscriber is in response
error, it makes the most sense to a single

Roach [Page 17]

Internet Draft SIP-Specific Event Notification November 2001

SUBSCRIBE message, they represent different destinations allow the subscriber to which
rectify the situation (by re-subscribing) once the error
condition has been handled. If a proxy is in error, the
periodic SUBSCRIBE refreshes will re-install subscription
state once the network problem has been resolved.

If a NOTIFY request was forked. Unless receives a 481 response, the event package
specifies otherwise, notifier MUST
remove the subscriber may either accept all corresponding subscription even if such
notifications subscription
was installed by non-SUBSCRIBE means (such as representing different dialogs (which are then
refreshed separately), or send a 481 response to any NOTIFYs on
dialogs that it does an administrative
interface).

If the above behavior were not want to keep alive.

As expected, CSeq spaces are unique required, subscribers
receiving a notify for each node; an unknown subscription would need to
send an error status code in other
words, response to the notifier uses NOTIFY and also
send a different CSeq space than SUBSCRIBE request to remove the
subscriber and any other notifiers.

4.3.2. Identification of reported events, event classes, and current
state

Identification of events being reported subscription. Since
this behavior would make subscribers available for use as
amplifiers in a notification denial of service attacks, we have instead
elected to give the 481 response special meaning: it is very
similar used
to indicate that described for a subscription to events (see must be cancelled under all
circumstances.

NOTIFY requests MUST contain a "Subscription-State" header with a
value of "active," "pending," or "terminated." The "active" value
indicates that the subscription has been accepted and has been
authorized (in most cases; see section
4.2.3. 6.2. ). The Request URI of a NOTIFY request contains enough "pending"
value indicates that the subscription has been received, but that
policy information is insufficient to route accept or deny the request to

Roach [Page 13]

Internet Draft SIP-Specific Event Notification February 2002

subscription at this time. The "terminated" value indicates that
the party which is subscribed to receive
notifications. It subscription is derived from not active.

If the "Contact" value of the "Subscription-State" header present is "active" or
"pending," the notifier SHOULD also include in the corresponding SUBSCRIBE request.

If
"Subscription-State" header an "expires" parameter which
indicates the same events for different resources are being subscribed
to, implementors are expected to time remaining on the subscription. The notifier
MAY use different dialogs in order this mechanism to shorten a subscription; however, this
mechanism MUST NOT be able used to differentiate between notifications for them,
unless the body for the event contains enough lengthen a subscription.

Including expiration information for
this correlation.

As active and pending
subscriptions is useful in case the SUBSCRIBE requests, NOTIFY "Event" headers will contain a
single token which identifies request forks,
since the event or class of events for
which response to a notification is being generated.

If forked SUBSCRIBE may not be received
by the event package to which subscriber. Note well that this "expires" value is a
parameter on the event token corresponds defines
behavior associated with "Subscription-State" header, NOT an
"Expires" header.

If the body value of its NOTIFY requests, those
semantics apply. This information the "Subscription-State" header is expected to provide
additional details about "terminated,"
the nature of notifier SHOULD also include a "reason" parameter. The
notifier MAY also include a "retry-after" parameter, where
appropriate. For details on the event which has
occurred value and the resultant resource state.

When present, the body semantics of the
"reason" and "retry-after" parameters, see section 4.2.4.

4.2.3. Proxy NOTIFY request MUST be formatted
into one of the body formats specified Behavior

Proxies need no additional behavior beyond that described in the "Accept" header SIP
[1] to support NOTIFY. If a proxy wishes to see all of the corresponding
SUBSCRIBE request.

4.3.3. Notifier and NOTIFY Behavior

When requests for a given dialog, it MUST
record-route all SUBSCRIBE request is successfully processed or a relevant
change in the subscribed state occurs, the notifier will
immediately construct and send NOTIFY requests.

4.2.4. Subscriber NOTIFY Behavior

Upon receiving a NOTIFY request to the
subscriber(s), per standard Route/Record-Route handling, as
described in section 4.1.1.

Roach [Page 18]

Internet Draft SIP-Specific Event Notification November 2001

If the notifier is able, through any means, to determine that request, the subscriber is no longer available to receive notifications, should check that
it
MAY elect to not send a notification. An example matches at least one of its outstanding subscriptions; if not,
it MUST return a method by
which such information may be known "481 Subscription does not exist" response
unless another 400- or 500-class response is the "SIP more appropriate.
The rules for Presence"
event set (see [4] ).

A matching NOTIFY request is considered failed if the response times out,
or requests with subscriptions that
create a non-200 class response code new dialog is received described in section 4.3.4. Notifications
for subscriptions which has no
"Retry-After" header were created inside an existing dialog
match if they are in the same dialog and no implied further action which can be
taken to retry the request (e.g. "401 Authorization Required.")

If "Event" headers
match (as described in section 7.5.1. )

If, for some reason, the event package designated in the "Event"
header of the NOTIFY request fails (as defined above) due to a timeout
condition, and is not supported, the subscription was installed using subscriber
will respond with a soft-state
mechanism (such as "489 Bad Event" response.

To prevent spoofing of events, NOTIFY requests SHOULD be
authenticated, using any defined SIP signalling), authentication mechanism.

NOTIFY requests MUST contain "Subscription-State" headers which

Roach [Page 14]

Internet Draft SIP-Specific Event Notification February 2002

indicate the notifier SHOULD remove status of the subscription.

If the NOTIFY request fails (as defined above) due to an error
response, and "Subscription-State" header value is "active," it means
that the subscription was installed using a soft-state
mechanism, has been accepted and (in general) has been
authorized. If the notifier MUST remove header also contains an "expires" parameter,
the corresponding
subscription. subscriber SHOULD take it as the authoritative subscription
duration and adjust accordingly. The "retry-after" and "reason"
parameters have no semantics for "active."

If a NOTIFY request receives a 481 response, the notifier MUST
remove "Subscription-State" value is "pending," the corresponding subscription even if such subscription
was installed
has been received by non-SUBSCRIBE means (such as the notifier, but there is insufficient
policy information to grant or deny the subscription yet. If the
header also contains an administrative
interface).

NOTIFY requests "expires" parameter, the subscriber
SHOULD contain an "Subscription-Expires" header
which indicates take it as the remaining authoritative subscription duration and
adjust accordingly. No further action is necessary on the part of
the subscriber. The "retry-after" and "reason" parameters have no
semantics for "pending."

If the "Subscription-State" value is "terminated," the subscriber
should consider the subscription (such terminated. The "expires"
parameter has no semantics for "terminated." If a header reason code is useful in case
present, the SUBSCRIBE request forks, since client should behave as described below. If no
reason code or an unknown reason code is present, the response client MAY
attempt to re-subscribe at any time (unless a forked subscribe -- "retry-after"
parameter is present, in which contains case the "Expire"
header that specifies client SHOULD NOT attempt
re-subscription until after the agreed-upon expiration time -- may not
be received number of seconds specified by
the subscriber). "retry-after" parameter). The notifier SHOULD use this
header to adjust the time remaining on the subscription; however,
this mechanism MUST not be used to lengthen a subscription, only
to shorten it. defined reason codes are:

deactivated: The notifier may inform a subscriber that a subscription has been removed by sending a NOTIFY message terminated, but the client
SHOULD retry immediately with an
"Subscription-Expires" value of "0."

If the duration a new subscription. One primary
use of such a status code is to allow migration of
subscriptions between nodes. The "retry-after" parameter has
no semantics for "deactivated."

probation: The subscription has been shortened or
terminated by the "Subscription-Expires" header as compared to terminated, but the most recent 200-class SUBSCRIBE response sent, that header client
SHOULD include retry at some later time. If a "reason" "retry-after" parameter indicating
is also present, the reason that
such action was taken. Currently, four such values are defined:
"migration" indicates that client SHOULD wait at least the node acting as notifier is
transferring responsibility for maintaing such state information
to another node; this only makes sense when subscriptions are
terminated, not when they are shortened. "Maint" indicates number
of seconds specified by that
the parameter before attempting to
re-subscribe.

rejected: The subscription is being truncated or has been terminated due to server
maintainance, and "refused" indicates that the change in
authorization policy. Clients SHOULD NOT attempt to
re-subscribe. The "retry-after" parameter has no semantics
for "rejected."

timeout: The subscription has been terminated because it was not
refreshed before it expired. Clients MAY re-subscribe
immediately. The "retry-after" parameter has no semantics for
"timeout."

