CALSCH WG P. Pessi INTERNET-DRAFT M. Mela Expires: April 28, 2003 Nokia October 2002 iCalendar SIP-Based Interoperability Protocol (draft-pessi-calsch-isip-00) Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 28, 2003. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document, proposes a binding from the abstract iCalendar Transport-independent Interoperability Protocol (iTIP) using Session Initiation Protocol (SIP) as transport and SIP/SIPS URIs as addresses. This document proposes using the XML iCalendar or xCal as a mandatory payload format with SIP. XML iCalendar is an XML DTD that corresponds to the iCalendar, Internet Calendaring and Scheduling Core Object Specification defined by RFC 2445. SIP is a application-layer signaling protocol for creating, modifying, and terminating multimedia sessions, retrieving user presence and sending instant messages. 1 Introduction and Motivation This binding document provides the transport specific information necessary to convey iCalendar Transport-independent Interoperability Protocol (iTIP) over SIP as a MIME payload as defined in [SIP] and [RFC-2045]. Pessi & Mela Expires April 28, 2003 [Page 1] Internet-Draft iSIP October 2002 The goal of this document is to extend the iCalendar framework describing Internet multimedia conferences and chat rooms. The iCalendar provides means to provide descriptions, identify participants, their roles and other resources for meetings taking place on the Internet as well as in the real world. The XML iCalendar information can easily be transmitted over SIP instant messages [SIP-IM] just as Internet e-mail is used today. However, when SIP addresses are used to identify the attendees, the iCalendar URIs can directly be used to establish conferences. OPEN ISSUE: It would be beneficial to include the capabilities or preferences related to a particular SIP URI in the xCal documents [LONNFORS]. However, the current xCal specification explicitly prohibits using extension namespaces with xCal documents because desired 1:1 mapping between standard and XML iCalendar formats. We would argue that this restriction is too limiting and would rather provide a possibility to map between XML namespaces and experimental or IANA-registered parameters. Other applications may also include availability and timezone information. For example, if callee's SIP telephone returns his freebusy and timezone information, the caller's SIP user-agent can automatically determine suitable time to retry the call. This kind of information can also be included in the presence documents [PIDF]. The XML iCalendar components could also be included in the XML-based event documents. For example, a person would like to include his vCard [RFC2426] in his presence document [PIDF], and a conferencing server could include a VEVENT [RFC2445] component in the conferencing conference information document [CALLPKG]. In some use cases [CPIM] instant messaging (IM) URIs and [RFC-2806] telephone (TEL) URIs can be used as calendar user addresses in addition to the SIP URIs. 1.1 Related Documents Implementers will need to be familiar with several other memos that form the existing framework for Internet calendaring and scheduling standards. This document, [iSIP], proposes a SIP binding for iTIP; [iCAL] - specifies a core specification of objects, data types, properties and property parameters; [iTIP] - specifies an interoperability protocol for scheduling between different implementations; [iMIP] - specifies an Internet email binding for iTIP. Pessi & Mela Expires April 28, 2003 [Page 2] Internet-Draft iSIP October 2002 This memo does not attempt to repeat the specification of concepts or definitions from these other memos. Where possible, references are made to the memo that provides for the specification of the concepts or definitions. 1.2 Terminology The SIP-related terms used in this document are defined in [SIP, SIP-IM]. The MIME-related terms used in this document are defined in [RFC2045]. The calendaring and scheduling terms used in this memo are defined in [iCAL] and [iTIP]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. 2 SIP Message Format Binding This section defines the iCalendar message binding to the SIP message bodies. SIP messages can carry their content in the form of MIME body parts. The sections below refer to the "originator" and the "recipient" of an iSIP message. Typically, the originator is the "Organizer" of an event. The respondent is an "Attendee" of the event. The [SIP] "From", "To", "Contact", "Reply-To" or [SIP-PRIV] "Remote-Party-ID" headers typically contains the SIP address of the originator or respondent of an event. However, this cannot be guaranteed as SIP user-agents are not required to enforce iTIP semantics. 