draft-ietf-ecrit-unauthenticated-access-01.txt   draft-ietf-ecrit-unauthenticated-access-02.txt 
ECRIT H. Schulzrinne ECRIT H. Schulzrinne
Internet-Draft Columbia University Internet-Draft Columbia University
Intended status: Standards Track S. McCann Intended status: Standards Track S. McCann
Expires: April 28, 2011 Research in Motion UK Ltd Expires: September 30, 2011 Research in Motion UK Ltd
G. Bajko G. Bajko
Nokia Nokia
H. Tschofenig H. Tschofenig
D. Kroeselberg
Nokia Siemens Networks Nokia Siemens Networks
October 25, 2010 D. Kroeselberg
Siemens
March 29, 2011
Extensions to the Emergency Services Architecture for dealing with Extensions to the Emergency Services Architecture for dealing with
Unauthenticated and Unauthorized Devices Unauthenticated and Unauthorized Devices
draft-ietf-ecrit-unauthenticated-access-01.txt draft-ietf-ecrit-unauthenticated-access-02.txt
Abstract Abstract
The IETF emergency services architecture assumes that the calling The IETF emergency services architecture assumes that the calling
device has acquired rights to use the access network or that no device has acquired rights to use the access network or that no
authentication is required for the access network, such as for public authentication is required for the access network, such as for public
wireless access points. Subsequent protocol interactions, such as wireless access points. Subsequent protocol interactions, such as
obtaining location information, learning the address of the Public obtaining location information, learning the address of the Public
Safety Answering Point (PSAP) and the emergency call itself are Safety Answering Point (PSAP) and the emergency call itself are
largely decoupled from the underlying network access procedures. largely decoupled from the underlying network access procedures.
skipping to change at page 2, line 6 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 28, 2011. This Internet-Draft will expire on September 30, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Use Case Categories . . . . . . . . . . . . . . . . . . . . . 6 3. Use Case Categories . . . . . . . . . . . . . . . . . . . . . 8
4. ZBP Considerations . . . . . . . . . . . . . . . . . . . . . . 8 4. ZBP Considerations . . . . . . . . . . . . . . . . . . . . . . 10
5. NASP Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. NASP Considerations . . . . . . . . . . . . . . . . . . . . . 11
5.1. End Host Profile . . . . . . . . . . . . . . . . . . . . . 11 5.1. End Host Profile . . . . . . . . . . . . . . . . . . . . . 13
5.1.1. LoST Server Discovery . . . . . . . . . . . . . . . . 11 5.1.1. LoST Server Discovery . . . . . . . . . . . . . . . . 13
5.1.2. ESRP Discovery . . . . . . . . . . . . . . . . . . . . 11 5.1.2. ESRP Discovery . . . . . . . . . . . . . . . . . . . . 13
5.1.3. Location Determination and Location Configuration . . 11 5.1.3. Location Determination and Location Configuration . . 13
5.1.4. Emergency Call Identification . . . . . . . . . . . . 11 5.1.4. Emergency Call Identification . . . . . . . . . . . . 13
5.1.5. SIP Emergency Call Signaling . . . . . . . . . . . . . 12 5.1.5. SIP Emergency Call Signaling . . . . . . . . . . . . . 13
5.1.6. Media . . . . . . . . . . . . . . . . . . . . . . . . 12 5.1.6. Media . . . . . . . . . . . . . . . . . . . . . . . . 14
5.1.7. Testing . . . . . . . . . . . . . . . . . . . . . . . 12 5.1.7. Testing . . . . . . . . . . . . . . . . . . . . . . . 14
5.2. IAP/ISP Profile . . . . . . . . . . . . . . . . . . . . . 12 5.2. IAP/ISP Profile . . . . . . . . . . . . . . . . . . . . . 14
5.2.1. ESRP Discovery . . . . . . . . . . . . . . . . . . . . 12 5.2.1. ESRP Discovery . . . . . . . . . . . . . . . . . . . . 14
5.2.2. Location Determination and Location Configuration . . 12 5.2.2. Location Determination and Location Configuration . . 14
5.3. ESRP Profile . . . . . . . . . . . . . . . . . . . . . . . 13 5.3. ESRP Profile . . . . . . . . . . . . . . . . . . . . . . . 14
5.3.1. Emergency Call Routing . . . . . . . . . . . . . . . . 13 5.3.1. Emergency Call Routing . . . . . . . . . . . . . . . . 14
5.3.2. Emergency Call Identification . . . . . . . . . . . . 13 5.3.2. Emergency Call Identification . . . . . . . . . . . . 14
5.3.3. SIP Emergency Call Signaling . . . . . . . . . . . . . 13 5.3.3. SIP Emergency Call Signaling . . . . . . . . . . . . . 15
5.3.4. Location Retrieval . . . . . . . . . . . . . . . . . . 13 6. Lower Layer Considerations for NAA Case . . . . . . . . . . . 16
6. Lower Layer Considerations for NAA Case . . . . . . . . . . . 14 6.1. Link Layer Emergency Indication . . . . . . . . . . . . . 16
6.1. Link Layer Emergency Indication . . . . . . . . . . . . . 14 6.2. Securing Network Attachment in NAA Cases . . . . . . . . . 17
6.2. Higher-Layer Emergency Indication . . . . . . . . . . . . 15 7. Security Considerations . . . . . . . . . . . . . . . . . . . 20
6.3. Securing Network Attachment in NAA Cases . . . . . . . . . 17 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 10.1. Normative References . . . . . . . . . . . . . . . . . . . 23
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 10.2. Informative References . . . . . . . . . . . . . . . . . . 23
10.1. Normative References . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26
10.2. Informative References . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
Summoning police, the fire department or an ambulance in emergencies Summoning police, the fire department or an ambulance in emergencies
is one of the fundamental and most-valued functions of the telephone. is one of the fundamental and most-valued functions of the telephone.