Roach [Page 19] 15]

Internet Draft SIP-Specific Event Notification November 2001 February 2002

giveup: The subscription has been removed or shortened administratively (e.g. by a change in
ACL policy). Finally, if terminated because the notifier elects to send a NOTIFY
upon timeout of the subscription, they SHOULD include a
"Subscription-Expires" header with
could not obtain authorization in a value of "0" and timely fashion. If a reason
"retry-after" parameter is also present, the client SHOULD
wait at least the number of "timeout."

4.3.4. Proxy NOTIFY Behavior

Proxies need no additional behavior beyond seconds specified by that described in RFC
2543 [1]
parameter before attempting to support NOTIFY. If a proxy wishes re-subscribe; otherwise, the
client MAY retry immediately, but will likely get put back
into pending state.

Once the notification is deemed acceptable to see all of the
SUBSCRIBE and NOTIFY requests for subscriber, the
subscriber SHOULD return a given dialog, 200 response. In general, it MUST
record-route all is not
expected that NOTIFY responses will contain bodies; however, they
MAY, if the NOTIFY request contained an "Accept" header.

Other responses defined in SIP [1] may also be returned, as
appropriate.

4.3. General

4.3.1. Detecting support for SUBSCRIBE and NOTIFY requests.

4.3.5. Subscriber NOTIFY Behavior

Upon receiving a

Neither SUBSCRIBE nor NOTIFY request, necessitate the subscriber should check that
it matches at least one use of its outstanding subscriptions; if not,
it MUST return a "481 Subscription does not exist" response
unless another 400- "Require" or 500-class response
"Proxy-Require" headers; similarly, there is more appropriate.

If, no token defined for
"Supported" headers. If necessary, clients may probe for some reason, the event package designated in the "Event"
header of the NOTIFY request is not supported, the subscriber
will respond with a "489 Bad Event" response.

To prevent spoofing
support of events, SUBSCRIBE and NOTIFY requests MAY be
authenticated, using any the OPTIONS request defined
in SIP authentication mechanism.

NOTIFY requests SHOULD contain "Subscription-Expires" headers
which indicate the time remaining on the subscription. If this
header is present, the subscriber SHOULD take it as the
authoritative duration and adjust accordingly. If an expires
value [1] .

The presence of "0" is present, the subscriber should consider the
subscription terminated.

When the subscription is terminated or shortened using the
"Subscription-Expires" mechanism, there SHOULD be "Allow-Events" header in a reason
parameter present. If it message is present
sufficient to indicate support for SUBSCRIBE and the subscriber is still
interested in receiving updates NOTIFY.

The "methods" parameter for Contact may also be used to
specifically announce support for SUBSCRIBE and NOTIFY messages
when registering. (See reference [7] for details on the state information, the
subscriber SHOULD attempt re-subscribe upon expiration if it is
set to "migration," "timeout," is not present, "methods"
parameter).

4.3.2. CANCEL requests

No semantics are associated with cancelling SUBSCRIBE or is set to an
unknown value. Such a resubscription NOTIFY.

4.3.3. Forking

Successful SUBSCRIBE requests will be completely
independant of receive only one 200-class
response; however, due to forking, the original subscription, and will not share a
dialog with it; it will subscription may have been
accepted by multiple nodes. The subscriber MUST therefore be generated as described
prepared to receive NOTIFY requests with "From:" tags which
differ from the "To:" tag received in section
4.2.5.1.

If the "reason" parameter on SUBSCRIBE 200-class
response.

If multiple NOTIFY messages are received in response to a "Subscription-Expires" header is
set single
SUBSCRIBE message, they represent different destinations to either "maint" or "refused," which
the SUBSCRIBE request was forked. For information on subscriber SHOULD NOT
attempt re-subscription.

Once the notification is deemed acceptable to the subscriber, the

Roach [Page 20] 16]

Internet Draft SIP-Specific Event Notification November 2001

subscriber SHOULD return a 200 response. In general, it February 2002

handling in such situations, see section 5.4.9.

4.3.4. Dialog creation and termination

If an initial SUBSCRIBE request is not
expected that NOTIFY responses sent on an pre-existing
dialog, the subscriber will contain bodies; however, they
MAY, if wait for a response to the NOTIFY SUBSCRIBE
request contained an "Accept" header.

Other responses defined in RFC 2543 [1] may also be returned, as
appropriate.

4.4. Polling Resource State

A natural consequence of or a matching NOTIFY.

Responses are matched to such SUBSCRIBE requests if they contain
the behavior described in same the preceding
sections is that an immediate fetch without a persistent
subscription may be effected by sending an appropriate SUBSCRIBE
with an "Expires" same "Call-ID," the same "From" header field, the
same "To" header field, excluding the "tag," and the same "CSeq."
Rules for the comparison of 0.

Of course, an immediate fetch while these headers are described in SIP
[1] . If a 200-class response matches such a SUBSCRIBE request,
it creates a new subscription is active may
be effected and a new dialog (unless they have
already been created by sending an appropriate a matching NOTIFY request; see below).

NOTIFY requests are matched to such SUBSCRIBE with an "Expires"
greater than 0.

Upon receipt requests if they
contain the same "Call-ID," a "From" header field which matches
the "To" header field of this SUBSCRIBE request, the notifier (or
notifiers, if SUBSCRIBE, excluding the SUBSCRIBE request was forked) will send "tag," a
NOTIFY request containing resource state to
"To" header field which matches the address in "From" header field of the
SUBSCRIBE "Contact" field. Note that normal Route
SUBSCRIBE, and
Record-Route handle still applies; see section 4.1.1.

4.5. Allow-Events the same "Event" header usage

The "Allow-Events" header, if present, includes a list field. Rules for
comparisons of tokens
which indicates the event packages supported by the client (if
sent "Event" headers are described in section
7.5.1. If a request) matching NOTIFY request contains a
"Subscription-State" of "active" or server (if sent in "pending," it creates a response). In other
words, new
subscription and a node sending new dialog (unless the have already been
created by a matching response, as described above).

If an "Allow-Events" header initial SUBSCRIBE is advertising sent on a pre-existing dialog, a
matching 200-class response or successful NOTIFY request merely
creates a new subscription associated with that it dialog.

Multiple subscriptions can process SUBSCRIBE requests and generate NOTIFY
requests for all of the event packages listed in that header.

Any node implementing one or more event packages SHOULD include
an appropriate "Allow-Events" header indicating all supported
events be associated with a single dialog.
Subscriptions may also exist in INVITE requests and responses, OPTIONS responses, dialogs associated with
INVITE-created application state and
REGISTER requests. "Allow-Events" headers MAY be included other application state
created by mechanisms defined in any other type specifications. These sets
of request or response.

This information is very useful, application state do not interact beyond the behavior
described for example, a dialog (e.g. route set handling).

A subscription is destroyed when a notifier sends a NOTIFY
request with a "Subscription-State" of "terminated".

A subscriber may send a SUBSCRIBE request with an
"Expiration" header of 0 in allowing user
agents to render particular interface elements appropriately
according to whether the events required order to implement trigger the
features they represent are supported by sending of
such a NOTIFY request; however, for the appropriate nodes.

Note that "Allow-Events" headers MUST NOT be inserted by proxies.

5. Event Packages

This section covers several issues which should be taken into
consideration when event packages based on SUBSCRIBE purposes of
subscription and dialog lifetime, the subscription is not
considered terminated until the NOTIFY with a
"Subscription-State" of "terminated" is sent.

If a subscription's destruction leaves no other application state
associated with the dialog, the dialog terminates. The

Roach [Page 21] 17]

Internet Draft SIP-Specific Event Notification November 2001

are proposed.

