An Extension to the Session Initiation Protocol (SIP) for Request History Information

An Extension to the Session Initiation Protocol (SIP) for Request History Information Nortel

US Richardson TX US mary.barnes@nortel.com

Nortel

4655 Great America Parkway Santa Clara CA 95054 US audet@nortel.com

This document defines a standard mechanism for capturing the history information associated with a Session Initiation Protocol (SIP) request. This capability enables many enhanced services by providing the information as to how and why a call arrives at a specific application or user. This document defines a new optional SIP header, History-Info, for capturing the history information in requests.

Many services that SIP is anticipated to support require the ability to determine why and how the call arrived at a specific application. Examples of such services include (but are not limited to) sessions initiated to call centers via "click to talk" SIP Uniform Resource Locators (URLs) on a web page, "call history/logging" style services within intelligent "call management" software for SIP User Agents (UAs), and calls to voicemail servers. Although SIP implicitly provides the redirect/retarget capabilities that enable calls to be routed to chosen applications, there is currently no standard mechanism within SIP for communicating the history of such a request. This "request history" information allows the receiving application to determine hints about how and why the call arrived at the application/user. This document defines a SIP header, History-Info, to provide a standard mechanism for capturing the request history information to enable a wide variety of services for networks and end-users. The History-Info header provides a building block for development of new services.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . The term "retarget" is used in this document to refer to the process of a Proxy Server/User Agent Client (UAC) changing a Uniform Resource Identifier (URI) in a request based on a lookup in a location service and thus changing the target of the request. The term "forward" is used consistent with the terminology in . However, it should be noted that uses the term "forwarding" to describe a proxy's handling of requests for domains for which is not responsible, as well as to describe the basic "forwarding" of a request (in section 16.6) once a target has been determined, whether it's a "retargeted", "redirected" or "forwarded" request. Thus, the usage of "forward" in this document, other than in reference to the usage in section 16.6 of , refers to the request being forwarded to a next hop proxy. The terms "location service" and "redirect" are used consistent with the terminology in .

SIP implicitly provides retargeting, redirection and forwarding capabilities that enable calls to be routed to specific applications as defined in . The term 'retarget' is used in this document to refer to the process of a Proxy Server/User Agent Client (UAC) changing a Uniform Resource Identifier (URI) in a request based on a lookup in a location service and thus changing the target of the request. The target(s) for a user can be created through registration or other means, which are outside the scope of this document and . The rules for determining request targets as described in Section 16.5 of . The motivation for capturing the request history is that in the process of retargeting and forwarding a request, old routing information can be forever lost. This lost information may be important history that allows elements to which the call is retargeted to process the call in a locally defined, application-specific manner. This document defines a mechanism for transporting the request history. It does not define any application-specific behavior for a Proxy or UA upon receipt of the information. Indeed, such behavior should be a local decision for the recipient application. Current network applications provide the ability for elements involved with the call to exchange additional information relating to how and why the call was routed to a particular destination. The following are examples of such applications: Web "referral" applications, whereby an application residing within a web server determines that a visitor to a website has arrived at the site via an "associate" site that will receive some "referral" commission for generating this traffic Email forwarding whereby the forwarded-to user obtains a "history" of who sent the email to whom and at what time Traditional telephony services such as voicemail, call-center "automatic call distribution", and "follow-me" style services Several of the aforementioned applications currently define application-specific mechanisms through which it is possible to obtain the necessary history information. In addition, request history information could be used to enhance basic SIP functionality by providing the following,: Some diagnostic information for debugging SIP requests. (Note that the diagnostic utility of this mechanism is limited by the fact that its use by entities that retarget is optional.) Capturing aliases and Globally Routable User Agent URIs (GRUUs) , which can be overwritten by a home proxy upon receipt of the initial request. Facilitating the use of limited use addresses (minted on demand) and sub-addressing. Preserving service specific URIs that can be overwritten by a downstream proxy, such as those defined in , and control of network announcements and IVR with SIP URI . A stronger security solution for SIP. A side effect is that each proxy that captures the "request history" information in a secure manner provides an additional means (without requiring signed keys) for the original requestor to be assured that the request was properly retargeted.