2.1 SIP Requests and Responses The vCalendar requests are typically included in SIP MESSAGE requests. A response to a vCalendar request is not usually included in the SIP response message, but a separate SIP MESSAGE is used for sending the response. Other SIP requests and responses MAY be used to PUBLISH iCalendar components. 2.2 Security This section addresses several aspects of security including Authentication, Authorization and Confidentiality. Authentication and confidentiality is achieved using normal SIP means, e.g., using S/MIME [RFC-1847, RFC-2630, RFC-2633]. Pessi & Mela Expires April 28, 2003 [Page 3] Internet-Draft iSIP October 2002 2.2.1 Authorization In [iTIP] messages, only the "Organizer" is authorized to modify or cancel calendar entries they organize. That is, sip:spoof@xyz.com is not allowed to modify or cancel a meeting that was organized by im:a@example.com. Furthermore, only the respondent has the authorization to indicate their status to the "Organizer". That is, the "Organizer" must ignore an [iTIP] message from sip:spoof@xyz.com that declines a meeting invitation for im:b@example.com. Implementations of iSIP SHOULD verify the authenticity of the creator of an iCalendar object before taking any action. The methods for doing this are presented later in this document. Message flow in iTIP supports someone working on behalf of a "Calendar User" through use of the "sent-by" attribute that is associated with the "ATTENDEE" and "ORGANIZER" elements. However, there is no mechanism to verify whether or not a "Calendar User" has authorized someone to work on their behalf. It is left to implementations to provide mechanisms for the "Calendar Users" to make that decision. 2.2.2 Authentication Authentication can be performed using an implementation of [RFC-1847] "multipart/signed" that supports public/private key certificates. Authentication is possible only on messages that have been signed. Authenticating an unsigned message may not be reliable. 2.2.3 Confidentiality To ensure confidentiality using iSIP implementations should utilize S/MIME-compliant encryption. The protocol does not restrict a "Calendar User Agent" (CUA) from forwarding iCalendar objects to other users or agents. 2.3 Attendee Addresses The calendar address specified within the "attendee" element in an iCalendar object SHOULD be a valid SIP URI [RFC3261] address for the corresponding "Organizer" or "Attendee" element of the "vevent", "vtodo", or "vfreebusy" elements. OPEN ISSUE: In which circumstances [tel] telephone tel: or (CPIM) instant messaging (im:) URLs can be used? Because [iTIP] does not preclude "attendees" from forwarding "vevents" or "vtodos" to others, the apparent originator address may not equal that of the "Organizer". Additionally, the "Organizer" or "Attendee" cannot be reliably inferred by the [SIP] "From", "Contact", "Remote-Party-ID" or "Reply-to" values of an iSIP message. Pessi & Mela Expires April 28, 2003 [Page 4] Internet-Draft iSIP October 2002 The relevant address MUST be ascertained by opening the "application/calendar+xml" MIME body part and examining the "ATTENDEE" and "ORGANIZER" properties. 2.4 Content Type A MIME body part containing content information that conforms to this document MUST have an "Content-Type" header field of "application/calendar+xml". The "Content-Type" header field SHOULD also include the type parameters "method" and "component". The "method" contains a single iTIP method name which MUST correspond to the value of the "METHOD" attribute of the vCalendar elements within the iCalendar object. The "component" parameter is also a quoted, comma-separated list and it defines the iCalendar component types contained within the iCalendar object. OPEN ISSUE: Currently, the installed base of CUAs integrated with SIP and using standard iCalendar is roughly zero. So it seems reasonable to us to restrict SIP applications to use XML iCalendar only, as this could reduce the additional complexity in typical SIP applications that already use large number of XML-based documents [PIDF, CONF-INFO]. Converting between XML and standard iCalendar [RFC2445] formats would only be required when a SIP UA needs to import or export iCalendar objects from standard-iCalendar-based CUA. Already, this