5.1. Appropriateness February 2002

destruction of Usage

When designing other application state (such as that created by
an event package using INVITE) will not terminate the methods described in
this draft for event notification, it is important to consider: dialog if a subscription is SIP an appropriate mechanism for
still associated with that dialog.

Note that the problem set? Is SIP being
selected because above behavior means that a dialog created with
an INVITE does not necessarily terminate upon receipt of some unique feature provided by the protocol
(e.g. user mobility), or merely because "it can be done?" If you
find yourself defining event packages for notifications related
to, for example, network management or the temperature inside
your car's engine, you may want a
BYE.

4.3.5. State Agents and Notifier Migration

When state agents (see section 5.4.11. ) are used, it is often
useful to reconsider your selection allow migration of
protocols.

Those interested in extending subscriptions between state agents
and the mechanism defined in this
document are urged to read "Guidelines nodes for Authors which they are providing state aggregation (or
even among various state agents). Such migration may be effected
by sending a "NOTIFY" with an "Subscription-State" header of SIP
Extensions" [2] for further guidance regarding appropriate uses
"terminated," and a reason parameter of SIP.

Further, it "deactivated." This
NOTIFY request is expected otherwise normal, and is formed as described in
section 4.2.2.

Upon receipt of this NOTIFY message, the subscriber SHOULD
attempt to re-subscribe (as described in the preceding sections).
Note that this mechanism subscription is established on a new dialog, and
does not re-use the route set from the previous subscription
dialog.

The actual migration is effected by making a change to be used in
applications where the frequency policy
(such as routing decisions) of reportable events is
excessively rapid (e.g. one or more than about once per second). A SIP
network is generally going servers to which the
SUBSCRIBE request will be provisioned for sent in such a reasonable
signalling volume; sending way that a notification every time a user's GPS
position changes by one hundreth of a second could easily
overload such a network.

5.2. Sub-packages

Normal event packages define a set of state applied different
node ends up responding to a specific
type of resource, such the SUBSCRIBE request. This may be as
simple as user presence, call state, and
messaging mailbox state.

Sub-packages are a special type of package change in the local policy in the notifier from which define
the subscription is migrating so that it serves as a set proxy or
redirect server instead of
state applied a notifier.

Whether, when, and why to other packages, perform notifier migrations may be
described in individual event packages; otherwise, such as statistics, access decisions
are a matter of local notifier policy, and subscriber lists. Sub-packages may even be applied are left up to
other sub-packages.

To extend the object-oriented analogy made earlier, sub-packages
can be thought
individual implementations.

4.3.6. Polling Resource State

A natural consequence of as templatized C++ packages which must be
applied to other packages to the behavior described in the preceding
sections is that an immediate fetch without a persistent
subscription may be useful.

The name of effected by sending a sub-package as applied to SUBSCRIBE with an
"Expires" of 0.

Of course, an immediate fetch while a package subscription is formed active may
be effected by
appending sending a period followed by the sub-package name SUBSCRIBE with an "Expires" equal to the end
number of seconds remaining in the package. For example, if a subpackage called "watcherinfo"
were being applied to a package called "presence," subscription.

Upon receipt of this SUBSCRIBE request, the event
token used in "Event" and "Allow-Events" would be
"presence.watcherinfo".

Sub-packages must be defined so that they can be applied to any notifier (or

Roach [Page 22] 18]

Internet Draft SIP-Specific Event Notification November 2001

arbitrary package. In other words, sub-packages cannot be
specifically tied to one or February 2002

notifiers, if the SUBSCRIBE request was forked) will send a few "parent" packages
NOTIFY request containing resource state in such a way the same dialog.

Note that they will not work with other packages.

5.3. Amount of State to be Conveyed

When designing event packages, it is important to consider the
type NOTIFY messages triggered by SUBSCRIBE messages
with "Expire" headers of information which 0 will be conveyed during contain a notification.

A natural temptation is to convey merely the event (e.g. "a new
voice message just arrived") without accompanying state (e.g. "7
total voice messages"). This complicates implementation "Subscription-State"
value of
subscribing entities (since they have to maintain complete state
for the entity to which they have subscribed), "terminated," and also is
particularly susceptible to synchronization problems.

There are two possible solutions to this problem that event
packages may choose to implement.

5.3.1. Complete State Information

For packages a "reason" parameter of "timeout."

4.3.7. Allow-Events header usage

The "Allow-Events" header, if present, includes a list of tokens
which typically convey state information that is
reasonably small (on indicates the order of 1 kb or so), it is suggested
that event packages are designed so as to send complete state
information when an event occurs.

In supported by the circumstances client (if
sent in a request) or server (if sent in a response). In other
words, a node sending an "Allow-Events" header is advertising
that state may not be sufficient it can process SUBSCRIBE requests and generate NOTIFY
requests for a
particular class all of events, the event packages should include
complete state information along with the event that occurred.
For example, "no customer service representatives available" may
not be as useful "no customer service representatives available;
representative sip:46@cs.xyz.int just logged off".

5.3.2. State Deltas

In the case listed in that the state information to be conveyed is large,
the header.

Any node implementing one or more event package may choose to detail a scheme by packages SHOULD include
an appropriate "Allow-Events" header indicating all supported
events in all methods which NOTIFY
messages contain state deltas instead of complete state.

Such a scheme would work initiate dialogs and their responses
(such as follows: any NOTIFY sent INVITE) and OPTIONS responses.

This information is very useful, for example, in immediate
response allowing user
agents to a SUBSCRIBE contains full state information. NOTIFY
messages sent because of a state change will contain only the
state information that has changed; render particular interface elements appropriately
according to whether the subscriber will then
merge this information into its current knowledge about events required to implement the state
of
features they represent are supported by the resource.

Any event package appropriate nodes.

Note that supports delta changes to states "Allow-Events" headers MUST use
a payload which contains a version number that increases NOT be inserted by
exactly one proxies.

4.3.8. PINT Compatibility

The "Event" header is considered mandatory for each NOTIFY message. Note that the state version
number appears in the body purposes of the message, not in
this document. However, to maintain compatibility with PINT (see
[3] ), servers MAY interpret a SIP header.

Roach [Page 23]

Internet Draft SIP-Specific Event Notification November 2001 SUBSCRIBE request with no "Event"
header as requesting a subscription to PINT events. If a NOTIFY arrives that has a version number that is incremented
by more than one, the subscriber knows that a state delta has
been missed; it ignores the NOTIFY message containing the state
delta (except for the version number, which server
does not support PINT, it retains SHOULD return "489 Bad Event" to detect
message loss), and re-sends a any
SUBSCRIBE to force a NOTIFY
containing a complete state snapshot.

5.4. Event Package Responsibilities messages without an "Event" header.

5. Event Packages

This section covers several issues which should be taken into
consideration when event packages based on SUBSCRIBE and NOTIFY
are not required to re-iterate any proposed.

5.1. Appropriateness of Usage

When designing an event package using the behavior methods described in
this document, although they may choose draft for event notification, it is important to do so consider:
is SIP an appropriate mechanism for
clarity the problem set? Is SIP being
selected because of some unique feature provided by the protocol
(e.g. user mobility), or emphasis. In general, though, such merely because "it can be done?" If you

Roach [Page 19]

Internet Draft SIP-Specific Event Notification February 2002

find yourself defining event packages are
expected to describe only the behavior that extends for notifications related
to, for example, network management or modifies the behavior described temperature inside
your car's engine, you may want to reconsider your selection of
protocols.

Those interested in this document.

Note that any behavior designated with "SHOULD" or "MUST" extending the mechanism defined in this
document are urged to read "Guidelines for Authors of SIP
Extensions" [2] for further guidance regarding appropriate uses
of SIP.

Further, it is expected that this mechanism is not allowed to be changed by extension documents;
however, such documents may elect to strengthen "SHOULD"
requirements to "MUST" strength if required by their application.

