draft-ietf-xcon-cpcp-xcap-02.txt   draft-ietf-xcon-cpcp-xcap-03.txt 
XCON H. Khartabil XCON H. Khartabil
Internet-Draft Nokia Internet-Draft Nokia
Expires: March 10, 2005 September 9, 2004 Expires: April 12, 2005 October 12, 2004
An Extensible Markup Language (XML) Configuration Access Protocol An Extensible Markup Language (XML) Configuration Access Protocol
(XCAP) Usages for Conference Policy Manipulation and Conference (XCAP) Usages for Conference Policy Manipulation and Conference
Policy Privelges Manipulation Policy Privelges Manipulation
draft-ietf-xcon-cpcp-xcap-02 draft-ietf-xcon-cpcp-xcap-03
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable This document is an Internet-Draft and is subject to all provisions
patent or other IPR claims of which I am aware have been disclosed, of section 3 of RFC 3667. By submitting this Internet-Draft, each
and any of which I become aware will be disclosed, in accordance with author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 10, 2005. This Internet-Draft will expire on April 12, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004).
Abstract Abstract
The Conference Policy is defined as the complete set of rules for a The Conference Policy is defined as the complete set of rules for a
particular conference manipulated by the conference policy server. particular conference manipulated by the conference policy server.
The Conferece Policy Control Protocol (CPCP) is the protocol used by The Conferece Policy Control Protocol (CPCP) is the protocol used by
client to manipulate the conference policy. This document defines an client to manipulate the conference policy. This document defines an
XML Configuration Access Protocol (XCAP) application usage that may XML Configuration Access Protocol (XCAP) application usage that may
be used to store and manipulate a conference policy. be used to store and manipulate a conference policy.
skipping to change at page 5, line 25 skipping to change at page 5, line 25
There are no resource interdependencies that need to be defined fo There are no resource interdependencies that need to be defined fo
this application usage. this application usage.
5.3 Additional Constraints 5.3 Additional Constraints
These are defined within the XML structure definition in [2]. These are defined within the XML structure definition in [2].
5.4 Naming Conventions 5.4 Naming Conventions
There are no naming conventions that need to be defined for this The "filename" as defined in XCAP Base document [6] is used to
application usage. describe the final path segment in the document selector. This XCAP
usage requires that the filename of the conference policy privileges
be exactly the same as the filename given to the conference policy
that it relates to. This will save processing time in that the focus
does not need to search all conference privileges documents looking
for the right one. This also eliminates any conflicts that may occur
by disallowing more than one conference policy privileges document to
exist for a single conference policy.
5.5 Authorization Policies 5.5 Authorization Policies
This application usage does not modify the default XCAP authorization This application usage does not modify the default XCAP authorization
policy, which is that only a user can read, write or modify their own policy, which is that only a user can read, write or modify their own
documents. documents.
5.6 MIME Type for CPCP XML Document 5.6 MIME Type for CPCP XML Document
The MIME type for the Conference Policy Privileges XML document is The MIME type for the Conference Policy Privileges XML document is
skipping to change at page 5, line 50 skipping to change at page 6, line 8
6.1 Conference Policy Manipulation 6.1 Conference Policy Manipulation
6.1.1 Creating a Conference 6.1.1 Creating a Conference
Continuing with the example in Section xx of [1], Alice's client uses Continuing with the example in Section xx of [1], Alice's client uses
XCAP to transport the conference policy to the conference policy XCAP to transport the conference policy to the conference policy
server server
PUT PUT
http://xcap.example.com/services/conference-policies/users/Alice/conference.xml HTTP/1.1 http://xcap.example.com/services/conference-policies/users/Alice/c
onference.xml HTTP/1.1
Content-Type: application/conference-policy+xml Content-Type: application/conference-policy+xml
[conference policy from [1] example goes here]. [conference policy from [1] example goes here].
At exactly 2004-12-17T09:30:00-05:00, the focus sends SIP INVITE At exactly 2004-12-17T09:30:00-05:00, the focus sends SIP INVITE
request to Alice and a SIP REFER request to Sarah. At request to Alice and a SIP REFER request to Sarah. At
2004-12-17T09:25:00-05:00, SIP INVITE requests can be accepted from 2004-12-17T09:25:00-05:00, SIP INVITE requests can be accepted from
anyone at domain example.com. Any attempts to join the conference by anyone at domain example.com. Any attempts to join the conference by
users in other domains are rejected. users in other domains are rejected.