happens using XML-based synchronization protocols like SyncML The following is an example of this header field with a value that indicates an event message. Content-Type: application/calendar+xml ;method="REQUEST" ;component="VEVENT,VTODO" The "application/calendar+xml" content type allows for the scheduling message type to be included as a MIME multipart message body with other content information (i.e., "multipart/mixed") or included in a MIME message with a clear-text, human-readable form of the scheduling message (i.e., "multipart/alternative"). In order to permit the information in the scheduling message to be understood by SIP user agents (UA) that do not support the "application/calendar+xml" content type, scheduling messages MAY be sent with an alternative, human-readable form of the information. 2.5 Content-Transfer-Encoding Note that the default character set for XML iCalendar objects is UTF-8. As SIP protocol can handle binary message bodies, transfer encoding MUST NOT be used for iCalendar objects. Gateways from MIME-compliant protocols to SIP MUST remove any Content-Transfer- Encoding prior to delivering the iCalendar object to SIP. Pessi & Mela Expires April 28, 2003 [Page 5] Internet-Draft iSIP October 2002 2.6 Content-Disposition The SIP User-Agents determine how to interpret a message body part based on the Content-Disposition header field. The default "disposition-type" for SIP is "render", indicating that the body part should be displayed or otherwise rendered to the user. OPEN ISSUE: Does calendar objects warrant a disposition-type of their own, for example, if the calendar object should be handled by calendar application without any user intervention? 3 Security Considerations The security threats that applications must address when implementing iTIP are detailed in [iTIP]. Two spoofing threats are identified: Spoofing the "Organizer", and Spoofing an "Attendee". To address these threats, the originator of an iCalendar object must be authenticated by a recipient. Once authenticated, a determination can be made as to whether or not the originator is authorized to perform the requested operation. Compliant applications MUST support signing and encrypting application/calendar+xml attachments using a mechanism based on S/MIME [RFC-2633, RFC-1847] to facilitate the authentication the originator of the iCalendar object. Implementations MAY provide a means for users to disable signing and encrypting. The steps are described below: 1. The iCalendar object MUST be signed by the "Organizer" when sending an update or the "Attendee" when sending a reply. 2. Using the S/MIME, determine who signed the iCalendar object. This is the "signer". Note that the signer is not necessarily the person that sent the SIP message. 3. Correlate the signer to an "ATTENDEE" property in the iCalendar object. If the signer cannot be correlated to an "ATTENDEE" property, ignore the message. 4. Determine whether or not the "ATTENDEE" is authorized to perform the operation as defined by [iTIP]. If the conditions are not met, ignore the message. 5. If all the above conditions are met, the message can be processed. To address the confidentiality security threats, signed iSIP messages SHOULD be encrypted by a mechanisms based on S/MIME [RFC-1847, RFC-2633]. It is possible to receive iSIP messages sent by someone working on behalf of another "Calendar User". This is determined by examining the "sent-by" parameter in the relevant "ORGANIZER" or "ATTENDEE" property. [iCAL] and [iTIP] provide no mechanism to verify that a Pessi & Mela Expires April 28, 2003 [Page 6] Internet-Draft iSIP October 2002 "Calendar User" has authorized someone else to work on their behalf. To address this security issue, implementations MUST provide mechanisms for the "Calendar Users" to make that decision before applying changes from someone working on behalf of a "Calendar User". 