In addition to used in
applications where the normal sections expected by "Instructions to
RFC Authors" [6] and "Guidelines for Authors frequency of reportable events is
excessively rapid (e.g. more than about once per second). A SIP Extensions"
[2] , authors
network is generally going to be provisioned for a reasonable
signalling volume; sending a notification every time a user's GPS
position changes by one hundreth of a second could easily
overload such a network.

5.2. Event Template-packages

Normal event packages MUST address each define a set of the issues
detailed in the following subsections, whenever applicable.

5.4.1. state applied to a specific
type of resource, such as user presence, call state, and
messaging mailbox state.

Event Package Name

This mandatory section template-packages are a special type of an event package defines the token name which
define a set of state applied to other packages, such as
statistics, access policy, and subscriber lists. Event
template-packages may even be used applied to designate the other event package. It MUST include the
information which appears in
template-packages.

To extend the IANA registration object-oriented analogy made earlier, event
template-packages can be thought of the token.
For information on registering such types, see section 7.

5.4.2. Event Package Parameters

If parameters are to as templatized C++ packages
which must be used on the "Event" header applied to modify the
behavior other packages to be useful.

The name of an event template-package as applied to a package is
formed by appending a period followed by the event package,
template-package name to the syntax and semantics end of such
headers must be clearly defined.

5.4.3. SUBSCRIBE Bodies

It is expected that most, but not all, event packages will define
syntax and semantics for SUBSCRIBE method bodies; these bodies
will typically modify, expand, filter, throttle, and/or set
thresholds for the class of events package. For example, if
a template-package called "winfo" were being requested. Designers of applied to a package
called "presence," the event packages are strongly encouraged token used in "Event" and
"Allow-Events" would be "presence.winfo".

Event template-packages must be defined so that they can be
applied to re-use existing MIME
types for message bodies where practical.

This mandatory section of an any arbitrary package. In other words, event package defines what type
template-packages cannot be specifically tied to one or
types a few
"parent" packages in such a way that they will not work with
other packages.

5.3. Amount of State to be Conveyed

When designing event bodies are expected in SUBSCRIBE requests (or packages, it is important to consider the

Roach [Page 24] 20]

Internet Draft SIP-Specific Event Notification November 2001

specify that no event bodies are expected). It should point to
detailed definitions February 2002

type of syntax and semantics for all referenced
body types.

5.4.4. Subscription Duration

It information which will be conveyed during a notification.

A natural temptation is recommended that to convey merely the event packages give a suggested range (e.g. "a new
voice message just arrived") without accompanying state (e.g. "7
total voice messages"). This complicates implementation of
times considered reasonable
subscribing entities (since they have to maintain complete state
for the duration of a subscription.
Such packages MUST also define a default "Expires" value entity to be
used if none which they have subscribed), and also is specified.

5.4.5. NOTIFY Bodies

The NOTIFY body is used
particularly susceptible to report synchronization problems.

There are two possible solutions to this problem that event
packages may choose to implement.

5.3.1. Complete State Information

For packages which typically convey state on information that is
reasonably small (on the resource being
monitored. Each package must define a what type or types order of 1 kb or so), it is suggested
that event
bodies are expected in NOTIFY requests. Such packages must
specify or cite detailed specifications are designed so as to send complete state
information when an event occurs.

In the circumstances that state may not be sufficient for a
particular class of events, the syntax and
semantics associated with such event body.

Event packages also need to define which MIME type is to be
assumed if none are specified in should include
complete state information along with the "Accept" header of event that occurred.
For example, "no customer service representatives available" may
not be as useful "no customer service representatives available;
representative sip:46@cs.xyz.int just logged off".

5.3.2. State Deltas

In the
SUBSCRIBE request.

5.4.6. Notifier processing of SUBSCRIBE requests

This section describes case that the processing state information to be performed by conveyed is large,
the
notifier upon receipt of event package may choose to detail a SUBSCRIBE request. scheme by which NOTIFY
messages contain state deltas instead of complete state.

Such a section is
required.

Information scheme would work as follows: any NOTIFY sent in this section includes details of how immediate
response to
authenticate subscribers and authorization issues for the
package. Such authorization issues may include, for example,
whether all a SUBSCRIBE requests for this package are answered with
202 responses (see section 6.2. ).

5.4.7. Notifier generation of contains full state information. NOTIFY requests

This section
messages sent because of an event package describes a state change will contain only the process by which
state information that has changed; the notifier generates and sends a NOTIFY request. This includes
detailed subscriber will then
merge this information into its current knowledge about what events cause the state
of the resource.

Any event package that supports delta changes to states MUST use
a payload which contains a version number that increases by
exactly one for each NOTIFY to be sent,
how to compute message. Note that the state information version
number appears in the NOTIFY, how to
generate "neutral" or "fake" body of the message, not in a SIP header.

If a NOTIFY arrives that has a version number that is incremented
by more than one, the subscriber knows that a state information to hide
authorization delays and decisions from users, and whether delta has
been missed; it ignores the NOTIFY message containing the state
information is complete or deltas
delta (except for notifications (see section
5.3. )

It may optionally describe the behavior used version number, which it retains to processes the
subsequent response. Such detect
message loss), and re-sends a SUBSCRIBE to force a section is required.

5.4.8. Subscriber processing of NOTIFY requests
containing a complete state snapshot.

Roach [Page 25] 21]

Internet Draft SIP-Specific Event Notification November 2001

This section of an event package describes the process followed
by the subscriber upon receipt of a NOTIFY request, including any
logic February 2002

5.4. Event Package Responsibilities

Event packages are not required to form a coherent resource state (if applicable).

5.4.9. Handling re-iterate any of forked requests

Each event package should specify whether forked SUBSCRIBE
requests are allowed to install multiple subscriptions. If such
behavior is not allowed, any NOTIFY messages not matching the
200-class response behavior
described in this document, although they may choose to the initial SUBSCRIBE message do so for
clarity or emphasis. In general, though, such packages are responded
expected to with a 481.

In describe only the case behavior that multiple subscriptions are allowed, the event
package must specify whether merging of extends or modifies
the notifications to form
a single state is required, and how such merging is to be
performed. behavior described in this document.

Note that it any behavior designated with "SHOULD" or "MUST" in this
document is possible that some event packages may not allowed to be defined in changed by extension documents;
however, such a way that each dialog is tied documents may elect to a mutually
exclusive state which is unaffected strengthen "SHOULD"
requirements to "MUST" strength if required by their application.

In addition to the other dialogs; this
must be clearly stated if it is normal sections expected by "Instructions to
RFC Authors" [5] and "Guidelines for Authors of SIP Extensions"
[2] , authors of event packages MUST address each of the case.

5.4.10. Rate issues
detailed in the following subsections, whenever applicable.

5.4.1. Event Package Name

This mandatory section of notifications

Each an event package is expected to define a requirement
(RECOMMENDED, SHOULD or MUST strength) which defines an absolute
maximum on the rate at which notifications are allowed token name
to be
generated by a single notifier.

Such packages may further define a throttle mechanism which
allows subscribers used to further limit designate the rate of notification.

5.4.11. State Agents

Designers of event packages should consider whether their package
can benefit from network aggregation points ("State Agents")
and/or nodes which act on behalf of other nodes. (For example,
nodes which provide state information about a resource when such
a resource is unable or unwilling to provide such state package. It MUST include the
information itself). An example of such an application is a node which tracks appears in the presence and availability IANA registration of a user in the
network. token.
For information on registering such types, see section 7.

5.4.2. Event Package Parameters

If state agents parameters are to be used by on the "Event" header to modify the
behavior of the event package, the package must
specify how such state agents aggregate information syntax and how they
provide authentication semantics of such
headers MUST be clearly defined.

5.4.3. SUBSCRIBE Bodies

It is expected that most, but not all, event packages will define
syntax and authorization.

5.4.12. Examples

Event semantics for SUBSCRIBE method bodies; these bodies
will typically modify, expand, filter, throttle, and/or set
thresholds for the class of events being requested. Designers of
event packages should include several demonstrative are strongly encouraged to re-use existing MIME
types for message flow
diagrams paired with several typical, syntactically correct bodies where practical.