The following list constitutes a set of requirements for a "Request History" capability. CAPABILITY-req: The "Request History" capability provides a capability to inform proxies and UAs involved in processing a request about the history/progress of that request. Although this is inherently provided when the retarget is in response to a SIP redirect, it is deemed useful for non-redirect retargeting scenarios, as well. GENERATION-req: "Request History" information is generated when the request is retargeted or forwarded (to a next hop proxy). In some scenarios, it might be possible for more than one instance of retargeting to occur within the same Proxy. A proxy should also generate Request History information for the 'internal retargeting'. An entity (UA or proxy) retargeting in response to a redirect or REFER should include any Request History information from the redirect/REFER in the new request. ISSUER-req: "Request History" information can be generated by a UA or proxy. It can be passed in both requests and responses. CONTENT-req: The "Request History" information for each occurrence of retargeting or forwarding shall include the following: The new URI or address to which the request is in the process of being retargeted or forwarded, The URI or address from which the request was retargeted or forwarded, An indication as to whether the request was retargeted versus forwarded, The reason for the Request-URI or address modification, Chronological ordering of the Request History information. REQUEST-VALIDITY-req: Request History is applicable to requests not sent within an established dialog (e.g., INVITE, REGISTER, MESSAGE, and OPTIONS). BACKWARDS-req: Request History information may be passed from the generating entity backwards towards the UAC. This is needed to enable services that inform the calling party about the dialog establishment attempts. FORWARDS-req: Request History information may also be included by the generating entity in the request, if it is forwarded onwards.

The Request History information is being inserted by a network element retargeting a Request, resulting in a slightly different problem than the basic SIP header problem, thus requiring specific consideration. It is recognized that these security requirements can be generalized to a basic requirement of being able to secure information that is inserted by proxies. The potential security problems include the following: A rogue application could insert a bogus Request History entry either by adding an additional entry as a result of retargeting or entering invalid information. A rogue application could re-arrange the Request History information to change the nature of the end application or to mislead the receiver of the information. A rogue application could delete some or all of the Request History information. Thus, a security solution for "Request History" must meet the following requirements: SEC-req-1: The entity receiving the Request History must be able to determine whether any of the previously added Request History content has been altered. SEC-req-2: The ordering of the Request History information must be preserved at each instance of retargeting. SEC-req-3: The entity receiving the information conveyed by the Request History must be able to authenticate the entity providing the request. SEC-req-4: To ensure the confidentiality of the Request History information, only entities that process the request should have visibility to the information. It should be noted that these security requirements apply to any entity making use of the Request History information, either by retargeting and capturing the information, or as an application making use of the information received in either a Request or Response.

Since the Request-URI that is captured could inadvertently reveal information about the originator, there are general privacy requirements that MUST be met: PRIV-req-1: The entity retargeting the Request must ensure that it maintains the network-provided privacy (as described in ) associated with the Request as it is retargeted or forwarded. PRIV-req-2: The entity receiving the Request History must maintain the privacy associated with the information. In addition, local policy at a proxy may identify privacy requirements associated with the Request-URI being captured in the Request History information. PRIV-req-3: Request History information subject to privacy shall not be included in ougoing messages unless it is protected as described in (i.e., anonymized).

The fundamental functionality provided by the request history information is the ability to inform proxies and UAs involved in processing a request about the history or progress of that request (CAPABILITY-req). The solution is to capture the Request-URIs as a request is forwarded in a new header for SIP messages: History-Info (CONTENT-req). This allows for the capturing of the history of a request that would be lost with the normal SIP processing involved in the subsequent forwarding of the request. This solution proposes no changes in the fundamental determination of request targets or in the request forwarding as defined in Sections 16.5 and 16.6 of the SIP protocol specification . The History-Info header can appear in any request not associated with an established dialog (e.g., INVITE, REGISTER, MESSAGE, REFER and OPTIONS, PUBLISH and SUBSCRIBE, etc.) (REQUEST-VALIDITY-req) and any valid response to these requests (ISSUER-req). The History-Info header is added to a Request when a new request is created by a UAC or forwarded by a Proxy, or when the target of a request is changed. The term "retarget" refers to this changing of the target of a request and the subsequent forwarding of that request. It should be noted that retargeting only occurs when the Request-URI indicates a domain for which the processing entity is responsible. In terms of the SIP protocol, the processing associated with retargeting is described in Sections 16.5 and 16.6 of . As described in Section 16.5 of , it is possible for the target of a request to be changed by the same proxy multiple times (referred to as 'internal retargeting' in ), as the proxy MAY add targets to the target set after beginning Request Forwarding. Section 16.6 of describes Request Forwarding. It is during this process of Request Forwarding that the History Information is captured as an optional, additional header field. Thus, the addition of the History-Info header does not impact fundamental SIP Request Forwarding. An entity (UA or proxy) changing the target of a request in response to a redirect or REFER SHOULD also propagate any History-Info header from the initial Request in the new request (GENERATION-req, FORWARDS-req).

