idnits 2.17.00 (12 Aug 2021)

/tmp/idnits53162/draft-tschofenig-sipping-spit-policy-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 23.

  -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on
     line 1585.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1596.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1603.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1609.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust Copyright Line does not match the
     current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (July 8, 2007) is 5431 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: 'RFC4412' is defined on line 1389, but no explicit
     reference was found in the text

  == Unused Reference: 'I-D.ietf-ecrit-service-urn' is defined on line 1426,
     but no explicit reference was found in the text

  == Unused Reference: 'I-D.mahy-iptel-cpc' is defined on line 1463, but no
     explicit reference was found in the text

  == Unused Reference: 'I-D.rosenberg-sipping-service-identification' is
     defined on line 1468, but no explicit reference was found in the text

  == Unused Reference: 'I-D.schubert-sipping-saml-cpc' is defined on line
     1474, but no explicit reference was found in the text

  == Unused Reference: 'I-D.schwartz-sipping-spit-saml' is defined on line
     1479, but no explicit reference was found in the text

  == Unused Reference: 'RFC3266' is defined on line 1520, but no explicit
     reference was found in the text

  ** Obsolete normative reference: RFC 2617 (Obsoleted by RFC 7235, RFC 7615,
     RFC 7616, RFC 7617)

  ** Downref: Normative reference to an Informational RFC: RFC 3325

  ** Obsolete normative reference: RFC 4474 (Obsoleted by RFC 8224)

  == Outdated reference: A later version (-03) exists of
     draft-froment-sipping-spit-requirements-00

  == Outdated reference: draft-ietf-ecrit-service-urn has been published as
     RFC 5031

  == Outdated reference: draft-ietf-mmusic-file-transfer-mech has been
     published as RFC 5547

  == Outdated reference: draft-ietf-simple-message-sessions has been
     published as RFC 4975

  == Outdated reference: draft-ietf-simple-presence-rules has been published
     as RFC 5025

  == Outdated reference: draft-ietf-sip-consent-framework has been published
     as RFC 5360

  == Outdated reference: draft-ietf-sipping-spam has been published as RFC
     5039

  == Outdated reference: A later version (-06) exists of
     draft-jennings-sip-hashcash-05

  == Outdated reference: A later version (-03) exists of
     draft-rosenberg-sipping-service-identification-02

  == Outdated reference: A later version (-01) exists of
     draft-tschofenig-sipping-captcha-00

  == Outdated reference: A later version (-04) exists of
     draft-tschofenig-sipping-framework-spit-reduction-00

  -- Obsolete informational reference (is this intentional?): RFC 2445
     (Obsoleted by RFC 5545)

  -- Obsolete informational reference (is this intentional?): RFC 3028
     (Obsoleted by RFC 5228, RFC 5429)

  -- Obsolete informational reference (is this intentional?): RFC 3266
     (Obsoleted by RFC 4566)


     Summary: 4 errors (**), 0 flaws (~~), 19 warnings (==), 10 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	SIPPING                                                    H. Tschofenig
3	Internet-Draft                                    Nokia Siemens Networks
4	Intended status: Standards Track                                 D. Wing
5	Expires: January 9, 2008                                           Cisco
6	                                                          H. Schulzrinne
7	                                                     Columbia University
8	                                                              T. Froment
9	                                                          Alcatel-Lucent
10	                                                               G. Dawirs
11	                                                     University of Namur
12	                                                            July 8, 2007

14	 A Document Format for Expressing Authorization Policies to tackle Spam
15	           and Unwanted Communication for Internet Telephony
16	              draft-tschofenig-sipping-spit-policy-01.txt

18	Status of this Memo

20	   By submitting this Internet-Draft, each author represents that any
21	   applicable patent or other IPR claims of which he or she is aware
22	   have been or will be disclosed, and any of which he or she becomes
23	   aware will be disclosed, in accordance with Section 6 of BCP 79.

25	   Internet-Drafts are working documents of the Internet Engineering
26	   Task Force (IETF), its areas, and its working groups.  Note that
27	   other groups may also distribute working documents as Internet-
28	   Drafts.

30	   Internet-Drafts are draft documents valid for a maximum of six months
31	   and may be updated, replaced, or obsoleted by other documents at any
32	   time.  It is inappropriate to use Internet-Drafts as reference
33	   material or to cite them other than as "work in progress."

35	   The list of current Internet-Drafts can be accessed at
36	   http://www.ietf.org/ietf/1id-abstracts.txt.

38	   The list of Internet-Draft Shadow Directories can be accessed at
39	   http://www.ietf.org/shadow.html.

41	   This Internet-Draft will expire on January 9, 2008.

43	Copyright Notice

45	   Copyright (C) The IETF Trust (2007).

47	Abstract

49	   SPAM, defined as sending unsolicited messages to someone in bulk,
50	   might be a problem on SIP open-wide deployed networks.  The
51	   responsibility for filtering or blocking calls can belong to
52	   different elements in the call flow and may depend on various
53	   factors.  This document defines an authorization based policy
54	   language that allows end users to upload anti-SPIT policies to
55	   intermediaries, such as SIP proxies.  These policies mitigate
56	   unwanted SIP communications.  It extends the Common Policy
57	   authorization framework with additional conditions and actions.  The
58	   new conditions match a particular Session Initiation Protocol (SIP)
59	   communication pattern based on a number of attributes.  The range of
60	   attributes includes information provided, for example, by SIP itself,
61	   by the SIP identity mechanism, by information carried within SAML
62	   assertions.

64	Table of Contents

66	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
67	   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
68	   3.  Generic Processing . . . . . . . . . . . . . . . . . . . . . .  5
69	     3.1.  Structure of SPIT Authorization Documents  . . . . . . . .  5
70	     3.2.  Rule Transport . . . . . . . . . . . . . . . . . . . . . .  5
71	   4.  Condition Elements . . . . . . . . . . . . . . . . . . . . . .  6
72	     4.1.  Identity . . . . . . . . . . . . . . . . . . . . . . . . .  6
73	       4.1.1.  Acceptable Forms of Authentication . . . . . . . . . .  6
74	       4.1.2.  Computing a URI for the Sender . . . . . . . . . . . .  7
75	     4.2.  Sphere . . . . . . . . . . . . . . . . . . . . . . . . . .  8
76	     4.3.  SPIT Handling  . . . . . . . . . . . . . . . . . . . . . .  9
77	     4.4.  Media List . . . . . . . . . . . . . . . . . . . . . . . .  9
78	     4.5.  Method List  . . . . . . . . . . . . . . . . . . . . . . . 10
79	     4.6.  MIME List  . . . . . . . . . . . . . . . . . . . . . . . . 10
80	     4.7.  Presence Status  . . . . . . . . . . . . . . . . . . . . . 10
81	     4.8.  Rule Deactivated . . . . . . . . . . . . . . . . . . . . . 10
82	     4.9.  Time Period Condition  . . . . . . . . . . . . . . . . . . 10
83	   5.  Actions  . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
84	     5.1.  Execute Action . . . . . . . . . . . . . . . . . . . . . . 18
85	     5.2.  Forward To . . . . . . . . . . . . . . . . . . . . . . . . 18
86	   6.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
87	   7.  XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 20
88	   8.  XCAP USAGE . . . . . . . . . . . . . . . . . . . . . . . . . . 27
89	     8.1.  Application Unique ID  . . . . . . . . . . . . . . . . . . 27
90	     8.2.  XML Schema . . . . . . . . . . . . . . . . . . . . . . . . 27
91	     8.3.  Default Namespace  . . . . . . . . . . . . . . . . . . . . 27
92	     8.4.  MIME Type  . . . . . . . . . . . . . . . . . . . . . . . . 27
93	     8.5.  Validation Constraints . . . . . . . . . . . . . . . . . . 27
94	     8.6.  Data Semantics . . . . . . . . . . . . . . . . . . . . . . 27
95	     8.7.  Naming Conventions . . . . . . . . . . . . . . . . . . . . 28
96	     8.8.  Resource Interdependencies . . . . . . . . . . . . . . . . 28
97	     8.9.  Authorization Policies . . . . . . . . . . . . . . . . . . 28
98	   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 28
99	     9.1.  Anti-SPIT Policy XML Schema Registration . . . . . . . . . 28
100	     9.2.  Anti-SPIT Policy Namespace Registration  . . . . . . . . . 28
101	     9.3.  XCAP Application Usage ID  . . . . . . . . . . . . . . . . 29
102	   10. Security Considerations  . . . . . . . . . . . . . . . . . . . 29
103	   11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 29
104	   12. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 29
105	   13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30
106	     13.1. Normative References . . . . . . . . . . . . . . . . . . . 30
107	     13.2. Informative References . . . . . . . . . . . . . . . . . . 31
108	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34
109	   Intellectual Property and Copyright Statements . . . . . . . . . . 36

111	1.  Introduction

113	   The problem of SPAM for Internet Telephony (SPIT) is an imminent
114	   challenge and only the combination of several techniques can provide
115	   a framework for dealing with unwanted communication, as stated in
116	   [I-D.jennings-sip-hashcash].