This mandatory section of an event package defines what type or
types of event bodies are expected in SUBSCRIBE requests (or
specify that no event bodies are expected). It should point to
detailed definitions of syntax and semantics for all referenced
body types.

5.4.4. Subscription Duration

It is RECOMMENDED that event packages give a suggested range of

Roach [Page 26] 22]

Internet Draft SIP-Specific Event Notification November 2001 February 2002

times considered reasonable for the duration of a subscription.
Such packages MUST also define a default "Expires" value to be
used if none is specified.

5.4.5. NOTIFY Bodies

The NOTIFY body is used to report state on the resource being
monitored. Each package MUST define a what type or types of event
bodies are expected in NOTIFY requests. Such packages MUST
specify or cite detailed specifications for the syntax and
semantics associated with such event body.

Event packages also MUST define which MIME type is to be assumed
if none are specified in the "Accept" header of the SUBSCRIBE
request.

5.4.6. Notifier processing of SUBSCRIBE requests

This section describes the processing to be performed by the
notifier upon receipt of a SUBSCRIBE request. Such a section is
required.

Information in this section includes details of how to
authenticate subscribers and authorization issues for the
package. Such authorization issues may include, for example,
whether all SUBSCRIBE requests for this package are answered with
202 responses (see section 6.2. ).

5.4.7. Notifier generation of NOTIFY requests

This section of an event package describes the process by which
the notifier generates and sends a NOTIFY request. This includes
detailed information about what events cause a NOTIFY to be sent,
how to compute the state information in the NOTIFY, how to
generate "neutral" or "fake" state information to hide
authorization delays and decisions from users, and whether state
information is complete messages. or deltas for notifications (see section
5.3. )

It may optionally describe the behavior used to processes the
subsequent response. Such a section is required.

5.4.8. Subscriber processing of NOTIFY requests

This section of an event package describes the process followed
by the subscriber upon receipt of a NOTIFY request, including any
logic required to form a coherent resource state (if applicable).

5.4.9. Handling of forked requests

Roach [Page 23]

Internet Draft SIP-Specific Event Notification February 2002

Each event package SHOULD specify whether forked SUBSCRIBE
requests are allowed to install multiple subscriptions.

If such behavior is not allowed, the first potential
dialog-establishing message will create a dialog. All subsequent
NOTIFY messages which correspond to the SUBSCRIBE message (i.e.
match To, From, From tag, Call-ID, CSeq, Event, and Event id) but
which do not match the dialog would be rejected with a 481
response.

If installing of multiple subscriptions by way of a single forked
INVITE is allowed, the subscriber establishes a new dialog
towards each notifier by returning a 200-class response to each
NOTIFY. Each dialog is then handled as its own entity, and is
refreshed independent of the other dialogs.

In the case that multiple subscriptions are allowed, the event
package MUST specify whether merging of the notifications to form
a single state is required, and how such merging is to be
performed. Note that it is possible that some event packages may
be defined in such a way that each dialog is tied to a mutually
exclusive state which is unaffected by the other dialogs; this
MUST be clearly stated if it is the case.

If the event package does not specify which mode of operation to
use, the subscriber may employ either mode of operation.

5.4.10. Rate of notifications

Each event package is expected to define a requirement (SHOULD or
MUST strength) which defines an absolute maximum on the rate at
which notifications are allowed to be generated by a single
notifier.

Such packages MAY further define a throttle mechanism which
allows subscribers to further limit the rate of notification.

5.4.11. State Agents

Designers of event packages should consider whether their package
can benefit from network aggregation points ("State Agents")
and/or nodes which act on behalf of other nodes. (For example,
nodes which provide state information about a resource when such
a resource is unable or unwilling to provide such state
information itself). An example of such an application is a node
which tracks the presence and availability of a user in the
network.

If state agents are to be used by the package, the package MUST
specify how such state agents aggregate information and how they

Roach [Page 24]

Internet Draft SIP-Specific Event Notification February 2002

provide authentication and authorization.

Event packages MAY also outline specific scenarios under which
notifier migrations take place.

5.4.12. Examples

Event packages SHOULD include several demonstrative message flow
diagrams paired with several typical, syntactically correct and
complete messages.

It is RECOMMENDED that documents describing event packages
clearly indicate that such examples are informative and not
normative, with instructions that implementors refer to the main
text of the draft for exact protocol details.

5.4.13. URI List handling

Some types of event packages may define state information which
is potentially too large to reasonably send in a SIP message. To
alleviate this problem, event packages may include the ability to
use a MIME body type of "application/uri-list" in NOTIFY
messages. The URI or URIs contained in the NOTIFY body will then
be used to retrieve the actual state information.

If an event package elects to use this mechanism, it MUST define
at least one baseline scheme (e.g. http) which is mandatory to
support, as well as one mandatory baseline data format for the
data so retrieved. Event packages using URIs to retrieve state
information also MUST address the duration of the validity of the
URIs passed to a subscriber in this fashion.

6. Security Considerations

6.1. Access Control

The ability to accept subscriptions should be under the direct
control of the user, since many types of events may be considered
sensitive for the purposes of privacy. Similarly, the notifier
should have the ability to selectively reject subscriptions based
on the subscriber identity (based on access control lists), using
standard SIP authentication mechanisms. The methods for creation
and distribution of such access control lists is outside the
scope of this draft.

6.2. Release of Sensitive Policy Information

The mere act of returning a 200 or certain 4xx and 6xx responses
to SUBSCRIBE requests may, under certain circumstances, create
privacy concerns by revealing sensitive policy information. In

Roach [Page 25]

Internet Draft SIP-Specific Event Notification February 2002

these cases, the notifier SHOULD always return a 202 response.
While the subsequent NOTIFY message may not convey true state, it
MUST appear to contain a potentially correct piece of data from
the point of view of the subscriber, indistinguishable from a
valid response. Information about whether a user is authorized to
subscribe to the requested state is never conveyed back to the
original user under these circumstances.

6.3. Denial-of-Service attacks

The current model (one SUBSCRIBE request triggers a SUBSCRIBE
response and one or more NOTIFY requests) is a classic setup for
an amplifier node to be used in a smurf attack.

Also, the creation of state upon receipt of a SUBSCRIBE request
can be used by attackers to consume resources on a victim's
machine, rendering it unusable.

To reduce the chances of such an attack, implementations of
notifiers SHOULD require authentication. Authentication issues
are discussed in SIP [1] .

6.4. Replay Attacks

Replaying of either SUBSCRIBE or NOTIFY can have detrimental
effects.

In the case of SUBSCRIBE messages, attackers may be able to
install any arbitrary subscription which it witnessed being
installed at some point in the past. Replaying of NOTIFY messages
may be used to spoof old state information (although a good
versioning mechanism in the body of the NOTIFY messages may help
mitigate such an attack).

To prevent such attacks, implementations SHOULD require
authentication. Authentication issues are discussed in SIP [1] .

6.5. Man-in-the middle attacks

Even with authentication, man-in-the-middle attacks using
SUBSCRIBE may be used to install arbitrary subscriptions, hijack
existing subscriptions, terminate outstanding subscriptions, or
modify the resource to which a subscription is being made. To
prevent such attacks, implementations SHOULD provide integrity
protection across "Contact," "Route," "Expires," "Event," and
"To" headers of SUBSCRIBE messages, at a minimum. If SUBSCRIBE
bodies are used to define further information about the state of
the call, they SHOULD be included in the integrity protection
scheme.

Roach [Page 26]

Internet Draft SIP-Specific Event Notification February 2002

Man-in-the-middle attacks may also attempt to use NOTIFY messages
to spoof arbitrary state information and/or terminate outstanding
subscriptions. To prevent such attacks, implementations SHOULD
provide integrity protection across the "Call-ID," "CSeq," and
"Subscription-State" headers and the bodies of NOTIFY messages.

Integrity protection of message headers and bodies is discussed
in SIP [1] .

6.6. Confidentiality

The state information contained in a NOTIFY message has the
potential to contain sensitive information. Implementations MAY
encrypt such information to ensure confidentiality.