The History-Info header is optional in that neither UAs nor Proxies are required to support it. A new Supported header, "histinfo", is included in the Request send by a UAC to indicate whether the History-Info header should be returned in Responses (BACKWARDS-req). In addition to the "histinfo" Supported header, local policy determines whether or not the header added to any request is anonymized (as per ).

Since the History-Info header can inadvertently reveal information about the requestor as described in , the Privacy header SHOULD be used to determine whether an intermediary can include the History-Info header in a Request that it receives and forwards (PRIV-req-2) or that it retargets (PRIV-req-1). Thus, the History- Info header SHOULD NOT be included in Requests where the requestor has indicated a priv-value of Session- or Header-level privacy. In addition, the History-Info header can reveal general routing information, which may be viewed by a specific intermediary or network, to be subject to privacy restrictions. Thus, local policy MAY also be used to determine whether to include the History-Info header at all, whether to capture a specific Request-URI in the header as is, whether it be included only in the Request as it is retargeted within a specific domain, or whether it is anonymized when being retargeted outside a specific domain (PRIV-req-3). The latter two cases can be accomplished with a new priv-value, history, added to the Privacy header . The details as to the use of the new priv-value with the Privacy header are provided in section . It is recognized that satisfying the privacy requirements can impact the functionality of this solution by overriding the request to generate the information. As with the optionality and security requirements, applications making use of History-Info SHOULD address any impact this may have or MUST explain why it does not impact the application.

This section contains the details and usage of the proposed new SIP protocol elements. It also discusses the security aspects of the solution.

History-Info is a header field as defined by . It is an optional header field and MAY appear in any request or response not associated with a dialog or which starts a dialog. For example, History-Info MAY appear in INVITE, REGISTER, MESSAGE, REFER, OPTIONS, SUBSCRIBE, and PUBLISH and any valid responses, plus NOTIFY requests that initiate a dialog. The History-Info header carries the following information, with the mandatory parameters required when the header is included in a request or response: Targeted-to-URI (hi-targeted-to-uri): A mandatory parameter for capturing the Request-URI for the specific Request as it is forwarded. Index (hi-index): A mandatory parameter for History-Info reflecting the chronological order of the information, indexed to also reflect the forking and nesting of requests. The format for this parameter is a string of digits, separated by dots to indicate the number of forward hops and retargets. This results in a tree representation of the history of the request, with the lowest-level index reflecting a branch of the tree. By adding the new entries in order (i.e., following existing entries per the details in ), including the index and securing the header, the ordering of the History-Info headers in the request is assured (SEC-req-2). In addition, applications may extract a variety of metrics (total number of retargets, total number of retargets from a specific branch, etc.) based upon the index values. Reason: An optional parameter for History-Info, reflected in the History-Info header by including the Reason Header escaped in the hi-targeted-to-uri. A reason is not included for a hi-targeted-to-uri when it is first added in a History-Info header, but rather is added when the retargeting actually occurs in the same situations in which the retarget parameter is added. Privacy: An optional parameter for History-Info, reflected in the History-Info header field values by including the Privacy Header with a priv-value of "history" escaped in the hi- targeted-to-uri or by adding the Privacy header with a priv-value of "history" to the Request. The latter case indicates that the History-Info headers SHOULD be anonymized prior to forwarding or they SHOULD NOT be forwarded, whereas the use of the Privacy header escaped in the hi-targeted-to-uri means that a specific hi-entry SHOULD be anonymized or it SHOULD NOT be forwarded. It is RECOMMENDED that the entries be anonymized, rather than not forwarded, to minimize the impact on applications making use of the History-Info header. Target (hi-target): A mandatory parameter for the History-Info indicating the reason for the new target, based on the procedures of 16.5/. Note that hi-target is not added for a hi-entry when it is first added in a History-Info header field, but rather is added when the retargeting actually occurs - i.e., the parameter indicates that the specific hi-targeted-to-uri was retargeted and thus the previous information in the request-URI is "lost". Note that retargeting only occurs when the hi-targeted-to-uri indicates a domain for which the processing entity is responsible. Thus, it would be the same processing entity that initially added the hi-targeted-to-URI to the header that would be adding the retarget parameter. Upon receipt of a request or response containing the History-Info header, a UA can determine the "lost" target for a specific request by traversing the HI entries in reverse order to find the first one tagged with the retarget parameter. The following values are defined: "noop": There is no change whatsoever in the target. The Request-URI is unchanged. This would apply for example when a proxy merely forwards a request to a next hop proxy and loose routing is used. "predetermined": This is the case where retargeting is predetermined by the content of the request itself, i.e., the Request-URI contained a maddr, the domain of the Request-URI indicates a domain the proxy is not responsible for, or strict routing is used and the request is forwarded to another proxy. "reg-uri": The Request-URI is replaced with a registered Contact bound to the AOR indicated by the Request-URI. For example, if the REGISTER message had a To header field with the AOR <sip:bob@example.com>, and a Contact header field of <sip:bob@192.168.0.3> , the Request-URI <sip:bob@example.com> would be changed to <sip:bob@192.168.0.3>. "reg-uri-alias": The Request-URI is replaced with a registered Contact bound to an AOR that is an alias of the Request-URI. An AOR is an Alias of another AOR if both entities belong to the same implicit registration set, are linked to the same profile and have the same data configured. For example, if <sip:+14085551212@example.com;user=phone> and <sip:bob.smith@example.com> are configured as aliases for the AOR sip:bob@example.com> (where the registered Contact of <sip:bob@192.168.0.3> is bound to <sip:bob@example.com>, a Request-URI of <sip:bob.smith@example.com> or <sip:+14085551212@example.com;user=phone> would be changed to <sip:bob@192.168.0.3>. "mapped": The Request-URI is replaced with another URI that is not a Contact associated with the AOR in the Request-URI or one of its aliases. For example, this would apply when the request is retargeted to a different user. OPEN ISSUE: The values for hi-target are tentative and are still behing debated. They will be changed to reflect the consensus so that it is meaningful to the applications such as those described in and is unambigous with regards to SIP terminology in . For example, it has been suggested that "noop" and "predetermined" be combined into a single value. Extension (hi-extension): An optional parameter to allow for future optional extensions. As per , any implementation not understanding an extension should ignore it. The following summarizes the syntax of the History-Info header, based upon the standard SIP syntax :

