draft-ietf-xcon-common-data-model-28.txt   draft-ietf-xcon-common-data-model-29.txt 
XCON O. Novo XCON O. Novo
Internet-Draft G. Camarillo Internet-Draft G. Camarillo
Intended status: Standards Track Ericsson Intended status: Standards Track Ericsson
Expires: November 28, 2011 D. Morgan Expires: December 3, 2011 D. Morgan
Fidelity Investments Fidelity Investments
J. Urpalainen J. Urpalainen
Nokia Nokia
May 27, 2011 Jun 01, 2011
Conference Information Data Model for Centralized Conferencing (XCON) Conference Information Data Model for Centralized Conferencing (XCON)
draft-ietf-xcon-common-data-model-28.txt draft-ietf-xcon-common-data-model-29.txt
Abstract Abstract
RFC5239 defines the idea of a centralized conferencing (XCON) as an RFC5239 defines the idea of a centralized conferencing (XCON) as an
association of participants with a central focus. The state of a association of participants with a central focus. The state of a
conference is represented by a conference object. This document conference is represented by a conference object. This document
defines an Extensible Markup Language (XML)-based conference defines an Extensible Markup Language (XML)-based conference
information data model to be used for conference objects. A information data model to be used for conference objects. A
conference information data model is designed to convey information conference information data model is designed to convey information
about the conference and about participation in the conference. The about the conference and about participation in the conference. The
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 28, 2011. This Internet-Draft will expire on December 3, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 53, line 40 skipping to change at page 53, line 40
against this database. In order to minimize these threats, the against this database. In order to minimize these threats, the
administrator of the conferencing system MUST ensure that only administrator of the conferencing system MUST ensure that only
authorized users can connect to this database (e.g., by using access authorized users can connect to this database (e.g., by using access
control rules). In particular, the integrity of the database MUST be control rules). In particular, the integrity of the database MUST be
protected against unauthorized modifications. In addition to that, protected against unauthorized modifications. In addition to that,
the XCON-USERID or XCON-URI SHOULD be hard to guess. It is critical the XCON-USERID or XCON-URI SHOULD be hard to guess. It is critical
that the URI remain difficult to "guess" via brute force methods. that the URI remain difficult to "guess" via brute force methods.
Generic security considerations for usage of URIs are discussed in Generic security considerations for usage of URIs are discussed in
[RFC3986]. [RFC3986].
The confidentiality of the database SHOULD be protected from It is RECOMMENDED the database uses encryption mechanisms if the
unauthorized users, given that the data model contains a set of information is stored in long term storage (e.g., disk). If the
sensitive elements (e.g., passwords), and it is RECOMMENDED the database contains sensitive elements (e.g., passwords) the
database uses encryption mechanisms if the information is stored in confidentiality of the database MUST be protected from unauthorized
long term storage (e.g., disk). In addition to implementing access users. If no sensitive elements is present then confidentiality is
control, as discussed above, it is RECOMMENDED that administrators of not needed. In addition to implementing access control, as discussed
conferencing systems only provide access to the database over above, it is RECOMMENDED that administrators of conferencing systems
encrypted channels (e.g., using TLS encryption) in order to avoid only provide access to the database over encrypted channels (e.g.,
eavesdroppers. Administrators of conferencing systems SHOULD also using TLS encryption) in order to avoid eavesdroppers.
avoid disclosing information to unauthorized parties when a Administrators of conferencing systems SHOULD also avoid disclosing
conference is being cloned or when a sidebar is being created. For information to unauthorized parties when a conference is being cloned
example, an external sidebar as defined in [RFC5239], section 9.4.2, or when a sidebar is being created. For example, an external sidebar
may include participants who were not authorized for the parent as defined in [RFC5239], section 9.4.2, may include participants who
conference. were not authorized for the parent conference.
The security considerations for authentication (Section 11.1) The security considerations for authentication (Section 11.1)
described in the centralized conferencing framework [RFC5239] also described in the centralized conferencing framework [RFC5239] also
apply to this document. Similarly, the security considerations for apply to this document. Similarly, the security considerations for
authorization (Section 5.2) described in the Session Initiation authorization (Section 5.2) described in the Session Initiation
Protocol (SIP) REFER Method [RFC3515] apply to this document as well. Protocol (SIP) REFER Method [RFC3515] apply to this document as well.
Note that the specification of the privacy policy is outside the
scope of this document. Saying that, a privacy policy will be needed
in the real implementation of the data model and, therefore, is
subject to future policy documents.
9. IANA Considerations 9. IANA Considerations
9.1. Relax NG Schema Registration 9.1. Relax NG Schema Registration
This specification registers a schema. The schema can be found This specification registers a schema. The schema can be found
as the sole content of Section 5. as the sole content of Section 5.
URI: urn:ietf:params:xml:schema:xcon-conference-info URI: urn:ietf:params:xml:schema:xcon-conference-info
Registrant Contact: IETF XCON working group, Registrant Contact: IETF XCON working group,
skipping to change at page 58, line 41 skipping to change at page 58, line 41
[RFC4855] Casner, S., "Media Type Registration of RTP Payload [RFC4855] Casner, S., "Media Type Registration of RTP Payload
Formats", RFC 4855, February 2007. Formats", RFC 4855, February 2007.
[RFC5018] Camarillo, G., "Connection Establishment in the Binary [RFC5018] Camarillo, G., "Connection Establishment in the Binary
Floor Control Protocol (BFCP)", RFC 5018, September 2007. Floor Control Protocol (BFCP)", RFC 5018, September 2007.
[RFC5646] Phillips, A. and M. Davis, "Tags for Identifying [RFC5646] Phillips, A. and M. Davis, "Tags for Identifying
Languages", BCP 47, RFC 5646, September 2009. Languages", BCP 47, RFC 5646, September 2009.
[W3C.REC-xml-20081126] [W3C.REC-xml-20081126]
Paoli, J., Yergeau, F., Bray, T., Maler, E., and C. Maler, E., Yergeau, F., Sperberg-McQueen, C., Paoli, J.,
Sperberg-McQueen, "Extensible Markup Language (XML) 1.0 and T. Bray, "Extensible Markup Language (XML) 1.0 (Fifth
(Fifth Edition)", World Wide Web Consortium Edition)", World Wide Web Consortium Recommendation REC-
Recommendation REC-xml-20081126, November 2008, xml-20081126, November 2008,
<http://www.w3.org/TR/2008/REC-xml-20081126>. <http://www.w3.org/TR/2008/REC-xml-20081126>.
Appendix A. Non-Normative RELAX NG Schema in XML Syntax Appendix A. Non-Normative RELAX NG Schema in XML Syntax
<?xml version="1.0" encoding="UTF-8" ?> <?xml version="1.0" encoding="UTF-8" ?>
<grammar <grammar
ns="urn:ietf:params:xml:ns:conference-info" ns="urn:ietf:params:xml:ns:conference-info"
xmlns="http://relaxng.org/ns/structure/1.0" xmlns="http://relaxng.org/ns/structure/1.0"
xmlns:xcon="urn:ietf:params:xml:ns:xcon-conference-info" xmlns:xcon="urn:ietf:params:xml:ns:xcon-conference-info"
datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
 End of changes. 7 change blocks. 
22 lines changed or deleted 27 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/