While less likely, it is also possible that the information
contained in a SUBSCRIBE message contains information that users
might not want to have revealed. Implementations MAY encrypt such
information to ensure confidentiality.

To allow the remote party to hide information it considers
sensitive, all implementations SHOULD be able to handle encrypted
SUBSCRIBE and NOTIFY messages.

The mechanisms for providing confidentiality are detailed in SIP
[1] .

7. IANA Considerations

(This section is not applicable until this document is published
as an RFC.)

This document defines an event-type namespace which requires a
central coordinating body. The body chosen for this coordination
is the Internet Assigned Numbers Authority (IANA).

There are two different types of event-types: normal event
packages, and event template-packages; see section 5.2. To avoid
confusion, template-package names and package names share the
same namespace; in other words, an event template-package MUST
NOT share a name with a package.

Following the policies outlined in "Guidelines for Writing an
IANA Considerations Section in RFCs" [6] , normal event package
identification tokens are allocated as First Come First Served,
and event template-package identification tokens are allocated on
a IETF Consensus basis.

Registrations with the IANA MUST include the token being
registered and whether the token is a package or a

Roach [Page 27]

Internet Draft SIP-Specific Event Notification February 2002

template-package. Further, packages MUST include contact
information for the party responsible for the registration and/or
a published document which describes the event package. Event
template-package token registrations MUST include a pointer to
the published RFC which defines the event template-package.

Registered tokens to designate packages and template-packages
MUST NOT contain the character ".", which is used to separate
template-packages from packages.

7.1. Registration Information

As this document specifies no package or template-package names,
the initial IANA registration for event types will be empty. The
remainder of the text in this section gives an example of the
type of information to be maintained by the IANA; it also
demonstrates all five possible permutations of package type,
contact, and reference.

The table below lists the event packages and template-packages
defined in "SIP-Specific Event Notification" [RFC xxxx]. Each
name is designated as a package or a template-package under
"Type."

Package Name Type Contact Reference
------------ ---- ------- ---------
example1 package [Roach]
example2 package [Roach] [RFC xxxx]
example3 package [RFC xxxx]
example4 template [Roach] [RFC xxxx]
example5 template [RFC xxxx]

PEOPLE
------
[Roach] Adam Roach <adam@dynamicsoft.com>

REFERENCES
----------
[RFC xxxx] A. Roach "SIP-Specific Event Notification", RFC XXXX,
August 2002.

7.2. Registration Template

To: ietf-sip-events@iana.org
Subject: Registration of new SIP event package

Roach [Page 28]

Internet Draft SIP-Specific Event Notification February 2002

Package Name:

(Package names must conform to the syntax described in
section 7.5.1. )

Is this registration for a Template Package:

(indicate yes or no)

Published Specification(s):

(Template packages require a published RFC. Other packages
may reference a specification when appropriate).

Person & email address to contact for further information:

7.3. Syntax

This section describes the syntax extensions required for event
notification in SIP. Semantics are described in section 4. Note
that the formal syntax definitions described in this document are
expressed in the ABNF format defined by [1] , and contain
references to elements defined therein.

7.4. New Methods

This document describes two new SIP methods: "SUBSCRIBE" and
"NOTIFY."

This table expands on tables 2 and 3 in SIP [1] .

Header Where SUB NOT
------ ----- --- ---
Accept R o o
Accept 2xx - -
Accept 415 o o
Accept-Encoding R o o
Accept-Encoding 2xx - -
Accept-Encoding 415 o o
Accept-Language R o o
Accept-Language 2xx - -
Accept-Language 415 o o
Alert-Info R - -
Alert-Info 180 - -
Allow R o o
Allow 2xx o o

Roach [Page 29]

Internet Draft SIP-Specific Event Notification February 2002

Allow r o o
Allow 405 m m
Authentication-Info 2xx o o
Authorization R o o
Call-ID c m m
Contact R m m
Contact 1xx o o
Contact 2xx m o
Contact 3xx m m
Contact 485 o o
Content-Disposition o o
Content-Encoding o o
Content-Language o o
Content-Length t t
Content-Type * *
CSeq c m m
Date o o
Error-Info 300-699 o o
Expires o -
From c m m
In-Reply-To R - -
Max-Forwards R m m
Min-Expires 423 m -
MIME-Version o o
Organization o -
Priority R o -
Proxy-Authenticate 407 m m
Proxy-Authorization R o o
Proxy-Require R o o
RAck R - -
Record-Route R o o
Record-Route 2xx,401,484 o o
Reply-To - -
Require o o
Retry-After 404,413,480,486 o o
Retry-After 500,503 o o
Retry-After 600,603 o o
Route R c c
RSeq 1xx o o
Server r o o
Subject R - -
Supported R o o
Supported 2xx o o
Timestamp o o
To c(1) m m
Unsupported 420 o o
User-Agent o o
Via c m m
Warning r o o
WWW-Authenticate 401 m m

Roach [Page 30]

Internet Draft SIP-Specific Event Notification February 2002

7.4.1. SUBSCRIBE method

"SUBSCRIBE" is recommended that documents describing event packages
clearly indicate that such examples are informative and not
normative, with instructions that implementors refer to the main
text of the draft for exact protocol details.

6. Security Considerations

6.1. Access Control

The ability added to accept subscriptions should be under the direct
control of the user, since many types of events may be considered
sensitive for the purposes definition of privacy. Similarly, the notifier
should have the ability to selectively reject subscriptions based
on element "Method" in
the calling party (based on access control lists), using
standard SIP authentication mechanisms. The methods for creation
and distribution of such access control lists is outside the
scope of this draft.

6.2. Release of Sensitive Policy Information

The mere act of returning a 200 or certain 4xx and 6xx responses
to SUBSCRIBE requests may, under certain circumstances, create
privacy concerns by revealing sensitive policy information. In
these cases, the notifier should always return a 202 response.
While the subsequent NOTIFY message may not convey true state, it
MUST appear to contain a potentially correct piece of data from
the point of view of the subscriber, indistinguishable from a
valid response. Information about whether a user is authorized to
subscribe to grammar.

Like all SIP method names, the requested state SUBSCRIBE method name is never conveyed back to the
original user under these circumstances.

6.3. Denial-of-Service attacks case
sensitive. The current model (one SUBSCRIBE method is used to request triggers a SUBSCRIBE
response and one asynchronous
notification of an event or more set of events at a later time.

7.4.2. NOTIFY requests) method

"NOTIFY" is a classic setup for
an amplifier node added to be used in a smurf attack.

Also, the creation of state upon receipt definition of a SUBSCRIBE request
can be the element "Method" in
the SIP message grammar.

The NOTIFY method is used by attackers to consume resources on notify a victim's
machine, rendering it unusable.

To reduce the chances of such SIP node that an attack, implementations of
notifiers SHOULD require authentication. Authentication issues
are discussed event
which has been requested by an earlier SUBSCRIBE method has
occurred. It may also provide further details about the event.

7.5. New Headers

This table expands on tables 2 and 3 in RFC2543 SIP [1] .

7. IANA Considerations

(This , as amended by
the changes described in section 7.4.

Header field where proxy ACK BYE CAN INV OPT REG PRA SUB NOT
-----------------------------------------------------------------
Allow-Events R o o - o o o o o o
Allow-Events 2xx - o - o o o o o o
Allow-Events 489 - - - - - - - m m
Event R - - - - - - - m m
Subscription-State R - - - - - - - - m

7.5.1. "Event" header

The following header is not applicable until defined for the purposes of this document
specification.

Event = ( "Event" | "o" ) HCOLON event-type
*( SEMI event-param )
event-type = event-package *( "." event-template )
event-package = token-nodot
event-template = token-nodot
token-nodot = 1*( alphanum | "-" | "!" | "%" | "*"
| "_" | "+" | "`" | "'" | "~" )
event-param = generic-param | ( "id" EQUAL token )

Event is published added to the definition of the element "message-header"

Roach [Page 27] 31]

Internet Draft SIP-Specific Event Notification November 2001

as an RFC.)

