1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
|
<pre>Network Working Group J. Rosenberg
Request for Comments: 4538 Cisco Systems
Category: Standards Track June 2006
<span class="h1">Request Authorization through Dialog Identification</span>
<span class="h1">in the Session Initiation Protocol (SIP)</span>
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This specification defines the Target-Dialog header field for the
Session Initiation Protocol (SIP), and the corresponding option tag,
tdialog. This header field is used in requests that create SIP
dialogs. It indicates to the recipient that the sender is aware of
an existing dialog with the recipient, either because the sender is
on the other side of that dialog, or because it has access to the
dialog identifiers. The recipient can then authorize the request
based on this awareness.
<span class="grey">Rosenberg Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-3">3</a>
<a href="#section-1.1">1.1</a>. Terminology ................................................<a href="#page-4">4</a>
<a href="#section-2">2</a>. Overview of Operation ...........................................<a href="#page-4">4</a>
<a href="#section-3">3</a>. User Agent Client (UAC) Behavior ................................<a href="#page-5">5</a>
<a href="#section-4">4</a>. User Agent Server Behavior ......................................<a href="#page-7">7</a>
<a href="#section-5">5</a>. Proxy Behavior ..................................................<a href="#page-8">8</a>
<a href="#section-6">6</a>. Extensibility Considerations ....................................<a href="#page-8">8</a>
<a href="#section-7">7</a>. Header Field Definition .........................................<a href="#page-9">9</a>
<a href="#section-8">8</a>. Security Considerations .........................................<a href="#page-9">9</a>
<a href="#section-9">9</a>. Relationship with In-Reply-To ..................................<a href="#page-10">10</a>
<a href="#section-10">10</a>. Example Call Flow .............................................<a href="#page-10">10</a>
<a href="#section-11">11</a>. IANA Considerations ...........................................<a href="#page-13">13</a>
<a href="#section-11.1">11.1</a>. Header Field .............................................<a href="#page-13">13</a>
<a href="#section-11.2">11.2</a>. Header Field Parameters ..................................<a href="#page-13">13</a>
<a href="#section-11.2.1">11.2.1</a>. local-tag .........................................<a href="#page-13">13</a>
<a href="#section-11.2.2">11.2.2</a>. remote-tag ........................................<a href="#page-13">13</a>
<a href="#section-11.3">11.3</a>. SIP Option Tag ...........................................<a href="#page-14">14</a>
<a href="#section-12">12</a>. Acknowledgements ..............................................<a href="#page-14">14</a>
<a href="#section-13">13</a>. References ....................................................<a href="#page-14">14</a>
<a href="#section-13.1">13.1</a>. Normative References .....................................<a href="#page-14">14</a>
<a href="#section-13.2">13.2</a>. Informative References ...................................<a href="#page-15">15</a>
<span class="grey">Rosenberg Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
The Session Initiation Protocol (SIP) [<a href="#ref-2" title=""SIP: Session Initiation Protocol"">2</a>] defines the concept of a
dialog as a persistent relationship between a pair of user agents.
Dialogs provide context, including sequence numbers, proxy routes,
and dialog identifiers. Dialogs are established through the
transmission of SIP requests with particular methods. Specifically,
the INVITE, REFER [<a href="#ref-8" title=""The Session Initiation Protocol (SIP) Refer Method"">8</a>], and SUBSCRIBE [<a href="#ref-3" title=""Session Initiation Protocol (SIP)-Specific Event Notification"">3</a>] requests all create dialogs.
When a user agent receives a request that creates a dialog, it needs
to decide whether to authorize that request. For some requests,
authorization is a function of the identity of the sender, the
request method, and so on. However, many situations have been
identified in which a user agent's authorization decision depends on
whether the sender of the request is currently in a dialog with that
user agent, or whether the sender of the request is aware of a dialog
the user agent has with another entity.
