rfc3859 common profile for presence (cpp).txt

有关IMS SIP及Presence应用的RFC文档包


RFC 3859              Common Profile for Presence            August 2004


   The service immediately responds by invoking the response operation
   containing the same TransID; e.g.,

             +-------+                    +-------+
             |       |                    |       |
             | appl. | <----- response -- | pres. |
             |       |                    | svc.  |
             +-------+                    +-------+

   Note that this specification assumes that CPP-compliant presence
   protocols provide reliable message delivery; there are no
   application-layer message delivery assurance provisions in this
   specification.

3.2.  Identification of PRESENTITIES and WATCHERS

   A PRESENTITY is specified using the PRES URI scheme, which is further
   described in Appendix A.  An example would be:
   "pres:fred@example.com"

   WATCHERs identify themselves in the same manner as PRESENTITIES; that
   is, with a pres URI.

3.2.1.  Address Resolution

   A presence service client determines the next hop to forward an
   operation to by resolving the domain name portion of the service
   destination.  Compliant implementations SHOULD follow the guidelines
   for dereferencing URIs given in [2].

3.3.  Format of Presence Information

   This specification defines an abstract interoperability mechanism for
   presence protocols; the message content definition given here
   pertains to semantics rather than syntax.  However, some important
   properties for interoperability can only be provided if a common
   end-to-end format for presence is employed by the interoperating
   presence protocols, especially with respect to security.  In order to
   maintain end-to-end security properties, applications that send
   notification operations through a CPP gateway MUST support the format
   defined in PIDF [4].  Applications MAY support other content formats.

   CPP gateways MUST be capable of relaying the body of a notification
   operation between supported presence protocols without needing to
   modify or inspect the content.






Peterson                    Standards Track                     [Page 6]

RFC 3859              Common Profile for Presence            August 2004


3.4.  The Presence Service

   An implementation of the service must maintain information about both
   presence information and continual operations (like periodic
   notification) in persistent storage.

   Note that the subscription-identifier attribute used by the subscribe
   operation is potentially long-lived.  Accordingly, the values
   generated for this parameter should be unique across a significant
   duration of time.  The SubscriptID parameter should be intrinsically
   globally unique over time, not merely unique among operations sent to
   or from a particular WATCHER and PRESENTITY.

3.4.1.  The Subscribe Operation

   When an application wants to subscribe to the presence information
   associated with a PRESENTITY, it invokes the subscribe operation.

   When the service is informed of the subscribe operation, it performs
   these steps:

   1.  If the watcher or target parameter does not refer to a valid
       PRESENTITY, a response operation having status "failure" is
       invoked.

   2.  If access control does not permit the application to request this
       operation, a response operation having status "failure" is
       invoked.

   3.  If the duration parameter is non-zero, and if the watcher and
       target parameters refer to an in-progress subscribe operation for
       the application, a response operation having status "failure" is
       invoked.

   4.  Otherwise, if the service is able to successfully deliver the
       message:

         A response operation having status "success" is immediately
         invoked.  (If the service chooses a different duration for the
         subscription then it conveys this information in the response
         operation.)

         A notify operation, corresponding to the target's presence
         information, is immediately invoked for the watcher.







Peterson                    Standards Track                     [Page 7]

RFC 3859              Common Profile for Presence            August 2004


         For up to the amount of time indicated by the duration
         parameter of the notify operation (measured from the time that
         the subscribe operation was received), if the target's presence
         information changes, and if access control allows, a notify
         operation is invoked for the watcher.

   Note that if the duration parameter is zero-valued, then the
   subscribe operation is making a one-time poll of the presence
   information.  Accordingly, the final step above (continued
   notifications for the duration of the subscription) does not occur.

   When the service invokes a response operation as a result of this
   processing, the transID parameter is identical to the value found in
   the subscribe operation invoked by the application.

3.4.2.  The Notify Operation

   The service invokes the notify operation whenever the presence
   information associated with a PRESENTITY changes and there are
   subscribers requesting notifications for that PRESENTITY.

   There is no application response to the notify operation.

3.4.3.  Subscribe Operation (with Zero Duration)

   When an application wants to terminate a subscription, it issues a
   SUBSCRIBE 0 with the SubscriptID of an existing subscription.  Note
   that a notify operation will be invoked by the presentity when a
   subscription is canceled in this fashion; this notification can be
   discarded by the watcher.  There is no independent UNSUBSCRIBE
   operation.