As telephone functionality moves from circuit-switched telephony to As telephone functionality moves from circuit-switched telephony to
Internet telephony, its users rightfully expect that this core Internet telephony, its users rightfully expect that this core
functionality will continue to work at least as well as it has for functionality will continue to work at least as well as it has for
the older technology. New devices and services are being made the older technology. New devices and services are being made
available that could be used to make a request for help, which are available that could be used to make a request for help, which are
skipping to change at page 6, line 40 skipping to change at page 8, line 23
advertise these capabilities using layer beacons. The end host advertise these capabilities using layer beacons. The end host
learns about these unauthenticated emergency services capabilities learns about these unauthenticated emergency services capabilities
either from the link layer type or from advertisement. either from the link layer type or from advertisement.
The end host uses the link layer specific network attachment The end host uses the link layer specific network attachment
procedures defined for unauthenticated network access in order to procedures defined for unauthenticated network access in order to
get access to the network. get access to the network.
Pre-Emergency Service Configuration: When the link layer network Pre-Emergency Service Configuration: When the link layer network
attachment procedure is completed the end host learns basic attachment procedure is completed the end host learns basic
configuration information using DHCP from the ISP, including the configuration information using DHCP from the ISP. The end host
address of the LoST server. The end host uses a Location uses a Location Configuration Protocol (LCP) to retrieve location
Configuration Protocol (LCP) to retrieve location information. information. Subsequently, the LoST protocol [RFC5222] is used to
Subsequently, the LoST protocol [RFC5222] is used to learn the learn the relevant emergency numbers, and to obtain the PSAP URI
relevant emergency numbers, and to obtain the PSAP URI applicable applicable for that location.
for that location.
Emergency Call: In case of need for help, a user dials an emergency Emergency Call: In case of need for help, a user dials an emergency
number and the SIP UA initiates the emergency call procedures by number and the SIP UA initiates the emergency call procedures by
communicating with the PSAP. communicating with the PSAP.
Figure 1 compiles the basic logic taking place during network entry Figure 1 compiles the basic logic taking place during network entry
for requesting an emergency service and shows the interrelation for requesting an emergency service and shows the interrelation
between the three conditions described in the above section. between the three conditions described in the above section.
+-----Y +-----Y
skipping to change at page 9, line 15 skipping to change at page 11, line 12
ASP policy and deployment, and is therefore beyond the scope of this ASP policy and deployment, and is therefore beyond the scope of this
document. document.
5. NASP Considerations 5. NASP Considerations
To start the description we consider the sequence of steps that are To start the description we consider the sequence of steps that are
executed in an emergency call based on Figure 2. executed in an emergency call based on Figure 2.
o As an initial step the devices attaches to the network as shown in o As an initial step the devices attaches to the network as shown in
step (1). This step is outside the scope of this section. step (1). This step is outside the scope of this section.
o When the link layer network attachment procedure is completed the o When the link layer network attachment procedure is completed the
end host learns basic configuration information using DHCP from end host learns basic configuration information using DHCP from
the ISP, including the address of the ESRP, as shown in step (2). the ISP, as shown in step (2).
o When the IP address configuration is completed then the SIP UA
initiates a SIP INVITE towards the indicated ESRP, as shown in o When the IP address configuration is completed then the end host
(3). The INVITE message contains all the necessary parameters starts an interaction with the discovered Location Configuration
required by Section 5.1.5. Server at the ISP, as shown in step (3). The ISP may in certain
deployments need to interact with the IAP. This protocol exchange
is shown in step (4).
o Once location information is obtained the end host triggers the
LoST protocol to obtain the address of the ESRP/PSAP. This step
is shown in (5).
o In step (6), the SIP UA initiates a SIP INVITE towards the
indicated ESRP. The INVITE message contains all the necessary
parameters required by Section 5.1.5.
o The ESRP receives the INVITE and processes it according to the o The ESRP receives the INVITE and processes it according to the
description in Section 5.3.3. The location of the end host may description in Section 5.3.3.
need to be determined using a protocol interaction shown in (4).
o Potentially, an interaction between the LCS of the ISP and the LCS o The ESRP routes the call to the PSAP, as shown in (8), potentially
of the IAP may be necessary, see (5). interacting with a LoST server first to determine the route.
o Finally, the correct PSAP for the location of the end host has to
be evaluated, see (6).
o The ESRP routes the call to the PSAP, as shown in (7).
o The PSAP evaluates the initial INVITE and aims to complete the o The PSAP evaluates the initial INVITE and aims to complete the
call setup. call setup.
o Finally, when the call setup is completed media traffic can be o Finally, when the call setup is completed media traffic can be
exchanged between the PSAP and the emergency caller. exchanged between the PSAP and the SIP UA.