One such example is call transfer, accomplished through REFER. If
user agents A and B are in an INVITE dialog, and user agent A wishes
to transfer user agent B to user agent C, user agent A needs to send
a REFER request to user agent B, asking user agent B to send an
INVITE request to user agent C. User agent B needs to authorize this
REFER. The proper authorization decision is that user agent B should
accept the request if it came from a user with whom B currently has
an INVITE dialog relationship. Current implementations deal with
this by sending the REFER on the same dialog as the one in place
between user agents A and B. However, this approach has numerous
problems [<a href="#ref-12" title=""Multiple Dialog Usages in the Session Initiation Protocol"">12</a>]. These problems include difficulties in determining
the lifecycle of the dialog and its usages and in determining which
messages are associated with each application usage. Instead, a
better approach is for user agent A to send the REFER request to user
agent B outside of the dialog. In that case, a means is needed for
user agent B to authorize the REFER.
Another example is the application interaction framework [<a href="#ref-14" title=""A Framework for Application Interaction in the Session Initiation Protocol (SIP)"">14</a>]. In
that framework, proxy servers on the path of a SIP INVITE request can
place user interface components on the user agent that generated or
received the request. To do this, the proxy server needs to send a
REFER request to the user agent, targeted to its Globally Routable
User Agent URI (GRUU) [<a href="#ref-13" title=""Obtaining and Using Globally Routable User Agent (UA) URIs (GRUU) in the Session Initiation Protocol (SIP)"">13</a>], asking the user agent to fetch an HTTP
resource containing the user interface component. In such a case, a
means is needed for the user agent to authorize the REFER. The
application interaction framework recommends that the request be
authorized if it was sent from an entity on the path of the original
dialog. This can be done by including the dialog identifiers in the
<span class="grey">Rosenberg Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
REFER, which prove that the user agent that sent the REFER is aware
of those dialog identifiers (this needs to be secured against
eavesdroppers through the sips mechanism, of course).
Another example is if two user agents share an INVITE dialog, and an
element on the path of the INVITE request wishes to track the state
of the INVITE. In such a case, it sends a SUBSCRIBE request to the
GRUU of the user agent, asking for a subscription to the dialog event
package. If the SUBSCRIBE request came from an element on the INVITE
request path, it should be authorized.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Terminology</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a href="./rfc2119">RFC 2119</a> [<a href="#ref-1" title=""Key words for use in RFCs to Indicate Requirement Levels"">1</a>].
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Overview of Operation</span>
+--------+ +--------+
| | INVITE | |
| Server |----------->| Server |
| A | | B |
| |...........>| |
+--------+ +--------+
^ REFER . \
/ . \
/ . \
/ . \
/ . \
/ V V
+--------+ +--------+
| | | |
| User | | User |
| Agent | | Agent |
| A | | B |
+--------+ +--------+
Figure 1
Figure 1 shows the basic model of operation. User agent A sends an
INVITE to user agent B, traversing two servers, server A and server
B. Both servers act as proxies for this transaction. User B sends a
200 OK response to the INVITE. This 200 OK includes a Supported
header field indicating support for this specification (through the
presence of the tdialog option tag). The 200 OK response establishes
a dialog between the two user agents.
<span class="grey">Rosenberg Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
Next, an entity that was present along the request path (server A,
for example) wishes to send a dialog-forming request (such as REFER)
to user agent A or B (user B for example). So, the entity acts as a
user agent and sends the request to user agent B. This request is
addressed to the URI of user agent B, which server A learned from
inspecting the Contact header field in the 200 OK of the INVITE
request. If this URI has the GRUU [<a href="#ref-11" title=""Randomness Requirements for Security"">11</a>] property (it can be used by
any element on the Internet, such as server A, to reach the specific
user agent instance that generated that 200 OK to the INVITE), then
the mechanism will work across NAT boundaries.
The request generated by server A will contain a Target-Dialog header
field. This header field contains the dialog identifiers for the
INVITE dialog between user agents A and B, composed of the Call-ID,
local tag, and remote tag. Server A knew to include the Target-
Dialog header field in the REFER request because it knows that user
agent B supports it.
