appsawg L. Goix Internet-Draft Telecom Italia Intended status: Experimental K. Li Expires: June 8, 2014 Huawei Technologies December 5, 2013 ENUM Service Registration for acct URI draft-goix-appsawg-enum-acct-uri-04 Abstract This document registers a Telephone Number Mapping (ENUM) service for 'acct:' URIs (Uniform Resource Identifiers). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 8, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Goix & Li Expires June 8, 2014 [Page 1] Internet-Draft Enum Service ACCT URI Registration December 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3.1. Reverse phone lookup . . . . . . . . . . . . . . . . . . 2 3.2. Routing of mobile social communications . . . . . . . . . 3 4. IANA Registration . . . . . . . . . . . . . . . . . . . . . . 4 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. DNS Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . 7 10.2. Informative References . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction ENUM (E.164 Number Mapping, [RFC6116]) is a system that uses DNS (Domain Name Service, [RFC1034]) to translate telephone numbers, such as '+44 1632 960123', into URIs (Uniform Resource Identifiers, [RFC3986]), such as 'acct:user@example.com'. ENUM exists primarily to facilitate the interconnection of systems that rely on telephone numbers with those that use URIs to identify resources. [I-D.ietf-appsawg-acct-uri] defines the 'acct' URI scheme as a way to identify a user's account at a service provider. This document registers an enumservice for advertising acct URI information associated with an E.164 number. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Use cases 3.1. Reverse phone lookup In this example, an address book application could issue ENUM queries looking for 'acct' URIs corresponding to phone numbers. This could be used to display the account identifier as well as an icon based on the host (domain) portion of that URI. Goix & Li Expires June 8, 2014 [Page 2] Internet-Draft Enum Service ACCT URI Registration December 2013 Similarly, an endpoint could trigger this resolution process during inbound and/or outbound calls to discover an account associated with the remote party. In general the provision of an ENUM record to map a phone number into an account may be useful for businesses or professional workers to identify themselves publicly (in a similar way as vCard enum records). 3.2. Routing of mobile social communications The Open Mobile Alliance (OMA) develops mobile service enabler specifications, which support the creation of interoperable end-to- end mobile services independent of the underlying wireless platforms, such as GSM (Global System for Mobile communications), UMTS (Universal Mobile Telecommunications System) and LTE (Long Term Evolution) mobile networks. The OMA Social Network Web (SNeW) Enabler Release [OMA-SNeW] has introduced a number of Social Networking functionalities for mobile subscribers identified by their MSISDN (Mobile Subscriber Integrated Services Digital Network number, a number uniquely identifying a subscription in a mobile network), amongst which is the ability to follow each other's social activities across service providers. Such functionality requires the global resolution of the MSISDN to the corresponding account and provider, in an analogous way as MMS routing, to identify the target endpoint for the related messages. Although alternatives solutions exist (e.g. based on mobile network operations and/or proprietary lookup techniques), ENUM provides a globally accessible mechanism for enabling resolution from network entities on behalf of an endpoint, or from an endpoint itself. For example, a user of a service provider could request to follow the social activities of user '+44 1632 960123'. The home SNEW Server of the former user could perform an ENUM query to identify the 'acct' URI corresponding to that phone number. Based on the resulting URI, the server could then identify the SNEW Server of the target user and route the original user's request to the appropriate endpoint. A similar mechanism can apply to other types of social networking- related messages or other communications targeted to a mobile subscriber. Goix & Li Expires June 8, 2014 [Page 3] Internet-Draft Enum Service ACCT URI Registration December 2013 4. IANA Registration As defined in [RFC6117], the following is a template covering information needed for the registration of the enumservice specified in this document: Application-Based, Ancillary acct acct This enumservice indicates that the resource can be identified by the associated 'acct' URI . For DNS considerations in avoiding loops when searching for "acct" NAPTRs, see , Section 6. For security considerations, see , Section 7. COMMON Laurent-Walter Goix Telecom Italia mailto:laurentwalter.goix@telecomitalia.it 2013-12-05 [Note for RFC-Editor: Please replace any instance of rfcTHIS with the RFC number of this document before publication] Goix & Li Expires June 8, 2014 [Page 4] Internet-Draft Enum Service ACCT URI Registration December 2013 5. Examples The following is an example of the use of the enumservice registered by this document in a NAPTR resource record for phone number +44 1632 960123. $ORIGIN 3.2.1.0.6.9.2.3.6.1.4.4.e164.arpa. IN NAPTR 10 100 "u" "E2U+acct" "!^.*$!acct:441632960123@foo.com!" . IN NAPTR 10 101 "u" "E2U+acct" "!^.