118	   One important building block is to have a mechanism that can instruct
119	   SIP intermediaries to react differently on incoming requests based on
120	   policies.  Different entities, such as end users, parents on behalf
121	   of their children, system administrators in enterprise networks,
122	   etc., might create and modify authorization policies.  The conditions
123	   in these policies can be created from many sources but some
124	   information elements are more important than others.  For example,
125	   there is reason to believe that applying authorization policies based
126	   on the authenticated identity is an effective way to accept a
127	   communication attempt to deal with unsolicited communication.
128	   Authentication based on the SIP identity mechanism, see [RFC4474], is
129	   one important concept.

131	   The requirements for the authorization policies described in this
132	   document are outlined in [I-D.froment-sipping-spit-requirements].  A
133	   framework document is available at
134	   [I-D.tschofenig-sipping-framework-spit-reduction].

136	2.  Terminology

138	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
139	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
140	   document are to be interpreted as described in RFC 2119 [RFC2119].

142	   This document reuses the terminology from RFC 4745 [RFC4745]:

144	   Rule maker:

146	      The RM is an entity that creates the authorization policies that
147	      react to unwanted connection attempts.  The rule maker might be an
148	      end user that owns the device, a VoIP service provider, a person
149	      with a relationship to the end user (e.g., the parents of a child
150	      using a mobile phone).  A standardized policy language is needed
151	      when the creation, modification and deletion of authorization
152	      policies are not only a local matter.

154	   Authorization policy:

156	      An authorization policy is given by a rule set.  A rule set
157	      contains an unordered list of rules.  Each rule has a condition,
158	      an action and a transformation component.  The terms
159	      'authorization policy', 'policy', 'rule set', 'authorization
160	      policy rule', 'policy rule' and 'rule' are used interchangeably.
161	      Authorization policies can be applied at the end host and/or by
162	      intermediaries.

164	   Permission:

166	      The term permission refers to the action and transformation
167	      components of a rule.

169	   We use the term 'Recipient' for the entity that is target of the
170	   communication attempt of a sender.

172	3.  Generic Processing

174	3.1.  Structure of SPIT Authorization Documents

176	   A SPIT authorization document is an XML document, formatted according
177	   to the schema defined in RFC 4745 [RFC4745].  SPIT authorization
178	   documents inherit the MIME type of common policy documents,
179	   application/auth-policy+xml.  As described in [RFC4745], this
180	   document is composed of rules which contain three parts - conditions,
181	   actions, and transformations.  Each action or transformation, which
182	   is also called a permission, has the property of being a positive
183	   grant to the authorization server to perform the resulting actions,
184	   be it allow, block etc .  As a result, there is a well-defined
185	   mechanism for combining actions and transformations obtained from
186	   several sources.  This mechanism therefore can be used to filter
187	   connection attempts thus leading to effective SPIT prevention.

189	3.2.  Rule Transport

191	   Policies are XML documents that are stored at a Proxy Server or a
192	   dedicated device.  The Rule Maker therefore needs to use a protocol
193	   to create, modify and delete the authorization policies defined in
194	   this document.  Such a protocol is available with the Extensible
195	   Markup Language (XML) Configuration Access Protocol (XCAP) [RFC4825].

197	4.  Condition Elements

199	   This section describes the additional enhancements of the conditions-
200	   part of the rule.  This document inherits the Common Policy
201	   functionality, including <identity>, <validity>, and <sphere>
202	   conditions.

204	   Note that, as discussed in [RFC4745], a permission document applies
205	   to a translation if all the expressions in its conditions part
206	   evaluate to TRUE.

208	4.1.  Identity

210	   Although the <identity> element is defined in [RFC4745], that
211	   specification indicates that the specific usages of the framework
212	   document need to define details that are protocol and usage specific.
213	   In particular, it is necessary for a usage of the common policy
214	   framework to:

216	   o  Define acceptable means of authentication.
217	   o  Define the procedure for representing the identity as a URI or IRI
218	      [RFC3987].

220	   This sub-section defines those details for systems based on
221	   [RFC3856].

223	4.1.1.  Acceptable Forms of Authentication

225	   When used with SIP, a request is considered authenticated if one of
226	   the following techniques is used:

228	   SIP Digest:

230	      The proxy has authenticated the sender using SIP [RFC3261] digest
231	      authentication [RFC2617].  However, if the anonymous
232	      authentication described on page 194 of RFC 3261 [RFC3261] was
233	      used, the sender is not considered authenticated.

235	   Asserted Identity:

237	      If a request contains a P-Asserted-ID header field [RFC3325] and
238	      the request is coming from a trusted element, the sender is
239	      considered authenticated.

241	   Cryptographically Verified Identity:

243	      If a request contains an Identity header field as defined in
244	      [RFC4474], and it validates the From header field of the request,
245	      the request is considered to be authenticated.  Note that this is
246	      true even if the request contained a From header field of the form
247	      sip:anonymous@example.com.  As long as the signature verifies that
248	      the request legitimately came from this identity, it is considered
249	      authenticated.

251	   An anonymous From header field with RFC 4474 [RFC4474] is considered
252	   authenticated, while anonymous digest is not considered
253	   authenticated, because the former still involves the usage of an
254	   actual username and credential as part of an authentication operation
255	   in the originating domain.

257	4.1.2.  Computing a URI for the Sender

259	   For messages that are authenticated using SIP Digest, the identity of
260	   the sender is set equal to the address of record (AoR) for the user
261	   that has authenticated themselves.  The AoR is always a URI, and can
262	   be either a SIP URI or tel URI [RFC3966].  For example, consider the
263	   following "user record" in a database:

265	               SIP AOR: sip:alice@example.com
266	               digest username: ali
267	               digest password: f779ajvvh8a6s6
268	               digest realm: example.com

270	   If the proxy server receives an INVITE, challenges it with the realm
271	   set to "example.com", and the subsequent INVITE contains an
272	   Authorization header field with a username of "ali" and a digest
273	   response generated with the password "f779ajvvh8a6s6", the identity
274	   used in matching operations is "sip:alice@example.com".

276	   For messages that are authenticated using RFC 3325 [RFC3325], the
277	   identity of the sender is equal to the URI in the P-Asserted-ID
278	   header field.  If there are multiple values for the P-Asserted-ID
279	   header field (there can be one sip URI and one tel URI [RFC3966]),
280	   then each of them is used for the comparisons outlined in [RFC4745],
281	   and if either of them match a <one> or <except> element, it is
282	   considered a match.

284	   For messages that are authenticated using the SIP Identity mechanism
285	   [RFC4474], identity of the sender is equal to the SIP URI in the From
286	   header field of the request, assuming that the signature in the
287	   Identity header field has been validated.

289	   In SIP systems, it is possible for a user to have aliases - that is,
290	   there are multiple SIP AoRs "assigned" to a single user.  In terms of
291	   this specification, there is no relationship between those aliases.
292	   Each would look like a different user.  This will be the consequence
293	   for systems where the sender is in a different domain than the
294	   recipient.  However, even if the sender and recipient are in the same
295	   domain, and the proxy server knows that there are aliases for the
296	   sender, these aliases are not mapped to each other or used in any
297	   way.

299	   SIP also allows for anonymous identities.  If a message is anonymous
300	   because the digest challenge/response used the "anonymous" username,
301	   the message is considered unauthenticated and will match only an
302	   empty <identity> element.  If a message is anonymous because it
303	   contains a Privacy header field [RFC3323], but still contains a
304	   P-Asserted-ID header field, the identity in the P-Asserted-ID header
305	   field is still used in the authorization computations; the fact that
306	   the message was anonymous has no impact on the identity processing.
307	   However, if the message had traversed a trust boundary and the
308	   P-Asserted-ID header field and the Privacy header field had been
309	   removed, the message will be considered unauthenticated when it
310	   arrives at the proxy server.  Finally, if a message contained an
311	   Identity header field that was validated, and the From header field
312	   contained a URI of the form sip:anonymous@example.com, then the
313	   sender is considered authenticated, and it will have an identity
314	   equal to sip:anonymous@example.com.  Had such an identity been placed
315	   into a <one> or <except> element, there will be a match.

317	   It is important to note that SIP frequently uses both SIP URI and tel
318	   URI [RFC3966] as identifiers, and to make matters more confusing, a
319	   SIP URI can contain a phone number in its user part, in the same
320	   format used in a tel URI.  The sender's identity that is a SIP URI
321	   with a phone number will not match the <one> and <except> conditions
322	   whose 'id' is a tel URI with the same number.  The same is true in
323	   the reverse.  If the sender's identity is a tel URI, this will not
324	   match a SIP URI in the <one> or <except> conditions whose user part
325	   is a phone number.  URIs of different schemes are never equivalent.