4 Examples 4.1 Single Component With An ATTACH Property This minimal message shows how an iCalendar object references an attachment. The attachment is accessible via its URL. C->S MESSAGE sip:conference.example.com SIP/2.0 From: sip:john.doe@example.com To: sip:conference-ds76fhzxq3@example.com Call-ID: 12345-0xffffff@example.com CSeq: 1 MESSAGE Content-Length: ... Content-Type: application/calendar+xml;method=REQUEST; component=VEVENT sip:john.doe@example.com sip:conference-ds76fhzxq3@example.com sip:alice@example.com sip:bob@example.com sip:fubar.com 20020611t190000z 20020701t210000z 20020701t230000z IP telephony conference Review of foo.xml. calsvr.example.com-873970198738777 ftp://ftp.bar.com/pub/docs/foo.xml confirmed Pessi & Mela Expires April 28, 2003 [Page 7] Internet-Draft iSIP October 2002 4.2 Using Multipart Alternative for Low Fidelity Clients This example shows how a client can emit a multipart message that includes both a plain text version as well as the full iCalendar object. Clients that do not support application/calendar+xml will still be capable of rendering the plain text representation. C->S MESSAGE sip:conference.example.com SIP/2.0 From: sip:john.doe@example.com To: sip:conference-ds76fhzxq3@example.com Call-ID: 12345-0xffffff@example.com CSeq: 1 MESSAGE Content-Length: ... Content-Type: multipart/alternative ;boundary="01BD3665.3AF0D360" --01BD3665.3AF0D360 Content-Type: text/plain This is an alternative representation of a XML iCalendar object. When: 7/1/2002 10:00AM PDT - 7/1/97 10:30AM PDT Where: Organizer: sip:foo1@example.com Summary: IP Telephony Conference --01BD3665.3AF0D360 Content-Type: application/calendar+xml ;method=REQUEST ;component=VEVENT sip:foo1@example.com role=chair;attstat=accepted:sip:foo1@example.com rsvp=yes;type=individual:sip:foo2@example.com 20020611t190000z 20020701t170000z 20020701t173000z phone conference calsvr.example.com-8739701987387771 0 confirmed Pessi & Mela Expires April 28, 2003 [Page 8] Internet-Draft iSIP October 2002 --01BD3665.3AF0D360 4.3 Multiple Similar Components Multiple iCalendar components of the same type can be included in the iCalendar object when the METHOD is the same for each component. C->S MESSAGE sip:conference.example.com SIP/2.0 From: sip:john.doe@example.com To: sip:conference-ds76fhzxq3@example.com Call-ID: 12345-0xffffff@example.com CSeq: 1 MESSAGE Content-Length: ... Content-Type:application/calendar+xml ;method=PUBLISH sip:foo1@example.com 20020611t150000z 20020701t150000z 20020701t230000z company picnic food and drink will be provided calsvr.example.com-873970198738777-1 0 confirmed sip:foo1@example.com 20020611t190000z 20020715t150000z 20020715t230000z company bowling tournament we have 10 lanes reserved calsvr.example.com-873970198738777-2 0 confirmed Pessi & Mela Expires April 28, 2003 [Page 9] Internet-Draft iSIP October 2002 4.4 Receiving conference information when joining to one When joining a conference, the conferencing application server attachs conference information to its response's multipart MIME payload. C->S INVITE sip:conference.example.com SIP/2.0 Via: SIP/2.0/UDP proxy.example.com From: sip:john.doe@example.com To: sip:conference-ds76fhzxq3@example.com Call-ID: 12345-0xffffff@example.com CSeq: 1 INVITE Accept: application/sdp, application/calendar+xml, text/html Content-Type: application/sdp Content-Length: ... v=0 o=john 0 0 IN IP4 0.0.0.0 s=sline m=audio 0 RTP/AVP 98 0 8 a=rtpmap:98 AMR/8000 m=video 0 * S->C SIP/2.0 200 OK Via: SIP/2.0/UDP proxy.example.com From: sip:conference-ds76fhzxq3@example.com> To: Call-ID: 12345-0xffffff@example.com CSeq: 1 INVITE Content-Type: multipart/mixed;boundary="--FEE3790DC7E35189CA67CE2C" Content-Length: ... ----FEE3790DC7E35189CA67CE2C Content-Type: application/sdp v=0 o=watson 4858949 4858949 IN IP4 192.1.2.3 s=Conference going m=audio 0 RTP/AVP 98 0 8 a=rtpmap:98 AMR/8000 m=video 0 * ----FEE3790DC7E35189CA67CE2C Content-Type: application/calendar+xml ;method=REQUEST Pessi & Mela Expires April 28, 2003 [Page 10] Internet-Draft iSIP October 2002 sip:foo1@example.com sip:foo1@example.com sip:foo2@example.com 20020611t190000z 20020701t210000z 20020701t230000z IP telephony conference discuss what happened at the last meeting calsvr.example.com-8739701987387772 0 confirmed 4.5 The callee include FREEBUSY reachability information in response The callee responds with 486 Busy Here and sends a FREEBUSY object with reachability information in the payload. C->S INVITE sip:example.com SIP/2.0 Via: SIP/2.0/UDP proxy.example.com From: sip:john.doe@example.com To: sip:alice.doe@example.com Call-ID: 12345-0xffffff@example.com CSeq: 1 INVITE Content-Type: application/sdp Content-Length: ... v=0 o=john 0 0 IN IP4 0.0.0.0 s=sline m=audio 0 RTP/AVP 98 0 8 a=rtpmap:98 AMR-WB/16000 m=video 0 * S->C SIP/2.0 SIP 486 Busy Here Via: SIP/2.0/UDP proxy.example.com From: sip:alice.doe@example.com> To: Call-ID: 12345-0xffffff@example.com CSeq: 1 INVITE Content-Type: application/calendar+xml ;method=PUBLISH Content-Length: ... Pessi & Mela Expires April 28, 2003 [Page 11] Internet-Draft iSIP October 2002 ]> 20020313T133000@ical1.host.com 20020104T133010Z sip:alice.doe@host.com 20020313T141711Z 20020410T141711Z 20020314T233000Z/20020315T003000Z 20020316T153000Z/20020316T163000Z 20020318T030000Z/20020318T040000Z 5 Recommended Practices This section outlines a series of recommended practices when using a SIP to exchange iCalendar objects. 