📄 rfc3857 a watcher information event template-package for.txt
字号:
RFC 3857 Watcher Information August 2004
4.3. SUBSCRIBE Bodies
RFC 3265 [1] requires package or template-package definitions to
define the usage, if any, of bodies in SUBSCRIBE requests.
A SUBSCRIBE request for watcher information MAY contain a body. This
body would serve the purpose of filtering the watcherinfo
subscription. The definition of such a body is outside the scope of
this specification. For example, in the case of presence, the body
might indicate that notifications should contain full state every
time something changes, and that the time the subscription was first
made should not be included in the watcherinfo notifications.
A SUBSCRIBE request for a watcher information package MAY be sent
without a body. This implies the default watcherinfo subscription
filtering policy has been requested. The default policy is:
o Watcherinfo notifications are generated every time there is any
change in the state of the watcher information.
o Watcherinfo notifications triggered from a SUBSCRIBE contain full
state (the list of all watchers that the watcherinfo subscriber is
permitted to know about). Watcherinfo notifications triggered
from a change in watcher state only contain information on the
watcher whose state has changed.
Of course, the server can apply any policy it likes to the
subscription.
4.4. Subscription Duration
RFC 3265 [1] requires package definitions to define a default value
for subscription durations, and to discuss reasonable choices for
durations when they are explicitly specified.
Watcher information changes as users subscribe to a particular
resource for some package, or their subscriptions time out. As a
result, the state of watcher information can change very dynamically,
depending on the number of subscribers for a particular resource in a
given package. The rate at which subscriptions time out depends on
how long a user maintains its subscription. Typically, watcherinfo
subscriptions will be timed to span the lifetime of the subscriptions
being watched, and therefore range from minutes to days.
As a result of these factors, it is difficult to define a broadly
useful default value for the lifetime of a watcherinfo subscription.
We arbitrarily choose one hour. However, clients SHOULD use an
Expires header field to specify their preferred duration.
Rosenberg Standards Track [Page 6]
RFC 3857 Watcher Information August 2004
4.5. NOTIFY Bodies
RFC 3265 [1] requires package definitions to describe the allowed set
of body types in NOTIFY requests, and to specify the default value to
be used when there is no Accept header field in the SUBSCRIBE
request.
The body of the watcherinfo notification contains a watcher
information document. This document describes some or all of the
watchers for a resource within a given package, and the state of
their subscriptions. All watcherinfo subscribers and notifiers MUST
support the application/watcherinfo+xml format described in [3], and
MUST list its MIME type, application/watcherinfo+xml, in any Accept
header field present in the SUBSCRIBE request.
Other watcher information formats might be defined in the future. In
that case, the watcherinfo subscriptions MAY indicate support for
other formats. However, they MUST always support and list
application/watcherinfo+xml as an allowed format.
Of course, the watcherinfo notifications generated by the server MUST
be in one of the formats specified in the Accept header field in the
SUBSCRIBE request. If no Accept header field was present, the
notifications MUST use the application/watcherinfo+xml format
described in [3].
4.6. Notifier Processing of SUBSCRIBE Requests
RFC 3265 [1] specifies that packages should define any package-
specific processing of SUBSCRIBE requests at a notifier, specifically
with regards to authentication and authorization.
The watcher information for a particular package contains sensitive
information. Therefore, all watcherinfo subscriptions SHOULD be
authenticated and then authorized before approval. Authentication
MAY be performed using any of the techniques available through SIP,
including digest, S/MIME, TLS or other transport specific mechanisms
[4]. Authorization policy is at the discretion of the administrator,
as always. However, a few recommendations can be made.
It is RECOMMENDED that user A be allowed to subscribe to their own
watcher information for any package. This is true recursively, so
that it is RECOMMENDED that a user be able to subscribe to the
watcher information for their watcher information for any package.
It is RECOMMENDED that watcherinfo subscriptions for some package foo
for user A be allowed from some other user B, if B is an authorized
subscriber to A within the package foo. However, it is RECOMMENDED
Rosenberg Standards Track [Page 7]
RFC 3857 Watcher Information August 2004
that the watcherinfo notifications sent to B only contain the state
of B's own subscription. In other words, it is RECOMMENDED that a
user be allowed to monitor the state of their own subscription.
To avoid infinite recursion of authorization policy, it is
RECOMMENDED that only user A be allowed to subscribe to
foo.winfo.winfo for user A, for any foo. It is also RECOMMENDED that
by default, a server does not authorize any subscriptions to
foo.winfo.winfo.winfo or any other deeper recursions.
4.7. Notifier Generation of NOTIFY Requests
The SIP Event framework requests that packages specify the conditions
under which notifications are sent for that package, and how such
notifications are constructed.
Each watcherinfo subscription is associated with a set of "inner"
subscriptions being watched. This set is defined by the URI in the
Request URI of the watcherinfo SUBSCRIBE request, along with the
parent event package of the watcherinfo subscription. The parent
event package is obtained by removing the trailing ".winfo" from the
value of the Event header field from the watcherinfo SUBSCRIBE
request. If the Event header field in the watcherinfo subscription
has a value of "presence.winfo", the parent event package is
"presence". If the Event header field has a value of
"presence.winfo.winfo", the parent event package is "presence.winfo".