327	4.2.  Sphere

329	   The <sphere> element is defined in [RFC4745].  However, each
330	   application making use of the common policy specification needs to
331	   determine how the policy server computes the value of the sphere to
332	   be used in the evaluation of the condition.

334	   To compute the value of <sphere>, the proxy server interacts with a
335	   presence server who knows whether at least one of the published
336	   presence documents includes the <sphere> element [RFC4480] as part of
337	   the person data component [RFC4479], and all of those containing the
338	   element have the same value for it, that is the value used for the
339	   sphere in policy policy processing.  If, however, the <sphere>
340	   element was not available to the presence server (and hence not for
341	   the proxy server), or it was present but had inconsistent values, its
342	   value is considered undefined in terms of policy processing.

344	4.3.  SPIT Handling

346	   The <spit-handling> element is a way to react on the execution of
347	   certain SPIT handling mechanisms.  For example, a rule might indicate
348	   that a CAPTCHA has to be sent to the sender and the sender
349	   subsequently has to return the result.  Depending on the outcome of
350	   the robot test the rules might enforce different actions.  This
351	   element provides such a condition capability.

353	   The <spit-handling> condition evaluates to TRUE if any of its child
354	   elements evaluate to TRUE, i.e., the results of the individual child
355	   element are combined using a logical OR.

357	   The <spit-handling> element MAY contain zero or more <challenge>
358	   elements.  The <challenge> elements has an attribute 'result' that
359	   either contains "SUCCESS" or "FAILURE".

361	4.4.  Media List

363	   The <media-list> condition evaluates to TRUE if any of its child
364	   elements evaluate to TRUE, i.e., the results of the individual child
365	   element are combined using a logical OR.

367	   The <media-list> element SHOULD include either
368	   o  an <all-media-except> element or;
369	   o  a list of one or more >media> elements selected from the list of
370	      possible media elements below.

372	   List of possible media elements:
373	   o  The <message-session> media element indicating session based
374	      messaging as defined in [I-D.ietf-simple-message-sessions];
375	   o  The <pager-mode-message> media element indicating pager mode
376	      message requests as defined in [RFC3428];
377	   o  The <file-transfer> media element indicating file transfer as
378	      defined in [I-D.ietf-mmusic-file-transfer-mech];
379	   o  The <audio> media element indicating a streaming media type as
380	      defined in [RFC3840];
381	   o  The <video> media element indicating a streaming media type as
382	      defined in [RFC3840];

384	   o  Any elements from any other namespaces defining a media element.

386	   The <all-media-except> element MAY include a list of one or more
387	   >media> elements selected from the list of possible >media> elements
388	   above.

390	   The <audio>, <video> and <message-session> elements:
391	   o  MAY include the <full-duplex> element indicating that media can be
392	      exchanged in both directions simultaneously;
393	   o  MAY include the <half-duplex> element indicating that media can be
394	      exchanged in only one direction at a time.

396	4.5.  Method List

398	   The <method-list> element contains one or more child elements
399	   <method> in order to provide matching capabilities of any SIP method
400	   invoked by the user can be used to filter incoming messages.

402	   The <method-list> condition element evaluates to TRUE if any of its
403	   child elements evaluate to TRUE, i.e., the results of the individual
404	   child element are combined using a logical OR.

406	4.6.  MIME List

408	   The <mime-list> element contains one or more child <mime> child
409	   elements

411	   The <mime-list> condition element evaluates to TRUE if any of its
412	   child elements evaluate to TRUE, i.e., the results of the individual
413	   child element are combined using a logical OR.

415	4.7.  Presence Status

417	   This condition evaluates to TRUE when the called user's current
418	   presence activity status is equal to the value in the <presence-
419	   status> element.  Otherwise the condition evaluates to FALSE.

421	4.8.  Rule Deactivated

423	   The <rule-deactivated> condition always evaluates to FALSE.  This can
424	   be used to deactivate a rule, without loosing information.  By
425	   removing this condition the rule can be activated again.

427	4.9.  Time Period Condition

429	   The <time-period> element allows to make decisions based on the time,
430	   date and timezone.  The <time> element may contain the following
431	   attributes:

433	   tzid:

435	      RFC 2445 [RFC2445] Time Zone Identifier

437	   tzurl:

439	      RFC 2445 [RFC2445] Time Zone URL

441	   dtstart:

443	      Start of interval (RFC 2445 [RFC2445] DATE-TIME)

445	   dtend:

447	      End of interval (RFC 2445 [RFC2445] DATE-TIME)

449	   duration:

451	      Length of interval (RFC 2445 [RFC2445] DURATION)

453	   freq:

455	      Frequency of recurrence ("secondly", "minutely", "hourly",
456	      "daily", "weekly", "monthly", or "yearly")

458	   interval:

460	      How often the recurrence repeats

462	   until:

464	      Bound of recurrence (RFC 2445 [RFC2445] DATE-TIME)

466	   count:

468	      Number of occurrences of recurrence

470	   bysecond:

472	      List of seconds within a minute

474	   byminute:

476	      List of minutes within an hour

478	   byhour:

480	      List of hours of the day

482	   byday:  List of days of the week

484	   bymonthday:

486	      List of days of the month

488	   byyearday:

490	      List of days of the year

492	   byweekno:

494	      List of weeks of the year

496	   bymonth:

498	      List of months of the year

500	   wkstv:

502	      First day of the work week

504	   bysetpos:

506	      List of values within set of events specified

508	   The <time-period> is based on the description in CPL [RFC3880] and
509	   furthemore based closely on the specification of recurring intervals
510	   of time in the Internet Calendaring and Scheduling Core Object
511	   Specification (iCalendar COS), RFC 2445 [RFC2445].

513	      This allows policies to be generated automatically from calendar
514	      books.  It also allows us to re-use the extensive existing work
515	      specifying time intervals.

517	   If future standards-track documents are published that update or
518	   obsolete RFC 2445 [RFC2445], any changes or clarifications those
519	   documents make to recurrence handling apply to CPL time-switches as
520	   well.

522	   An algorithm to determine whether an instant falls within a given
523	   recurrence is given in Appendix A of RFC 3880 [RFC3880].

525	   The <time-period> element takes two optional attributes, "tzid" and
526	   "tzurl", both of which are defined in Sections 4.8.3.1 and 4.8.3.5 of
527	   RFC 2445 [RFC2445].  The "tzid" is the identifying attribute by which
528	   a time zone definition is referenced.  If it begins with a forward
529	   slash (solidus), it references a to-be-defined global time zone
530	   registry; otherwise it is locally-defined at the server.  The "tzurl"
531	   attribute gives a network location from which an up-to-date VTIMEZONE
532	   definition for the timezone can be retrieved.

534	   While the content of the "tzid" attribute does not begin with a
535	   forward slash are locally defined, it is RECOMMENDED that servers
536	   support at least the naming scheme used by the Olson Time Zone
537	   database [OTZ].  Examples of timezone databases that use the Olson
538	   scheme are the zoneinfo files on most Unix-like systems, and the
539	   standard Java TimeZone class.

541	   Servers SHOULD resolve "tzid" and "tzurl" references to time zone
542	   definitions at the time the policy is uploaded.  They MAY
543	   periodically refresh these resolutions to obtain the most up-to-date
544	   definition of a time zone.  If a "tzurl" becomes invalid, servers
545	   SHOULD remember the most recent valid data retrieved from the URL.

547	   If a script is uploaded with a "tzid" and "tzurl" which the CPL
548	   server does not recognize or cannot resolve, it SHOULD diagnose and
549	   reject this at script upload time.  If neither "tzid" nor "tzurl" are
550	   present, all non-UTC times within this time switch should be
551	   interpreted as being "floating" times, i.e., that they are specified
552	   in the local timezone of the CPL server.

554	      Because of daylight-savings-time changes over the course of a
555	      year, it is necessary to specify time switches in a given
556	      timezone.  UTC offsets are not sufficient, or a time-of-day
557	      routing rule which held between 9 am and 5 pm in the eastern
558	      United States would start holding between 8 am and 4 pm at the end
559	      of October.

561	   The developers of tools used creating policy documents should be
562	   careful to handle correctly the intervals when local time is
563	   discontinuous, at the beginning or end of daylight-savings time.
564	   Note especially that some times may occur more than once when clocks
565	   are set back.  The algorithm in Appendix A of RFC 3880 [RFC3880] is
566	   believed to handle this correctly.

568	   The <time> element specifies a list of periods.  They have two
569	   required attributes a:
570	   o  "dtstart", which specifies the beginning of the first period of
571	      the list,

573	   o  and exactly one of "dtend" or "duration", which specify the ending
574	      time or the duration of the period, respectively.