For editorial reasons the end-to-end SIP and media exchange between For editorial reasons the end-to-end SIP and media exchange between
the PSAP and SIP UA are not shown in Figure 2. the PSAP and SIP UA are not shown in Figure 2.
Two important aspects are worth to highlight: +-------+
| PSAP |
o The IAP/ISP needs to understand the concept of emergency calls or | |
other emergency applicationsand the SIP profile described in this +-------+
document. No other VoIP protocol profile, such as XMPP, Skype, ^
etc., are supported for emergency calls in this particular | (8)
architecture. Other profiles may be added in the future, but the |
deployment effort is enormous since they have to be universally +----------+(7) +----------+
deployed. | LoST |<-->| ESRP |
o The end host has no obligation to determine location information. | Server | | |
It may attach location information if it has location available +----------+ +----------+
(e.g., from a GPS receiver). ^ ^
+----------------+----------------|--------------+
Figure 2 shows that the ISP needs to deploy SIP-based emergency | ISP | | |
services functionality. It is important to note that the ISP itself |+----------+ | | +----------+|
may outsource the functionality by simply providing access to them || LCS-ISP | (3)| | | DHCP ||
(e.g., it puts the IP address of an ESRP or a LoST server into an || |<-+ | | | Server ||
allow-list). For editorial reasons this outsourcing is not shown. |+----------+ | | | +----------+|
+-------^------+-+----------------|-----------^--+
+-------+ +-------+ +-------|------+-+----------------|-----------|--+
| PSAP | (7) | ESRP | | IAP | (4) | |(5) | | |
| |<----->| | | V | | | | |
+-------+ +-------+ |+----------+ | | | | |
^ || LCS-IAP | | | +--------+ | | |
| (7) || | | | | Link | |(6) | |
v |+----------+ | | | Layer | | | |
+----------+ (6) +----------+ | | | | Device | | (2)| |
| Mapping |<----->| ESRP | | | | +--------+ | | |
| Database | | |<-+ | | | ^ | | |
+----------+ +----------+ | | | | | | | |
^ | +--------------+-|-------|--------|-----------|--+
+------------------------|--------|--------------+ | | | | |
| ISP | | | | | (1)| | |
|+----------+ | | +----------+| | | | | |
|| LCS-ISP | | | | DHCP || | | | +----+ |
|| |<-----------+ | | Server || | | v | |
|+----------+ (4) | +----------+| | | +----------+ |
+-------^-------------------------|-----------^--+ | +->| End |<-------------+
+-------|-------------------------|-----------|--+ +___>| Host |
| IAP | (5) | | | +----------+
| V | | |
|+----------+ | | |
|| LCS-IAP | +--------+ | | |
|| | | Link | |(3) | |
|+----------+ | Layer | | | |
| | Device | | (2)| |
| +--------+ | | |
| ^ | | |
| | | | |
+------------------------|--------|-----------|--+
| | |
(1)| | |
| | |
| +----+ |
v v |
+----------+ |
| End |<-------------+
| Host |
+----------+
Figure 2: Architectural Overview Figure 2: Architectural Overview
Note: Figure 2 does not indicate who runs the ESRP or the mapping Note: Figure 2 does not indicate who operates the ESRP and the LoST
database. There are different options available. server. Various deployment options exist.
5.1. End Host Profile 5.1. End Host Profile
5.1.1. LoST Server Discovery 5.1.1. LoST Server Discovery
The end host MAY attempt to use [RFC5222] to discover a LoST server. The end host MUST discover a LoST server [RFC5222] using DHCP
If that attempt fails, the end host SHOULD attempt to discover the [RFC5223].
address of an ESRP.
5.1.2. ESRP Discovery 5.1.2. ESRP Discovery
The end host only needs an ESRP when location configuration or LoST The end host MUST discover the ESRP using the LoST protocol
server discovery fails. If that is the case, then the end host MUST [RFC5222].
use the "Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option
for Session Initiation Protocol (SIP) Servers" [RFC3361] (for IPv6)
and / or the "Dynamic Host Configuration Protocol (DHCPv6) Options
for Session Initiation Protocol (SIP) Servers" [RFC3319] to discover
the address of an ESRP. This SIP proxy located in the ISP network
will be used as the ESRP for routing emergency calls. There is no
need to discovery a separate SIP proxy with specific emergency call
functionality since the internal procedure for emergency call
processing is subject of ISP internal operation.
5.1.3. Location Determination and Location Configuration 5.1.3. Location Determination and Location Configuration
The end host SHOULD attempt to use the supported LCPs to configure The end host MUST support location acquisition and the LCPs described
its location. If no LCP is supported in the end host or the location in Section 6.5 of [I-D.ietf-ecrit-phonebcp]. The description in
configuration is not successful, then the end host MUST attempt to Section 6.5 and 6.6 of [I-D.ietf-ecrit-phonebcp] regarding the
discover an ESRP, which would assist the end host in providing the interaction between the device and the LIS applies to this document.
location to the PSAP.
The SIP UA in the end host MUST attach available location information The SIP UA in the end host MUST attach available location information
in a PIDF-LO [RFC4119] when making an emergency call. When in a PIDF-LO [RFC4119] when making an emergency call. When
constructing the PIDF-LO the guidelines in PIDF-LO profile [RFC5491] constructing the PIDF-LO the guidelines in PIDF-LO profile [RFC5491]
MUST be followed. For civic location information the format defined MUST be followed. For civic location information the format defined
in [RFC5139] MUST be supported. in [RFC5139] MUST be supported.
