[APPS-REVIEW] RE: App Area review of draft-ietf-sipping-service-identification-00.txt
Claudio Allocchio <claudio.allocchio@garr.it> Fri, 16 November 2007 15:47 UTC
Return-path: <apps-review-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1It3Pq-0006Jg-6w; Fri, 16 Nov 2007 10:47:34 -0500
Received: from apps-review by megatron.ietf.org with local (Exim 4.43) id 1It3Po-0006G6-E9 for apps-review-confirm+ok@megatron.ietf.org; Fri, 16 Nov 2007 10:47:32 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1It3Pn-0006EP-VF for apps-review@ietf.org; Fri, 16 Nov 2007 10:47:32 -0500
Received: from cyrus.dir.garr.it ([193.206.158.29]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1It3Pl-0003Sj-J4 for apps-review@ietf.org; Fri, 16 Nov 2007 10:47:31 -0500
Received: from [140.105.1.129] ([140.105.1.129]) (authenticated bits=0) by cyrus.dir.garr.it (8.13.8/8.13.7) with ESMTP id lAGFkxkb014880 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Nov 2007 16:47:09 +0100 (CET) (envelope-from claudio.allocchio@garr.it)
Date: Fri, 16 Nov 2007 16:46:34 +0100
From: Claudio Allocchio <claudio.allocchio@garr.it>
X-X-Sender: claudio@mac-allocchio3.local
To: apps-review@ietf.org, Eric Burger <eburger@bea.com>
In-Reply-To: <A5E9CBACB726CB4BAA3DAFF0925C188F021F5EF2@repbex01.amer.bea.com>
Message-ID: <Pine.OSX.4.64.0711161508400.556@mac-allocchio3.local>
References: <C34F7EAF.F162%eburger@bea.com> <Pine.OSX.4.64.0711071702340.1182@dhcp60.iit.cnr.it> <A5E9CBACB726CB4BAA3DAFF0925C188F021AC9A3@repbex01.amer.bea.com> <Pine.OSX.4.64.0711081535470.1434@mac-allocchio3.local> <A5E9CBACB726CB4BAA3DAFF0925C188F021F5EF2@repbex01.amer.bea.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on cyrus.dir.garr.it
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bfc9ec46aa2f66e5aee6a3bbffb0ebe9
Cc:
Subject: [APPS-REVIEW] RE: App Area review of draft-ietf-sipping-service-identification-00.txt
X-BeenThere: apps-review@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Applications Review List <apps-review.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/apps-review>, <mailto:apps-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/apps-review>
List-Post: <mailto:apps-review@ietf.org>
List-Help: <mailto:apps-review-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/apps-review>, <mailto:apps-review-request@ietf.org?subject=subscribe>
Errors-To: apps-review-bounces@ietf.org
General Comments: The idea and the problem being addressed is described quite clearly in the "Introduction" section. However the Abstract itself seems to stress to much the "legal/fraud" bullet point, while the focus of the document indeed is elsewhere and more general. I would add a more coherent abstract instead of the current one. The term "user agent" is used in the document more as identifying the "hardware device", specifically when it states that multiple application can run within the same user agent, etc. This is not coherent with the normal definition of user agent, which corresponds to a specific application running inside a hardware device (the super-classical e-mail User Agent programme, running within a PC, mobile device, whatever...). It might lead to confusion. As a final general comment, the document itself is a Reccommendation more than a BCP in itself... are we sure this is the correct track to put it forward? Conclusion: IMHO ths document is useful, and should be pushed forward, even if it might sound "strange" a document whose aim is to prevent a potentially BAD practice... I really to not know if it whould be better to have this as somthing else than BCP... I would call it something in a category like "things you should not do". ;-) from now on, se inline... Best regards, and sorry for being a bit late in the revision! Claudio ------------- Detailed inline review: see below, notes labelled by ***, some portions of the draft omitted: SIPPING J. Rosenberg Internet-Draft Cisco Intended status: Best Current August 1, 2007 Practice Expires: February 2, 2008 Identification of Communications Services in the Session Initiation Protocol (SIP) draft-ietf-sipping-service-identification-00 <.. omitted ..> Abstract This document considers the problem of service identification in the Session Initiation Protocol (SIP). Service identification is the process of determining the user-level use case that is driving the signaling being utilized by the user agent. While seemingly simple, this process is quite complex, and when not addressed properly, can lead to fraud, interoperability problems, and stifling of innovation. *** see general comment above. Rosenberg Expires February 2, 2008 [Page 1] Internet-Draft Service ID August 2007 This document discusses these problems and makes recommendations on how to address them. <.. omitted ..> Rosenberg Expires February 2, 2008 [Page 2] Internet-Draft Service ID August 2007 1. Introduction The Session Initiation Protocol (SIP) [2] defines mechanisms for initiating and managing communications sessions between agents. SIP allows for a broad array of session types between agents. It can manage audio sessions, ranging from low bitrate voice-only up to multi-channel hi fidelity music. It can manage video sessions, ranging from small, "talking-head" style video chat, up to high definition multipoint video conferencing, to low bandwidth user- generated content, up to high definition movie and TV content. SIP endpoints can be anything - adaptors that convert an old analog telephone to Voice over IP (VoIP), dedicated hardphones, fancy hardphones with rich displays and user entry capabilities, softphones on a PC, buddylist and presence applications on a PC, dedicated videoconferencing peripherals, and speakerphones. This breadth of applicability is SIPs greatest asset, but it also introduces numerous challenges. One of these is that, when an endpoint generates a SIP INVITE for a session, or receives one, that session can potentially be within the context of any number of different use cases and endpoint types. For example, a SIP INVITE with a single audio stream could represent a Push-To-Talk session between mobile devices, a VoIP session between