576	   The "dtstart" and "dtend" attributes are formatted as iCalendar COS
577	   DATE-TIME values, as specified in Section 4.3.5 of RFC 2445
578	   [RFC2445].  Only floating or UTC times can be used with time zones.
579	   The "duration" attribute is given as an iCalendar COS DURATION
580	   parameter, as specified in section 4.3.6 of RFC 2445 [RFC2445].  Both
581	   the DATE-TIME and the DURATION syntaxes are subsets of the
582	   corresponding syntaxes from ISO 8601 [ISO8601].

584	   For a recurring interval, the "duration" attribute MUST be small
585	   enough such that subsequent intervals do not overlap.  For non-
586	   recurring intervals, durations of any positive length are permitted.
587	   Zero-length and negative-length durations are not allowed.

589	   If no other parameters are specified, a <time> element indicates only
590	   a single period of time.  More complicated sets of period intervals
591	   are constructed as recurrences.  A recurrence is specified by
592	   including the "freq" attribute, which indicates the type of
593	   recurrence rule.  Parameters other than "dtstart", "dtend", and
594	   "duration" SHOULD NOT be specified unless "freq" is present, though
595	   servers SHOULD accept rules with such parameters present, and ignore
596	   the other parameters.

598	   The "freq" parameter takes one of the following values: "secondly",
599	   to specify repeating periods based on an interval of a second or
600	   more, "minutely", to specify repeating periods based on an interval
601	   of a minute or more, "hourly", to specify repeating periods based on
602	   an interval of an hour or more, "daily", to specify repeating periods
603	   based on an interval of a day or more, "weekly", to specify repeating
604	   periods based on an interval of a week or more, "monthly", to specify
605	   repeating periods based on an interval of a month or more, and
606	   "yearly", to specify repeating periods based on an interval of a year
607	   or more.  These values are not case-sensitive.

609	   The "interval" attribute contains a positive integer representing how
610	   often the recurrence rule repeats.  The default value is "1", meaning
611	   every second for a "secondly" rule, every minute for a "minutely"
612	   rule, every hour for an "hourly" rule, every day for a "daily" rule,
613	   every week for a "weekly" rule, every month for a "monthly" rule, and
614	   every year for a "yearly" rule.

616	   The "until" attribute defines an iCalendar COS DATE or DATE-TIME
617	   value which bounds the recurrence rule in an inclusive manner.  If
618	   the value specified by "until" is synchronized with the specified
619	   recurrence, this date or date-time becomes the last instance of the
620	   recurrence.  If specified as a date-time value, then it MUST be
621	   specified in UTC time format.  If not present, and the "count"
622	   parameter is not also present, the recurrence is considered to repeat
623	   forever.

625	   The "count" attribute defines the number of occurrences at which to
626	   range-bound the recurrence.  The "dtstart" attribute counts as the
627	   first occurrence.  The "until" and "count" attribute MUST NOT occur
628	   in the same <time> element.

630	   The "bysecond" attribute specifies a comma-separated list of seconds
631	   within a minute.  Valid values are 0 to 59.  The "byminute" attribute
632	   specifies a comma-separated list of minutes within an hour.  Valid
633	   values are 0 to 59.  The "byhour" attribute specifies a comma-
634	   separated list of hours of the day.  Valid values are 0 to 23.

636	   The "byday" attribute specifies a comma-separated list of days of the
637	   week.  "MO" indicates Monday, "TU" indicates Tuesday, "WE" indicates
638	   Wednesday, "TH" indicates Thursday, "FR" indicates Friday, "SA"
639	   indicates Saturday, and "SU" indicates Sunday.  These values are not
640	   case-sensitive.

642	   Each "byday" value can also be preceded by a positive (+n) or
643	   negative (-n) integer.  If present, this indicates the nth occurrence
644	   of the specific day within the "monthly" or "yearly" recurrence.  For
645	   example, within a "monthly" rule, +1MO (or simply 1MO) represents the
646	   first Monday within the month, whereas -1MO represents the last
647	   Monday of the month.  If an integer modifier is not present, it means
648	   all days of this type within the specified frequency.  For example,
649	   within a "monthly" rule, MO represents all Mondays within the month.

651	   The "bymonthday" attribute specifies a comma-separated list of days
652	   of the month.  Valid values are 1 to 31 or -31 to -1.  For example,
653	   -10 represents the tenth to the last day of the month.

655	   The "byyearday" attribute specifies a comma-separated list of days of
656	   the year.  Valid values are 1 to 366 or -366 to -1.  For example, -1
657	   represents the last day of the year (December 31st) and -306
658	   represents the 306th to the last day of the year (March 1st).

660	   The "byweekno" attribute specifies a comma-separated list of ordinals
661	   specifying weeks of the year.  Valid values are 1 to 53 or -53 to -1.
662	   This corresponds to weeks according to week numbering as defined in
663	   ISO 8601 [ISO8601].  A week is defined as a seven day period,
664	   starting on the day of the week defined to be the week start (see
665	   "wkst").  Week number one of the calendar year is the first week
666	   which contains at least four (4) days in that calendar year.  This
667	   parameter is only valid for "yearly" rules.  For example, 3
668	   represents the third week of the year.

670	      Note: Assuming a Monday week start, week 53 can only occur when
671	      January 1 is a Thursday or, for leap years, if January 1 is a
672	      Wednesday.

674	   The "bymonth" attribute specifies a comma-separated list of months of
675	   the year.  Valid values are 1 to 12.

677	   The "wkst" attribute specifies the day on which the work week starts.
678	   Valid values are "MO", "TU", "WE", "TH", "FR", "SA" and "SU".  This
679	   is significant when a "weekly" recurrence has an interval greater
680	   than 1, and a "byday" parameter is specified.  This is also
681	   significant in a "yearly" recurrence when a "byweekno" parameter is
682	   specified.  The default value is "MO", following ISO 8601 [ISO8601].

684	   The "bysetpos" attribute specifies a comma-separated list of values
685	   which corresponds to the nth occurrence within the set of events
686	   specified by the rule.  Valid values are 1 to 366 or -366 to -1.  It
687	   MUST only be used in conjunction with another byxxx attribute.  For
688	   example, "the last work day of the month" could be represented as:

690	                    <time dtstart="19970105T083000"
691	                          freq="monthly"
692	                          byday="MO,TU,WE,TH,FR"
693	                          bysetpos="-1"
694	                    />

696	   Each "bysetpos" value can include a positive (+n) or negative (-n)
697	   integer.  If present, this indicates the nth occurrence of the
698	   specific occurrence within the set of events specified by the rule.

700	   If byxxx attribute values are found which are beyond the available
701	   scope (i.e., bymonthday="30" in February), they are simply ignored.

703	   Byxxx attribute modify the recurrence in some manner.  Byxxx rule
704	   parts for a period of time which is the same or greater than the
705	   frequency generally reduce or limit the number of occurrences of the
706	   recurrence generated.  For example, freq="daily" bymonth="1" reduces
707	   the number of recurrence instances from all days (if the "bymonth"
708	   attribute is not present) to all days in January.  Byxxx attribute
709	   for a period of time less than the frequency generally increase or
710	   expand the number of occurrences of the recurrence.  For example,
711	   freq="yearly" bymonth="1,2" increases the number of days within the
712	   yearly recurrence set from 1 (if "bymonth" parameter is not present)
713	   to 2.

715	   If multiple Byxxx attribute are specified, then after evaluating the
716	   specified "freq" and "interval" attribute, the Byxxx attribute are
717	   applied to the current set of evaluated occurrences in the following
718	   order: "bymonth", "byweekno", "byyearday", "bymonthday", "byday",
719	   "byhour", "byminute", "bysecond", and "bysetpos"; then "count" and
720	   "until" are evaluated.

722	   Here is an example of evaluating multiple Byxxx attribute.

724	                    <time dtstart="19970105T083000"
725	                          duration="10M"
726	                          freq="yearly"
727	                          interval="2"
728	                          bymonth="1"
729	                          byday="SU"
730	                          byhour="8,9"
731	                          byminute="30">
732	                    />

734	   First, the interval="2" would be applied to freq="yearly" to arrive
735	   at "every other year."  Then, bymonth="1" would be applied to arrive
736	   at "every January, every other year."  Then, byday="SU" would be
737	   applied to arrive at "every Sunday in January, every other year."
738	   Then, byhour="8,9" would be applied to arrive at "every Sunday in
739	   January at 8 AM and 9 AM, every other year."  Then, byminute="30"
740	   would be applied to arrive at "every Sunday in January at 8:30 AM and
741	   9:30 AM, every other year."  Then the second is derived from
742	   "dtstart" to end up in "every Sunday in January from 8:30:00 AM to
743	   8:40:00 AM, and from and 9:30:00 AM to 9:40:00 AM, every other year."
744	   Similarly, if the "byminute", "byhour", "byday", "bymonthday", or
745	   "bymonth" parameter were missing, the appropriate minute, hour, day,
746	   or month would have been retrieved from the "dtstart" parameter.