5.1.4. Emergency Call Identification 5.1.4. Emergency Call Identification
To determine which calls are emergency calls, some entity needs to To determine which calls are emergency calls, some entity needs to
map a user entered dialstring into this URN scheme. A user may map a user entered dialstring into this URN scheme. A user may
"dial" 1-1-2, but the call would be sent to urn:service:sos. This "dial" 1-1-2, but the call would be sent to urn:service:sos. This
mapping SHOULD be performed at the endpoint device. mapping SHOULD be performed at the endpoint device.
End hosts MUST use the Service URN mechanism [RFC5031] to mark calls End hosts MUST use the Service URN mechanism [RFC5031] to mark calls
as emergency calls for their home emergency dial string (if known). as emergency calls for their home emergency dial string.
For visited emergency dial string the translation into the Service
URN mechanism is not mandatory since the ESRP in the ISPs network
knows the visited emergency dial strings.
5.1.5. SIP Emergency Call Signaling 5.1.5. SIP Emergency Call Signaling
SIP signaling capabilities [RFC3261] are mandated for end hosts. SIP signaling capabilities [RFC3261] are mandated for end hosts.
The initial SIP signaling method is an INVITE. The SIP INVITE The initial SIP signaling method is an INVITE. The SIP INVITE
request MUST be constructed according to the requirements in Section request MUST be constructed according to the requirements in Section
9.2 [I-D.ietf-ecrit-phonebcp]. 9.2 [I-D.ietf-ecrit-phonebcp].
Regarding callback behavior SIP UAs MUST have a globally routable URI Regarding callback behavior SIP UAs SHOULD place a globally routable
in a Contact: header. URI in a Contact: header.
5.1.6. Media 5.1.6. Media
End points MUST comply with the media requirements for end points End points MUST comply with the media requirements for end points
placing an emergency call found in Section 14 of placing an emergency call found in Section 14 of
[I-D.ietf-ecrit-phonebcp]. [I-D.ietf-ecrit-phonebcp].
5.1.7. Testing 5.1.7. Testing
The description in Section 15 of [I-D.ietf-ecrit-phonebcp] is fully The description in Section 15 of [I-D.ietf-ecrit-phonebcp] is fully
applicable to this document. applicable to this document.
5.2. IAP/ISP Profile 5.2. IAP/ISP Profile
5.2.1. ESRP Discovery 5.2.1. ESRP Discovery
An ISP hosting an ESRP MUST implement the server side part of An ISP MUST provision a DHCP server with information about LoST
"Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option for servers [RFC5223]. An ISP operator may choose to deploy a LoST
Session Initiation Protocol (SIP) Servers" [RFC3361] (for IPv4) and / server or to outsource it to other parties.
or the "Dynamic Host Configuration Protocol (DHCPv6) Options for
Session Initiation Protocol (SIP) Servers" [RFC3319].
5.2.2. Location Determination and Location Configuration 5.2.2. Location Determination and Location Configuration
When receiving an INVITE message the following steps are done: The ISP is responsible for location determination and exposes this
1. If the INVITE message does not include location information the information to the end points via location configuration protocols.
ESRP-registrar MUST use HELD identity The considerations described in [I-D.ietf-ecrit-location-hiding-req]
[I-D.ietf-geopriv-held-identity-extensions] to obtain the are applicable to this document.
location of the device as both a location value and reference.
In order to contact the LIS the ESRP-registrar SHOULD determine The ISP MUST support one of the LCPs described in Section 6.5 of
the LIS address using the mechanism described in [I-D.ietf-ecrit-phonebcp]. The description in Section 6.5 and 6.6 of
[I-D.thomson-geopriv-res-gw-lis-discovery]. The ESRP-registrar [I-D.ietf-ecrit-phonebcp] regarding the interaction between the end
MAY use other methods for LIS determination where available. device and the LIS applies to this document.
2. If the INVITE message contains a location URI then the ESRP-
registrar MUST dereference it so that it has a location available The interaction between the LIS at the ISP and the IAB is often
to route the impending emergency call. The ESRP-registrar MAY priorietary but the description in
validate the LIS address in the location URI with that of the LIS [I-D.winterbottom-geopriv-lis2lis-req] may be relevant to the reader.
serving the network from which the INVITE message originated.
3. The INVITE message contains location information by value. Any
actions performed by the ESRP-registrar to valid this information
are specific to the jurisdiction in which the ESRP operates and
are out of the scope of this document.
5.3. ESRP Profile 5.3. ESRP Profile
5.3.1. Emergency Call Routing 5.3.1. Emergency Call Routing
The ESRP must route the emergency call to the PSAP responsible for The ESRP continues to route the emergency call to the PSAP
the physical location of the end host. However, a standardized responsible for the physical location of the end host. This may
approach for determining the correct PSAP based on a given location require further interactions with LoST servers but depends on the
is useful but not mandatory. specific deployment.
For cases where a standardized protocol is used LoST [RFC5222] is a
suitable mechanism.
5.3.2. Emergency Call Identification 5.3.2. Emergency Call Identification
The ESRP MUST understand the Service URN mechanism [RFC5031] (i.e., The ESRP MUST understand the Service URN mechanism [RFC5031] (i.e.,
the 'urn:service:sos' tree) and additionally the national emergency the 'urn:service:sos' tree).
dial strings. The ESRP SHOULD perform a mapping of national
emergency dial strings to Service URNs to simplify processing at
PSAPs.