6.1.2 Expelling a User 6.1.2 Expelling a User
After the conference has started, Alice decides to expel Bob who has After the conference has started, Alice decides to expel Bob who has
joined the conference. So she modifies the authorization rule that joined the conference. So she modifies the authorization rule that
allows everyone at example.com to join: allows everyone at example.com to join:
PUT PUT
http://xcap.example.com/services/conference-policies/users/Alice/conference.xml/~~/conference/authorization-rules/rule[@id=""]/conditions/identity/ HTTP/1.1 http://xcap.example.com/services/conference-policies/users/Alice/c
onference.xml/~~/conference/authorization-rules/rule[@id=""]/condi
tions/identity/ HTTP/1.1
Content-Type:text/plain Content-Type:text/plain
<identity> <identity>
<domain>example.com</domain> <domain>example.com</domain>
<except>bob@example.com</except> <except>bob@example.com</except>
</identity> </identity>
At this point, the focus sends a SIP BYE request to Bob ending Bob's At this point, the focus sends a SIP BYE request to Bob ending Bob's
participation in the conference. This also guarantees that Bob participation in the conference. This also guarantees that Bob
cannot rejoin the conference since he is explicitly blocked. Any cannot rejoin the conference since he is explicitly blocked. Any
attempt Bob makes in rejoining the conference will fail. attempt Bob makes in rejoining the conference will fail.
6.1.3 Allowing An Expelled Participant To Join Again 6.1.3 Allowing An Expelled Participant To Join Again
Continuing with the example above, Alice now decides to allow Bob to Continuing with the example above, Alice now decides to allow Bob to
join again after a period of time. She does so by rewriting parts of join again after a period of time. She does so by rewriting parts of
the rule that blocks him from joining. the rule that blocks him from joining.
PUT PUT
http://xcap.example.com/services/conference-policies/users/Alice/conference.xml/~~/conference/authorization-rules/rule[@id=""]/conditions/identity/ HTTP/1.1 http://xcap.example.com/services/conference-policies/users/Alice/c
onference.xml/~~/conference/authorization-rules/rule[@id=""]/condi
tions/identity/ HTTP/1.1
Content-Type:text/plain Content-Type:text/plain
<identity> <identity>
<domain>example.com</domain> <domain>example.com</domain>
</identity> </identity>
Bob can now rejoin the conference by sending a SIP INVITE request. Bob can now rejoin the conference by sending a SIP INVITE request.
6.1.4 Allowing Sarah to Refer Users 6.1.4 Allowing Sarah to Refer Users
Alice now decides that Sarah can ask the focus to refer users to the Alice now decides that Sarah can ask the focus to refer users to the
conference: conference:
skipping to change at page 7, line 16 skipping to change at page 7, line 24
</identity> </identity>
Bob can now rejoin the conference by sending a SIP INVITE request. Bob can now rejoin the conference by sending a SIP INVITE request.
6.1.4 Allowing Sarah to Refer Users 6.1.4 Allowing Sarah to Refer Users
Alice now decides that Sarah can ask the focus to refer users to the Alice now decides that Sarah can ask the focus to refer users to the
conference: conference:
PUT PUT
http://xcap.example.com/services/conference-policies/users/Alice/conference.xml/~~/conference/authorization-rules/rule[@id="3"] HTTP/1.1 http://xcap.example.com/services/conference-policies/users/Alice/c
onference.xml/~~/conference/authorization-rules/rule[@id="3"]
HTTP/1.1
Content-Type:text/plain Content-Type:text/plain
<rule id="3"> <rule id="3">
<conditions> <conditions>
<identity> <identity>
<uri>sarah@example.com</uri> <uri>sarah@example.com</uri>
</identity> </identity>
</conditions> </conditions>
<actions> <actions>
<allow-refer-users-dynamically>true</allow-refer-users-dynamically> <allow-refer-users-dynamically>true</allow-refer-users-dynamically>
</actions> </actions>
<transformations/> <transformations/>
</rule> </rule>
6.1.5 Removing A Conference 6.1.5 Removing A Conference
Alice now decides she no longer wants this conference to exist and Alice now decides she no longer wants this conference to exist and
therefore deletes the conference: therefore deletes the conference:
DELETE DELETE
http://xcap.example.com/services/conference-policies/users/Alice/conference.xml http://xcap.example.com/services/conference-policies/users/Alice/c
onference.xml
As a result of this action, the focus sends SIP BYE requests to all As a result of this action, the focus sends SIP BYE requests to all
current participants in the conference. The conference server current participants in the conference. The conference server
terminates the focus thereafter. terminates the focus thereafter.