748	   The iCalendar COS RDATE, EXRULE, and EXDATE recurrence rules are not
749	   specifically mapped to components of the <time-period> element.
750	   Equivalent functionality to the exception rules can be attained by
751	   using the ordering of rules to exclude times using earlier rules.

753	   Section 4.4.1 of [RFC3880] provides some background of the
754	   differences to iCalendar and implementation issues.

756	5.  Actions

758	   As stated in [RFC4474], conditions are the 'if'-part of rules,
759	   whereas actions and transformations form their 'then'-part.  The
760	   actions and transformations parts of a rule determine which
761	   operations the proxy server MUST execute on receiving a connection
762	   request attempt that matches all conditions of this rule.  Actions
763	   and transformations permit certain operations to be executed.

765	5.1.  Execute Action

767	   The <handling> element allows a couple of actions to be triggered,
768	   namely

770	   Block Action:

772	      The block action states that this specific connection request MUST
773	      NOT be forwarded and a "403" forbidden message MUST be sent to the
774	      sender of the message.

776	   Allow Action:

778	      The Allow action states that this specific connection request MUST
779	      be forwarded.

781	   Furthermore, a couple of further mechanisms, such as computational
782	   puzzles mechanism (described in [I-D.jennings-sip-hashcash]), the
783	   consent framework (described in [I-D.ietf-sip-consent-framework])
784	   etc. can be executed.  Each mechanism needs to register a URI and the
785	   value of URI is placed in this field.

787	   [Editior's Note: For editorial purposes the schema currently lists a
788	   few examples but in a non-URI format.  When solution documents define
789	   these URIs then they can be used with this document.]

791	5.2.  Forward To

793	   The action supported in this section is forwarding of calls with the
794	   <forward-to> element that contains the following child elements:

796	   target:

798	      Specifies the address of the forwarding rule.  It should be a
799	      valid SIP URI (RFC 3261 [RFC3261]) or TEL URI (RFC 3966
800	      [RFC3966]).

802	6.  Examples

804	   This section provides a few examples for policy rules defined in this
805	   document.  The example policy shows three rules with the rule id r1 -
806	   r4.

808	      Rule r1 matches for authenticated identities from the domain
809	      "example.com", "example.org" and the single identity
810	      "sip:bob@good.example.net".  For these conditions SIP messages are
811	      forwarded to the SIP UA as indicated with the <handling> element.

813	      Rule r2 indicates that for SIP messages where the identity has not
814	      been verifiable the hash cash mechanism
815	      [I-D.jennings-sip-hashcash] and CAPTCHAs
816	      [I-D.tschofenig-sipping-captcha] are applied (see the 'hashcash'
817	      and the 'captcha' token in the <execute> element).
818	      Rule r3 contains the <spit-handling> element with the <challenge>
819	      child element.  This rule evaluates to TRUE if the sender returned
820	      a valid hash cash or a valid CAPTCHA result.  The action part of
821	      the rule indicates that the call is then forwarded to the
822	      answering machine, namely sip:answering-machine@home.foo-bar.com.
823	      Rule r4 blocks the call if sender provided a wrong hash cash or
824	      CAPTCHA result.

826	   Rule r1 and r2 are valid only from 2007-01-01T01:00:00+01:00 to 2007-
827	   07-01T24:00:00+01:00.

829	   <?xml version="1.0" encoding="UTF-8"?>
830	   <ruleset xmlns="urn:ietf:params:xml:ns:common-policy"
831	     xmlns:spit="urn:ietf:params:xml:ns:spit-policy"
832	     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

834	     <rule id="r1">
835	       <conditions>
836	         <identity>
837	           <one id="sip:bob@good.example.net"/>
838	           <many domain="example.com"/>
839	           <many domain="example.org"/>
840	         </identity>
841	         <validity>
842	           <from>2007-01-01T01:00:00+01:00</from>
843	           <until>2007-07-01T24:00:00+01:00</until>
844	         </validity>
845	       </conditions>
846	       <actions>
847	         <spit:execute>allow</spit:execute>
848	       </actions>
849	       <transformations/>
850	     </rule>

852	     <rule id="r2">
853	       <conditions>
854	         <validity>
855	           <from>2007-01-01T01:00:00+01:00</from>
856	           <until>2007-07-01T24:00:00+01:00</until>
857	         </validity>
858	       </conditions>
859	       <actions>
860	         <spit:execute>hashcash</spit:execute>
861	         <spit:execute>captcha</spit:execute>
862	       </actions>
863	       <transformations/>
864	     </rule>

866	     <rule id="r3">
867	       <conditions>
868	         <spit:spit-handling>
869	           <challenge result="SUCCESS">hashcash</challenge>
870	           <challenge result="SUCCESS">captcha</challenge>
871	         </spit:spit-handling>
872	       </conditions>
873	       <actions>
874	         <spit:forward-to>
875	           <target>sip:answering-machine@home.foo-bar.com
876	           </target>
877	         </spit:forward-to>
878	       </actions>
879	       <transformations/>
880	     </rule>

882	     <rule id="r4">
883	       <conditions>
884	         <spit:spit-handling>
885	             <challenge result="FAILURE">hashcash</challenge>
886	             <challenge result="FAILURE">captcha</challenge>
887	         </spit:spit-handling>
888	       </conditions>
889	       <actions>
890	         <spit:execute>block</spit:execute>
891	       </actions>
892	       <transformations/>
893	     </rule>

895	   </ruleset>

897	7.  XML Schema

899	   This section contains the XML schema that defines the policies schema
900	   described in this document.  This schema extends the Common Policy
901	   schema (see [RFC4474]) by introducing new members of the <condition>
902	   and <action> elements.

904	   <?xml version="1.0" encoding="UTF-8"?>
905	   <xs:schema targetNamespace="urn:ietf:params:xml:ns:spit-policy"
906	     xmlns:spit="urn:ietf:params:xml:ns:spit-policy"
907	     xmlns:xs="http://www.w3.org/2001/XMLSchema"
908	     elementFormDefault="qualified"
909	     attributeFormDefault="unqualified">

911	     <!-- This import brings in the XML language attribute xml:lang-->
912	     <xs:import namespace="http://www.w3.org/XML/1998/namespace"
913	       schemaLocation="http://www.w3.org/2001/xml.xsd"/>

915	     <xs:import namespace="urn:ietf:params:xml:ns:common-policy"/>

917	     <!-- Conditions -->

919	     <xs:element name="method-list">
920	       <xs:complexType>
921	         <xs:complexContent>
922	           <xs:restriction base="xs:anyType">
923	             <xs:sequence>
924	               <xs:element name="method" type="spit:method-type"
925	                 minOccurs="0" maxOccurs="unbounded"/>
926	               <xs:any namespace="##other" processContents="lax"
927	                 minOccurs="0" maxOccurs="unbounded"/>
928	             </xs:sequence>
929	           </xs:restriction>
930	         </xs:complexContent>
931	       </xs:complexType>
932	     </xs:element>

934	     <xs:element name="spit-handling">
935	       <xs:complexType>
936	             <xs:sequence>
937	               <xs:element name="challenge" type="spit:challenge-type"
938	                 minOccurs="0" maxOccurs="unbounded"/>
939	               <xs:any namespace="##other" processContents="lax"
940	                 minOccurs="0" maxOccurs="unbounded"/>
941	             </xs:sequence>
942	             <xs:attribute name="result" use="required">
943	               <xs:simpleType>
944	                 <xs:restriction base="xs:string">
945	                   <xs:enumeration value="SUCCESS"/>
946	                   <xs:enumeration value="FAILURE"/>
947	                 </xs:restriction>
948	               </xs:simpleType>

950	             </xs:attribute>
951	       </xs:complexType>
952	     </xs:element>

954	     <xs:element name="mime-list">
955	       <xs:complexType>
956	         <xs:complexContent>
957	           <xs:restriction base="xs:anyType">
958	             <xs:sequence>
959	               <xs:element name="mime" type="spit:mime-type"
960	                 minOccurs="0" maxOccurs="unbounded"/>
961	               <xs:any namespace="##other" processContents="lax"
962	                 minOccurs="0" maxOccurs="unbounded"/>
963	             </xs:sequence>
964	           </xs:restriction>
965	         </xs:complexContent>
966	       </xs:complexType>
967	     </xs:element>

969	     <xs:element name="media-list">
970	       <xs:complexType>
971	         <xs:complexContent>
972	           <xs:restriction base="xs:anyType">
973	             <xs:sequence>
974	               <xs:element name="media" type="spit:media-type"
975	                 minOccurs="0" maxOccurs="unbounded"/>
976	               <xs:any namespace="##other" processContents="lax"
977	                 minOccurs="0" maxOccurs="unbounded"/>
978	             </xs:sequence>
979	           </xs:restriction>
980	         </xs:complexContent>
981	       </xs:complexType>
982	     </xs:element>