5.3.3. SIP Emergency Call Signaling 5.3.3. SIP Emergency Call Signaling
SIP signaling capabilities [RFC3261] are mandated for the ESRP. The SIP signaling capabilities [RFC3261] are mandated for the ESRP. The
ESRP MUST process the messages sent by the client, according to ESRP MUST process the messages sent by the client, according to
Section 5.1.5. Furthermore, the ESRP MUST be able to add a reference Section 5.1.5.
to location information, as described in SIP Location Conveyance
[I-D.ietf-sipcore-location-conveyance], before forwarding the call to
the PSAP. The ISP MUST be prepared to receive incoming dereferencing
requests to resolve the reference to the location information.
5.3.4. Location Retrieval
The ESRP acts a location recipient and the usage of HELD [RFC5985]
with the identity extensions
[I-D.ietf-geopriv-held-identity-extensions] may be a possible choice.
The ESRP would thereby act as a HELD client and the corresponding LIS
at the ISP as the HELD server.
The ESRP needs to obtain enough information to route the call. The
ESRP itself, however, does not necessarily need to process location
information obtained via HELD since it may be used as input to LoST
to obtain the PSAP URI.
6. Lower Layer Considerations for NAA Case 6. Lower Layer Considerations for NAA Case
Some radio networks have added support for unauthenticated emergency Some radio networks have added support for unauthenticated emergency
access, some other type of networks advertise these capabilities access, some other type of networks advertise these capabilities
using layer beacons. The end host learns about these unauthenticated using layer beacons. The end host learns about these unauthenticated
emergency services capabilities either from the link layer type or emergency services capabilities either from the link layer type or
from advertisement. from advertisement.
This section discusses different methods to indicate an emergency This section discusses different methods to indicate an emergency
skipping to change at page 14, line 36 skipping to change at page 16, line 31
detection and selection, authentication, and authorization. For detection and selection, authentication, and authorization. For
initial network attachment of an emergency service requester, the initial network attachment of an emergency service requester, the
method of how the emergency indication is given to the IAP/ISP is method of how the emergency indication is given to the IAP/ISP is
specific to the access technology. However, a number of general specific to the access technology. However, a number of general
approaches can be identified: approaches can be identified:
Link layer emergency indication: The end host provides an Link layer emergency indication: The end host provides an
indication, e.g. an emergency parameter or flag, as part of the indication, e.g. an emergency parameter or flag, as part of the
link layer signaling for initial network attachment. Examples link layer signaling for initial network attachment. Examples
include an emergency bit signalled in the IEEE 802.16-2009 include an emergency bit signalled in the IEEE 802.16-2009
wireless link. signalling allows an IEEE 802.1X to occur without wireless link. In IEEE 802.11 WLAN, an emergency support
exchanging cryptogrpahic keys. indicator allows the STA to download before association an NAI
which it can use to request server side authentication only for an
802.1x network.
Higher-layer emergency indication: Typically emergency indication in Higher-layer emergency indication: Typically emergency indication in
access authentication. The emergency caller's end host provides access authentication. The emergency caller's end host provides
an indication as part of the access authentication exchanges. EAP an indication as part of the access authentication exchanges. EAP
based authentication is of particular relevance here. [nwgstg3]. based authentication is of particular relevance here. Examples
are the EAP NAI decoration used in WiMAX networks and modification
of the authentication exchange in IEEE 802.11. [nwgstg3].
6.1. Link Layer Emergency Indication 6.1. Link Layer Emergency Indication
In general, link layer emergency indications provide good integration In general, link layer emergency indications provide good integration
into the actual network access procedure regarding the enabling of into the actual network access procedure regarding the enabling of
means to recognize and prioritize an emergency service request from means to recognize and prioritize an emergency service request from
an end host at a very early stage of the network attachment an end host at a very early stage of the network attachment
procedure. However, support in end hosts for such methods cannot be procedure. However, support in end hosts for such methods cannot be
considered to be commonly available. considered to be commonly available.
skipping to change at page 15, line 8 skipping to change at page 17, line 7
In general, link layer emergency indications provide good integration In general, link layer emergency indications provide good integration
into the actual network access procedure regarding the enabling of into the actual network access procedure regarding the enabling of
means to recognize and prioritize an emergency service request from means to recognize and prioritize an emergency service request from
an end host at a very early stage of the network attachment an end host at a very early stage of the network attachment
procedure. However, support in end hosts for such methods cannot be procedure. However, support in end hosts for such methods cannot be
considered to be commonly available. considered to be commonly available.
No general recommendations are given in the scope of this memo due to No general recommendations are given in the scope of this memo due to
the following reasons: the following reasons:
o Dependency on the specific access technology. o Dependency on the specific access technology.
o Dependency on the specific access network architecture. Access o Dependency on the specific access network architecture. Access
authorization and policy decisions typically happen at a different authorization and policy decisions typically happen at a different
layers of the protocol stack and in different entities than those layers of the protocol stack and in different entities than those
terminating the link-layer signaling. As a result, link layer terminating the link-layer signaling. As a result, link layer
indications need to be distributed and translated between the indications need to be distributed and translated between the
different involved protocol layers and entities. Appropriate different involved protocol layers and entities. Appropriate
methods are specific to the actual architecture of the IAP/ISP methods are specific to the actual architecture of the IAP/ISP
network. network.