5.1 Use of Content and Message IDs The [iCAL] specification makes frequent use of the URI for data types in properties such as "DESCRIPTION", "ATTACH", "CONTACT" and others. Two forms of URIs are Message ID (MID) and Content ID (CID). These are defined in [RFC-2111]. Although [RFC-2111] allows referencing messages or MIME body parts in other MIME entities or stores, it is strongly recommended that iSIP implementations include all referenced messages and body parts in a single MIME entity. Simply put, if an iCalendar object contains CID or MID references to other messages or body parts, implementations should ensure that these messages and/or body parts are transmitted with the iCalendar object. If they are not there is no guarantee that the receiving "CU" will have the access or the authorization to view those objects. 6 Bibliography [iCAL] Dawson, F. and D. Stenerson, "Internet Calendaring and Scheduling Core Object Specification - iCalendar", RFC 2445, November 1998. [xCAL] Dawson, F. et al, "Internet Calendaring and Scheduling Core Object Specification - iCalendar", RFC 2445, November 1998. Pessi & Mela Expires April 28, 2003 [Page 12] Internet-Draft iSIP October 2002 [iTIP] Silverberg, S., Mansour, S., Dawson, F. and R. Hopson, "iCalendar Transport-Independent Interoperability Protocol (iTIP): Scheduling Events, Busy Time, To-dos and Journal Entries", RFC 2446, November 1998. [iMIP] Silverberg, S., Mansour, S., Dawson, F. and R. Hopson, "iCalendar Transport-Independent Interoperability Protocol (iTIP): Scheduling Events, Busy Time, To-dos and Journal Entries", RFC 2446, November 1998. [XML] "Extensible Markup Language (XML)", Worldwide Web Consortium, http://www.w3.org/TR/1998/REC-xml-19980210, February 1998. [SIP] Rosenberg, J. et al, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [SIP-IM] Campbell, B. (ed), "Session Initiation Protocol Extension for Instant Messaging", draft-ietf-sip-message-07 (work in progress), September 2002. [SIP-PRIV] Marshall, W. et al, "SIP Extensions for Network-Asserted Caller Identity and Privacy within Trusted Networks", draft-ietf-sip-privacy-05.txt (work in progress), March 2002. [CPIM] Crocker, D. et al, "A Common Profile for Instant Messaging (CPIM)", draft-ietf-impp-cpim-03 (work in progress), August 2002. [PIDF] Sugano, H. et al, "Presence Information Data Format", draft-ietf-impp-cpim-pidf-05.txt (work in progress), May 2002. [CALLPKG] Rosenberg, J., H. Schulzrinne, "SIP Event Packages for Call Leg and Conference State", draft-rosenberg-sip-call-package-01 (work in progress), September 2002. [LONNFORS] Lonnfors, M., K. Kiss, "SIMPLE PIDF callee capabilities extension", draft-lonnfors-pidf-callee-capabilities-ext-00 (work in progress), October 2002. [SYNCML] SyncML Intitiative, "SyncML Represenation Protocol", http://www.syncml.org/docs/syncml_represent_v11_20020215.pdf, February 2002. [RFC-2806] Vaha-Sipila, A., "URLs for Telephone Calls", RFC 2806, April 2000. [RFC-1847] Galvin, J., Murphy, S., Crocker, S. and N. Freed, "Security Multiparts for MIME: Multipart/Signed and Pessi & Mela Expires April 28, 2003 [Page 13] Internet-Draft iSIP October 2002 Multipart/Encrypted", RFC 1847, October 1995. [RFC-2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) - Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC-2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) - Part Two: Media Types", RFC 2046, November 1996. [RFC-2047] Moore, K., "Multipurpose Internet Mail Extensions (MIME) - Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC-2048] Freed, N., Klensin, J. and J. Postel, "Multipurpose Internet Mail Extensions (MIME) - Part Four: Registration Procedures", RFC 2048, January 1997. [RFC-2111] Levinson, E., "Content-ID and Message-ID Uniform Resource Locators", RFC 2111, March 1997. [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC-2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999. [RFC-2633] Ramsdell B., "S/MIME Version 3 Message Specification", RFC 2633, June 1999. 7 Authors' Addresses Pekka Pessi Nokia EMail: Pekka.Pessi@nokia.com Phone: +358 504 836 404 Martti Mela Nokia EMail: Martti.Mela@nokia.com Phone: +358 504 836 460 Pessi & Mela Expires April 28, 2003 [Page 14]