984	     <xs:element name="rule-deactivated"
985	       type="spit:empty-element-type"/>

987	     <xs:complexType name="empty-element-type"/>

989	     <xs:element name="presence-status"
990	       type="spit:presence-status-activity-type"/>

992	     <xs:simpleType name="presence-status-activity-type">
993	       <xs:restriction base="xs:string"/>
994	     </xs:simpleType>

996	     <xs:simpleType name="media-type">
997	       <xs:restriction base="xs:string"/>

999	     </xs:simpleType>

1001	     <xs:simpleType name="challenge-type">
1002	       <xs:restriction base="xs:string"/>
1003	     </xs:simpleType>

1005	     <xs:simpleType name="mime-type">
1006	       <xs:restriction base="xs:string"/>
1007	     </xs:simpleType>

1009	     <xs:simpleType name="method-type">
1010	       <xs:restriction base="xs:string"/>
1011	     </xs:simpleType>

1013	     <xs:element name="time-period" type="spit:TimeSwitchType"/>

1015	     <xs:simpleType name="YearDayType">
1016	       <xs:union>
1017	         <xs:simpleType>
1018	           <xs:restriction base="xs:integer">
1019	             <xs:minInclusive value="-366"/>
1020	             <xs:maxInclusive value="-1"/>
1021	           </xs:restriction>
1022	         </xs:simpleType>
1023	         <xs:simpleType>
1024	           <xs:restriction base="xs:integer">
1025	             <xs:minInclusive value="1"/>
1026	             <xs:maxExclusive value="366"/>
1027	           </xs:restriction>
1028	         </xs:simpleType>
1029	       </xs:union>

1031	     </xs:simpleType>
1032	     <xs:simpleType name="DayType">
1033	       <xs:restriction base="xs:NMTOKEN">
1034	         <xs:pattern value="[m|M][o|O]"/>
1035	         <xs:pattern value="[t|T][u|U]"/>
1036	         <xs:pattern value="[w|W][e|E]"/>
1037	         <xs:pattern value="[t|T][h|H]"/>
1038	         <xs:pattern value="[f|F][r|R]"/>
1039	         <xs:pattern value="[s|S][a|A]"/>
1040	         <xs:pattern value="[s|S][u|U]"/>
1041	       </xs:restriction>
1042	     </xs:simpleType>
1043	     <xs:complexType name="TimeType">
1044	       <xs:annotation>
1045	         <xs:documentation>Exactly one of the two attributes
1046	           "dtend" and "duration" must occur. None of
1047	           the attributes following freq are meaningful
1048	           unless freq appears. </xs:documentation>
1049	       </xs:annotation>
1050	       <xs:attribute name="dtstart" type="xs:string" use="required">
1051	         <xs:annotation>
1052	           <xs:documentation>RFC 2445 DATE-TIME</xs:documentation>
1053	         </xs:annotation>
1054	       </xs:attribute>
1055	       <xs:attribute name="dtend" type="xs:string" use="optional">
1056	         <xs:annotation>
1057	           <xs:documentation>RFC 2445 DATE-TIME</xs:documentation>
1058	         </xs:annotation>
1059	       </xs:attribute>
1060	       <xs:attribute name="duration" type="xs:string" use="optional">
1061	         <xs:annotation>
1062	           <xs:documentation>RFC 2445 DURATION</xs:documentation>
1063	         </xs:annotation>
1064	       </xs:attribute>
1065	       <xs:attribute name="freq" type="spit:FreqType" use="optional"/>
1066	       <xs:attribute name="interval"
1067	         type="xs:positiveInteger" default="1"/>
1068	       <xs:attribute name="until" type="xs:string" use="optional">
1069	         <xs:annotation>
1070	           <xs:documentation>RFC 2445 DATE-TIME</xs:documentation>
1071	         </xs:annotation>
1072	       </xs:attribute>
1073	       <xs:attribute name="count"
1074	         type="xs:positiveInteger" use="optional"/>
1075	       <xs:attribute name="bysecond"
1076	         type="xs:string" use="optional">
1077	         <xs:annotation>
1078	           <xs:documentation>Comma-separated list of
1079	             seconds within a minute. Valid values are 0 to
1080	           59.</xs:documentation>
1081	         </xs:annotation>
1082	       </xs:attribute>
1083	       <xs:attribute name="byminute"
1084	         type="xs:string" use="optional">
1085	         <xs:annotation>
1086	           <xs:documentation>Comma-separated list of
1087	             minutes within an hour. Valid values are 0 to
1088	           59.</xs:documentation>
1089	         </xs:annotation>
1090	       </xs:attribute>
1091	       <xs:attribute name="byhour" type="xs:string" use="optional">
1092	         <xs:annotation>
1093	           <xs:documentation>Comma-separated list of
1094	             hours of the day. Valid values are 0 to

1096	           23.</xs:documentation>
1097	         </xs:annotation>
1098	       </xs:attribute>
1099	       <xs:attribute name="byday" type="xs:string" use="optional">
1100	         <xs:annotation>
1101	           <xs:documentation>Comma-separated list of days of the week.
1102	             Valid values are "MO", "TU",
1103	             "WE", "TH", "FR", "SA" and "SU". These values are
1104	             not case-sensitive. Each can be preceded
1105	             by a positive (+n) or negative (-n) integer.
1106	           </xs:documentation>
1107	         </xs:annotation>
1108	       </xs:attribute>
1109	       <xs:attribute name="bymonthday" type="xs:string" use="optional">
1110	         <xs:annotation>
1111	           <xs:documentation>Comma-separated list of days of the month.
1112	             Valid values are 1 to 31 or -31
1113	             to -1.</xs:documentation>
1114	         </xs:annotation>
1115	       </xs:attribute>
1116	       <xs:attribute name="byyearday" type="xs:string" use="optional">
1117	         <xs:annotation>
1118	           <xs:documentation>Comma-separated list of days of the year.
1119	             Valid values are 1 to 366 or
1120	             -366 to -1.</xs:documentation>
1121	         </xs:annotation>
1122	       </xs:attribute>
1123	       <xs:attribute name="byweekno" type="xs:string" use="optional">
1124	         <xs:annotation>
1125	           <xs:documentation>Comma-separated list of ordinals
1126	             specifying weeks of the year. Valid
1127	             values are 1 to 53 or -53 to -1.</xs:documentation>
1128	         </xs:annotation>
1129	       </xs:attribute>
1130	       <xs:attribute name="bymonth" type="xs:string" use="optional">
1131	         <xs:annotation>
1132	           <xs:documentation>Comma-separated list of months of the year.
1133	             Valid values are 1 to
1134	           12.</xs:documentation>
1135	         </xs:annotation>
1136	       </xs:attribute>
1137	       <xs:attribute name="wkst" type="spit:DayType" default="MO"/>
1138	       <xs:attribute name="bysetpos" type="spit:YearDayType"/>
1139	       <xs:anyAttribute namespace="##any" processContents="lax"/>

1141	     </xs:complexType>
1142	     <xs:simpleType name="TZIDType">
1143	       <xs:restriction base="xs:string"/>

1145	     </xs:simpleType>
1146	     <xs:simpleType name="TZURLType">
1147	       <xs:restriction base="xs:anyURI"/>
1148	     </xs:simpleType>

1150	     <xs:complexType name="TimeSwitchType">
1151	       <xs:complexContent>
1152	         <xs:restriction base="xs:anyType">
1153	           <xs:sequence>
1154	             <xs:element name="time" type="spit:TimeType"
1155	               minOccurs="1" maxOccurs="unbounded"/>
1156	           </xs:sequence>
1157	           <xs:attribute name="tzid" type="spit:TZIDType"/>
1158	           <xs:attribute name="tzurl" type="spit:TZURLType"/>
1159	         </xs:restriction>
1160	       </xs:complexContent>
1161	     </xs:complexType>

1163	     <xs:simpleType name="FreqType">
1164	       <xs:restriction base="xs:NMTOKEN">
1165	         <xs:pattern value="[s|S][e|E][c|C][o|O][n|N][d|D][l|L][y|Y]"/>
1166	         <xs:pattern value="[m|M][i|I][n|N][u|U][t|T][e|E][l|L][y|Y]"/>
1167	         <xs:pattern value="[h|H][o|O][u|U][r|R][l|L][y|Y]"/>
1168	         <xs:pattern value="[d|D][a|A][i|I][l|L][y|Y]"/>
1169	         <xs:pattern value="[w|W][e|E][e|E][k|K][l|L][y|Y]"/>
1170	         <xs:pattern value="[m|M][o|N][n|N][t|T][h|H][l|L][y|Y]"/>
1171	         <xs:pattern value="[y|Y][e|E][a|A][r|R][l|L][y|Y]"/>
1172	       </xs:restriction>
1173	     </xs:simpleType>

1175	     <!-- Action -->

1177	         <xs:element name="execute">
1178	           <xs:simpleType>
1179	             <xs:restriction base="xs:string">
1180	             </xs:restriction>
1181	           </xs:simpleType>
1182	         </xs:element>

1184	     <xs:element name="forward-to" type="spit:forward-to-type"/>

1186	     <xs:complexType name="forward-to-type">
1187	       <xs:sequence>
1188	         <xs:element name="target" type="spit:target-type"/>
1189	         <xs:any namespace="##other" processContents="lax"
1190	           minOccurs="0" maxOccurs="unbounded"/>
1191	       </xs:sequence>
1192	     </xs:complexType>
1193	     <xs:simpleType name="target-type">
1194	       <xs:restriction base="xs:anyURI"/>
1195	     </xs:simpleType>

1197	   </xs:schema>

1199	8.  XCAP USAGE

1201	   The following section defines the details necessary for clients to
1202	   manipulate SPIT authorization documents from a server using XCAP.