6.2. Higher-Layer Emergency Indication o An advantage of combining emergency indications with the actual
network attachment procedure performing authentication and
This section focuses on emergency indications based on authentication authorization is the fact that the emergency indication can
and authorization in EAP-based network access. directly be taken into account in the authentication and
authorization server that owns the policy for granting access to
An advantage of combining emergency indications with the actual the network resources. As a result, there is no direct dependency
network attachment procedure performing authentication and on the access network architecture that otherwise would need to
authorization is the fact that the emergency indication can directly take care of merging link-layer indications into the AA and policy
be taken into account in the authentication and authorization server decision process.
that owns the policy for granting access to the network resources.
As a result, there is no direct dependency on the access network
architecture that otherwise would need to take care of merging link-
layer indications into the AA and policy decision process.
EAP signaling happens at a relatively early stage of network
attachment, so it is likely to match most requirements for
prioritization of emergency signaling. However, it does not cover
early stages of link layer activity in the network attachment
process. Possible conflicts may arise e.g. in case of MAC-based
filtering in entities terminating the link-layer signaling in the
network (like a base station). In normal operation, EAP related
information will only be recognized in the NAS. Any entity residing
between end host and NAS should not be expected to understand/parse
EAP messages.
The following potential methods to provide emergency indications in
combination with EAP-based network attachment, are recognized:
1. NAI-based emergency indication:
An emergency indication can be given by forming a specific NAI
that is used as the identity in EAP based authentication for
network entry. Methods include:
2.
1.a) NAI Decoration:
NAI decoration is commonly used in routing EAP responses
within the IAP/ISP AAA infrastructure. Additional decoration
can be used to add an indication that the network attachment
attempt is meant for accessing emergency services. Potential
advantages of such approach include that it requires only
minimal realization effort compared to link-layer indications
with good integration into the authentication and
authorization procedures. The same procedure can be used for
all NAA cases (both unauthenticated and unauthorized) as well
as for normal attachment with a valid subscription. A
potential disadvantage is that such EAP decoration is not
globally defined across all different access technologies.
1.b) Emergency NAI:
The NAI comes with a realm or username part indicating
emergency (e.g. 'emergency@emergency.com'). An advantage of
this method for NAA cases is that no new requirements are put
on the involved signaling procedures. Only the identity used
for network entry is impacted. Potential disadvantages
include that different methods to indicate emergency for NAA
cases and standard emergency network attachments may be
required. Also, modifying the NAI itself (the username@realm
part) may conflict with network selection and network entry
procedures, depending on the actual access network.
3. Emergency EAP method
An emergency indication can be given by using a dedicated EAP
method that is reserved for emergency network attachment only.
2.a) Existing EAP method with New Method Type:
An existing EAP method may be used. EAP methods themselves
typically do not support emergency indication. One option
would be to pick a common EAP method like EAP-TLS and allocate
a new method type for the same method that is exclusively
reserved to emergency use. Such EAP method should be chosen
in a way that the same method can support NAA cases as well as
standard emergency network attachment.
2.b) Existing EAP Method:
Same as 2a), but without assigning a new EAP method type for
emergency. In this case some implicit indication must be
used. For example, in cases where EAP-TLS is used in network
attachment in combination with client certificates, the
absence of a client certificate could be interpreted by the
network as a request for emergency network attachment.
2.c) Emergency EAP Method: o EAP signaling happens at a relatively early stage of network
attachment, so it is likely to match most requirements for
prioritization of emergency signaling. However, it does not cover
early stages of link layer activity in the network attachment
process. Possible conflicts may arise e.g. in case of MAC-based
filtering in entities terminating the link-layer signaling in the
network (like a base station). In normal operation, EAP related
information will only be recognized in the NAS. Any entity
residing between end host and NAS should not be expected to
understand/parse EAP messages.
A new EAP method could be defined that is specifically o An emergency indication can be given by forming a specific NAI
designed for emergency network entry in NAA cases. Most that is used as the identity in EAP based authentication for
likely, such EAP method would not be usable for standard network entry.
emergency network attachment with an existing subscription.
Such dedicated emergency EAP method should be key-generating
in compliance with RFC3748 to enable the regular air interface
security methods even in unauthenticated operation.
6.3. Securing Network Attachment in NAA Cases 6.2. Securing Network Attachment in NAA Cases
For network attachment in NAA cases, it may make sense to secure the For network attachment in NAA cases, it may make sense to secure the
link-layer connection between the device and the IAP/ISP. This link-layer connection between the device and the IAP/ISP. This
especially holds for wireless access with examples being based especially holds for wireless access with examples being IEEE 802.11
access. The latter even mandates secured communication across the or IEEE 802.16 based access. The latter even mandates secured
wireless link for all IAP/ISP networks based on [nwgstg3]. communication across the wireless link for all IAP/ISP networks based
on [nwgstg3].
Therefore, for network attachment that is by default based on EAP Therefore, for network attachment that is by default based on EAP
authentication it is desirable also for NAA network attachment to use authentication it is desirable also for NAA network attachment to use
a key-generating EAP method (that provides an MSK key to the a key-generating EAP method (that provides an MSK key to the
authenticator to bootstrap further key derivation for protecting the authenticator to bootstrap further key derivation for protecting the
wireless link). wireless link).