softphones, or audio- based access to stored content on a server. These differing use cases have driven implementors and system designers to seek techniques for service identification. Service identification is the process of determining and/or signaling the specific use case that is driving the signaling being generated by a user agent. At first glance, this seems harmless and easy enough. It is tempting to define a new header, "Service-ID", for example, and have a user agent populate it with any number of well-known tokens which define what the service is. This information could then be consumed for any number of purposes. *** it is unclear at this point if the idea of the new header here is being anyhow suggested, depracted, or an alternate better solution should be stanrdised. I guess it should make such a statement, already at this point, to clarify. However, as this document will demonstrate, service identification is a very complex and difficult process, and can very easily lead to fraud, systemic interoperability failures, and a complete stifling of the innovation that SIP was meant to achieve. Section 3 begins by defining a service and the service identification problem. Section 4 gives some concrete examples of services and why they can be challenging to identify. Section 5 explores the ways in which a service identification can be utilized within a network. Next, Section 6 discusses the key architectural principles of service identification, and how explicit service identifiers can lead to fraud, interoperability failures, and stifling of service innovation. Rosenberg Expires February 2, 2008 [Page 3] Internet-Draft Service ID August 2007 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. 3. Services and Service Identification The problem of identifying services within SIP is not a new one. The problem has been considered extensively in the context of presence. In particular, the presence data model for SIP [3] defines the concept of a service as one of the core notions that presence describes. Services are described in Section 3.3 of RFC 4479, which has this to say on the topic: *** as a general procedural suggestion, I would avoid quoting full sections of existing other documents, as they may be updated, obsoleted, etc, creating corss reference problems more complex than needed if full quoting is used. Replacing the "included" session with a reference and just a few significant senteces makes it better. And, people redint this BCP shall have no problems in reading the full original section, or updates, themselves. 3.3. Service Each presentity has access to a number of services. Each of these represents a point of reachability for communications that can be used to interact with the user. Examples of services are telephony (that is, traditional circuit-based telephone service), push-to-talk, instant messaging, Short Message Service (SMS), and Multimedia Message Service (MMS). *** for example, the definition of "presentity" is missing here, forcing the cautious readed to grab and read the original specification anyhow :-) It is difficult to give a precise definition for service. One reasonable approach is to model each software or hardware agent in the system as a service. If a user starts a softphone application on <.. omitted ..> Essentially, the service is the user-visible use case that is driving the behavior of the user-agents and servers in the SIP network. Being user-visible means that there is a difference in user experience between two services that are different. That user experience can be part of the call, or outside of the call. Within a call, the user experience can be based on different media types (an audio call vs. a video chat), different content within a particular media type (stored content, such as a movie or TV session), different devices (a wireless device for "telephony" vs. a PC application for "voice-chat"), different user interfaces (a buddy list view of voice on a PC application vs. a software emulation of a hard phone), different communities that can be accessed (voice chat with other users that have the same voice chat client, vs. voice communications with any endpoint on the PSTN), or different applications that are invoked by the user (manually selecting a push-to-talk application from a wireless phone vs. a telephony application). Outside of a call, the difference in user experience can be a billing one (cheaper for one service than other), a notification feature for one and not another (for example, an IM that gets sent whenever a user makes a Rosenberg Expires February 2, 2008 [Page 5] Internet-Draft Service ID August 2007 call), and so on. In some cases, there is very little difference in the underlying technology that will support two different services, and in other cases, there are big differences. However, for purposes of this discussion, the key definition is that two services are distinct when there is a perceived difference by the user in the two services. *** the whole above descriptive section is mabe even too long. The concept is made clear in the last above sentence "However... in the two services", hence I suggest shrinking the previous descripive text. This leads naturally to the desire to perform service identification. Service identification is defined as the process of (1) determination of the underlying service which is driving a particular signaling exchange, (2) associating that service with some kind of moniker, and (3) attaching that moniker to a signaling message (typically a SIP INVITE), and then utilizing it for various purposes within the network. Service identification can be done in the endpoints, in which case the UA would insert the moniker directly into the signaling message based on its awareness of the service. Or, it can be done within a proxy in the network, based on inspection of the SIP message, or based on hints placed into the message by the user. 4. Example Services It is very useful to consider several example services, especially ones that appear difficult to differentiate from each other. 