1204	8.1.  Application Unique ID

1206	   XCAP requires application usages to define a unique application usage
1207	   ID (AUID) in either the IETF tree or a vendor tree.  This
1208	   specification defines the "Spit-policy" AUID within the IETF tree,
1209	   via the IANA registration in Section 9.

1211	8.2.  XML Schema

1213	   XCAP requires application usages to define a schema for their
1214	   documents.  The schema for Anti-SPIT authorization documents is
1215	   described in Section 7.

1217	8.3.   Default Namespace

1219	   XCAP requires application usages to define the default namespace for
1220	   their documents.  The default namespace is
1221	   urn:ietf:params:xml:ns:spit-policy.

1223	8.4.   MIME Type

1225	   XCAP requires application usages to defined the MIME type for
1226	   documents they carry.  Anti-SPIT privacy authorization documents
1227	   inherit the MIME type of Common Policy documents, application/
1228	   auth-policy+xml.

1230	8.5.  Validation Constraints

1232	   This specification does not define additional constraints.

1234	8.6.  Data Semantics

1236	   This document discusses the semantics of Anti-SPIT authorization.

1238	8.7.   Naming Conventions

1240	   When a SIP Proxy receives a SIP message to route it towards to a
1241	   specific user foo, it will look for all documents within
1242	   http://[xcaproot]/spit-policy/users/foo, and use all documents found
1243	   beneath that point to guide authorization policy.

1245	8.8.  Resource Interdependencies

1247	   This application usage does not define additional resource
1248	   interdependencies.

1250	8.9.  Authorization Policies

1252	   This application usage does not modify the default XCAP authorization
1253	   policy, which is that only a user can read, write or modify his/her
1254	   own documents.  A server can allow privileged users to modify
1255	   documents that they do not own, but the establishment and indication
1256	   of such policies is outside the scope of this document.

1258	9.  IANA Considerations

1260	   There are several IANA considerations associated with this
1261	   specification.

1263	9.1.  Anti-SPIT Policy XML Schema Registration

1265	   URI:  urn:ietf:params:xml:schema:spit-policy
1266	   Registrant Contact:  Hannes Tschofenig
1267	      (hannes.tschofenig@siemens.com).
1268	   XML:  The XML schema to be registered is contained in Section 7.  Its
1269	      first line is

1271	   <?xml version="1.0" encoding="UTF-8"?>

1273	      and its last line is

1275	   </xs:schema>

1277	9.2.  Anti-SPIT Policy Namespace Registration

1279	   URI:  urn:ietf:params:xml:ns:spit-policy
1280	   Registrant Contact:  Hannes Tschofenig
1281	      (hannes.tschofenig@siemens.com).

1283	   XML:

1285	9.3.  XCAP Application Usage ID

1287	   This section registers an XCAP Application Usage ID (AUID) according
1288	   to the IANA procedures defined in [RFC4825].

1290	   Name of the AUID: spit-policy

1292	   Description: The rules defined in this documents describe ways to
1293	   react on unwanted and unsolicted communication (including Spam).

1295	10.  Security Considerations

1297	   This document aims to make it simple for users to influence the
1298	   behavior of SIP message routing with an emphasis on SPIT prevention.
1299	   This document proposes a strawman proposal for conditions and actions
1300	   that might be useful when it comes to allowing a UA to tell its
1301	   proxies which messages it wants to receive and what tasks it wants
1302	   those proxies to perform before sending a SIP request to the UA.

1304	   A couple of requirements are described in
1305	   [I-D.froment-sipping-spit-requirements] and a general discussion
1306	   about the available solution mechanisms is available with
1307	   [I-D.ietf-sipping-spam].  This document offers the ability to glue
1308	   the different solution pieces together.

1310	   Since this document uses the Common Policy framework it also inherits
1311	   its capabilities, including the combining permission algorithm that
1312	   is applied when multiple rules fire.  Unauthorized access to the
1313	   user's Anti-SPIT rules must be prevented to avoid the introduction of
1314	   security vulnerabilities.

1316	11.  Contributors

1318	   We would like to thank Mayutan Arumaithurai
1319	   (mayutan.arumaithurai@gmail.com) for his work on this document.

1321	12.  Acknowledgments

1323	   We would like to thank
1324	   o  Jonathan Rosenberg, David Schwartz and Dan York for sharing their
1325	      thoughts with us before the first version of this document was
1326	      written.

1328	   o  Miguel Garcia and Remi Denis-Courmont for their review comments to
1329	      the -00 version.
1330	   o  Mayutan Arumaithurai for his editing help with the -00 version.
1331	   o  Poikselka Miikka, Isomaki Markus, Jari Mutikainen, Jean-Marie
1332	      Stupka, and Antti Laurila for their comments and for pointing us
1333	      to specifications outside the IETF.

1335	   This document intentionally re-uses concept from existing documents.
1336	   In particular, we reused
1337	   o  ideas from SIEVE [RFC3028], a mail filtering language.
1338	   o  the text in Section 4.9 from the Call Processing Language (CPL)
1339	      [RFC3880].  The difference between CPL and this document is that
1340	      CPL has a more procedural approach, while this proposal is
1341	      matching-based.
1342	   o  text in Section 4.1 from [I-D.ietf-simple-presence-rules].
1343	   o  content of Section 5.2, Section 4.8 and Section 4.7 is reused from
1344	      [ETSI-TS-183-004].
1345	   o  text of Section 4.4 from [OMA-TS-XDM_Shared_Policy]

1347	13.  References

1349	13.1.  Normative References

1351	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1352	              Requirement Levels", March 1997.

1354	   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
1355	              Leach, P., Luotonen, A., and L. Stewart, "HTTP
1356	              Authentication: Basic and Digest Access Authentication",
1357	              RFC 2617, June 1999.

1359	   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
1360	              A., Peterson, J., Sparks, R., Handley, M., and E.
1361	              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
1362	              June 2002.

1364	   [RFC3323]  Peterson, J., "A Privacy Mechanism for the Session
1365	              Initiation Protocol (SIP)", RFC 3323, November 2002.

1367	   [RFC3325]  Jennings, C., Peterson, J., and M. Watson, "Private
1368	              Extensions to the Session Initiation Protocol (SIP) for
1369	              Asserted Identity within Trusted Networks", RFC 3325,
1370	              November 2002.

1372	   [RFC3428]  Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C.,
1373	              and D. Gurle, "Session Initiation Protocol (SIP) Extension
1374	              for Instant Messaging", RFC 3428, December 2002.

1376	   [RFC3840]  Rosenberg, J., Schulzrinne, H., and P. Kyzivat,
1377	              "Indicating User Agent Capabilities in the Session
1378	              Initiation Protocol (SIP)", RFC 3840, August 2004.

1380	   [RFC3856]  Rosenberg, J., "A Presence Event Package for the Session
1381	              Initiation Protocol (SIP)", RFC 3856, August 2004.

1383	   [RFC3966]  Schulzrinne, H., "The tel URI for Telephone Numbers",
1384	              RFC 3966, December 2004.

1386	   [RFC3987]  Duerst, M. and M. Suignard, "Internationalized Resource
1387	              Identifiers (IRIs)", RFC 3987, January 2005.

1389	   [RFC4412]  Schulzrinne, H. and J. Polk, "Communications Resource
1390	              Priority for the Session Initiation Protocol (SIP)",
1391	              RFC 4412, February 2006.

1393	   [RFC4474]  Peterson, J. and C. Jennings, "Enhancements for
1394	              Authenticated Identity Management in the Session
1395	              Initiation Protocol (SIP)", RFC 4474, August 2006.

1397	   [RFC4479]  Rosenberg, J., "A Data Model for Presence", RFC 4479,
1398	              July 2006.

1400	   [RFC4480]  Schulzrinne, H., Gurbani, V., Kyzivat, P., and J.
1401	              Rosenberg, "RPID: Rich Presence Extensions to the Presence
1402	              Information Data Format (PIDF)", RFC 4480, July 2006.