The following approaches to match the above can be identified: The following approaches to match the above can be identified:
1) Server-only Authentication: 1) Server-only Authentication:
The device of the emergency service requester performs an EAP The device of the emergency service requester performs an EAP
method with the IAP/ISP EAP server that performs server method with the IAP/ISP EAP server that performs server side
authentication only. An example for this is EAP-TLS. This authentication only. An example for this is EAP-TLS. This
provides a certain level of assurance about the IAP/ISP to the provides a certain level of assurance about the IAP/ISP to the
device user. It requires the device to be provisioned with device user. It requires the device to be provisioned with
appropriate trusted root certificates to be able to verify the appropriate trusted root certificates to be able to verify the
server certificate of the EAP server (unless this step is server certificate of the EAP server (unless this step is
explicitly skipped in the device in case of an emergency service explicitly skipped in the device in case of an emergency service
request). request). This method is used to provide access of devices
without existing credentials to an 802.1x network. The details
are incorporated into the not yet published 802.11-2011
specification.
2) Null Authentication: 2) Null Authentication:
an EAP method is performed. However, no credentials specific to In one case (e.g. WiMAX) an EAP method is performed. However, no
either the server or the device or subscription are used as part credentials specific to either the server or the device or
of the authentication exchange. An example for this would be an subscription are used as part of the authentication exchange. An
EAP-TLS exchange with using the TLS_DH_anon (anonymous) example for this would be an EAP-TLS exchange with using the
ciphersuite. Alternatively, a publicly available static key for TLS_DH_anon (anonymous) ciphersuite. Alternatively, a publicly
emergency access could be used. In the latter case, the device available static key for emergency access could be used. In the
would need to be provisioned with the appropriate emergency key latter case, the device would need to be provisioned with the
for the IAP/ISP in advance. appropriate emergency key for the IAP/ISP in advance. In another
case (e.g. IEEE 802.11), no EAP method is used, so that empty
frames are transported during the over the air IEEE 802.1X
exchange. In this case the authentication state machine completes
with no cryptographic keys being exchanged.
3) Device Authentication: 3) Device Authentication:
This case extends the server-only authentication case. If the This case extends the server-only authentication case. If the
device is configured with a device certificate and the IAP/ISP EAP device is configured with a device certificate and the IAP/ISP EAP
server can rely on a trusted root allowing the EAP server to server can rely on a trusted root allowing the EAP server to
verify the device certificate, at least the device identity (e.g., verify the device certificate, at least the device identity (e.g.,
the MAC address) can be authenticated by the IAP/ISP in NAA cases. the MAC address) can be authenticated by the IAP/ISP in NAA cases.
An example for this are WiMAX devices that are shipped with device An example for this are WiMAX devices that are shipped with device
certificates issued under the global WiMAX device public-key certificates issued under the global WiMAX device public-key
skipping to change at page 19, line 29 skipping to change at page 21, line 11
location information does not need to be provided by the end host location information does not need to be provided by the end host
itself or it can be verified to fall within a specific geographical itself or it can be verified to fall within a specific geographical
area. area.
8. Acknowledgments 8. Acknowledgments
Parts of this document are derived from [I-D.ietf-ecrit-phonebcp]. Parts of this document are derived from [I-D.ietf-ecrit-phonebcp].
Participants of the 2nd and 3rd SDO Emergency Services Workshop Participants of the 2nd and 3rd SDO Emergency Services Workshop
provided helpful input. provided helpful input.
We would like to thank Richard Barnes, Brian Rosen, James Polk, Marc
Linsner, and Martin Thomson for their feedback at the IETF#80 ECRIT
meeting.
9. IANA Considerations 9. IANA Considerations
This document does not require actions by IANA. This document does not require actions by IANA.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-sipcore-location-conveyance]
Polk, J., Rosen, B., and J. Peterson, "Location Conveyance
for the Session Initiation Protocol",
draft-ietf-sipcore-location-conveyance-03 (work in
progress), July 2010.
[RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for [RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for
Emergency and Other Well-Known Services", RFC 5031, Emergency and Other Well-Known Services", RFC 5031,
January 2008. January 2008.
[RFC4119] Peterson, J., "A Presence-based GEOPRIV Location Object [RFC4119] Peterson, J., "A Presence-based GEOPRIV Location Object
Format", RFC 4119, December 2005. Format", RFC 4119, December 2005.
[RFC5491] Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV [RFC5491] Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV
Presence Information Data Format Location Object (PIDF-LO) Presence Information Data Format Location Object (PIDF-LO)
Usage Clarification, Considerations, and Recommendations", Usage Clarification, Considerations, and Recommendations",
RFC 5491, March 2009. RFC 5491, March 2009.
[RFC5139] Thomson, M. and J. Winterbottom, "Revised Civic Location [RFC5139] Thomson, M. and J. Winterbottom, "Revised Civic Location
Format for Presence Information Data Format Location Format for Presence Information Data Format Location
Object (PIDF-LO)", RFC 5139, February 2008. Object (PIDF-LO)", RFC 5139, February 2008.
[RFC3361] Schulzrinne, H., "Dynamic Host Configuration Protocol
(DHCP-for-IPv4) Option for Session Initiation Protocol
(SIP) Servers", RFC 3361, August 2002.
