idnits 2.17.00 (12 Aug 2021) /tmp/idnits57188/draft-ietf-ecrit-ecall-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 10 instances of too long lines in the document, the longest one being 8 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The exact meaning of the all-uppercase expression 'NOT REQUIRED' is not defined in RFC 2119. If it is intended as a requirements expression, it should be rewritten using one of the combinations defined in RFC 2119; otherwise it should not be all-uppercase. -- The document date (September 21, 2016) is 2067 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 6443 == Outdated reference: draft-ietf-ecrit-car-crash has been published as RFC 8148 Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ECRIT R. Gellens 3 Internet-Draft Core Technology Consulting 4 Intended status: Standards Track H. Tschofenig 5 Expires: March 25, 2017 Individual 6 September 21, 2016 8 Next-Generation Pan-European eCall 9 draft-ietf-ecrit-ecall-12.txt 11 Abstract 13 This document describes how to use IP-based emergency services 14 mechanisms to support the next generation of the Pan European in- 15 vehicle emergency call service defined under the eSafety initiative 16 of the European Commission (generally referred to as "eCall"). eCall 17 is a standardized and mandated system for a special form of emergency 18 calls placed by vehicles, providing real-time communications and an 19 integrated set of related data. 21 This document also registers MIME Content Types and an Emergency Call 22 Additional Data Blocks for the eCall vehicle data and metadata/ 23 control data. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on March 25, 2017. 42 Copyright Notice 44 Copyright (c) 2016 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. Document Scope . . . . . . . . . . . . . . . . . . . . . . . 4 61 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 62 4. eCall Requirements . . . . . . . . . . . . . . . . . . . . . 6 63 5. Vehicle Data . . . . . . . . . . . . . . . . . . . . . . . . 6 64 6. Data Transport . . . . . . . . . . . . . . . . . . . . . . . 7 65 7. Call Setup . . . . . . . . . . . . . . . . . . . . . . . . . 9 66 8. Test Calls . . . . . . . . . . . . . . . . . . . . . . . . . 10 67 9. The Metadata/Control Object . . . . . . . . . . . . . . . . . 10 68 9.1. The eCall Control Block . . . . . . . . . . . . . . . . . 12 69 9.1.1. The element . . . . . . . . . . . . . . . . . . 13 70 9.1.1.1. Attributes of the element . . . . . . . . . 13 71 9.1.1.2. Child Element of the element . . . . . . . 13 72 9.1.1.3. Ack Examples . . . . . . . . . . . . . . . . . . 14 73 9.1.2. The element . . . . . . . . . . . . . 15 74 9.1.2.1. Child Elements of the element . . 15 75 9.1.2.2. Capabilities Example . . . . . . . . . . . . . . 15 76 9.1.3. The element . . . . . . . . . . . . . . . . 15 77 9.1.3.1. Attributes of the element . . . . . . . 16 78 9.1.3.2. Request Example . . . . . . . . . . . . . . . . . 17 79 10. The emergencyCallData.eCall.MSD INFO package . . . . . . . . 17 80 10.1. Overall Description . . . . . . . . . . . . . . . . . . 18 81 10.2. Applicability . . . . . . . . . . . . . . . . . . . . . 18 82 10.3. Info Package Name . . . . . . . . . . . . . . . . . . . 19 83 10.4. Info Package Parameters . . . . . . . . . . . . . . . . 19 84 10.5. SIP Option-Tags . . . . . . . . . . . . . . . . . . . . 19 85 10.6. INFO Message Body Parts . . . . . . . . . . . . . . . . 19 86 10.7. Info Package Usage Restrictions . . . . . . . . . . . . 20 87 10.8. Rate of INFO Requests . . . . . . . . . . . . . . . . . 20 88 10.9. Info Package Security Considerations . . . . . . . . . . 20 89 10.10. Implementation Details . . . . . . . . . . . . . . . . . 20 90 10.11. Examples . . . . . . . . . . . . . . . . . . . . . . . . 20 91 11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 20 92 12. Security Considerations . . . . . . . . . . . . . . . . . . . 26 93 13. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27 94 14. XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . 27 95 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 96 15.1. Service URN Registrations . . . . . . . . . . . . . . . 30 97 15.2. MIME Content-type Registration for 98 'application/emergencyCallData.eCall.MSD+per' . . . . . 31 99 15.3. MIME Content-type Registration for 100 'application/emergencyCallData.eCall.control+xml' . . . 32 101 15.4. Registration of the 'eCall.MSD' entry in the Emergency 102 Call Additional Data Blocks registry . . . . . . . . . . 33 103 15.5. Registration of the 'eCall.control' entry in the 104 Emergency Call Additional Data Blocks registry . . . . . 34 105 15.6. Registration of the emergencyCallData.eCall Info Package 34 106 15.7. URN Sub-Namespace Registration . . . . . . . . . . . . . 34 107 15.7.1. Registration for urn:ietf:params:xml:ns:eCall . . . 34 108 15.7.2. Registration for 109 urn:ietf:params:xml:ns:eCall:control . . . . . . . . 35 110 15.8. Registry creation . . . . . . . . . . . . . . . . . . . 35 111 15.8.1. Action Registry . . . . . . . . . . . . . . . . . . 35 112 15.8.2. Reason Registry . . . . . . . . . . . . . . . . . . 36 113 16. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 37 114 17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 37 115 18. Changes from Previous Versions . . . . . . . . . . . . . . . 37 116 18.1. Changes from draft-ietf-11 to draft-ietf-12 . . . . . . 37 117 18.2. Changes from draft-ietf-09 to draft-ietf-11 . . . . . . 38 118 18.3. Changes from draft-ietf-08 to draft-ietf-09 . . . . . . 38 119 18.4. Changes from draft-ietf-07 to draft-ietf-08 . . . . . . 38 120 18.5. Changes from draft-ietf-06 to draft-ietf-07 . . . . . . 39 121 18.6. Changes from draft-ietf-05 to draft-ietf-06 . . . . . . 39 122 18.7. Changes from draft-ietf-04 to draft-ietf-05 . . . . . . 39 123 18.8. Changes from draft-ietf-03 to draft-ietf-04 . . . . . . 39 124 18.9. Changes from draft-ietf-02 to draft-ietf-03 . . . . . . 39 125 18.10. Changes from draft-ietf-01 to draft-ietf-02 . . . . . . 39 126 18.11. Changes from draft-ietf-00 to draft-ietf-01 . . . . . . 40 127 18.12. Changes from draft-gellens-03 to draft-ietf-00 . . . . . 40 128 18.13. Changes from draft-gellens-02 to -03 . . . . . . . . . . 40 129 18.14. Changes from draft-gellens-01 to -02 . . . . . . . . . . 40 130 18.15. Changes from draft-gellens-00 to -01 . . . . . . . . . . 40 131 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 41 132 19.1. Normative References . . . . . . . . . . . . . . . . . . 41 133 19.2. Informative references . . . . . . . . . . . . . . . . . 42 134 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43 136 1. Terminology 138 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 139 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 140 document are to be interpreted as described in [RFC2119]. 142 This document re-uses terminology defined in Section 3 of [RFC5012]. 144 Additionally, we use the following abbreviations: 146 +--------+----------------------------------------+ 147 | Term | Expansion | 148 +--------+----------------------------------------+ 149 | 3GPP | 3rd Generation Partnership Project | 150 | | | 151 | CEN | European Committee for Standardization | 152 | | | 153 | EENA | European Emergency Number Association | 154 | | | 155 | ESInet | Emergency Services IP network | 156 | | | 157 | IMS | IP Multimedia Subsystem | 158 | | | 159 | IVS | In-Vehicle System | 160 | | | 161 | MNO | Mobile Network Operator | 162 | | | 163 | MSD | Minimum Set of Data | 164 | | | 165 | PSAP | Public Safety Answering Point | 166 +--------+----------------------------------------+ 168 2. Document Scope 170 This document is focused on the signaling, data exchange, and 171 protocol needs of next-generation eCall (NG-eCall, also referred to 172 as packet-switched eCall or all-IP eCall) within the SIP framework 173 for emergency calls, as described in [RFC6443] and [RFC6881]. eCall 174 itself is specified by 3GPP and CEN and these specifications include 175 far greater scope than is covered here. 177 The eCall service operates over cellular wireless communication, but 178 this document does not address cellular-specific details, nor client 179 domain selection (e.g., circuit-switched versus packet-switched). 180 All such aspects are the purview of their respective standards 181 bodies. The scope of this document is limited to eCall operating 182 within a SIP-based environment (e.g., 3GPP IMS Emergency Calling). 184 The technical contents of this document also provide a basis for 185 reuse and extension for other vehicle-initiated emergency call 186 systems. 188 Vehicles designed for multiple regions might need to support eCall 189 and other Advanced Automatic Crash Notification (AACN) systems, such 190 as described in [I-D.ietf-ecrit-car-crash]. 192 3. Introduction 194 Emergency calls made from vehicles (e.g., in the event of a crash) 195 assist in significantly reducing road deaths and injuries by allowing 196 emergency services to be aware of the incident, the state of the 197 vehicle, the location of the vehicle, and to have a voice channel 198 with the vehicle occupants. This enables a quick and appropriate 199 response. 