*$!acct:john.doe@example.com!" . Note that in the first record, the revealed information is limited to the domain of the service provider serving that user as the userpart of the acct URI simply replicates the phone number. 6. DNS Considerations There may not be any "E2U+acct" NAPTRs returned in response to the original ENUM query on the requested telephone number, but other terminal ENUM NAPTRs that include tel: URLs [RFC3966] (e.g., "voice:tel" or "pstn:tel" or "SMS:tel" or "MMS:tel" - see [RFC6118]) may be present. The application that made that ENUM query may choose to re-submit ENUM queries for any E.164 numbers included in those returned terminal NAPTRs. Doing so may cause a query loop (e.g., the ENUM records returned from subsequent queries may refer to the telephone number already considered). If applications choose to perform subsequent ENUM queries using telephone numbers retrieved from earlier queries, these applications MUST be aware of the potential for query loops, and MUST be prepared to abort the set of queries if such a loop is detected. This is a similar issue to the referential loop issue caused by processing non-terminal NAPTR queries, as mentioned in section 5.2.1 of [RFC6116], and a similar technique to mitigate this issue can be used; an application searching for records with "acct" Enumservice may consider that submitting a chain of more that 5 ENUM queries without finding such a record indicates that a referential loop has been entered, and the chain of queries SHOULD be abandoned. 7. Security Considerations Goix & Li Expires June 8, 2014 [Page 5] Internet-Draft Enum Service ACCT URI Registration December 2013 DNS, as used by ENUM, is a global, distributed database. Should implementers of this specification use e164.arpa or any other publicly available domain as the tree for maintaining PSTN enumservice data, this information would be visible to anyone anonymously. As noted earlier, carriers, service providers, and other users may choose not to publish such information in the public e164.arpa tree. They may instead simply publish this in an internal ENUM infrastructure that is only able to be queried by trusted elements of their network, thus limiting threats. Per se, this enumservice does not introduce specific security considerations beyond [RFC6116], section 7. Linking telephone numbers to Personally Identifiable Information (PII) is a very sensitive topic, because it provides a "reverse lookup" from the phone number to its owner. Publication of such PII is covered by data-protection law in many legislations. In most cases, the explicit consent of the affected individual is required. Users MUST therefore carefully consider the information provided in the resource identified by the ENUM record as well as in the record itself. Considerations SHOULD include serving information only to entities of the user's choice and/or limiting the comprehension of the information provided based on the identity of the requestor. It is important to remind that the ENUM record itself does not need to contain any personal information but only contains a pointer to an account identifier. This identifier may be queried to discover pointers to personal information (e.g. social network information) endpoints and an authorisation mechanism may be in place in that context with any level of granularity although it is out of scope of this document. Technically, ENUM records themselves could contain pointers to the same endpoints. However the visibility of ENUM records cannot be controlled based on the requesting entity. In that context the simple mapping of the phone number to the account identifier, notwithstanding the disclosure of the association itself, still enables the reuse of more advanced access policies. 8. IANA Considerations This document requests the IANA registration of the enumservice with Type "acct" according to the definitions in this document, [RFC6116] and [RFC6117]. Goix & Li Expires June 8, 2014 [Page 6] Internet-Draft Enum Service ACCT URI Registration December 2013 Details of the registration are given in Section 4. 9. Acknowledgements The authors would like to thank Gonzalo Salgueiro, Paul Jones, Lawrence Conroy, Enrico Marocco, Bert Greevenbosch and Bernie Hoeneisen for their valuable feedback to improve this document. 10. References 10.1. Normative References [I-D.ietf-appsawg-acct-uri] Saint-Andre, P., "The 'acct' URI Scheme", draft-ietf- appsawg-acct-uri-06 (work in progress), July 2013. [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC6116] Bradner, S., Conroy, L., and K. Fujiwara, "The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)", RFC 6116, March 2011. [RFC6117] Hoeneisen, B., Mayrhofer, A., and J. Livingood, "IANA Registration of Enumservices: Guide, Template, and IANA Considerations", RFC 6117, March 2011. [RFC6118] Hoeneisen, B. and A. Mayrhofer, "Update of Legacy IANA Registrations of Enumservices", RFC 6118, March 2011. 10.2. Informative References Goix & Li Expires June 8, 2014 [Page 7] Internet-Draft Enum Service ACCT URI Registration December 2013 [OMA-SNeW] Open Mobile Alliance, "Social Network Web Enabler", OMA- ER-SNeW-V1_0 http://technical.openmobilealliance.org/ Technical/release_program/snew_v1_0.aspx, Aug 2013. Authors' Addresses Laurent-Walter Goix Telecom Italia Via Golgi, 42 Milano 20133 Italy Email: laurentwalter.goix@telecomitalia.it Kepeng Li Huawei Technologies Huawei Base, Bantian, Longgang District Shenzhen 518129 P. R. China Phone: +86-755-28971807 Email: likepeng@huawei.com Goix & Li Expires June 8, 2014 [Page 8]