[RFC3319] Schulzrinne, H. and B. Volz, "Dynamic Host Configuration
Protocol (DHCPv6) Options for Session Initiation Protocol
(SIP) Servers", RFC 3319, July 2003.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.ietf-ecrit-phonebcp] [I-D.ietf-ecrit-phonebcp]
Rosen, B. and J. Polk, "Best Current Practice for Rosen, B. and J. Polk, "Best Current Practice for
Communications Services in support of Emergency Calling", Communications Services in support of Emergency Calling",
draft-ietf-ecrit-phonebcp-15 (work in progress), draft-ietf-ecrit-phonebcp-17 (work in progress),
July 2010. March 2011.
[RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H. [RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H.
Tschofenig, "LoST: A Location-to-Service Translation Tschofenig, "LoST: A Location-to-Service Translation
Protocol", RFC 5222, August 2008. Protocol", RFC 5222, August 2008.
[RFC5223] Schulzrinne, H., Polk, J., and H. Tschofenig, "Discovering [RFC5223] Schulzrinne, H., Polk, J., and H. Tschofenig, "Discovering
Location-to-Service Translation (LoST) Servers Using the Location-to-Service Translation (LoST) Servers Using the
Dynamic Host Configuration Protocol (DHCP)", RFC 5223, Dynamic Host Configuration Protocol (DHCP)", RFC 5223,
August 2008. August 2008.
10.2. Informative References 10.2. Informative References
[RFC5687] Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7 [RFC5687] Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
Location Configuration Protocol: Problem Statement and Location Configuration Protocol: Problem Statement and
Requirements", RFC 5687, March 2010. Requirements", RFC 5687, March 2010.
[I-D.ietf-ecrit-framework] [I-D.ietf-ecrit-framework]
Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
"Framework for Emergency Calling using Internet "Framework for Emergency Calling using Internet
Multimedia", draft-ietf-ecrit-framework-11 (work in Multimedia", draft-ietf-ecrit-framework-12 (work in
progress), July 2010. progress), October 2010.
[I-D.thomson-geopriv-res-gw-lis-discovery] [I-D.ietf-geopriv-res-gw-lis-discovery]
Thomson, M. and R. Bellis, "Location Information Server Thomson, M. and R. Bellis, "Location Information Server
(LIS) Discovery using IP address and Reverse DNS", (LIS) Discovery using IP address and Reverse DNS",
draft-thomson-geopriv-res-gw-lis-discovery-04 (work in draft-ietf-geopriv-res-gw-lis-discovery-01 (work in
progress), September 2010. progress), March 2011.
[RFC5985] Barnes, M., "HTTP-Enabled Location Delivery (HELD)", [RFC5985] Barnes, M., "HTTP-Enabled Location Delivery (HELD)",
RFC 5985, September 2010. RFC 5985, September 2010.
[RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for [RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for
Emergency Context Resolution with Internet Technologies", Emergency Context Resolution with Internet Technologies",
RFC 5012, January 2008. RFC 5012, January 2008.
[I-D.ietf-geopriv-held-identity-extensions] [I-D.ietf-ecrit-location-hiding-req]
Winterbottom, J., Thomson, M., Tschofenig, H., and R. Schulzrinne, H., Liess, L., Tschofenig, H., Stark, B., and
Barnes, "Use of Device Identity in HTTP-Enabled Location A. Kuett, "Location Hiding: Problem Statement and
Delivery (HELD)", Requirements", draft-ietf-ecrit-location-hiding-req-04
draft-ietf-geopriv-held-identity-extensions-05 (work in (work in progress), February 2010.
progress), October 2010.
[I-D.winterbottom-geopriv-lis2lis-req] [I-D.winterbottom-geopriv-lis2lis-req]
Winterbottom, J. and S. Norreys, "LIS to LIS Protocol Winterbottom, J. and S. Norreys, "LIS to LIS Protocol
Requirements", draft-winterbottom-geopriv-lis2lis-req-01 Requirements", draft-winterbottom-geopriv-lis2lis-req-01
(work in progress), November 2007. (work in progress), November 2007.
[RFC5069] Taylor, T., Tschofenig, H., Schulzrinne, H., and M. [RFC5069] Taylor, T., Tschofenig, H., Schulzrinne, H., and M.
Shanmugam, "Security Threats and Requirements for Shanmugam, "Security Threats and Requirements for
Emergency Call Marking and Mapping", RFC 5069, Emergency Call Marking and Mapping", RFC 5069,
January 2008. January 2008.
skipping to change at page 23, line 5 skipping to change at page 27, line 5
Hannes Tschofenig Hannes Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
Linnoitustie 6 Linnoitustie 6
Espoo 02600 Espoo 02600
Finland Finland
Phone: +358 (50) 4871445 Phone: +358 (50) 4871445
Email: Hannes.Tschofenig@gmx.net Email: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at URI: http://www.tschofenig.priv.at
Dirk Kroeselberg Dirk Kroeselberg
Nokia Siemens Networks Siemens
St.-Martin-Str. 76
Munich 81541
Germany Germany
Phone: +49 (89) 515933019 Phone:
Email: Dirk.Kroeselberg@nsn.com Email: dirk.kroeselberg@siemens.com
 End of changes. 47 change blocks. 
333 lines changed or deleted 210 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/