201 The European Commission initiative of eCall was conceived in the late 202 1990s, and has evolved to a European Parliament decision requiring 203 the implementation of a compliant in-vehicle system (IVS) in new 204 vehicles and the deployment of eCall in the European Member States in 205 the very near future. Other regions are developing eCall-compatible 206 systems. 208 The pan-European eCall system provides a standardized and mandated 209 mechanism for emergency calls by vehicles. eCall establishes 210 procedures for such calls to be placed by in-vehicle systems, 211 recognized and processed by the mobile network, and routed to a 212 specialized PSAP where the vehicle data is available to assist the 213 call taker in assessing and responding to the situation. eCall 214 provides a standard set of vehicle, sensor (e.g., crash related), and 215 location data. 217 An eCall can be either user-initiated or automatically triggered. 218 Automatically triggered eCalls indicate a car crash or some other 219 serious incident. Manually triggered eCalls might be reports of 220 witnessed crashes or serious hazards. PSAPs might apply specific 221 operational handling to manual and automatic eCalls. 223 Legacy eCall is standardized (by 3GPP [SDO-3GPP] and CEN [CEN]) as a 224 3GPP circuit-switched call over GSM (2G) or UMTS (3G). Flags in the 225 call setup mark the call as an eCall, and further indicate if the 226 call was automatically or manually triggered. The call is routed to 227 an eCall-capable PSAP, a voice channel is established between the 228 vehicle and the PSAP, and an eCall in-band modem is used to carry a 229 defined set of vehicle, sensor (e.g., crash related), and location 230 data (the Minimum Set of Data or MSD) within the voice channel. The 231 same in-band mechanism is used for the PSAP to acknowledge successful 232 receipt of the MSD, and to request the vehicle to send a new MSD 233 (e.g., to check if the state of or location of the vehicle or its 234 occupants has changed). NG-eCall moves from circuit switched to all- 235 IP, and carries the vehicle data and eCall signaling as additional 236 data carried with the call. This document describes how IETF 237 mechanisms for IP-based emergency calls, including [RFC6443] and 238 [RFC7852] are used to provide the signaling and data exchange of the 239 next generation of pan-European eCall. 241 The European Telecommunications Standards Institute (ETSI) [SDO-ETSI] 242 has published a Technical Report titled "Mobile Standards Group 243 (MSG); eCall for VoIP" [MSG_TR] that presents findings and 244 recommendations regarding support for eCall in an all-IP environment. 245 The recommendations include the use of 3GPP IMS emergency calling 246 with additional elements identifying the call as an eCall and as 247 carrying eCall data and with mechanisms for carrying the data and 248 eCall signaling. 3GPP IMS emergency services support multimedia, 249 providing the ability to carry voice, text, and video. This 250 capability is referred to within 3GPP as Multimedia Emergency 251 Services (MMES). 253 A transition period will exist during which time the various entities 254 involved in initiating and handling an eCall might support next- 255 generation eCall, legacy eCall, or both. The issues of migration and 256 co-existence during the transition period are outside the scope of 257 this document. 259 The MSD is carried in the MIME type 'application/ 260 emergencyCallData.eCall.MSD+per' and the metadata/control block is 261 carried in the MIME type 'application/ 262 emergencyCallData.eCall.control+xml' (both of which are registered in 263 Section 15) An INFO package is defined (in Section 10) to enable 264 these MIME types to be carried in INFO messages. 266 4. eCall Requirements 268 eCall requirements are specified by CEN in [EN_16072] and by 3GPP in 269 [TS22.101] clauses 10.7 and A.27. Requirements specific to vehicle 270 data are contained in EN 15722 [msd]. 272 5. Vehicle Data 274 Pan-European eCall provides a standardized and mandated set of 275 vehicle related data, known as the Minimum Set of Data (MSD). The 276 European Committee for Standardization (CEN) has specified this data 277 in EN 15722 [msd], along with both ASN.1 and XML encodings. Both 278 circuit-switched eCall and this document use the ASN.1 PER encoding, 279 which is specified in Annex A of EN 15722 [msd] (the XML encoding 280 specified in Annex C is not used in this document). 282 This document registers the 'application/ 283 emergencyCallData.eCall.MSD+per' MIME Content-Type to enable the MSD 284 to be carried in SIP. As an ASN.1 PER encoded object, the data is 285 binary and transported using binary content transfer encoding within 286 SIP messages. This document also adds the 'eCall.MSD' entry to the 287 Emergency Call Additional Data Blocks registry to enable the MSD to 288 be recognized as such in a SIP-based eCall emergency call. (See 290 [RFC7852] for more information about the registry and how it is 291 used.) 293 See Section 6 for a discussion of how the MSD vehicle data is 294 conveyed in an NG-eCall. 296 6. Data Transport 298 [RFC7852] establishes a general mechanism for attaching blocks of 299 data to a SIP emergency call. This mechanism permits certain 300 emergency call MIME types to be attached to SIP messages. This 301 document makes use of that mechanism. This document also registers 302 an INFO package (in Section 10) to enable eCall related data blocks 303 to be carried in INFO messages. 305 Note that if other data sets need to be transmitted in the future, 306 the appropriate signalling mechanism for such data needs to be 307 evaluated, including factors such as the size and frequency of such 308 data. 310 An In-Vehicle System (IVS) transmits the MSD (see Section 5) by 311 encoding it per Annex A of EN 15722 [msd] and attaching it to a SIP 312 message as a MIME body part per [RFC7852]. The body part is 313 identified by its MIME content-type ('application/ 314 emergencyCallData.eCall.MSD+per') in the Content-Type header field of 315 the body part. The body part is assigned a unique identifier which 316 is listed in a Content-ID header field in the body part. The SIP 317 message is marked as containing the MSD by adding (or appending to) a 318 Call-Info header field at the top level of the SIP message. This 319 Call-Info header field contains a CID URL referencing the body part's 320 unique identifier, and a 'purpose' parameter identifying the data as 321 the eCall MSD per the Emergency Call Additional Data Blocks registry 322 entry; the 'purpose' parameter's value is 323 'emergencyCallData.eCall.MSD'. The body part has a Content- 324 Disposition header field value of "By-Reference; handling=optional". 325 An MSD is carried in an INFO message by using the INFO package 326 registration (defined in Section 10). 328 A PSAP or IVS transmits a metadata/control object (see Section 9) by 329 encoding it per the description in this document and attaching it to 330 a SIP message as a MIME body part per [RFC7852]. The body part is 331 identified by its MIME content-type ('application/ 332 emergencyCallData.eCall.control+xml') in the Content-Type header 333 field of the body part. The body part is assigned a unique 334 identifier which is listed in a Content-ID header field in the body 335 part. The SIP message is marked as containing the metadata/control 336 object by adding (or appending to) a Call-Info header field at the 337 top level of the SIP message. This Call-Info header field contains a 338 CID URL referencing the body part's unique identifier, and a 339 'purpose' parameter identifying the data as an eCall metadata/control 340 block per the Emergency Call Additional Data Blocks registry entry; 341 the 'purpose' parameter's value is 'emergencyCallData.eCall.control'. 342 The body part has a Content-Disposition header field value of "By- 343 Reference; handling=optional". A metadata/control object is carried 344 in an INFO message by using the INFO package registration (defined in 345 Section 10). 347 As is standard practice, if an MSD or a metadata/control block is 348 sent in the same message with another body part, a multipart/mixed 349 body part encloses all body parts. 351 An In-Vehicle System (IVS) initiating an NG-eCall attaches the MSD to 352 the initial INVITE and optionally attaches a metadata/control object 353 informing the PSAP of its capabilities. The PSAP creates a metadata/ 354 control object acknowledging receipt of the MSD and attaches it to 355 the SIP final response to the INVITE. The metadata/control object is 356 not attached to provisional (e.g., 180) responses. 