Normally, the URI in the Request URI of the watcherinfo SUBSCRIBE
identifies an address-of-record within the domain. In that case, the
set of subscriptions to be watched are all of the subscriptions for
the parent event package that have been made to the resource in the
Request URI of the watcherinfo SUBSCRIBE. However, the Request URI
can contain a URI that identifies any set of subscriptions, including
the subscriptions to a larger collection of resources. For example,
sip:all-resources@example.com might be defined within example.com to
refer to all resources. In that case, a watcherinfo subscription for
"presence.winfo" to sip:all-resources@example.com is requesting
notifications any time the state of any presence subscription for any
resource within example.com changes. A watcherinfo notifier MAY
generate a notification any time the state of any of the watched
subscriptions changes.
Because a watcherinfo subscription is made to a collection of
subscriptions, the watcher information package needs a model of
subscription state. This is accomplished by specifying a
subscription Fine State Machine (FSM), described below, which governs
the subscription state of a user in any package. Watcherinfo
notifications MAY be generated on transitions in this state machine.
It's important to note that this FSM is just a model of the
Rosenberg Standards Track [Page 8]
RFC 3857 Watcher Information August 2004
subscription state machinery maintained by a server. An
implementation would map its own state machines to this one in an
implementation-specific manner.
4.7.1. The Subscription State Machine
The underlying state machine for a subscription is shown in Figure 1.
It derives almost entirely from the descriptions in RFC 3265 [1], but
adds the notion of a waiting state.
When a SUBSCRIBE request arrives, the subscription FSM is created in
the init state. This state is transient. The next state depends on
whether policy exists for the subscription. If there is an existing
policy that determines that the subscription is forbidden, it moves
into the terminated state immediately, where the FSM can be
destroyed. If there is existing policy that determines that the
subscription is authorized, the FSM moves into the active state.
This state indicates that the subscriber will receive notifications.
If, when a subscription arrives, there is no authorization policy in
existence, the subscription moves into the pending state. In this
state, the server is awaiting an authorization decision. No
notifications are generated on changes in presence state (an initial
NOTIFY will have been delivered as per RFC 3265 [1]), but the
subscription FSM is maintained. If the authorization decision comes
back positive, the subscription is approved, and moves into the
active state. If the authorization is negative, the subscription is
rejected, and the FSM goes into the terminated state. It is possible
that the authorization decision can take a very long time. In fact,
no authorization decision may arrive until after the subscription
itself expires. If a pending subscription suffers a timeout, it
moves into the waiting state. At any time, the server can decide to
end a pending or waiting subscription because it is concerned about
allocating memory and CPU resources to unauthorized subscription
state. If this happens, a "giveup" event is generated by the server,
moving the subscription to terminated.
The waiting state is similar to pending, in that no notifications are
generated. However, if the subscription is approved or denied, the
FSM enters the terminated state, and is destroyed. Furthermore, if
another subscription is received to the same resource, from the same
watcher, for the same event package, event package parameters and
filter in the body of the SUBSCRIBE request (if one was present
initially), the FSM enters the terminated state with a "giveup"
event, and is destroyed. This transition occurs because, on arrival
of a new subscription with identical parameters, it will enter the
pending state, making the waiting state for the prior subscription
redundant. The purpose of the waiting state is so that a user can
Rosenberg Standards Track [Page 9]
RFC 3857 Watcher Information August 2004
fetch watcherinfo state at any time, and learn of any subscriptions
that arrived previously (and which may arrive again) which require an
authorization decision. Consider an example. A subscribes to B. B
has not defined policy about this subscription, so it moves into the
pending state. B is not "online", so that B's software agent cannot
be contacted to approve the subscription. The subscription expires.
Let's say it were destroyed. B logs in, and fetches its watcherinfo
state. There is no record of the subscription from A, so no policy
decision is made about subscriptions from A. B logs off. A
refreshes its subscription. Once more, the subscription is pending
since no policy is defined for it. This process could continue
indefinitely. The waiting state ensures that B can find out about
this subscription attempt.
subscribe,
policy= +----------+
reject | |<------------------------+
+------------>|terminated|<---------+ |
| | | | |
| | | |noresource |
| +----------+ |rejected |
| ^noresource |deactivated |
| |rejected |probation |
| |deactivated |timeout |noresource
| |probation | |rejected
| |giveup | |giveup
| | | |approved
+-------+ +-------+ +-------+ |
| |subscribe| |approved| | |
| init |-------->|pending|------->|active | |
| |no policy| | | | |
| | | | | | |
+-------+ +-------+ +-------+ |
| | ^ |
| subscribe, | | |
+-----------------------------------+ |
policy = accept | +-------+ |
| | | |
| |waiting|----------+
+----------->| |
timeout | |
+-------+
Figure 1: Subscription State Machine
The waiting state is also needed to allow for authorization of fetch
attempts, which are subscriptions that expire immediately.
Rosenberg Standards Track [Page 10]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -