rfc3298.txt

RFC 的详细文档！

                                          |
                                          V
                                    Service Control
                                          |
                                          |
                                          V
                                         SSP

                 Figure 2: Sequence of SPIRITS actions

   One of the following actions is required by benchmark services:

      a) Accept the incoming call

      b) Reject the incoming call

      c) Redirect the incoming call

      d) Accept the call via VoIP (this particular item is outside of
         the scope of SPIRITS WG).

   Accordingly, the SPIRITS protocol should define the following message
   types:

      a) S->G: <Accept Call>

      b) S->G: <[Reject Call],[Cause]>

      c) S->G: <[Redirect Call],[Redirection Destination]>






Faynberg, et al.             Informational                     [Page 12]

RFC 3298             SPIRITS Protocol Requirements           August 2002


8. Methodology

   To determine the MINIMUM SPIRITS protocol vocabulary (i.e., the set
   of messages), the PSTN events associated with each detection point of
   the Basic Call State Model should be examined.  To date, the CS-3
   BSCM has the richest set of DPs, although not all switching exchanges
   have implemented it.

   To determine the MINIMUM information available to the SPIRITS client
   (this information is to be carried by the SPIRITS protocol from
   SPIRITS client to SPIRITS server), each DP-specific information
   elements needs to be examined.

   Parameters should be event-specific, the following generic types of
   parameters are expected to be mandatory:

      - timer (for no answer)

      - midcall control info (for mid_call)

      - number of digits (for collected_information)

9. Security Considerations

   Overall, the basic aspects of security apply to SPIRITS protocol:

   -  Authentication:
      In the communications between the SPIRITS Client and SPIRITS
      Gateway as well as the SPIRITS Gateway and SPIRITS Server, it is
      required that the information be sent between known and trusted
      partners.

   -  Integrity:
      It is a requirement that no exchanged data be modified in transit.

   -  Confidentiality:
      It is a requirement that any private user information or
      confidential network data be protected by the protocol (typically
      through encryption, for which the protocol should allow a choice
      in the algorithm selection.

   -  Availability:
      It is a requirement that the communicating endpoints remain in
      service for authorized use only.







Faynberg, et al.             Informational                     [Page 13]

RFC 3298             SPIRITS Protocol Requirements           August 2002


   In addition, the protocol should support non-repudiation for those
   control messages pertinent to charging the PSTN subscriber.

   As Figure 1 demonstrates, there are two distinct communications
   interfaces, B and C.  The B interface is, in general, across the
   public Internet and is thus most vulnerable to security attacks
   resulting in theft or denial of service.  The C interface, on the
   other hand is likely to be implemented across a service providers
   intranet, where the security measures should be applied at the
   discretion of the service provider.  Even then, because at least one
   IP host (the PINT gateway) is connected to the Internet, special
   measures (e.g., installation of firewalls, although this particular
   measure alone may be insufficient) need to be taken to protect the
   interface C and the rest of the network from security attacks.

   The assumption that the PINT Client and SPIRITS server are co-
   located, dictates that the security considerations for the A and B
   interfaces are exactly same.  Detailed security requirements and
   solutions for interface A (and, consequently, B) can be found in RFC
   2848 [3].

   Possible security attacks can result in both theft and denial of
   services.  In addition, such attacks may violate the privacy of a
   PSTN subscriber.  For example, with Internet Call Waiting, a
   fraudulent registration (or a manipulation of integrity of a valid
   registration) may force a network operator to provide to an
   authorized party a full log of attempted telephone calls (accompanied
   by the identification of callers).  Furthermore, the calls may be
   diverted to wrong recipients (who may further defraud the
   unsuspecting calling party).  In this case, the calling party is
   using only the PSTN and thus expecting the security of communications
   that are typical of the PSTN.  The PSTN service providers may be
   liable for the consequences of establishing wrong connections.  In
   addition, the PSTN service providers may be liable for inadvertent
   divulging of the private information of the subscriber.

   The service and network providers need to review the possibilities of
   the security attacks and prepare the means of protection from them.
   Some of this may be achieved by using the means outside of those
   provided by the protocol itself.  For example, administrative
   information (such as statistics collected by PINT MIB or SPIRITS MIB)
   can help in determining violations and thwarting them.  As far as the
   protocol is concerned, it must provide the means for authenticating a
   subscriber as well as a session.  It must also provide a capability
   to carry encrypted information in its body.






Faynberg, et al.             Informational                     [Page 14]

RFC 3298             SPIRITS Protocol Requirements           August 2002


10. Acknowledgements

   The authors are grateful to all participants in the SPIRITS group for
   the discussion that has been shaping this work.  Many thanks go to
   Jorgen Bjorkner, Alec Brusilovsky, Jim Buller, Lawrence Conroy, Soren
   Nyckelgard, and John Voelker for their incisive comments.  Special
   thanks are to Vijay Gurbani, Dave Hewins, and Kumar Vemuri, whose
   careful, detailed reviews of several versions of this document have
   been particularly helpful in improving its quality.

11. References

   [1] Slutsman, L., Faynberg, I., Lu, H. and M. Weissman, "The Spirits
       Architecture", RFC 3136, June 2001.

   [2] Lu, H. (Editor), Faynberg, I., Voelker, J., Weissman, M., Zhang,
       W., Rhim, S., Hwang, J., Ago, S., Moeenuddin, S., Hadvani, S.,
       Nyckelgard, S., Yoakum, J. and L. Robart, "Pre-SPIRITS
       Implementations of PSTN-Initiated Services", RFC 2995, November
       2000.

   [3] Petrack, S. and L. Conroy, "The PINT Service Protocol: Extensions
       to SIP and SDP for IP Access to Telephone Call Services", RFC
       2848, June 2000.

   [4] Roach, A.B., "Session Initiation Protocol (SIP)-Specific Event
       Notification", RFC 3265, June 2002.

   [5] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
       Extensions (MIME) Part One: Format of Internet Message Bodies",
       RFC 2045, November 1996.

   [6] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
       Extensions (MIME) Part Two: Media Types", RFC 2046, November
       1996.

   [7] Handley, M., Schooler, E., Schulzrinne, H. and J. Rosenberg,
       "SIP: Session Initiation Protocol", RFC 2543, March 1999.

   [8] Handley, M. and  V. Jacobsen, "SDP: Session Description
       Protocol", RFC 2327, April 1998.










Faynberg, et al.             Informational                     [Page 15]

RFC 3298             SPIRITS Protocol Requirements           August 2002


12. Authors' Addresses

   Lev Slutsman
   AT&T Laboratories
   200 Laurel Ave.
   Middletown, New Jersey, 07748

   Phone: (732) 420-3752
   EMail: lslutsman@att.com


   Igor Faynberg
   Bell Labs/Lucent Technologies
   Room 4D-601A, 101 Crawfords Corner Road
   Holmdel, New Jersey, 07733

   Phone: (732) 949-0137
   EMail: faynberg@lucent.com


   Jorge Gato
   Vodaphone
   Avda de Europa, 1.
   28108 Alcobendas (Madrid). Spain

   Phone: +34 607 13 31 10
   Fax:   +34 607 13 30 57
   EMail: jgato@airtel.es


   Hui-Lan Lu
   Bell Labs/Lucent Technologies
   Room 4C-607A, 101 Crawfords Corner Road
   Holmdel, New Jersey, 07733

   Phone: (732) 949-0321
   EMail: huilanlu@lucent.com














Faynberg, et al.             Informational                     [Page 16]

RFC 3298             SPIRITS Protocol Requirements           August 2002


13.  Full Copyright Statement

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Faynberg, et al.             Informational                     [Page 17]