358 If the IVS receives an acknowledgment for an MSD with received=false, 359 it indicates some fault with the transfer of the MSD, the MSD 360 content, or the PSAP's ability to properly receive, decode and act on 361 the MSD. The IVS action is not defined (e.g., it might only log an 362 error). Since the PSAP is able to request an updated MSD during the 363 call, if an initial MSD is unsatisfactory in any way, the PSAP can 364 choose to request another one. 366 A PSAP can request that the vehicle send an updated MSD during a 367 call. To do so, the PSAP creates a metadata/control object 368 requesting an MSD and attaches it to a SIP INFO message which it 369 sends within the dialog. The IVS then attaches an updated MSD to a 370 SIP INFO message and sends it within the dialog. The metadata/ 371 control object and the MSD are both associated with the INFO package 372 registered by this document, and hence sent with normal INFO 373 semantics. In addition, for consistency with the way an MSD or 374 metadata/control block is transmitted in a non-INFO message, one or 375 more Call-Info header fields are included in the INFO message to 376 reference the MSD or metadata/control block. If the body part 377 containing the MSD or metadata/control block is the only body part, 378 it has a Content-Disposition header field value of "Info-Package; 379 handling=optional". If it is contained within a multipart body part, 380 it has a Content-Disposition header field value of "By-Reference; 381 handling=optional". See Section 10 for information about the use of 382 INFO messages to carry data within an eCall. 384 The IVS is not expected to send an unsolicited MSD during the call. 386 Indicating "handling=optional" in the Content-Disposition header 387 field value protects the body part from being discarded by 388 intermediate entities that do not support it. 390 Support for the data blocks defined in [RFC7852] is NOT REQUIRED for 391 conformance with this document. 393 7. Call Setup 395 In circuit-switched eCall, the IVS places a special form of a 112 396 emergency call which carries an eCall flag (indicating that the call 397 is an eCall and also if the call was manually or automatically 398 triggered); the mobile network operator (MNO) recognizes the eCall 399 flag and routes the call to an eCall-capable PSAP; vehicle data is 400 transmitted to the PSAP via the eCall in-band modem (in the voice 401 channel). 403 ///----\\\ 112 voice call with eCall flag +------+ 404 ||| IVS |||---------------------------------------->+ PSAP | 405 \\\----/// vehicle data via eCall in-band modem +------+ 407 Figure 1: circuit-switched eCall 409 For NG-eCall, the IVS establishes an emergency call using a Request- 410 URI indicating a manual or automatic eCall; the MNO (or ESInet) 411 recognizes the eCall URN and routes the call to an NG-eCall capable 412 PSAP; the PSAP interpets the vehicle data sent with the call and 413 makes it available to the call taker. 415 ///----\\\ IMS emergency call with eCall URN +------+ 416 IVS ----------------------------------------->+ PSAP | 417 \\\----/// vehicle data included in call setup +------+ 419 Figure 2: NG-eCall 421 See Section 6 for information on how the MSD is transported within an 422 NG-eCall. 424 This document registers new service URN children within the "sos" 425 subservice. These URNs provide the mechanism by which an eCall is 426 identified, and differentiate between manually and automatically 427 triggered eCalls (which might be subject to different treatment, 428 depending on policy). The two service URNs are: 429 urn:service:sos.ecall.automatic and urn:service:sos.ecall.manual, 430 which requests resources associated with an emergency call placed by 431 an in-vehicle system, carrying a standardized set of data related to 432 the vehicle and incident. 434 Call routing is outside the scope of this document. 436 8. Test Calls 438 eCall requires the ability to place test calls (see [TS22.101] clause 439 10.7 and [EN_16062] clause 7.2.2). These are calls that are 440 recognized and treated to some extent as eCalls but are not given 441 emergency call treatment and are not handled by call takers. The 442 specific handling of test eCalls is not itself standardized; 443 typically, the test call facility allows the IVS or user to verify 444 that an eCall can be successfully established with voice 445 communication. The IVS might also be able to verify that the MSD was 446 successfully received. 448 A service URN starting with "test." indicates a test call. For 449 eCall, "urn:service:test.sos.ecall" indicates such a test feature. 450 This functionality is defined in [RFC6881]. 452 This document registers "urn:service:test.sos.ecall" for eCall test 453 calls. 455 The CS-eCall test call facility is a non-emergency number so does not 456 get treated as an emergency call. For NG-eCall, MNOs, emergency 457 authorities, and PSAPs can determine how to treat a vehicle call 458 requesting the "test" service URN so that the desired functionality 459 is tested, but this is outside the scope of this document. 461 9. The Metadata/Control Object 463 eCall requires the ability for the PSAP to acknowledge successful 464 receipt of an MSD sent by the IVS, and for the PSAP to request that 465 the IVS send an MSD (e.g., the call taker can initiate a request for 466 a new MSD to see if there have been changes in the vehicle's state, 467 e.g., location, direction, number of fastened seatbelts). 469 This document defines a block of metadata/control data as an XML 470 structure containing elements used for eCall and other vehicle- 471 initiated emergency call systems (i.e., in other regions) and 472 extension points. (This metadata/control block is in effect a high- 473 level protocol between the PSAP and IVS.) When the PSAP sends an 474 eCall metadata/control block in response to data sent by the IVS in a 475 SIP request other than INFO (e.g., the MSD in the initial INVITE), 476 the metadata/control block is sent in the SIP response to that 477 request (e.g., the response to the INVITE request). When the PSAP 478 sends an eCall control block in other circumstances (e.g., mid-call), 479 the control block is transmitted from the PSAP to the IVS in a SIP 480 INFO request within the established dialog. The IVS sends the 481 requested data (the MSD) in a new INFO request (per [RFC6086]). This 482 mechanism flexibly allows the PSAP to send eCall-specific data to the 483 IVS and the IVS to respond. INFO messages are sent using an 484 appropriate INFO Package. See Section 6 for more information on 485 attaching a metadata/control block to a SIP message. See Section 10 486 for information about the use of INFO messages to carry data within 487 an eCall. 489 This mechanism requires 491 o An XML definition of the eCall control object 492 o Extension points for use by eCall-like systems in other regions 493 o A MIME type registration for the control object (so it can be 494 carried in SIP messages and responses) 495 o An entry in the Emergency Call Additional Data Blocks registry so 496 that the control block can be recognized as emergency call 497 specific data within SIP messages 498 o An Info-Package registration per [RFC6086] permitting the 499 metadata/control block and the MSD within INFO messages 501 When the IVS includes an unsolicited MSD in a SIP request (e.g., the 502 initial INVITE), the PSAP sends a metadata/control block indicating 503 successful/unsuccessful receipt of the MSD in the SIP response to the 504 request. This also informs the IVS that an NG-eCall is in operation. 505 If the IVS receives a SIP response without the metadata/control 506 block, it indicates that the SIP dialog is not an NG-eCall (e.g., 507 some part of the call is being handled as a legacy call). When the 508 IVS sends a solicited MSD (e.g., in a SIP INFO request sent following 509 receipt of a SIP INFO request containing a metadata/control block 510 requesting an MSD), the PSAP does not send a metadata/control block 511 indicating successful or unsuccessful receipt of the MSD. (Normal 512 SIP retransmission handles non-receipt of requested data; if the IVS 513 sends a requested MSD in an INFO request and does not receive a SIP 514 status message for the INFO request, it resends it; if the PSAP 515 requests an MSD and does not receive a SIP status message for the 516 INFO request, it resends it.) If the IVS receives a request to send 517 an MSD but it is unable to do so for any reason, the IVS sends a 518 metadata/control object acknowledging the request and containing 519 "success=false" and "reason" set to an appropriate code. 521 This provides flexibility to handle various circumstances. For 522 example, if a PSAP is unable to accept an eCall (e.g., due to 523 overload or too many calls from the same location), it can reject the 524 INVITE. Since a metadata/control object is also included in the SIP 525 response that rejects the call, the IVS knows if the PSAP received 526 the MSD, and can inform the vehicle occupants that the PSAP 527 successfully received the vehicle location and information but can't 528 talk to the occupants at that time. Especially for SIP response 529 codes that indicate an inability to conduct a call (as opposed to a 530 technical inability to process the request), the IVS can also 531 determine that the call was successful on a technical level (e.g., 532 not helpful to retry as a CS-eCall). The SIP response codes 600 533 (Busy Everywhere), 486 (Busy Here), and 603 (Decline) are used when 534 the PSAP wants to reject a call but inform the vehicle occupants that 535 it is aware of the situation. (Note that there could be edge cases 536 where the PSAP response is not received by the IVS, e.g., if an 537 intermediary sends a CANCEL, and an error response is forwarded 538 towards the IVS before the error response from the PSAP is received, 539 the response will be dropped, but these are unlikely to occur here.) 541 The metadata/control block is carried in the MIME type 'application/ 542 emergencyCallData.eCall.control+xml'. 544 The metadata/control block is designed for use with pan-European 545 eCall and also eCall-like systems (i.e., in other regions), and has 546 extension points to accomodate variances. Note that eCall-like 547 systems might define their own vehicle data blocks, and so might need 548 to register a new INFO package to accomodate the new data content 549 type and the metadata/control object. 551 9.1. The eCall Control Block 553 The eCall control block is an XML data structure allowing for 554 acknowledgments, requests, and capabilities information. It is 555 carried in a SIP body part with a specific MIME content type. Three 556 elements are defined for use within an eCall control block: 558 ack Acknowledges receipt of data or a request. 560 capabilities: Used in a control block sent from the IVS to the PSAP 561 (e.g., in the initial INVITE) to inform the PSAP of the 562 vehicle capabilities. Child elements contain all 563 actions and data types supported by the vehicle. It is 564 OPTIONAL for the IVS to send this block. Omitting the 565 block indicates that the IVS supports only the 566 mandatory functionality defined in this document. 568 request Used in a control block sent by the PSAP to the IVS, to 569 request the vehicle to perform an action. 571 The element indicates the object being acknowledged and reports 572 success or failure. 574 The element contains attributes to indicate the request and 575 to supply related information. The 'action' attribute is mandatory 576 and indicates the specific action. An IANA registry is created in 577 Section 15.8.1 to contain the allowed values. 579 The element has child elements to indicate 580 the actions supported by the IVS. 582 9.1.1. The element 584 The element acknowledges receipt of an eCall data object or 585 request. An element references the unique ID of the data 586 object being acknowledged. The PSAP MUST send an element 587 acknowledging receipt of an unsolicited MSD (e.g., sent by the IVS in 588 the INVITE); this element indicates if the PSAP considers the 589 MSD successfully received or not. An element is not sent for a 590 element. 592 The element has the following attributes: 594 9.1.1.1. Attributes of the element 596 The element has the following attributes: 598 Name: ref 599 Usage: Mandatory 600 Type: anyURI 601 Direction: In this document, sent from the PSAP to the IVS 602 Description: References the Content-ID of the body part being 603 acknowledged. 604 Example: 606 Name: received 607 Usage: Conditional: mandatory in an >ack< element sent by a PSAP 608 Type: Boolean 609 Direction: In this document, sent from the PSAP to the IVS 610 Description: Indicates if the referenced object was considered 611 successfully received or not. 612 Example: 614 9.1.1.2. Child Element of the element 616 For extensibility, the element has the following child element: 618 Name: actionResult 619 Usage: Optional 620 Direction: Provided for extension, sent from the IVS to the PSAP 621 Description: An element indicates the result of an 622 action (other than a 'send-data' action). When an element 623 is in response to a control object with multiple 624 elements, the element contains an element for 625 each element that is not a 'send-data' action. The 626 element has the following attributes: 628 Name: action 629 Usage: Mandatory 630 Type: token 631 Direction: In this document, sent from the PSAP to the IVS 632 Description: Contains the value of the 'action' attribute of the 633 element 635 Name: success 636 Usage: Mandatory 637 Type: Boolean 638 Direction: Sent from the IVS to the PSAP 639 Description: Indicates if the action was successfully 640 accomplished 642 Name: reason 643 Usage: Conditional 644 Type: token 645 Direction: Sent from the IVS to the PSAP 646 Description: Used when 'success' is "false", this attribute 647 contains a reason code for a failure. A registry for reason 648 codes is defined in Section 15.8.2. 650 Name: details 651 Usage: optional 652 Type: string 653 Direction: Sent from the IVS to the PSAP 654 Description: Contains further explanation of the circumstances of 655 a success or failure. The contents are implementation-specific 656 and human-readable. 658 9.1.1.3. Ack Examples 660 661 667 669 671 Figure 3: Ack Example from PSAP to IVS 673 9.1.2. The element 675 The element is transmitted by the IVS to indicate to 676 the PSAP its capabilities. No attributes for this element are 677 currently defined. The following child elements are defined: 679 9.1.2.1. Child Elements of the element 681 The element has the following child elements: 683 Name: request 684 Usage: Mandatory 685 Description: The element contains a child 686 element per action supported by the vehicle. 688 Examples: 689 691 It is OPTIONAL for the IVS to support the element. If 692 the IVS does not send a element, this indicates that 693 the only action supported by the IVS is 'send-data' with 694 'datatype' set to 'eCall.MSD'. 696 9.1.2.2. Capabilities Example 698 699 705 706 707 709 711 Figure 4: Capabilities Example 713 9.1.3. The element 715 A element appears one or more times on its own or as a 716 child of a element. It allows the PSAP to request 717 that the IVS perform an action. The only action that MUST be 718 supported is to send an MSD. The following attributes and child 719 elements are defined: 721 9.1.3.1. Attributes of the element 723 The element has the following attributes: 725 Name: action 726 Usage: Mandatory 727 Type: token 728 Direction: In this document, sent from the PSAP to the IVS; for 729 extension, sent from the IVS to the PSAP 730 Description: Identifies the action that the vehicle is requested to 731 perform. An IANA registry is established in Section 15.8.1 to 732 contain the allowed values. 733 Example: action="send-data" 735 Name: msgid 736 Usage: Conditional 737 Type: int 738 Direction: Sent from the PSAP to the IVS 739 Description: Defined for extensibility. 740 Example: msgid="3" 742 Name: persistance 743 Usage: Optional 744 Type: duration 745 Direction: Sent from the PSAP to the IVS 746 Description: Defined for extensibility. Specifies how long to carry 747 on the specified action. If absent, the default is for the 748 duration of the call. 749 Example: persistance="PT1H" 751 Name: datatype 752 Usage: Conditional 753 Type: token 754 Direction: In this document, sent from the PSAP to the IVS; as an 755 extension, sent from the IVS to the PSAP 756 Description: Mandatory with a "send-data" action within a 757 element that is not within a element. Specifies 758 the data block that the IVS is requested to transmit, using the 759 same identifier as in the 'purpose' attribute set in a Call-Info 760 header field to point to the data block. Permitted values are 761 contained in the 'Emergency Call Data Types' IANA registry 762 established in [RFC7852]. Only the "eCall.MSD" value is mandatory 763 to support. 764 Example: datatype="eCall.MSD" 765 Name: supported-values 766 Usage: Conditional 767 Type: string 768 Direction: Sent from the IVS to the PSAP 769 Description: Defined for extensibility. Used in a element 770 that is a child of a element, this attribute lists 771 all supported values of the action type. Permitted values depend 772 on the action value. Multiple values are separated with a 773 semicolon. 775 Name: requested-state 776 Usage: Conditional 777 Type: token 778 Direction: Sent from the PSAP to the IVS 779 Description: Defined for extension. Indicates the requested state 780 of an element associated with the request type. Permitted values 781 depend on the request type. 783 Name: element-ID 784 Usage: Conditional 785 Type: token 786 Direction: Sent from the PSAP to the IVS 787 Description: Defined for extension. Identifies the element to be 788 acted on. Permitted values depend on the request type. 790 9.1.3.2. Request Example 792 793 799 801 803 Figure 5: Request Example 805 10. The emergencyCallData.eCall.MSD INFO package 807 This document registers the 'emergencyCallData.eCall.MSD' INFO 808 package. 810 Both endpoints (the IVS and the PSAP equipment) include 811 'emergencyCallData.eCall.MSD' in a Recv-Info header field per 812 [RFC6086] to indicate ability to receive INFO messages carrying data 813 as described here. 815 Support for the 'emergencyCallData.eCall.MSD' INFO package indicates 816 the ability to receive eCall related body parts as specified in [TBD: 817 THIS DOCUMENT]. 819 An INFO request message carrying body parts related to an emergency 820 call as described in [TBD: THIS DOCUMENT] has an Info-Package header 821 field set to 'emergencyCallData.eCall.MSD' per [RFC6086]. 823 The requirements of Section 10 of [RFC6086] are addressed in the 824 following sections. 826 10.1. Overall Description 828 This section describes "what type of information is carried in INFO 829 requests associated with the Info Package, and for what types of 830 applications and functionalities UAs can use the Info Package." 832 INFO requests associated with the emergencyCallData.eCall.MSD INFO 833 package carry data associated with emergency calls as defined in 834 [TBD: THIS DOCUMENT]. The application is vehicle-initiated emergency 835 calls established using SIP. The functionality is to carry vehicle 836 data and metadata/control information between vehicles and PSAPs. 837 Refer to [TBD: THIS DOCUMENT] for more information. 