When the request arrives at user agent B, it needs to make an
authorization decision. Because the INVITE dialog was established
using a sips URI, and because the dialog identifiers are
cryptographically random [<a href="#ref-2" title=""SIP: Session Initiation Protocol"">2</a>], no entity except for user agent A or
the proxies on the path of the initial INVITE request can know the
dialog identifiers. Thus, because the request contains those dialog
identifiers, user agent B can be certain that the request came from
user agent A, the two proxies, or an entity to whom the user agent or
proxies gave the dialog identifiers. As such, it authorizes the
request and performs the requested actions.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. User Agent Client (UAC) Behavior</span>
A UAC SHOULD include a Target-Dialog header field in a request if the
following conditions are all true:
1. The request is to be sent outside of any existing dialog.
2. The user agent client believes that the request may not be
authorized by the user agent server unless the user agent client
can prove that it is aware of the dialog identifiers for some
other dialog. Call this dialog the target dialog.
3. The request does not otherwise contain information that indicates
that the UAC is aware of those dialog identifiers.
<span class="grey">Rosenberg Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
4. The user agent client knows that the user agent server supports
the Target-Dialog header field. It can know this if it has seen
a request or response from the user agent server within the
target dialog that contained a Supported header field that
included the tdialog option tag.
If the fourth condition is not met, the UAC SHOULD NOT use this
specification. Instead, if it is currently within a dialog with the
User Agent Server (UAS), it SHOULD attempt to send the request within
the existing target dialog.
The following are examples of use cases in which these conditions are
met:
o A REFER request is sent according to the principles of [<a href="#ref-14" title=""A Framework for Application Interaction in the Session Initiation Protocol (SIP)"">14</a>].
These REFER are sent outside of a dialog and do not contain any
other information that indicates awareness of the target dialog.
[<a href="#ref-14" title=""A Framework for Application Interaction in the Session Initiation Protocol (SIP)"">14</a>] also mandates that the REFER be sent only if the UA indicates
support for the target dialog specification.
o User A is in separate calls with users B and C. User A decides to
start a three way call, and so morphs into a focus [<a href="#ref-17" title=""A Framework for Conferencing with the Session Initiation Protocol (SIP)"">17</a>]. User B
would like to learn the other participants in the conference. So,
it sends a SUBSCRIBE request to user A (who is now acting as the
focus) for the conference event package [<a href="#ref-16" title=""A Session Initiation Protocol (SIP) Event Package for Conference State"">16</a>]. It is sent outside
of the existing dialog between user B and the focus, and it would
be authorized by A if user B could prove that it knows the dialog
identifiers for its existing dialog with the focus. Thus, the
Target-Dialog header field would be included in the SUBSCRIBE.
The following are examples of use cases in which these conditions are
not met:
o A server acting as a proxy is a participant in an INVITE dialog
that establishes a session. The server would like to use the
Keypad Markup Language (KPML) event package [<a href="#ref-18" title=""A Session Initiation Protocol (SIP) Event Package for Key Press Stimulus (KPML)"">18</a>] to find out about
keypresses from the originating user agent. To do this, it sends
a SUBSCRIBE request. However, the Event header field of this
SUBSCRIBE contains event parameters that indicate the target
dialog of the subscription. As such, the request can be
authorized without additional information.
o A server acting as a proxy is a participant in an INVITE dialog
that establishes a session. The server would like to use the
dialog event package [<a href="#ref-15" title=""An INVITE- Initiated Dialog Event Package for the Session Initiation Protocol (SIP)"">15</a>] to find out about dialogs at the
originating user agent. To do this, it sends a SUBSCRIBE request.
However, the Event header field of this SUBSCRIBE contains event
parameters that indicate the target dialog of the subscription.
<span class="grey">Rosenberg Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
As such, the request can be authorized without additional
information.
Specifications that intend to make use of the Target-Dialog header
field SHOULD discuss specific conditions in which it is to be
included.
Assuming it is to be included, the value of the callid production in
the Target-Dialog header field MUST be equal to the Call-ID of the
target dialog. The "remote-tag" header field parameter MUST be
present and MUST contain the tag that would be viewed as the remote
tag from the perspective of the recipient of the new request. The
"local-tag" header field parameter MUST be present and MUST contain
the tag that would be viewed as the local tag from the perspective of
the recipient of the new request.
