An Extensible Markup Language (XML) Configuration Access Protocol (XCAP) Usage for Manipulating Presence Document Contents

The Session Initiation Protocol (SIP) for Instant Messaging and Presence (SIMPLE) specifications allow a user, called a watcher, to subscribe to another user, called a presentity, in order to learn its presence information . The presence data model has been specified in . The data model makes a clean separation between person-, service-, and device-related information. A SIP-based mechanism, SIP PUBLISH method, has been defined for publishing presence state . Using SIP PUBLISH, a Presence User Agent (PUA) can publish its view of the presence state, independently of and without the need to learn about the states set by other PUAs. However, SIP PUBLISH has a limited scope and does not address all the requirements for setting presence state. The main issue is that SIP PUBLISH creates a soft state that expires after the negotiated lifetime unless it is refreshed. This makes it unsuitable for cases where the state should prevail without active devices capable of refreshing the state. There are three main use cases where setting of permanent presence state that is independent of activeness of any particular device is useful. The first case concerns setting person-related state. The presentity would often like to set its presence state even for periods when it has no active devices capable of publishing available. Good examples are traveling, vacations, and so on. The second case is about setting state for services that are open for communication, even if the presentity does not have a device running that service online. Examples of these kinds of services include e-mail, Multimedia Messaging Service (MMS), and Short Message Service (SMS). In these services, the presentity is provisioned with a server that makes the service persistently available, at least in certain forms, and it would be good to be able to advertise this to the watchers. Since it is not realistic to assume that all e-mail, MMS, or SMS servers can publish presence state on their own (and even if this were possible, such state would almost never change), this has to be done by some other device. And since the availability of the service is not dependent on that device, it would be impractical to require that device to be constantly active just to publish such availability. The third case concerns setting the default state of any person, service, or device in the absence of any device capable of actively publishing such state. For instance, the presentity might want to advertise that his or her voice service is currently closed, just to let the watchers know that such service might be open at some point. Again, this type of default state is independent of any particular device and can be considered rather persistent. Even though SIP PUBLISH remains the main way of publishing presence state in SIMPLE-based presence systems and is especially well-suited for publishing dynamic state (which presence mainly is), it needs to be complemented by the mechanism described in this document to address the use cases presented above. XML Configuration Access Protocol (XCAP) allows a client to read, write, and modify application configuration data stored in XML format on a server. The data has no expiration time, so it must be explicitly inserted and deleted. The protocol allows multiple clients to manipulate the data, provided that they are authorized to do so. XCAP is already used in SIMPLE-based presence systems for manipulation of presence lists and presence authorization policies. This makes XCAP an ideal choice for doing device-independent presence document manipulation. This document defines an XML Configuration Access Protocol (XCAP) application usage for manipulating the contents of presence document. Presence Information Document Format (PIDF) is used as the presence document format, since the event state compositor already has to support it, as it is used in SIP PUBLISH. describes in detail how the presence document manipulated with XCAP is related to soft state publishing done with SIP PUBLISH. XCAP requires application usages to standardize several pieces of information, including a unique application usage ID (AUID) and an XML schema for the manipulated data. These are specified starting from .

In this document, the key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' are to be interpreted as described in RFC 2119 and indicate requirement levels for compliant implementations. Comprehensive terminology of presence and event state publishing is provided in "Session Initiation Protocol (SIP) Extension for Event State Publication" .

The framework for publishing presence state is described in Figure 1. A central part of the framework is the event state compositor element, whose function is to compose presence information received from several sources into a single coherent presence document. The presence state manipulated with XCAP can be seen as one of the information sources for the compositor to be combined with the soft state information published using SIP PUBLISH. This is illustrated in Figure 1. It is expected that, in the normal case, there can be several PUAs publishing their separate views with SIP PUBLISH, but only a single XCAP manipulated presence document. As shown in the figure, multiple XCAP clients (for instance, in different physical devices) can manipulate the same document on the XCAP server, but this still creates only one input to the event state compositor. The XCAP server stores the XCAP manipulated presence document under the "users" tree in the XCAP document hierarchy. See for details and for an example. As individual inputs, the presence states set by XCAP and SIP PUBLISH are completely separated, and it is not possible to directly manipulate the state set by one mechanism with the other. How the compositor treats XCAP-based inputs with respect to SIP PUBLISH-based inputs is a matter of compositor policy, which is beyond the scope of this specification. Since the SIP PUBLISH specification already mandates the compositor to be able to construct the overall presence state from multiple inputs, which may contain non-orthogonal (or in some ways even conflicting) information, this XCAP usage does not impose any new requirements on the compositor functionality.