839 10.2. Applicability 841 This section describes "why the Info Package mechanism, rather than 842 some other mechanism, has been chosen for the specific use-case...." 844 The use of INFO is based on an analysis of the requirements against 845 the intent and effects of INFO versus other approaches (which 846 included SIP MESSAGE, SIP OPTIONS, SIP re-INVITE, media plane 847 transport, and non-SIP protocols). In particular, the transport of 848 emergency call data blocks occurs within a SIP emergency dialog, per 849 Section 6, and is normally carried in the initial INVITE and its 850 response; the use of INFO only occurs when emergency-call-related 851 data needs to be sent mid-call. While MESSAGE could be used, it is 852 not tied to a SIP dialog as is INFO and thus might not be associated 853 with the dialog. SIP OPTIONS or re-INVITE could also be used, but is 854 seen as less clean than INFO. SUBSCRIBE/NOTIFY could be coerced into 855 service, but the semantics are not a good fit, e.g., the subscribe/ 856 notify mechanism provides one-way communication consisting of (often 857 multiple) notifications from notifier to subscriber indicating that 858 certain events in notifier have occurred, whereas what's needed here 859 is two-way communication of data related to the emergency dialog. 860 Use of the media plane mechanisms was discounted because the number 861 of messages needing to be exchanged in a dialog is normally zero or 862 very few, and the size of the data is likewise very small. The 863 overhead caused by user plane setup (e.g., to use MSRP as transport) 864 would be disproportionately large. 866 Based on the the analyses, the SIP INFO method was chosen to provide 867 for mid-call data transport. 869 10.3. Info Package Name 871 The info package name is emergencyCallData.eCall.MSD 873 10.4. Info Package Parameters 875 None 877 10.5. SIP Option-Tags 879 None 881 10.6. INFO Message Body Parts 883 The body for an emergencyCallData.eCall.MSD info package is: 885 o an application/emergencyCallData.eCall.MSD+per (containing an 886 MSD), or 888 o an application/emergencyCallData.eCall.control+xml (containing a 889 metadata/control object), or 891 o a multipart body containing: 893 * zero or one application/emergencyCallData.eCall.MSD+per part 894 (containing an MSD), 896 * zero or more application/emergencyCallData.eCall.control+xml 897 (containing a metadata/control object), 899 The body parts are sent per [RFC6086], and in addition, to align with 900 with how these body parts are sent in non-INFO messages, each 901 associated body part is referenced by a Call-Info header field at the 902 top level of the SIP message. If the body part is the only body 903 part, it has a Content-Disposition header field value of "INFO- 904 Package; handling=optional". If the body part is contained within a 905 multipart body part, it has a Content-Disposition header field value 906 of "By-Reference; handling=optional" (the top-level multipart body 907 part has "INFO-Package" in its Content-Disposition value). 909 See [TBD: THIS DOCUMENT] for more information. 911 10.7. Info Package Usage Restrictions 913 Usage is limited to vehicle-initiated emergency calls as defined in 914 [TBD: THIS DOCUMENT]. 916 10.8. Rate of INFO Requests 918 The rate of SIP INFO requests associated with the 919 emergencyCallData.eCall.MSD info package is normally quite low (most 920 dialogs are likely to contain zero INFO requests, while others can be 921 expected to carry an occasional request). 923 10.9. Info Package Security Considerations 925 The MIME content type registations for the data blocks that can be 926 carried using this INFO package contains a discussion of the security 927 and/or privacy considerations specific to that data block. The 928 "Security Considerations" and "Privacy Considerations" sections of 929 [TBD: THIS DOCUMENT] discuss security and privacy considerations of 930 the data carried in eCalls. 932 10.10. Implementation Details 934 See [TBD: THIS DOCUMENT] for protocol details. 936 10.11. Examples 938 See [TBD: THIS DOCUMENT] for protocol examples. 940 11. Examples 942 Figure 6 illustrates an eCall. The call uses the request URI 943 'urn:service:sos.ecall.automatic' service URN and is recognized as an 944 eCall, and further as one that was invoked automatically by the IVS 945 due to a crash or other serious incident. In this example, the 946 originating network routes the call to an ESInet which routes the 947 call to the appropriate NG-eCall capable PSAP. The emergency call is 948 received by the ESInet's Emergency Services Routing Proxy (ESRP), as 949 the entry point into the ESInet. The ESRP routes the call to a PSAP, 950 where it is received by a call taker. In deployments where there is 951 no ESInet, the originating network routes the call directly to the 952 appropriate NG-eCall capable PSAP, an illustration of which would be 953 identical to the one below except without an ESInet or ESRP. 955 +------------+ +---------------------------------------+ 956 | | | +-------+ | 957 | | | | PSAP2 | | 958 | | | +-------+ | 959 | | | | 960 | | | +------+ +-------+ | 961 Vehicle-->| |--+->| ESRP |---->| PSAP1 |--> Call-Taker | 962 | | | +------+ +-------+ | 963 | | | | 964 | | | +-------+ | 965 | | | | PSAP3 | | 966 | Originating| | +-------+ | 967 | Mobile | | | 968 | Network | | ESInet | 969 +------------+ +---------------------------------------+ 971 Figure 6: Example of NG-eCall Message Flow 973 Figure 7 illustrates an eCall call flow with a mid-call PSAP request 974 for an updated MSD. The call flow shows the IVS initiating an 975 emergency call, including the MSD in the INVITE. The PSAP includes 976 in the 200 OK response a metadata/control object acknowledging 977 receipt of the MSD. During the call, the PSAP sends a request for an 978 MSD in an INFO message. The IVS sends the requested MSD in a new 979 INFO message. 981 IVS PSAP 982 |(1) INVITE (eCall MSD) | 983 |------------------------------------------->| 984 | | 985 |(2) 200 OK (eCall metadata [ack MSD]) | 986 |<-------------------------------------------| 987 | | 988 |(3) start media stream(s) | 989 |............................................| 990 | | 991 |(4) INFO (eCall metadata [request MSD]) | 992 |<-------------------------------------------| 993 | | 994 |(5) 200 OK | 995 |------------------------------------------->| 996 | | 997 |(6) INFO (eCall MSD) | 998 |------------------------------------------->| 999 | | 1000 |(7) 200 OK | 1001 |<-------------------------------------------| 1002 | | 1003 |(8) BYE | 1004 |<-------------------------------------------| 1005 | | 1006 |(9) end media streams | 1007 |............................................| 1008 | | 1009 |(10) 200 OK | 1010 |------------------------------------------->| 1012 Figure 7: NG-eCall Call Flow Illustration 1014 The example, shown in Figure 8, illustrates a SIP eCall INVITE that 1015 contains an MSD. For simplicity, the example does not show all SIP 1016 headers, nor the SDP contents, nor does it show any additional data 1017 blocks added by the IVS or the originating mobile network. Because 1018 the MSD is encoded in ASN.1 PER, which is a binary encoding, its 1019 contents cannot be included in a text document. 1021 INVITE urn:service:sos.ecall.automatic SIP/2.0 1022 To: urn:service:sos.ecall.automatic 1023 From: ;tag=9fxced76sl 1024 Call-ID: 3848276298220188511@atlanta.example.com 1025 Geolocation: 1026 Geolocation-Routing: no 1027 Call-Info: ; 1028 purpose=emergencyCallData.eCall.MSD 1029 Accept: application/sdp, application/pidf+xml, 1030 application/emergencyCallData.eCall.control+xml 1031 CSeq: 31862 INVITE 1032 Recv-Info: emergencyCallData.eCall.MSD 1033 Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE, 1034 SUBSCRIBE, NOTIFY, UPDATE 1035 Content-Type: multipart/mixed; boundary=boundary1 1036 Content-Length: ... 1038 --boundary1 1039 Content-Type: application/sdp 1041 ...Session Description Protocol (SDP) goes here... 1043 --boundary1 1044 Content-Type: application/emergencyCallData.eCall.MSD+per 1045 Content-ID: <1234567890@atlanta.example.com> 1046 Content-Disposition: by-reference;handling=optional 1048 ...MSD in ASN.1 PER encoding goes here... 1050 --boundary1-- 1052 Figure 8: SIP NG-eCall INVITE 1054 Continuing the example, Figure 9 illustrates a SIP 200 OK response to 1055 the INVITE of Figure 8, containing an eCall control block 1056 acknowledging successful receipt of the eCall MSD. (For simplicity, 1057 the example does not show all SIP headers.) 1058 SIP/2.0 200 OK 1059 To: ;tag=9fxced76sl 1060 From: Exemplar PSAP 1061 Call-ID: 3848276298220188511@atlanta.example.com 1062 Call-Info: ; 1063 purpose=emergencyCallData.eCall.control 1064 Accept: application/sdp, application/pidf+xml, 1065 application/emergencyCallData.eCall.control+xml, 1066 application/emergencyCallData.eCall.MSD+per 1067 CSeq: 31862 INVITE 1068 Recv-Info: emergencyCallData.eCall.MSD 1069 Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE, 1070 SUBSCRIBE, NOTIFY, UPDATE 1071 Content-Type: multipart/mixed; boundary=boundaryX 1072 Content-Length: ... 