The request sent by the UAC SHOULD include a Require header field
that includes the tdialog option tag. This request should, in
principle, never fail with a 420 (Bad Extension) response, because
the UAC would not have sent the request unless it believed the UAS
supported the extension. If a Require header field was not included,
and the UAS didn't support the extension, it would normally reject
the request because it was unauthorized, probably with a 403.
However, without the Require header field, the UAC would not be able
to differentiate between the following:
o a 403 that arrived because the UAS didn't actually understand the
Target-Dialog header field (in which case the client should send
the request within the target dialog if it can)
o a 403 that arrived because the UAS understood the Target-Dialog
header field, but elected not to authorize the request despite the
fact that the UAC proved its awareness of the target dialog (in
which case the client should not resend the request within the
target dialog, even if it could).
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. User Agent Server Behavior</span>
If a user agent server receives a dialog-creating request and wishes
to authorize the request, and if that authorization depends on
whether or not the sender has knowledge of an existing dialog with
the UAS, and information outside of the Target-Dialog header field
does not provide proof of this knowledge, the UAS SHOULD check the
request for the existence of the Target-Dialog header field. If this
header field is not present, the UAS MAY still authorize the request
by other means.
<span class="grey">Rosenberg Standards Track [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
If the header field is present, and the value of the callid
production, the "remote-tag", and "local-tag" values match the
Call-ID, remote tag, and local tag of an existing dialog, and the
dialog that they match was established using a sips URI, the UAS
SHOULD authorize the request if it would authorize any entity on the
path of the request that created that dialog, or any entity trusted
by an entity on the path of the request that created that dialog.
If the dialog identifiers match, but they match a dialog not created
with a sips URI, the UAS MAY authorize the request if it would
authorize any entity on the path of the request that created that
dialog, or any entity trusted by an entity on the path of the request
that created that dialog. However, in this case, any eavesdropper on
the original dialog path would have access to the dialog identifiers,
and thus the authorization is optional.
If the dialog identifiers don't match, or if they don't contain both
a "remote-tag" and "local-tag" parameter, the header field MUST be
ignored, and authorization MAY be determined by other means.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Proxy Behavior</span>
Proxy behavior is unaffected by this specification.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Extensibility Considerations</span>
This specification depends on a user agent client knowing, ahead of
sending a request to a user agent server, whether or not that user
agent server supports the Target-Dialog header field. As discussed
in <a href="#section-3">Section 3</a>, the UAC can know this because it saw a request or
response sent by that UAS within the target dialog that contained the
Supported header field whose value included the tdialog option tag.
Because of this requirement, it is especially important that user
agents compliant to this specification include a Supported header
field in all dialog forming requests and responses. Inclusion of the
Supported header fields in requests is at SHOULD strength per <a href="./rfc3261">RFC</a>
<a href="./rfc3261">3261</a>. This specification does not alter that requirement. However,
implementers should realize that, unless the tdialog option tag is
placed in the Supported header field of requests and responses, this
extension is not likely to be used, and instead, the request is
likely to be re-sent within the existing target dialog (assuming the
sender is the UA on the other side of the target dialog). As such,
the conditions in which the SHOULD would not be followed would be
those rare cases in which the UA does not want to enable usage of
this extension.