This document defines an event-type namespace which requires a
central coordinating body. The body chosen for this coordination
is the Internet Assigned Numbers Authority (IANA).

There are two different types of event-types: normal event
packages, and event sub-packages; see section 5.2. To avoid
confusion, subpackage names and package names share the same
namespace; February 2002

in other words, a sub-package MUST NOT share a name
with a package.

Following the policies outlined in "Guidelines for Writing an
IANA Considerations Section in RFCs" [7] , normal event package
identification tokens are allocated as First Come First Served, SIP message grammar.

For the purposes of matching responses and event sub-package identification tokens are allocated on a
IETF Consensus basis.

Registrations NOTIFY messages with
SUBSCRIBE messages, the IANA MUST include event-type portion of the token being
registered "Event" header
is compared byte-by-byte, and whether the "id" parameter token (if
present) is compared byte-by-byte. An "Event" header containing
an "id" parameter never matches an "Event" header without an "id"
parameter. No other parameters are considered when performing a package or a subpackage.
Further, packages MUST include contact information for the party
responsible for the registration and/or a published
comparison.

This document
which describes the does not define values for event-types. These
values will be defined by individual event package. Sub-package token
registrations MUST include a pointer to the published RFC which
defines the sub-package.

Registered tokens to designate packages packages, and sub-packages MUST NOT
contain be
registered with the character ".", which is used to separate sub-packages
from packages.

7.1. Registration Template

As this document specifies no package or sub-package names, IANA.

There MUST be exactly one event type listed per event header.
Multiple events per message are disallowed.

For the
initial IANA registration for event types will be empty. The
remainder of curious, the text in this section gives an example of "o" short form is chosen to represent
"occurrence."

7.5.2. "Allow-Events" Header

The following header is defined for the
type purposes of information this
specification.

Allow-Events = ( "Allow-Events" | "u" ) HCOLON
1*event-type

Allow-Events is added to be maintained by the IANA; it also
demonstrates all five possible permutations definition of package type,
contact, and reference.

The table below lists the event packages and sub-packages defined element
"general-header" in "SIP-Specific Event Notification" [RFC xxxx]. Each name the SIP message grammar.

For the curious, the "u" short form is
designated as a package or a subpackage under "Type." chosen to represent
"understands."

7.5.3. "Subscription-State" Header

The following header is defined for the purposes of this
specification.

Subscription-State = "Subscription-State" HCOLON
substate-value )
*( SEMI subexp-params )

substate-value = "active" | "pending" | "terminated"

Roach [Page 28] 32]

Internet Draft SIP-Specific Event Notification November 2001

Package Name Type Contact Reference
------------ ---- ------- ---------
example1 package [Roach]
example2 package [Roach] [RFC xxxx]
example3 package [RFC xxxx]
example4 sub-package [Roach] [RFC xxxx]
example5 sub-package [RFC xxxx]

PEOPLE
------
[Roach] Adam Roach <adam.roach@ericsson.com>

REFERENCES
----------
[RFC xxxx] A. Roach "SIP-Specific Event Notification", RFC XXXX,
August 2002.

8. Open Issues

In addition to the three issues listed below, the BNF in this
document needs to be converted to explicit LWS to match the
latest bis draft; this change will be reflected in the next
version.

8.1. CANCEL Handling

This is actually a protocol-wide open issue which has impacts on
this specification: there hasn't been a clear consensus about
cancellation of non-INVITE requests yet. If non-INVITE requests
cannot be cancelled, we need to remove section 4.1.3.

8.2. Version of SIP February 2002

subexp-params = ("reason" EQUAL reason-code)
|("expires" EQUAL delta-seconds)
|("retry-after" EQUAL delta-seconds)
| generic-param

reason-extension = token

Subscription-State is added to reference

Much of the handling in this document is rather different than
what is described in RFC2543; in fact, many definition of the recent changes
to this document have been tracking changes element
"request-header" in the "bis" versions
of the SIP specification. We can continue message grammar.

7.6. New Response Codes

7.6.1. "202 Accepted" Response Code

The 202 response is added to reference RFC2543
while pulling in huge chunks of the bis draft for compatibility
(for example, "Success" header field
definition:

Success = "200" ; OK
| "202" ; Accepted

"202 Accepted" has the Route handling would essentially be copied
word-for-word from same meaning as that defined in HTTP/1.1
[4] .

7.6.2. "489 Bad Event" Response Code

The 489 event response is added to the bis draft), or we can start referencing "Client-Error" header
field definition:

Client-Error = "400" ; Bad Request
...
| "489" ; Bad Event

"489 Bad Event" is used to indicate that the bis drafts.

Of course, referencing server did not
understand the event package specified in a "Event" header field.

8. Changes

8.1. Changes from draft-ietf-...-01

Roach [Page 33]

Internet Draft SIP-Specific Event Notification February 2002

- Changed dependancy from RFC2543 to new sip bis drafts allows us draft.
This allowed removal of certain sections of text.

- Renamed "sub-packages" to pick up
changes "template-packages" in an
attempt to protocol mitigate exploding rampant misinterpretation.

- Changed "Subscription-Expires" to "Subscription-State,"
and added clearer semantics "for free," while importing chunks
of for "reason" codes.

- Aligned "Subscription-State" "reason" codes with
watcherinfo draft.

- Made "Subscription-State" mandatory in NOTIFY
requests, since it requires constant maintanance is integral to defining the
creation and destruction of subscriptions (and,
consequently, dialogs)

- Heavily revised section on dialog creation and runs
termination.

- Expanded migration section.

- Added "id" parameter to Event header, to allow
demultiplexing of NOTIFY requests when more than
one subscription is associated with a single dialog.

- Syncronized SUBSCRIBE "Expires" handling with REGISTER
(again)

- Added definitions section.

- Restructuring for clarity.

- Added statement explicitly allowing event
packages to define additional parameters
for the risk of getting
out of sync. "Event" header.

Roach [Page 29] 34]

Internet Draft SIP-Specific Event Notification November 2001

On the other hand, placing a dependency on the bis draft pushes
the timeframe for this draft (and the drafts that depend on it)
out past the time that the next SIP RFC is published.

8.3. Immediate NOTIFYs

There has been discussion, but no consensus, on the issue of
whether each SUBSCRIBE must have an immediate NOTIFY message sent February 2002

- Added motivational text in response. In attempts to follow the prevailing sentiment, this
draft had become internally inconsistent.

This version of this document has eliminated these
inconsistancies by requiring notifiers always to send a NOTIFY
immediately upon receiving a SUBSCRIBE. This decision does not
necessarily represent group consensus, and further discussion may
be warranted.

9. Changes

9.1. several places.

- Synced up header table modifications with bis draft.

8.2. Changes from draft-ietf-...-00

- Fixed confusing typo in section describing correlation
of SUBSCRIBE requests

- Added explanitory text to clarify tag handling when
generating re-subscriptions

- Expanded general handling section to include specific
discussion of Route/Record-Route handling.

- Included use of "methods" parameter on Contact as
a means for detecting support for SUBSCRIBE and NOTIFY.

- Added definition of term "dialog"; changed "leg" to
"dialog" everwhere.

- Added syntax for "Subscription-Expires" header.

- Changed NOTIFY messages to refer to "Subscription-Expires"
everywhere (instead of "Expires.")

Roach [Page 30]

Internet Draft SIP-Specific Event Notification November 2001

- Added information about generation and handling of
481 responses to SUBSCRIBE requests

- Changed having Expires header in SUBSCRIBE from
MUST to SHOULD; this aligns more closely with
REGISTER behavior

- Removed experimental/private event package names,
per list consensus

Roach [Page 35]

Internet Draft SIP-Specific Event Notification February 2002

- Cleaned up some legacy text left over from very early
drafts that allowed multiple contacts per subscription

- Strengthened language requiring the removal of subscriptions
if a NOTIFY request fails with a 481. Clarified that such
removal is required for all subscriptions, including
administrative ones.