1074 --boundaryX 1075 Content-Type: application/sdp 1077 ...Session Description Protocol (SDP) goes here... 1079 --boundaryX 1080 Content-Type: application/EmergencyCallData.eCall.control+xml 1081 Content-ID: <2345678901@atlanta.example.com> 1082 Content-Disposition: by-reference;handling=optional 1084 1085 1091 1093 1095 --boundaryX-- 1097 Figure 9: 200 OK response to INVITE 1099 Figure 10 illustrates an INFO message containing an eCall metadata/ 1100 control block requesting an eCall MSD. (For simplicity, the example 1101 does not show all SIP headers.) 1102 INFO sip:+13145551111@example.com SIP/2.0 1103 To: ;tag=9fxced76sl 1104 From: Exemplar PSAP 1105 Call-ID: 3848276298220188511@atlanta.example.com 1106 Call-Info: ; 1107 purpose=emergencyCallData.eCall.control 1108 Accept: application/sdp, application/pidf+xml, 1109 application/emergencyCallData.eCall.control+xml, 1110 application/emergencyCallData.eCall.MSD+per 1111 CSeq: 41862 INFO 1112 Info-Package: emergencyCallData.eCall.MSD 1113 Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE, 1114 SUBSCRIBE, NOTIFY, UPDATE 1115 Content-Disposition: info-package; handling=optional 1116 Content-Type: application/EmergencyCallData.eCall.control+xml 1117 Content-ID: <3456789012@atlanta.example.com> 1119 1120 1126 1128 1130 Figure 10: INFO requesting MSD 1132 Figure 11 illustrates a SIP eCall INFO that contains an MSD. For 1133 simplicity, the example does not show all SIP headers. Because the 1134 MSD is encoded in ASN.1 PER, which is a binary encoding, its contents 1135 cannot be included in a text document. 1137 INFO urn:service:sos.ecall.automatic SIP/2.0 1138 To: urn:service:sos.ecall.automatic 1139 From: ;tag=9fxced76sl 1140 Call-ID: 3848276298220188511@atlanta.example.com 1141 Call-Info: ; 1142 purpose=emergencyCallData.eCall.MSD 1143 Accept: application/sdp, application/pidf+xml, 1144 application/emergencyCallData.eCall.control+xml 1145 CSeq: 51862 INFO 1146 Info-Package: emergencyCallData.eCall.MSD 1147 Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE, 1148 SUBSCRIBE, NOTIFY, UPDATE 1149 Content-Type: application/emergencyCallData.eCall.MSD+per 1150 Content-ID: <4567890123@atlanta.example.com> 1151 Content-Disposition: info-package; handling=optional 1153 ...MSD in ASN.1 PER encoding goes here... 1155 Figure 11: INFO containing MSD 1157 12. Security Considerations 1159 The security considerations described in [RFC5069] apply here. 1161 In addition to any network-provided location (which might be 1162 determined solely by the network, or in cooperation with or possibly 1163 entirely by the originating device), an eCall carries an IVS-supplied 1164 location within the MSD. This is likely to be useful to the PSAP, 1165 especially when no network-provided location is included, or when the 1166 two locations are independently determined. Even in situations where 1167 the network-supplied location is limited to the cell site, this can 1168 be useful as a sanity check on the device-supplied location contained 1169 in the MSD. 1171 The document [RFC7378] discusses trust issues regarding location 1172 provided by or determined in cooperation with end devices. 1174 Security considerations specific to the mechanism by which the PSAP 1175 sends acknowledgments and requests to the vehicle are discussed in 1176 the "Security Considerations" block of Section 15.3. 1178 Data received from external sources inherently carries implementation 1179 risks. For example, depending on the platform, buffer overflows can 1180 introduce remote code execution vulnerabilities, null characters can 1181 corrupt strings, numeric values used for internal calculations can 1182 result in underflow/overflow errors, malformed XML objects can expose 1183 parsing bugs, etc. Implementations need to be cognizant of the 1184 potential risks, observe best practices (which might include 1185 sufficiently capable static code analysis, fuzz testing, component 1186 isolation, avoiding use of unsafe coding techniques, third-party 1187 attack tests, signed software, over-the-air updates, etc.), and have 1188 multiple levels of protection. Implementors need to be aware that, 1189 potentially, the data objects described here and elsewhere might be 1190 malformed, might contain unexpected characters, excessively long 1191 attribute values, elements, etc. 1193 The security considerations discussed in [RFC7852] apply here (see 1194 especially the discussion of TLS, TLS versions, cypher suites, and 1195 PKI). 1197 When vehicle data or control/metadata is contained in a signed or 1198 encrypted body part, the enclosing multipart (e.g., multipart/signed 1199 or multipart/encrypted) has the same Content-ID as the enclosed data 1200 part. This allows an entity to identify and access the data blocks 1201 it is interested in without having to dive deeply into the message 1202 structure or decrypt parts it is not interested in. (The 'purpose' 1203 parameter in a Call-Info header field identifies the data and 1204 contains a CID URL pointing to the data block in the body, which has 1205 a matching Content-ID body part header field). 1207 13. Privacy Considerations 1209 The privacy considerations discussed in [RFC7852] apply here. The 1210 MSD carries some identifying and personal information (mostly about 1211 the vehicle and less about the owner), as well as location 1212 information, and so needs to be protected against unauthorized 1213 disclosure. Local regulations may impose additional privacy 1214 protection requirements. 1216 Privacy considerations specific to the data structure containing 1217 vehicle information are discussed in the "Security Considerations" 1218 block of Section 15.2. 1220 Privacy considerations specific to the mechanism by which the PSAP 1221 sends acknowledgments and requests to the vehicle are discussed in 1222 the "Security Considerations" block of Section 15.3. 1224 14. XML Schema 1226 This section defines an XML schema for the eCall control block. The 1227 text description of the eCall control block in Section 9.1 is 1228 normative and supersedes any conflicting aspect of this schema. 1230 1231 1233 1241 1244 1247 1248 1249 1250 1251 1253 1254 1255 1258 1259 1260 1261 1262 1264 1265 1266 1267 1268 1270 1271 1274 1277 1280 1281 conditionally 1282 mandatory when @success='false" 1283 to indicate reason code for a 1284 failure 1285 1286 1287 1289 1290 1291 1292 1295 1296 1299 1301 1302 1303 1304 1306 1307 1308 1309 1310 1314 1317 1318 1319 1320 1321 1323 1324 1325 1326 1327 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1343 1345 Figure 12: eCall Control Block Schema 1347 15. IANA Considerations 1349 15.1. Service URN Registrations 1351 IANA is requested to register the URN 'urn:service:sos.ecall' under 1352 the sub-services 'sos' registry defined in Section 4.2 of [RFC5031]. 1354 This service requests resources associated with an emergency call 1355 placed by an in-vehicle system, carrying a standardized set of data 1356 related to the vehicle and incident. Two sub-services are registered 1357 as well: 1359 urn:service:sos.ecall.manual 1361 Used with an eCall invoked due to manual interaction by a vehicle 1362 occupant. 1364 urn:service:sos.ecall.automatic 1366 Used with an eCall invoked automatically, for example, due to a 1367 crash or other serious incident. 1369 IANA is also requested to register the URN 1370 'urn:service:test.sos.ecall' under the sub-service 'test' registry 1371 defined in Setcion 17.2 of [RFC6881]. 1373 15.2. MIME Content-type Registration for 'application/ 1374 emergencyCallData.eCall.MSD+per' 1376 IANA is requested to add application/emergencyCallData.eCall.MSD+per 1377 as a MIME content type, with a reference to this document, in 1378 accordance to the procedures of RFC 6838 [RFC6838] and guidelines in 1379 RFC 7303 [RFC7303]. 1381 MIME media type name: application 1383 MIME subtype name: emergencyCallData.eCall.MSD+per 1385 Mandatory parameters: none 1387 Optional parameters: none 1389 Encoding scheme: binary 1391 Encoding considerations: Uses ASN.1 PER, which is a binary 1392 encoding; when transported in SIP, binary content transfer 1393 encoding is used. 1395 Security considerations: This content type is designed to carry 1396 vehicle and incident-related data during an emergency call. This 1397 data contains personal information including vehicle VIN, 1398 location, direction, etc. Appropriate precautions need to be 1399 taken to limit unauthorized access, inappropriate disclosure to 1400 third parties, and eavesdropping of this information. In general, 1401 it is acceptable for the data to be unprotected while briefly in 1402 transit within the Mobile Network Operator (MNO); the MNO is 1403 trusted to not permit the data to be accessed by third parties. 1404 Sections 7 and Section 8 of [RFC7852] contain more discussion. 1406 Interoperability considerations: None 1408 Published specification: Annex A of EN 15722 [msd] 1410 Applications which use this media type: Pan-European eCall 1411 compliant systems 1413 Additional information: None 1415 Magic Number: None 1417 File Extension: None 1419 Macintosh file type code: 'BINA' 1420 Person and email address for further information: Randall Gellens, 1421 rg+ietf@randy.pensive.org 1423 Intended usage: LIMITED USE 1425 Author: The MSD specification was produced by the European 1426 Committee For Standardization (CEN). For contact information, 1427 please see . 