<span class="grey">Rosenberg Standards Track [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Header Field Definition</span>
The grammar for the Target-Dialog header field is defined as follows:
Target-Dialog = "Target-Dialog" HCOLON callid *(SEMI
td-param) ;callid from <a href="./rfc3261">RFC 3261</a>
td-param = remote-param / local-param /
generic-param
remote-param = "remote-tag" EQUAL token
local-param = "local-tag" EQUAL token
;token and generic-param from <a href="./rfc3261">RFC 3261</a>
Figures 3 and 4 are an extension of Tables 2 and 3 in <a href="./rfc3261">RFC 3261</a> [<a href="#ref-2" title=""SIP: Session Initiation Protocol"">2</a>]
for the Target-Dialog header field. The column "INF" is for the INFO
method [<a href="#ref-4" title=""The SIP INFO Method"">4</a>], "PRA" is for the PRACK method [<a href="#ref-5" title=""Reliability of Provisional Responses in Session Initiation Protocol (SIP)"">5</a>], "UPD" is for the
UPDATE method [<a href="#ref-6" title=""The Session Initiation Protocol (SIP) UPDATE Method"">6</a>], "SUB" is for the SUBSCRIBE method [<a href="#ref-3" title=""Session Initiation Protocol (SIP)-Specific Event Notification"">3</a>], "NOT" is
for the NOTIFY method [<a href="#ref-3" title=""Session Initiation Protocol (SIP)-Specific Event Notification"">3</a>], "MSG" is for the MESSAGE method [<a href="#ref-7" title=""Session Initiation Protocol (SIP) Extension for Instant Messaging"">7</a>], "REF"
is for the REFER method [<a href="#ref-8" title=""The Session Initiation Protocol (SIP) Refer Method"">8</a>], and "PUB" is for the PUBLISH method [<a href="#ref-9" title=""Session Initiation Protocol (SIP) Extension for Event State Publication"">9</a>].
Header field where proxy ACK BYE CAN INV OPT REG PUB
Target-Dialog R - - - - o - - -
Figure 3: Allowed Methods for Target-Dialog
Header field where proxy PRA UPD SUB NOT INF MSG REF
Target-Dialog R - - - o - - - o
Figure 4: Allowed Methods for Target-Dialog
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Security Considerations</span>
The Target-Dialog header field is used to authorize requests based on
the fact that the sender of the request has access to information
that only certain entities have access to. In order for such an
authorization decision to be secure, two conditions have to be met.
Firstly, no eavesdroppers can have access to this information. That
requires the original SIP dialog to be established using a sips URI,
which provides TLS on each hop. With a sips URI, only the user
agents and proxies on the request path will be able to know the
dialog identifiers. The second condition is that the dialog
identifiers be sufficiently cryptographically random that they cannot
be guessed. <a href="./rfc3261">RFC 3261</a> requires global uniqueness for the Call-ID and
32 bits of cryptographic randomness for each tag (there are two tags
for a dialog). Given the short duration of a typical dialog (perhaps
as long as a day), this amount of randomness appears adequate for
<span class="grey">Rosenberg Standards Track [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
preventing guessing attacks. However, it's important to note that
this specification requires true cryptographic randomness as set
forth in <a href="./rfc4086">RFC 4086</a> [<a href="#ref-11" title=""Randomness Requirements for Security"">11</a>]. Weaker pseudorandom identifiers reduce the
probability of collision, but because they are guessable, they are
not sufficient to prevent an attacker from observing a sequence of
identifiers, guessing the next one, and then using this specification
to launch an attack.
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. Relationship with In-Reply-To</span>
<a href="./rfc3261">RFC 3261</a> defines the In-Reply-To header field. It provides a list of
Call-IDs for calls that the current request references or returns.
It was meant to serve a similar purpose as the Reply-To in email: to
facilitate the construction of "threads" of conversations in a user
interface. Target-Dialog is similar, in that it also references a
previous session. Due to their similarities, it is important to
understand the differences, as these two header fields are not
substitutes for each other.
Firstly, In-Reply-To is meant for consumption by a human or a user
interface widget, for providing the user with a context that allows
them to decide what a call is about and whether they should take it.
Target-Dialog, on the other hand, is meant for consumption by the
user agent itself, to facilitate authorization of session requests in
specific cases where authorization is not a function of the user, but
rather the underlying protocols. A UA will authorize a call
containing Target-Dialog based on a correct value of the Target-
Dialog header field.
Secondly, Target-Dialog references a specific dialog that must be
currently in progress. In-Reply-To references a previous call
attempt, most likely one that did not result in a dialog. This is
why In-Reply-To uses a Call-ID, and Target-Dialog uses a set of
dialog identifiers.