4.1. IPTV vs. Multimedia IP Television (IPTV) is the usage of IP networks to access traditional television content, such as movies and shows. SIP can be utilized to establish a session to a media server in a network, which then serves up multimedia content and streams it as an audio and video stream towards the client. Whether SIP is ideal for IPTV is, in itself, a good question. However, such a discussion is outside the scope of this document. Consider multimedia conferencing. The user accesses a voice and video conference at a conference server. The user might join in listen-only mode, in which case the user receives audio and video streams, but does not send. These two services - IPTV and multimedia conferencing, clearly appear as different services. They have different user experiences and applications. A user is unlikely to ever be confused about whether a session is IPTV or multimedia conferencing. Indeed, they are likely to have different software applications or endpoints for the two services. *** make it MORE clear that the multimedia conference you're talking about is the ONE WAY unidirectional "listening only" version of it. It might be more appropriate to call it "multimedia conference listening", or something similar for the purpouse of this example. Rosenberg Expires February 2, 2008 [Page 6] Internet-Draft Service ID August 2007 However, these two services look remarkably alike based on the signaling. Both utilize audio and video. Both could utilize the same codecs. Both are unidirectional streams (from a server in the network to the client). Thus, it would appear on the surface that there is no way to differentiate them, based on inspection of the signaling alone. 4.2. Gaming vs. Voice Chat Consider an interactive game, played between two users from their mobile devices. The game involves the users sending each other game moves, using a messaging channel, in addition to voice. In another service, users have a voice and IM chat conversation using a buddy list application on their PC. In both services, there are two media streams - audio and messaging. The audio uses the same codecs. Both use the Message Session Relay Protocol (MSRP) [5]. In both cases, the caller would send an INVITE to the AOR of the target user. However, these represent fairly different services, in terms of user experience. *** expand AOR acronym here, as it is the first occurence of it. <.. omitted ..> 5. Using Service Identification It is important to understand what the service identity would be utilized for, if known. The discussions in Section 4 give some hints Rosenberg Expires February 2, 2008 [Page 7] Internet-Draft Service ID August 2007 to the possible usages. Here, we explicitly discuss them. 5.1. Application Invocation in the User Agent In some of the examples above, there were multiple software applications running within a single user agent. When an incoming *** see "User Agent" term use note I made inside the General Comments above. *** is this sections exp;icitly suggesting the creation of the UI given in the figure below? It is not crstal clear... or it is just using the idea as a basis for discussiong its consequences if used? I would clarify this in the begining of it. INVITE or MESSAGE arrives, it must be delivered to the appropriate application software. When each service is bound to a distinct software application, it would seem that the service identity is needed to dispatch the message to the appropriate piece of software. This is shown in Figure 2. +---------------------------------+ | | | +-------------+ +-------------+ | | | UI | | UI | | | +-------------+ +-------------+ | | +-------------+ +-------------+ | | | | | | | | | Service 1 | | Service 2 | | | | | | | | | +-------------+ +-------------+ | | +-----------------------------+ | | | | | | | SIP | | | | Layer | | | | | | | +-----------------------------+ | | | +---------------------------------+ Physical Device Figure 2 <.. omitted ..> 6. Key Principles of Service Identification In this section, we describe some of the key principles of performing service identification. 6.1. Services are a By-Product of Signaling *** this section clearly states principles and reasons behind them. This is where the reference in the introduction should point for clarification of the suggestion that service-id is suggested or not. This is ultimately an expression of the principle of DWIM vs. DWIS (Do-What-I-Mean vs. Do-What-I-Say). Explicit signaling is DWIS - the user is asking for a service by invoking the signaling that results in the desired effect. A service identifier is DWIM - an unspecific request for something that is ill-defined and non-interoperable. *** true, please stress this also in introduction. 6.2. Perils of Explicit Identifiers *** this section is the core of the motivation of the reccomendation in the following chapter. I would name it consequently, or make it clearer its role in the title. 7. Recommendations From these principles, several recommendations can be made: o Systems needing to perform service identification must examine existing signaling constructs to identify the service based on fields that exist within the signaling message already. o If it appears that the signaling currently defined in standards is not sufficient to identify the service, it may be due to lack of sufficient signaling to convey what is needed, and new standards work should be undertaken to fill this gap. o The usage of an explicit service identifier does make sense as a way to cache a decision made by a network element, for usage by another network element within the same domain. However, service identifiers are fundamentally useful within a particular domain, and any such header must be stripped at a network boundary. *** ok see above. Rosenberg Expires February 2, 2008 [Page 19] Internet-Draft Service ID August 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Rosenberg Expires February 2, 2008 [Page 20] _______________________________________________ APPS-REVIEW mailing list APPS-REVIEW@ietf.org https://www1.ietf.org/mailman/listinfo/apps-review
- [APPS-REVIEW] RE: App Area review of draft-ietf-s… Claudio Allocchio