SIP NOTIFY | | | (PA) | +-------+-------+ +------------+ ^ ^ ^ | | | | | | +---------------+ +--------+ | +-------| XCAP server | | | +-------+-------+ | | ^ ^ | SIP Publish | | XCAP | | | | | +--+--+ +--+--+ +-------+ +-------+ | PUA | | PUA | | XCAP | | XCAP | | | | | | client| | client| +-----+ +-----+ +-------+ +-------+ ]]> The protocol interface between XCAP server and the event state compositor is not specified here.

XCAP requires application usages to define a unique application usage ID (AUID) in either the IETF tree or a vendor tree. This specification defines the 'pidf-manipulation' AUID within the IETF tree, via the IANA registration in .

The MIME type for this application usage is 'application/pidf+xml'.

The XML Schema of the presence information is defined in the Presence Information Data Format (PIDF) . The PIDF also defines a mechanism for extending presence information. See , , , and for currently defined PIDF extensions and their XML Schemas. The namespace URI for PIDF is 'urn:ietf:params:xml:ns:pidf' which is also the XCAP default document namespace.

There are no constraints on the document beyond those described in the XML schemas (PIDF and its extensions) and in the description of PIDF .

There are no resource interdependencies beyond the possible interdependencies defined in PIDF and XCAP that need to be defined for this application usage.

The XCAP server MUST store only a single XCAP manipulated presence document for each user. The presence document MUST be located under the "users" tree, using filename "index". See an example in .

This application usage does not modify the default XCAP authorization policy, which allows only a user (owner) to read, write, or modify their own documents. A server can allow privileged users to modify documents that they do not own, but the establishment and indication of such policies is outside the scope of this document.

The section provides an example of a presence document provided by an XCAP Client to an XCAP Server. The presence document illustrates the situation where a (human) presentity has left for vacation, and before that, has set his presence information so that he is only available via e-mail. In the absence of any published soft state information, this would be the sole input to the compositor forming the presence document. The example document contains PIDF extensions specified in "RPID: Rich Presence Extensions to the Presence Information Data Format (PIDF)" and "CIPID: Contact Information in Presence Information Data Format" . It is assumed that the presentity is a SIP user with Address-of-Record (AOR) sip:someone@example.com. The XCAP root URI for example.com is assumed to be http://xcap.example.com. The XCAP User Identifier (XUI) is assumed to be identical to the SIP AOR, according to XCAP recommendations. In this case, the presence document would be located at http://xcap.example.com/pidf-manipulation/users/sip:someone@example.com/index. The presence document is created with the following XCAP operation:

closed

idle

auth-1 sip:user@example.com I'm available only by e-mail. 2004-02-06T16:49:29Z open auth-1 mailto:someone@example.com I'm reading mail a couple of times a week auth-A http://www.example.com/~someone When the user wants to change the note related to e-mail service, it is done with the following XCAP operation: PUT /pidf-manipulation/users/sip:someone@example.com/index/ ~~/presence/tuple%5b@id='x8eg92n'%5d/note HTTP/1.1 If-Match: "xyz" Host: xcap.example.com Content-Type: application/xcap-el+xml ... I'm reading mails on Tuesdays and Fridays ]]>

A presence document may contain information that is highly sensitive. Its delivery to watchers needs to happen strictly according to the relevant authorization policies. It is also important that only authorized clients are able to manipulate the presence information. The XCAP base specification mandates that all XCAP servers MUST implement HTTP Digest authentication specified in RFC 2617 . Furthermore, XCAP servers MUST implement HTTP over TLS . It is recommended that administrators of XCAP servers use an HTTPS URI as the XCAP root services' URI, so that the digest client authentication occurs over TLS. By using these means, XCAP client and server can ensure the confidentiality and integrity of the XCAP presence document manipulation operations, and that only authorized clients are allowed to perform them.

There is an IANA consideration associated with this specification.

This section registers a new XCAP Application Usage ID (AUID) according to the IANA procedures defined in . Name of the AUID: pidf-manipulation Description: Pidf-manipulation application usage defines how XCAP is used to manipulate the contents of PIDF-based presence documents.

The authors would like to thank Jari Urpalainen, Jonathan Rosenberg, Hisham Khartabil, Aki Niemi, Mikko Lonnfors, Oliver Biot, Alex Audu, Krisztian Kiss, Jose Costa-Requena, George Foti, and Paul Kyzivat for their comments.