Finally, In-Reply-To implies cause and effect. When In-Reply-To is
present, it means that the request is being sent because of the
previous request that was delivered. Target-Dialog does not imply
cause and effect, merely awareness for the purposes of authorization.
<span class="h2"><a class="selflink" id="section-10" href="#section-10">10</a>. Example Call Flow</span>
In this example, user agent A and user agent B establish an INVITE-
initiated dialog through Server-A and Server-B, each of which acts as
a proxy for the INVITE. Server B would then like to use the
application interaction framework [<a href="#ref-14" title=""A Framework for Application Interaction in the Session Initiation Protocol (SIP)"">14</a>] to request that user agent A
fetch an HTML user interface component. To do that, it sends a REFER
request to A's URI. The flow for this is shown in Figure 5. The
<span class="grey">Rosenberg Standards Track [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
conventions of [<a href="#ref-19" title=""Session Initiation Protocol (SIP) Torture Test Messages"">19</a>] are used to describe representation of long
message lines.
A Server-A Server-B B
|(1) INVITE | | |
|----------->| | |
| |(2) INVITE | |
| |----------->| |
| | |(3) INVITE |
| | |----------->|
| | |(4) 200 OK |
| | |<-----------|
| |(5) 200 OK | |
| |<-----------| |
|(6) 200 OK | | |
|<-----------| | |
|(7) ACK | | |
|------------------------------------->|
| |(8) REFER | |
| |<-----------| |
|(9) REFER | | |
|<-----------| | |
|(10) 200 OK | | |
|----------->| | |
| |(11) 200 OK | |
| |----------->| |
Figure 5
First, the caller sends an INVITE, as shown in message 1.
INVITE sips:B@example.com SIP/2.0
Via: SIP/2.0/TLS host.example.com;branch=z9hG4bK9zz8
From: Caller <sip:A@example.com>;tag=kkaz-
To: Callee <sip:B@example.org>
Call-ID: fa77as7dad8-sd98ajzz@host.example.com
CSeq: 1 INVITE
Max-Forwards: 70
Supported: tdialog
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, REFER
Accept: application/sdp, text/html
<allOneLine>
Contact: <sips:A@example.com;gruu;opaque=urn:uuid:f81d4f
ae-7dec-11d0-a765-00a0c91e6bf6;grid=99a>;schemes="http,sip,sips"
</allOneLine>
Content-Length: ...
Content-Type: application/sdp
<span class="grey">Rosenberg Standards Track [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
--SDP not shown--
The INVITE indicates that the caller supports GRUU (note its presence
in the Contact header field of the INVITE) and the Target-Dialog
header field. This INVITE is forwarded to the callee (messages 2-3),
which generates a 200 OK response that is forwarded back to the
caller (message 4-5). Message 5 might look like:
SIP/2.0 200 OK
Via: SIP/2.0/TLS host.example.com;branch=z9hG4bK9zz8
From: Caller <sip:A@example.com>;tag=kkaz-
To: Callee <sip:B@example.org>;tag=6544
Call-ID: fa77as7dad8-sd98ajzz@host.example.com
CSeq: 1 INVITE
Contact: <sips:B@pc.example.org>
Content-Length: ...
Content-Type: application/sdp
--SDP not shown--
In this case, the called party does not support GRUU or the Target-
Dialog header field. The caller generates an ACK (message 7).
Server B then decides to send a REFER to user A:
<allOneLine>
REFER sips:A@example.com;gruu;opaque=urn:uuid:f81d4f
ae-7dec-11d0-a765-00a0c91e6bf6;grid=99a SIP/2.0
</allOneLine>
Via: SIP/2.0/TLS serverB.example.org;branch=z9hG4bK9zz10
From: Server B <sip:serverB.example.org>;tag=mreysh
<allOneLine>
To: Caller <sips:A@example.com;gruu;opaque=urn:uuid:f81d4f
ae-7dec-11d0-a765-00a0c91e6bf6;grid=99a>
</allOneLine>
Target-Dialog: fa77as7dad8-sd98ajzz@host.example.com
;local-tag=kkaz-
;remote-tag=6544
Refer-To: http://serverB.example.org/ui-component.html
Call-ID: 86d65asfklzll8f7asdr@host.example.com
CSeq: 1 REFER
Max-Forwards: 70
Require: tdialog
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, NOTIFY
Contact: <sips:serverB.example.org>
Content-Length: 0
<span class="grey">Rosenberg Standards Track [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
This REFER will be delivered to server A because it was sent to the
GRUU. From there, it is forwarded to user agent A (message 9) and
authorized because of the presence of the Target-Dialog header field.