1429 Change controller: The European Committee For Standardization 1430 (CEN) 1432 15.3. MIME Content-type Registration for 'application/ 1433 emergencyCallData.eCall.control+xml' 1435 IANA is requested to add application/ 1436 emergencyCallData.eCall.control+xml as a MIME content type, with a 1437 reference to this document, in accordance to the procedures of RFC 1438 6838 [RFC6838] and guidelines in RFC 7303 [RFC7303]. 1440 MIME media type name: application 1442 MIME subtype name: emergencyCallData.eCall.control+xml 1444 Mandatory parameters: none 1446 Optional parameters: charset 1448 Indicates the character encoding of the XML content. 1450 Encoding considerations: Uses XML, which can employ 8-bit 1451 characters, depending on the character encoding used. See 1452 Section 3.2 of RFC 7303 [RFC7303]. 1454 Security considerations: 1456 This content type carries metadata and control information and 1457 requests, such as from a Public Safety Answering Point (PSAP) 1458 to an In-Vehicle System (IVS) during an emergency call. 1460 Metadata (such as an acknowledgment that data sent by the IVS 1461 to the PSAP was successfully received) has limited privacy and 1462 security implications. Control information (such as requests 1463 from the PSAP that the vehicle perform an action) has some 1464 privacy and security implications. The privacy concern arises 1465 from the ability to request the vehicle to transmit a data set, 1466 which as described in Section 15.2, can contain personal 1467 information. The security concern is the ability to request 1468 the vehicle to perform an action. Control information needs to 1469 originate only from a PSAP or other emergency services 1470 provider, and not be modified en-route. The level of integrity 1471 of the cellular network over which the emergency call is placed 1472 is a consideration: when the IVS initiates an eCall over a 1473 cellular network, in most cases it relies on the MNO to route 1474 the call to a PSAP. (Calls placed using other means, such as 1475 Wi-Fi or over-the-top services, generally incur somewhat higher 1476 levels of risk than calls placed "natively" using cellular 1477 networks.) A call-back from a PSAP merits additional 1478 consideration, since current mechanisms are not ideal for 1479 verifying that such a call is indeed a call-back from a PSAP in 1480 response to an emergency call placed by the IVS. See the 1481 discussion in Section 12 and the PSAP Callback document 1482 [RFC7090]. 1484 Sections 7 and Section 8 of [RFC7852] contain more discussion. 1486 Interoperability considerations: None 1488 Published specification: This document 1490 Applications which use this media type: Pan-European eCall 1491 compliant systems 1493 Additional information: None 1495 Magic Number: None 1497 File Extension: .xml 1499 Macintosh file type code: 'TEXT' 1501 Person and email address for further information: Randall Gellens, 1502 rg+ietf@randy.pensive.org 1504 Intended usage: LIMITED USE 1506 Author: The IETF ECRIT WG. 1508 Change controller: The IETF ECRIT WG. 1510 15.4. Registration of the 'eCall.MSD' entry in the Emergency Call 1511 Additional Data Blocks registry 1513 This specification requests IANA to add the 'eCall.MSD' entry to the 1514 Emergency Call Additional Data Blocks registry, with a reference to 1515 this document. 1517 15.5. Registration of the 'eCall.control' entry in the Emergency Call 1518 Additional Data Blocks registry 1520 This specification requests IANA to add the 'eCall.control' entry to 1521 the Emergency Call Additional Data Blocks registry, with a reference 1522 to this document. 1524 15.6. Registration of the emergencyCallData.eCall Info Package 1526 IANA is requested to add emergencyCallData.eCall to the Info Packages 1527 Registry under "Session Initiation Protocol (SIP) Parameters", with a 1528 reference to this document. 1530 15.7. URN Sub-Namespace Registration 1532 15.7.1. Registration for urn:ietf:params:xml:ns:eCall 1534 This section registers a new XML namespace, as per the guidelines in 1535 RFC 3688 [RFC3688]. 1537 URI: urn:ietf:params:xml:ns:eCall 1539 Registrant Contact: IETF, ECRIT working group, , as 1540 delegated by the IESG . 1542 XML: 1544 BEGIN 1545 1546 1548 1549 1550 1552 Namespace for eCall Data 1553 1554 1555

Namespace for eCall Data

1556

See [TBD: This document].

1557 1558 1559 END 1561 15.7.2. Registration for urn:ietf:params:xml:ns:eCall:control 1563 This section registers a new XML namespace, as per the guidelines in 1564 RFC 3688 [RFC3688]. 1566 URI: urn:ietf:params:xml:ns:eCall:control 1568 Registrant Contact: IETF, ECRIT working group, , as 1569 delegated by the IESG . 1571 XML: 1573 BEGIN 1574 1575 1577 1578 1579 1581 Namespace for eCall Data: 1582 Control Block 1583 1584 1585

Namespace for eCall Data

1586

Control Block

1587

See [TBD: This document].

1588 1589 1590 END 1592 15.8. Registry creation 1594 This document creates a new registry called 'eCall Metadata/Control 1595 Data'. The following sub-registries are created for this registry. 1597 15.8.1. Action Registry 1599 This document creates a new sub-registry called "Action Registry". 1600 As defined in [RFC5226], this registry operates under "Expert Review" 1601 rules. The expert should determine that the proposed action is 1602 within the purview of a vehicle, is sufficiently distinguishable from 1603 other actions, and the action is clearly and fully described. In 1604 most cases, a published and stable document is referenced for the 1605 description of the action. 1607 The content of this registry includes: 1609 Name: The identifier to be used in the 'action' attribute of an 1610 eCall control element. 1612 Description: A description of the action. In most cases this will 1613 be a reference to a published and stable document. The 1614 description MUST specify if any attributes or child elements are 1615 optional or mandatory, and describe the action to be taken by the 1616 vehicle. 1618 The initial set of values is listed in Table 2. 1620 +-----------+--------------------------------------+ 1621 | Name | Description | 1622 +-----------+--------------------------------------+ 1623 | send-data | See Section 9.1.3.1 of this document | 1624 +-----------+--------------------------------------+ 1626 Table 2: Action Registry Initial Values 1628 15.8.2. Reason Registry 1630 This document creates a new sub-registry called "Reason Registry" 1631 which contains values for the 'reason' attribute of the 1632 element. As defined in [RFC5226], this registry 1633 operates under "Expert Review" rules. The expert should determine 1634 that the proposed reason is sufficiently distinguishable from other 1635 reasons and that the proposed description is understandable and 1636 correctly worded. 1638 The content of this registry includes: 1640 ID: A short string identifying the reason, for use in the 'reason' 1641 attribute of an element. 1643 Description: A description of the reason. 1645 The initial set of values is listed in Table 3. 1647 +------------------+------------------------------------------------+ 1648 | ID | Description | 1649 +------------------+------------------------------------------------+ 1650 | unsupported | The 'action' value is not supported. | 1651 | | | 1652 | unable | The action could not be accomplished. | 1653 | | | 1654 | data-unsupported | The data item referenced in a 'send-data' | 1655 | | request is not supported. | 1656 | | | 1657 | security-failure | The authenticity of the request or the | 1658 | | authority of the requestor could not be | 1659 | | verified. | 1660 +------------------+------------------------------------------------+ 1662 Table 3: Reason Registry 1664 16. Contributors 1666 Brian Rosen was a co-author of the original document upon which this 1667 document is based. 1669 17. Acknowledgements 1671 We would like to thank Bob Williams and Ban Al-Bakri for their 1672 feedback and suggestion; Rex Buddenberg, Lena Chaponniere, Keith 1673 Drage, Stephen Edge, Wes George, Christer Holmberg, Ivo Sedlacek, and 1674 James Winterbottom for their review and comments; Robert Sparks and 1675 Paul Kyzivat for their help with the SIP mechanisms. We would like 1676 to thank Michael Montag, Arnoud van Wijk, Gunnar Hellstrom, and 1677 Ulrich Dietz for their help with the original document upon which 1678 this document is based. 1680 18. Changes from Previous Versions 1682 18.1. Changes from draft-ietf-11 to draft-ietf-12 1684 o Fixed errors in examples found by Dale 1685 o Removed enclosing sub-section of INFO package registration section 1686 o Added text per Christer and Dale's suggestions that the MSD and 1687 metadata/control blocks are sent in INFO with a Call-Info header 1688 field referencing them 1689 o Deleted Call Routing section (7.1) in favor of a statement that 1690 call routing is outside the scope of the document 1691 o Other text changes per comments received from Christer and Ivo. 1693 18.2. Changes from draft-ietf-09 to draft-ietf-11 1695 o Renamed INFO package to emergencyCallData.eCall.MSD 1696 o Changed INFO package to only permit MSD and metadata/control MIME 1697 types 1698 o Moved element back from car-crash but made it 1699 OPTIONAL 1700 o Moved other extension points back from car-crash so that extension 1701 points are in base spec (and also to get XML schema to compile) 1702 o Text changes for clarification. 