6.2 Conference Policy Privileges Manipulation 6.2 Conference Policy Privileges Manipulation
6.2.1 Creating Conference Policy Privilegtes 6.2.1 Creating Conference Policy Privilegtes
Continuing with the example in Section xx of [2], Alice's client uses Continuing with the example in Section xx of [2], Alice's client uses
XCAP to transport the conference policy privileges to the conference XCAP to transport the conference policy privileges to the conference
policy server policy server
PUT PUT
http://xcap.example.com/services/conference-policy-privileges/users/Alice/cp-privileges.xml HTTP/1.1 http://xcap.example.com/services/conference-policy-privileges/user
s/Alice/cp-privileges.xml HTTP/1.1
Content-Type: application/privileges+xml Content-Type: application/privileges+xml
[conference policy privileges from [2] example goes here]. [conference policy privileges from [2] example goes here].
7. Security Considerations 7. Security Considerations
A conference document may contain information that is highly The information contained in conference-policies and
sensitive. Its delivery to the conference server needs to happen conference-policy-privileges documents are particularly sensitive.
strictly, paying special attention to integrity and confidentiality. The former represents critical conference information like allowed
Reading the document is also a security concern since the conference user and conference time while the latter represents the list of
policy contains sensitive information like the topic of the privileged people with assigned privileges. As a result, clients
conference, who is allowed to join and the URIs of the users that can SHOULD use TLS when contacting servers in order to fetch this
participate. information. Note that this does not represent a change in
requirement strength from XCAP. The XCAP base specification mandates
Manipulations of the conference policy have similar security issues. that all XCAP servers MUST implement HTTP Authentication: Basic and
Users with relevant privileges can manipulate parts of the conference Digest Access Authentication [9]. Furthermore, XCAP servers MUST
policy giving themselves and others privileges to manipulate the implement HTTP over TLS [10]. It is recommended that administrators
conference policy, including the dial-out list and the security level of XCAP servers use an HTTPS URI as the XCAP root services URI, so
settings for a conference. This can happen because the conference that the digest client authentication occurs over TLS. By using
policy itself carries the identities and the authorization rules that these means, XCAP client and server can ensure the confidentiality
apply to those identities. Those authorization rules carry the and integrity of the XCAP created conference policy and conference
privileges that certain identities have. If an unauthorized user policy privileges documents and their manipulation operations, and
gets access to this document (pretending to be someone else), s/he that only authorized clients are allowed to perform them.
can manipulate those rules giving himself and other unauthorized
users access to the conference policy. S/he can also manipulate
other parts of the conference policy under a false identity. Some of
the things that a malicious user can do include: denying users
certain privileges, giving himself floor moderation, removing users
from lists, removing rules for certain identities, giving privileges
to other malicious users, changing the media streams and changing
conference time. Therefore, it is very important that only
authorized clients are able to manipulate the conference policy. Any
conference policy transport protocol MUST provide authentication,
confidentiality and integrity.
In the case that XCAP is used to create and manipulate a conference
policy, the XCAP base specification mandates that all XCAP servers
MUST implement HTTP Authentication: Basic and Digest Access
Authentication [9]. Furthermore, XCAP servers MUST implement HTTP
over TLS [10]. It is recommended that administrators of XCAP servers
use an HTTPS URI as the XCAP root services URI, so that the digest
client authentication occurs over TLS. By using these means, XCAP
client and server can ensure the confidentiality and integrity of the
XCAP created conference policy document and its manipulation
operations, and that only authorized clients are allowed to perform
them.
8. IANA Considerations 8. IANA Considerations
8.1 XCAP Application Usage IDs 8.1 XCAP Application Usage IDs
8.1.1 conference-policies 8.1.1 conference-policies
Name of the AUID: conference-policies Name of the AUID: conference-policies
Description: Conference policy application manipulates conference Description: Conference policy application manipulates conference
policy at a server. policy at a server.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/