<span class="h2"><a class="selflink" id="section-11" href="#section-11">11</a>. IANA Considerations</span>
This specification registers a new SIP header field, a new option tag
according to the processes of <a href="./rfc3261">RFC 3261</a> [<a href="#ref-2" title=""SIP: Session Initiation Protocol"">2</a>], and two new header field
parameters according to the processes of <a href="./rfc3968">RFC 3968</a> [<a href="#ref-10" title=""The Internet Assigned Number Authority (IANA) Header Field Parameter Registry for the Session Initiation Protocol (SIP)"">10</a>].
<span class="h3"><a class="selflink" id="section-11.1" href="#section-11.1">11.1</a>. Header Field</span>
RFC Number: <a href="./rfc4538">RFC 4538</a>
Header Field Name: Target-Dialog
Compact Form: none
<span class="h3"><a class="selflink" id="section-11.2" href="#section-11.2">11.2</a>. Header Field Parameters</span>
This section registers two header field parameters according to the
processes of <a href="./rfc3968">RFC 3968</a> [<a href="#ref-10" title=""The Internet Assigned Number Authority (IANA) Header Field Parameter Registry for the Session Initiation Protocol (SIP)"">10</a>].
<span class="h4"><a class="selflink" id="section-11.2.1" href="#section-11.2.1">11.2.1</a>. local-tag</span>
Header Field: Target-Dialog
Header Field Parameter: local-tag
Predefined Values: None
RFC: <a href="./rfc4538">RFC 4538</a>
<span class="h4"><a class="selflink" id="section-11.2.2" href="#section-11.2.2">11.2.2</a>. remote-tag</span>
Header Field: Target-Dialog
Header Field Parameter: remote-tag
Predefined Values: None
RFC: <a href="./rfc4538">RFC 4538</a>
<span class="grey">Rosenberg Standards Track [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
<span class="h3"><a class="selflink" id="section-11.3" href="#section-11.3">11.3</a>. SIP Option Tag</span>
This specification registers a new SIP option tag per the guidelines
in <a href="./rfc3261#section-27.1">Section 27.1 of RFC 3261</a>.
Name: tdialog
Description: This option tag is used to identify the target dialog
header field extension. When used in a Require header field, it
implies that the recipient needs to support the Target-Dialog
header field. When used in a Supported header field, it implies
that the sender of the message supports it.
<span class="h2"><a class="selflink" id="section-12" href="#section-12">12</a>. Acknowledgements</span>
This specification is based on a header field first proposed by
Robert Sparks in the dialog usage draft [<a href="#ref-12" title=""Multiple Dialog Usages in the Session Initiation Protocol"">12</a>]. John Elwell provided
helpful comments.
<span class="h2"><a class="selflink" id="section-13" href="#section-13">13</a>. References</span>
<span class="h3"><a class="selflink" id="section-13.1" href="#section-13.1">13.1</a>. Normative References</span>
[<a id="ref-1">1</a>] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-2">2</a>] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", <a href="./rfc3261">RFC 3261</a>, June 2002.
[<a id="ref-3">3</a>] Roach, A., "Session Initiation Protocol (SIP)-Specific Event
Notification", <a href="./rfc3265">RFC 3265</a>, June 2002.
[<a id="ref-4">4</a>] Donovan, S., "The SIP INFO Method", <a href="./rfc2976">RFC 2976</a>, October 2000.
[<a id="ref-5">5</a>] Rosenberg, J. and H. Schulzrinne, "Reliability of Provisional
Responses in Session Initiation Protocol (SIP)", <a href="./rfc3262">RFC 3262</a>,
June 2002.