- Removed description of delaying NOTIFY requests until
authorization is granted. Such behavior was inconsistent
with other parts of this document.

- Moved description of event packages to later in document,
to reduce the number of forward references.

- Minor editorial and nits changes

- Added new open issues to open issues section. All
previous open issues have been resolved.

9.2.

8.3. Changes from draft-roach-...-03

- Added DOS attacks section to open issues.

- Added discussion of forking to open issues

- Changed response to PINT request for notifiers who don't
support PINT from 400 to 489.

Roach [Page 31]

Internet Draft SIP-Specific Event Notification November 2001

- Added sentence to security section to call attention to
potential privacy issues of delayed NOTIFY responses.

- Added clarification: access control list handling is out
of scope.

- (Hopefully) Final resolution on out-of-band subscriptions:
mentioned in section
4.3.
4.2.

Roach [Page 36]

Internet Draft SIP-Specific Event Notification February 2002

Removed from open issues.

- Made "Contact" header optional for SUBSCRIBE 1xx responses.

- Added description clarifying tag handling (section
4.2.1.
4.3.4.
)

- Removed event throttling from open issues.

- Editorial cleanup to remove term "extension draft" and
similar; "event package" is now (hopefully) used consistently
throughout the document.

- Remove discussion of event agents from open issues.
This is covered in the event packages section now.

- Added discussion of forking to open issues.

- Added discussion of sub-packages

- Added clarification that, upon receiving a "NOTIFY"
with an expires of "0", the subscriber can re-subscribe.
This allows trivial migration of subscriptions between
nodes.

- Added preliminary IANA Considerations section

Roach [Page 32]

Internet Draft SIP-Specific Event Notification November 2001

- Changed syntax for experimental event tokens to avoid
possibly ambiguity between experimental tokens and
sub-packages.

- Slight adjustment to "Event" syntax to accommodate sub-packages.

- Added section describing the information which is to be
included in documents describing event packages.

Roach [Page 37]

Internet Draft SIP-Specific Event Notification February 2002

- Made 481 responses mandatory for unexpected notifications
(allowing notifiers to remove subscriptions in error cases)

- Several minor non-semantic editorial changes.

9.3.

8.4. Changes from draft-roach-...-02

- Clarification under "Notifier SUBSCRIBE behavior" which
indicates that the first NOTIFY message (sent immediately
in response to a SUBSCRIBE) may contain an empty body, if
resource state doesn't make sense at that point in time.

- Text on message flow in overview section corrected

- Removed suggestion that clients attempt to unsubscribe
whenever they receive a NOTIFY for an unknown event.
Such behavior opens up DOS attacks, and will lead to
message loops unless additional precautions are taken.
The 481 response to the NOTIFY should serve the same
purpose.

- Changed processing of non-200 responses to NOTIFY from
"SHOULD remove contact" to "MUST remove contact" to support
the above change.

- Re-added discussion of out-of-band subscription mechanisms
(including open issue of resource identification).

Roach [Page 33]

Internet Draft SIP-Specific Event Notification November 2001

- Added text specifying that SUBSCRIBE transactions are not
to be prolonged. This is based on the consensus that non-INVITE
transactions should never be prolonged; such consensus within
the SIP working group was reached at the 49th IETF.

- Added "202 Accepted" response code to support the above
change. The behavior of this 202 response code is a
generalization of that described in the presence draft.

- Updated to specify that the response to an unauthorized
SUBSCRIBE request is 603 or 403.

Roach [Page 38]

Internet Draft SIP-Specific Event Notification February 2002

- Level-4 subheadings added to particularly long sections to
break them up into logical units. This helps make the
behavior description seem somewhat less rambling. This also
caused some re-ordering of these paragraphs (hopefully in a
way that makes them more readable).

- Some final mopping up of old text describing "call related"
and "third party" subscriptions (deprecated concepts).

- Duplicate explanation of subscription duration removed from
subscriber SUBSCRIBE behavior section.

- Other text generally applicable to SUBSCRIBE (instead of just
subscriber handling of SUBSCRIBE) moved to parent section.

- Updated header table to reflect mandatory usage of "Expires"
header in SUBSCRIBE requests and responses

- Removed "Event" header usage in responses

- Added sentence suggesting that notifiers may notify
subscribers when a subscription has timed out.

- Clarified that a failed attempt to refresh a subscription
does not imply that the original subscription has been
cancelled.

Roach [Page 34]

Internet Draft SIP-Specific Event Notification November 2001

- Clarified that 489 is a valid response to "NOTIFY" requests.

- Minor editorial changes to clean up awkward and/or unclear
grammar in several places

9.4.

8.5. Changes from draft-roach-...-01

- Multiple contacts per SUBSCRIBE message disallowed.

- Contact header now required in NOTIFY messages.

Roach [Page 39]

Internet Draft SIP-Specific Event Notification February 2002

- Distinction between third party/call member events removed.

- Distinction between call-related/resource-related events removed.

- Clarified that subscribers must expect NOTIFY messages before
the SUBSCRIBE transaction completes

- Added immediate NOTIFY message after successful SUBSCRIBE;
this solves a myriad of issues, most having to do with forking.

- Added discussion of "undefined state" (before a NOTIFY arrives).

- Added mechanism for notifiers to shorten/cancel outstanding
subscriptions.

- Removed open issue about appropriateness of new "489" response.

- Removed all discussion of out-of-band subscriptions.

- Added brief discussion of event state polling.

10.

9. References

[1] M. Handley/H. Schulzrinne/E. Schooler/J. Rosenberg, J. Rosenberg et. al., "SIP: Session Initiation Protocol", RFC 2543,
<draft-ietf-sip-rfc2543bis-07>, IETF; March 1999.

Roach [Page 35]

Internet Draft SIP-Specific Event Notification November 2001 February 2002. Work in
progress.

[2] J. Rosenberg, H. Schulzrinne, "Guidelines for Authors of SIP
Extensions", <draft-ietf-sip-guidelines-02.txt>, <draft-ietf-sip-guidelines-03.txt>, IETF; March
November 2001. Work in progress.

[3] S. Petrack, L. Conroy, "The PINT Service Protocol", RFC 2848,
IETF; June 2000.

[4] J. Rosenberg et. al., "SIP Extensions for Presence",
<draft-ietf-simple-presence-03.txt>, IETF; September 2001.
Work in progress.

[5] R. Fielding et. al., "Hypertext Transfer Protocol --
HTTP/1.1", RFC2068, IETF, January 1997.

[6]

[5] J. Postel, J. Reynolds, "Instructions to RFC Authors",
RFC2223, IETF, October 1997.

[7]

[6] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA

Roach [Page 40]

Internet Draft SIP-Specific Event Notification February 2002

Considerations Section in RFCs", BCP 26, IETF, October 1998.

[8]

[7] Schulzrinne/Rosenberg, "SIP Caller Preferences and Callee
Capabilities", <draft-ietf-sip-callerprefs-04.txt>, <draft-ietf-sip-callerprefs-05.txt>, IETF;
June
November 2001. Work in progress.

11.

10. Acknowledgements

Thanks to the participants in the Events BOF at the 48th IETF
meeting in Pittsburgh, as well as those who gave ideas and
suggestions on the SIP Events mailing list. In particular, I wish
to thank Henning Schulzrinne of Columbia University for coming up
with the final three-tiered event identification scheme, Sean
Olson of Ericsson for miscellaneous guidance, Jonathan Rosenberg for a
thorough scrubbing of the -00 draft, and the authors of the "SIP
Extensions for Presence" draft for their input to SUBSCRIBE and
NOTIFY request semantics.

12.

11. Author's Address

Adam Roach
Ericsson Inc.
Mailstop L-04
740 E. Campbell Rd.
Richardson,
dynamicsoft
5100 Tennyson Parkway
Suite 1200
Plano, TX 75081 75024
USA
Phone: +1 972 583 7594
Fax: +1 972 669 0154
E-Mail: adam.roach@ericsson.com <adam@dynamicsoft.com>
Voice: <sip:adam@dynamicsoft.com>

Roach [Page 36] 41]
----