1404	   [RFC4745]  Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J.,
1405	              Polk, J., and J. Rosenberg, "Common Policy: A Document
1406	              Format for Expressing Privacy Preferences", RFC 4745,
1407	              February 2007.

1409	   [RFC4825]  Rosenberg, J., "The Extensible Markup Language (XML)
1410	              Configuration Access Protocol (XCAP)", RFC 4825, May 2007.

1412	13.2.  Informative References

1414	   [ETSI-TS-183-004]
1415	              ETSI, "TS 183 004, Telecommunications and Internet
1416	              converged Services and Protocols for Advanced Networking
1417	              (TISPAN); PSTN/ISDN simulation services: Communication
1418	              Diversion (CDIV); Protocol specification", 2007.

1420	   [I-D.froment-sipping-spit-requirements]
1421	              Froment, T., "Requirements for Authorization Policies to
1422	              tackle Spam for Internet  Telephony and Unwanted Traffic",
1423	              draft-froment-sipping-spit-requirements-00 (work in
1424	              progress), June 2007.

1426	   [I-D.ietf-ecrit-service-urn]
1427	              Schulzrinne, H., "A Uniform Resource Name (URN) for
1428	              Services", draft-ietf-ecrit-service-urn-06 (work in
1429	              progress), March 2007.

1431	   [I-D.ietf-mmusic-file-transfer-mech]
1432	              Garcia-Martin, M., "A Session Description Protocol (SDP)
1433	              Offer/Answer Mechanism to Enable File  Transfer",
1434	              draft-ietf-mmusic-file-transfer-mech-03 (work in
1435	              progress), June 2007.

1437	   [I-D.ietf-simple-message-sessions]
1438	              Campbell, B., "The Message Session Relay Protocol",
1439	              draft-ietf-simple-message-sessions-19 (work in progress),
1440	              February 2007.

1442	   [I-D.ietf-simple-presence-rules]
1443	              Rosenberg, J., "Presence Authorization Rules",
1444	              draft-ietf-simple-presence-rules-09 (work in progress),
1445	              March 2007.

1447	   [I-D.ietf-sip-consent-framework]
1448	              Rosenberg, J., "A Framework for Consent-Based
1449	              Communications in the Session Initiation  Protocol (SIP)",
1450	              draft-ietf-sip-consent-framework-02 (work in progress),
1451	              July 2007.

1453	   [I-D.ietf-sipping-spam]
1454	              Jennings, C. and J. Rosenberg, "The Session Initiation
1455	              Protocol (SIP) and Spam", draft-ietf-sipping-spam-04 (work
1456	              in progress), February 2007.

1458	   [I-D.jennings-sip-hashcash]
1459	              Jennings, C., "Computational Puzzles for SPAM Reduction in
1460	              SIP", draft-jennings-sip-hashcash-05 (work in progress),
1461	              June 2007.

1463	   [I-D.mahy-iptel-cpc]
1464	              Mahy, R., "The Calling Party's Category tel URI
1465	              Parameter", draft-mahy-iptel-cpc-06 (work in progress),
1466	              March 2007.

1468	   [I-D.rosenberg-sipping-service-identification]
1469	              Rosenberg, J., "Identification of Communications Services
1470	              in the Session Initiation Protocol  (SIP)",
1471	              draft-rosenberg-sipping-service-identification-02 (work in
1472	              progress), May 2007.

1474	   [I-D.schubert-sipping-saml-cpc]
1475	              Schubert, S., "Conveying CPC using the SAML",
1476	              draft-schubert-sipping-saml-cpc-02 (work in progress),
1477	              July 2006.

1479	   [I-D.schwartz-sipping-spit-saml]
1480	              Schwartz, D., "SPAM for Internet Telephony (SPIT)
1481	              Prevention using the Security Assertion  Markup Language
1482	              (SAML)", draft-schwartz-sipping-spit-saml-01 (work in
1483	              progress), June 2006.

1485	   [I-D.tschofenig-sipping-captcha]
1486	              Tschofenig, H. and E. Leppanen, "Completely Automated
1487	              Public Turing Test to Tell Computers and Humans Apart
1488	              (CAPTCHA) based Robot Challenges for the Session
1489	              Initiation Protocol (SIP)",
1490	              draft-tschofenig-sipping-captcha-00 (work in progress),
1491	              July 2007.

1493	   [I-D.tschofenig-sipping-framework-spit-reduction]
1494	              Tschofenig, H., "A Framework for Reducing Spam for
1495	              Internet Telephony",
1496	              draft-tschofenig-sipping-framework-spit-reduction-00 (work
1497	              in progress), June 2007.

1499	   [ISO8601]  ISO (International Organization for Standardization),
1500	              ""Data elements and interchange formats -- Information
1501	              interchange -- Representation of dates and times", ISO
1502	              Standard ISO 8601:2000(E), International Organization for
1503	              Standardization, Geneva, Switzerland,", December 2000.

1505	   [OMA-TS-XDM_Shared_Policy]
1506	              Open Mobile Alliance, "Shared Policy XDM Specification",
1507	              2007.

1509	   [OTZ]      Eggert, P., "Sources for Time Zone and Daylight Saving
1510	              Time Data, available at
1511	              http://www.twinsun.com/tz/tz-link.htm", 2007.

1513	   [RFC2445]  Dawson, F. and Stenerson, D., "Internet Calendaring and
1514	              Scheduling Core Object Specification (iCalendar)",
1515	              RFC 2445, November 1998.

1517	   [RFC3028]  Showalter, T., "Sieve: A Mail Filtering Language",
1518	              RFC 3028, January 2001.

1520	   [RFC3266]  Olson, S., Camarillo, G., and A. Roach, "Support for IPv6
1521	              in Session Description Protocol (SDP)", RFC 3266,
1522	              June 2002.

1524	   [RFC3880]  Lennox, J., Wu, X., and H. Schulzrinne, "Call Processing
1525	              Language (CPL): A Language for User Control of Internet
1526	              Telephony Services", RFC 3880, October 2004.

1528	Authors' Addresses

1530	   Hannes Tschofenig
1531	   Nokia Siemens Networks
1532	   Otto-Hahn-Ring 6
1533	   Munich, Bavaria  81739
1534	   Germany

1536	   Email: Hannes.Tschofenig@nsn.com
1537	   URI:   http://www.tschofenig.com

1539	   Dan Wing
1540	   Cisco

1542	   Phone:
1543	   Email: dwing@cisco.com

1545	   Henning Schulzrinne
1546	   Columbia University
1547	   Department of Computer Science
1548	   450 Computer Science Building
1549	   New York, NY  10027
1550	   US

1552	   Phone: +1 212 939 7004
1553	   Email: hgs@cs.columbia.edu
1554	   URI:   http://www.cs.columbia.edu
1555	   Thomas Froment
1556	   Alcatel-Lucent
1557	   1, rue Ampere - BP 80056
1558	   Massy, Paris  91302
1559	   France

1561	   Email: Thomas.Froment@alcatel-lucent.fr

1563	   Geoffrey Dawirs
1564	   University of Namur
1565	   21, rue Grandgagnage
1566	   Namur  B-5000
1567	   Belgique

1569	   Email: gdawirs@gdawirs.be

1571	Full Copyright Statement

1573	   Copyright (C) The IETF Trust (2007).

1575	   This document is subject to the rights, licenses and restrictions
1576	   contained in BCP 78, and except as set forth therein, the authors
1577	   retain all their rights.

1579	   This document and the information contained herein are provided on an
1580	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1581	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
1582	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
1583	   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
1584	   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1585	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

1587	Intellectual Property

1589	   The IETF takes no position regarding the validity or scope of any
1590	   Intellectual Property Rights or other rights that might be claimed to
1591	   pertain to the implementation or use of the technology described in
1592	   this document or the extent to which any license under such rights
1593	   might or might not be available; nor does it represent that it has
1594	   made any independent effort to identify any such rights.  Information
1595	   on the procedures with respect to rights in RFC documents can be
1596	   found in BCP 78 and BCP 79.

1598	   Copies of IPR disclosures made to the IETF Secretariat and any
1599	   assurances of licenses to be made available, or the result of an
1600	   attempt made to obtain a general license or permission for the use of
1601	   such proprietary rights by implementers or users of this
1602	   specification can be obtained from the IETF on-line IPR repository at
1603	   http://www.ietf.org/ipr.

1605	   The IETF invites any interested party to bring to its attention any
1606	   copyrights, patents or patent applications, or other proprietary
1607	   rights that may cover technology that may be required to implement
1608	   this standard.  Please address the information to the IETF at
1609	   ietf-ipr@ietf.org.

1611	Acknowledgment

1613	   Funding for the RFC Editor function is provided by the IETF
1614	   Administrative Support Activity (IASA).