1704 18.3. Changes from draft-ietf-08 to draft-ietf-09 1706 o Created a new "Data Transport" section that describes how the MSD 1707 and metadata/control blocks are attached, and then referred to 1708 that section rather than repeat the information about the CID and 1709 Call-Info and so forth, which means most references to the 1710 additional-data draft have now been deleted 1711 o Mentioned edge cases where a PSAP response to INVITE isn't 1712 received by the IVS 1713 o Reworded description of which status codes are used when a PSAP 1714 wishes to reject a call but inform the vehicle occupants that it 1715 is aware of the situation to be more definite 1716 o Added examples showing INFO 1717 o Added references for eCall test call requirement 1718 o Described meaning of eCall URNs in Section 8 as well as in IANA 1719 registration 1721 18.4. Changes from draft-ietf-07 to draft-ietf-08 1723 o eCall MSD now encoded as ASN.1 PER, using binary content transfer 1724 encoding 1725 o Added text to point out aspects of call handling and metadata/ 1726 control usage, such as use in rejected calls, and solicited MSDs 1727 o Revised use of INFO to require that when a request for an MSD is 1728 sent in INFO, the MSD sent in response is in its own INFO, not the 1729 response to the requesting INFO 1730 o Added material to INFO package registation to comply with 1731 Section 10 of [RFC6086] 1732 o Moved material not required by 3GPP into 1733 [I-D.ietf-ecrit-car-crash], e.g., some of the eCall metadata/ 1734 control elements, attributes, and values 1735 o Revised test call wording to clarify that specific handling is out 1736 of scope 1737 o Revised wording throughout the document to simplify 1738 o Moved new Section 7.1 to be a subsection of 7 1739 o Moved new Section Section 10 to be a main section instead of a 1740 subsection of Section 9 1742 o Revised SIP INFO usage and package registration per advice from 1743 Robert Sparks and Paul Kyzivat 1745 18.5. Changes from draft-ietf-06 to draft-ietf-07 1747 o Fixed typo in Acknowledgements 1749 18.6. Changes from draft-ietf-05 to draft-ietf-06 1751 o Added additional security and privacy clarifications regarding 1752 signed and encrypted data 1753 o Additional security and privacy text 1754 o Deleted informative section on ESINets as unnecessary. 1756 18.7. Changes from draft-ietf-04 to draft-ietf-05 1758 o Reworked the security and privacy considerations material in the 1759 document as a whole and in the MIME registation sections of the 1760 MSD and control objects 1761 o Clarified that the element can appear multiple 1762 times within an element 1763 o Fixed IMS definition 1764 o Added clarifying text for the 'msgid' attribute 1766 18.8. Changes from draft-ietf-03 to draft-ietf-04 1768 o Added Privacy Considerations section 1769 o Reworded most uses of non-normative "may", "should", "must", and 1770 "recommended." 1771 o Fixed nits in examples 1773 18.9. Changes from draft-ietf-02 to draft-ietf-03 1775 o Added request to enable cameras 1776 o Improved examples and XML schema 1777 o Clarifications and wording improvements 1779 18.10. Changes from draft-ietf-01 to draft-ietf-02 1781 o Added clarifying text reinforcing that the data exchange is for 1782 small blocks of data infrequently transmitted 1783 o Clarified that dynamic media is conveyed using SIP re-INVITE to 1784 establish a one-way media stream 1785 o Clarified that the scope is the needs of eCall within the SIP 1786 emergency call environment 1787 o Added informative statement that the document may be suitable for 1788 reuse by other ACN systems 1790 o Clarified that normative language for the control block applies to 1791 both IVS and PSAP 1792 o Removed 'ref', 'supported-mime', and elements 1793 o Minor wording improvements and clarifications 1795 18.11. Changes from draft-ietf-00 to draft-ietf-01 1797 o Added further discussion of test calls 1798 o Added further clarification to the document scope 1799 o Mentioned that multi-region vehicles may need to support other 1800 crash notification specifications in addition to eCall 1801 o Added details of the eCall metadata and control functionality 1802 o Added IANA registration for the MIME content type for the eCall 1803 control object 1804 o Added IANA registries for protocol elements and tokens used in the 1805 eCall control object 1806 o Minor wording improvements and clarifications 1808 18.12. Changes from draft-gellens-03 to draft-ietf-00 1810 o Renamed from draft-gellens- to draft-ietf-. 1811 o Added mention of and reference to ETSI TR "Mobile Standards Group 1812 (MSG); eCall for VoIP" 1813 o Added text to Introduction regarding migration/co-existence being 1814 out of scope 1815 o Added mention in Security Considerations that even if the network- 1816 supplied location is just the cell site, this can be useful as a 1817 sanity check on the IVS-supplied location 1818 o Minor wording improvements and clarifications 1820 18.13. Changes from draft-gellens-02 to -03 1822 o Clarifications and editorial improvements. 1824 18.14. Changes from draft-gellens-01 to -02 1826 o Minor wording improvements 1827 o Removed ".automatic" and ".manual" from 1828 "urn:service:test.sos.ecall" registration and discussion text. 1830 18.15. Changes from draft-gellens-00 to -01 1832 o Now using 'EmergencyCallData' for purpose parameter values and 1833 MIME subtypes, in accordance with changes to [RFC7852] 1834 o Added reference to RFC 6443 1835 o Fixed bug that caused Figure captions to not appear 1837 19. References 1839 19.1. Normative References 1841 [EN_16062] 1842 CEN, , "Intelligent transport systems - eSafety - eCall 1843 High Level Application Requirements (HLAP) Using GSM/UMTS 1844 Circuit Switched Networks, EN 16062", April 2015. 1846 [EN_16072] 1847 CEN, , "Intelligent transport systems - eSafety - Pan- 1848 European eCall operating requirements, EN 16072", April 1849 2015. 1851 [msd] CEN, , "Intelligent transport systems -- eSafety -- eCall 1852 minimum set of data (MSD), EN 15722", April 2015. 1854 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1855 Requirement Levels", BCP 14, RFC 2119, 1856 DOI 10.17487/RFC2119, March 1997, 1857 . 1859 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1860 DOI 10.17487/RFC3688, January 2004, 1861 . 1863 [RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for 1864 Emergency and Other Well-Known Services", RFC 5031, 1865 DOI 10.17487/RFC5031, January 2008, 1866 . 1868 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1869 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1870 DOI 10.17487/RFC5226, May 2008, 1871 . 1873 [RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, 1874 "Framework for Emergency Calling Using Internet 1875 Multimedia", RFC 6443, DOI 10.17487/RFC6443, December 1876 2011, . 1878 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1879 Specifications and Registration Procedures", BCP 13, 1880 RFC 6838, DOI 10.17487/RFC6838, January 2013, 1881 . 1883 [RFC6881] Rosen, B. and J. Polk, "Best Current Practice for 1884 Communications Services in Support of Emergency Calling", 1885 BCP 181, RFC 6881, DOI 10.17487/RFC6881, March 2013, 1886 . 1888 [RFC7303] Thompson, H. and C. Lilley, "XML Media Types", RFC 7303, 1889 DOI 10.17487/RFC7303, July 2014, 1890 . 1892 [RFC7852] Gellens, R., Rosen, B., Tschofenig, H., Marshall, R., and 1893 J. Winterbottom, "Additional Data Related to an Emergency 1894 Call", RFC 7852, DOI 10.17487/RFC7852, July 2016, 1895 . 1897 [TS22.101] 1898 3GPP, , "3GPP TS 22.101: Technical Specification Group 1899 Services and System Aspects; Service aspects; Service 1900 principles". 1902 19.2. Informative references 1904 [CEN] "European Committee for Standardization", 1905 . 1907 [I-D.ietf-ecrit-car-crash] 1908 Gellens, R., Rosen, B., and H. Tschofenig, "Next- 1909 Generation Vehicle-Initiated Emergency Calls", draft-ietf- 1910 ecrit-car-crash-09 (work in progress), August 2016. 1912 [MSG_TR] ETSI, , "ETSI Mobile Standards Group (MSG); eCall for 1913 VoIP", ETSI Technical Report TR 103 140 V1.1.1 (2014-04), 1914 April 2014. 1916 [RFC5012] Schulzrinne, H. and R. Marshall, Ed., "Requirements for 1917 Emergency Context Resolution with Internet Technologies", 1918 RFC 5012, DOI 10.17487/RFC5012, January 2008, 1919 . 1921 [RFC5069] Taylor, T., Ed., Tschofenig, H., Schulzrinne, H., and M. 1922 Shanmugam, "Security Threats and Requirements for 1923 Emergency Call Marking and Mapping", RFC 5069, 1924 DOI 10.17487/RFC5069, January 2008, 1925 . 1927 [RFC6086] Holmberg, C., Burger, E., and H. Kaplan, "Session 1928 Initiation Protocol (SIP) INFO Method and Package 1929 Framework", RFC 6086, DOI 10.17487/RFC6086, January 2011, 1930 . 1932 [RFC7090] Schulzrinne, H., Tschofenig, H., Holmberg, C., and M. 1933 Patel, "Public Safety Answering Point (PSAP) Callback", 1934 RFC 7090, DOI 10.17487/RFC7090, April 2014, 1935 . 1937 [RFC7378] Tschofenig, H., Schulzrinne, H., and B. Aboba, Ed., 1938 "Trustworthy Location", RFC 7378, DOI 10.17487/RFC7378, 1939 December 2014, . 1941 [SDO-3GPP] 1942 "3d Generation Partnership Project", 1943 . 1945 [SDO-ETSI] 1946 "European Telecommunications Standards Institute (ETSI)", 1947 . 1949 Authors' Addresses 1951 Randall Gellens 1952 Core Technology Consulting 1954 Email: rg+ietf@randy.pensive.org 1956 Hannes Tschofenig 1957 Individual 1959 Email: Hannes.Tschofenig@gmx.net 1960 URI: http://www.tschofenig.priv.at