[<a id="ref-6">6</a>] Rosenberg, J., "The Session Initiation Protocol (SIP) UPDATE
Method", <a href="./rfc3311">RFC 3311</a>, October 2002.
[<a id="ref-7">7</a>] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., and
D. Gurle, "Session Initiation Protocol (SIP) Extension for
Instant Messaging", <a href="./rfc3428">RFC 3428</a>, December 2002.
[<a id="ref-8">8</a>] Sparks, R., "The Session Initiation Protocol (SIP) Refer
Method", <a href="./rfc3515">RFC 3515</a>, April 2003.
<span class="grey">Rosenberg Standards Track [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
[<a id="ref-9">9</a>] Niemi, A., "Session Initiation Protocol (SIP) Extension for
Event State Publication", <a href="./rfc3903">RFC 3903</a>, October 2004.
[<a id="ref-10">10</a>] Camarillo, G., "The Internet Assigned Number Authority (IANA)
Header Field Parameter Registry for the Session Initiation
Protocol (SIP)", <a href="https://www.rfc-editor.org/bcp/bcp98">BCP 98</a>, <a href="./rfc3968">RFC 3968</a>, December 2004.
<span class="h3"><a class="selflink" id="section-13.2" href="#section-13.2">13.2</a>. Informative References</span>
[<a id="ref-11">11</a>] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", <a href="https://www.rfc-editor.org/bcp/bcp106">BCP 106</a>, <a href="./rfc4086">RFC 4086</a>, June 2005.
[<a id="ref-12">12</a>] Sparks, R., "Multiple Dialog Usages in the Session Initiation
Protocol", Work in Progress, March 2006.
[<a id="ref-13">13</a>] Rosenberg, J., "Obtaining and Using Globally Routable User
Agent (UA) URIs (GRUU) in the Session Initiation Protocol
(SIP)", Work in Progress, May 2006.
[<a id="ref-14">14</a>] Rosenberg, J., "A Framework for Application Interaction in the
Session Initiation Protocol (SIP)", Work in Progress,
July 2005.
[<a id="ref-15">15</a>] Rosenberg, J., Schulzrinne, H., and R. Mahy, "An INVITE-
Initiated Dialog Event Package for the Session Initiation
Protocol (SIP)", <a href="./rfc4235">RFC 4235</a>, November 2005.
[<a id="ref-16">16</a>] Rosenberg, J., "A Session Initiation Protocol (SIP) Event
Package for Conference State", Work in Progress, July 2005.
[<a id="ref-17">17</a>] Rosenberg, J., "A Framework for Conferencing with the Session
Initiation Protocol (SIP)", <a href="./rfc4353">RFC 4353</a>, February 2006.
[<a id="ref-18">18</a>] Burger, E., "A Session Initiation Protocol (SIP) Event Package
for Key Press Stimulus (KPML)", Work in Progress,
December 2004.
[<a id="ref-19">19</a>] Sparks, R., Ed., Hawrylyshen, A., Johnston, A., Rosenberg, J.,
and H. Schulzrinne, "Session Initiation Protocol (SIP) Torture
Test Messages", <a href="./rfc4475">RFC 4475</a>, May 2006.
<span class="grey">Rosenberg Standards Track [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
Author's Address
Jonathan Rosenberg
Cisco Systems
600 Lanidex Plaza
Parsippany, NJ 07054
US
Phone: +1 973 952-5000
EMail: jdrosen@cisco.com
URI: <a href="http://www.jdrosen.net">http://www.jdrosen.net</a>
<span class="grey">Rosenberg Standards Track [Page 16]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span>
<span class="grey"><a href="./rfc4538">RFC 4538</a> Target Dialog June 2006</span>
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a>, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and <a href="https://www.rfc-editor.org/bcp/bcp79">BCP 79</a>.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
<a href="http://www.ietf.org/ipr">http://www.ietf.org/ipr</a>.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Rosenberg Standards Track [Page 17]
</pre>
|