   When an application wants to directly request presence information to
   be supplied immediately without initiating any persistent
   subscription, it issues a SUBSCRIBE 0 with a new SubscriptID.  There
   is no independent FETCH operation.

4.  Security Considerations

   Detailed security considerations for presence protocols given in RFC
   2779 [6] (in particular, requirements are given in sections 5.1
   through 5.3 with some motivating discussion in 8.2).

   CPP defines an interoperability function that is employed by gateways
   between presence protocols.  CPP gateways MUST be compliant with the
   minimum security requirements of the presence protocols with which
   they interface.




Peterson                    Standards Track                     [Page 8]

RFC 3859              Common Profile for Presence            August 2004


   The introduction of gateways to the security model of presence in RFC
   2779 also introduces some new risks.  End-to-end security properties
   (especially confidentiality and integrity) between presentities and
   watchers that interface through a CPP gateway can only be provided if
   a common presence format (such as the format described in [4]) is
   supported by the protocols interfacing with the CPP gateway.

   When end-to-end security is required, the notify operation MUST use
   PIDF, and MUST secure the PIDF MIME body with S/MIME [8], with
   encryption (CMS EnvelopeData) and/or S/MIME signatures (CMS
   SignedData).

   The S/MIME algorithms are set by CMS [9].  The AES [11] algorithm
   should be preferred, as it is expected that AES best suits the
   capabilities of many platforms.  Implementations MAY use AES as an
   encryption algorithm, but are REQUIRED to support only the baseline
   algorithms mandated by S/MIME and CMS.

   When PRES URIs are used in presence protocols, they convey the
   identity of watchers and/or presentities.  Certificates that are used
   for S/MIME presence operations SHOULD, for the purposes of reference
   integrity, contain a subjectAltName field containing the PRES URI of
   their subject.  Note that such certificates may also contain other
   identifiers, including those specific to particular presence
   protocols.  In order to further facilitate interoperability of secure
   presence services through CPP gateways, users and service providers
   are encouraged to employ trust anchors for certificates that are
   widely accepted rather than trust anchors specific to any particular
   presence service or provider.

   In some cases, anonymous presence services may be desired.  Such a
   capability is beyond the scope of this specification.

5.  IANA Considerations

   The IANA has assigned the "pres" URI scheme.

5.1.  The PRES URI Scheme

   The Presence (PRES) URI scheme designates an Internet resource,
   namely a PRESENTITY or WATCHER.

   The syntax of a PRES URI is given in Appendix A.








Peterson                    Standards Track                     [Page 9]

RFC 3859              Common Profile for Presence            August 2004


6.  Contributors

   Dave Crocker edited earlier versions of this document.

   The following individuals made substantial textual contributions to
   this document:

      Athanassios Diacakis (thanos.diacakis@openwave.com)

      Florencio Mazzoldi (flo@networkprojects.com)

      Christian Huitema (huitema@microsoft.com)

      Graham Klyne (gk@ninebynine.org)

      Jonathan Rosenberg (jdrosen@dynamicsoft.com)

      Robert Sparks (rsparks@dynamicsoft.com)

      Hiroyasu Sugano (suga@flab.fujitsu.co.jp)

7.  References

7.1.  Normative References

   [1]  Bradner, S., "Key words for use in RFCs to indicate requirement
        levels", BCP 14, RFC 2119, March 1997.

   [2]  Peterson, J., "Address Resolution for Instant Messaging and
        Presence", RFC 3861, August 2004.

   [3]  Resnick, P., "Internet Message Format", STD 11, RFC 2822, April
        2001.

   [4]  Sugano, H., Fujimoto, S., Klyne, G., Bateman, A., Carr, W., and
        J. Peterson, "Presence Information Data Format (PIDF)", RFC
        3863, August 2004.

   [5]  Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence and
        Instant Messaging", RFC 2778, February 2000.

   [6]  Day, M., Aggarwal, S., and J. Vincent, "Instant Messaging /
        Presence Protocol Requirements", RFC 2779, February 2000.

   [7]  Allocchio, C., "GSTN Address Element Extensions in Email
        Services", RFC 2846, June 2000.





Peterson                    Standards Track                    [Page 10]