The following provides some examples of the History-Info header. Note that the backslash and CRLF between the fields in the examples below are for readability purposes only.

;index=1;foo=bar History-Info: ;index=1.1;mapped,\ ;index=1.2;mapped,\ ;index=1.3;reg-uri]]>

This section describes the processing specific to UAs and Proxies for the History-Info header, the "histinfo" option tag, and the priv- value of "history". As discussed in , the fundamental objective is to capture the target Request-URIs as a request is forwarded. This allows for the capturing of the history of a request that would be lost due to subsequent (re)targeting and forwarding. To accomplish this for the entire history of a request, either the UAC must capture the Request-URI in a History-Info header in the initial request or a proxy must add a History-Info header with both a hi-entry for the Request-URI in the initial request and a hi-entry for the target Request-URI as the request is forwarded. The basic processing is for each entity forwarding a request to add a hi-entry for the target Request-URI, updating the index and adding the Reason and Retarget parameters as appropriate for any retargeted Request-URIs.

The UAC SHOULD include the "histinfo" option tag in the Supported header in any request not associated with an established dialog for which the UAC would like the History-Info header in the response. In addition, the UAC MAY add a History-Info header, using the Request-URI of the request as the hi-target-to-uri, in which case the index MUST be set to a value of 1 in the hi-entry. As a result, intermediaries and the UAS will know at least the original Request-URI, and if the Request-URI was modified by a previous hop. Normally, UACs are not expected to include a History-Info header in an initial request as it is more of a Proxy function; the reason it is allowed is for B2BUAs who are performing proxy-like functions like routing. In the case where a UAC receives a 3xx response with a Contact header, the UAC SHOULD maintain the previous hi-entry(s) in the request. The previous (last) hi-entry in the response SHOULD have a an hi-target parameter which had been added by the entity that returned the 3xx response, if the entity has implemented this specification. If there is no hi-target parameter in the previous hi-entry, the UAC MUST NOT add an hi-target parameter to the hi-entry. In either case, a new hi-entry MUST then be added for the URI from the Contact header (which becomes the new Request-URI). In this case, the index is created by reading and incrementing the value of the index from the previous hi-entry, thus following the same rules as those prescribed for a proxy in retargeting, described in . A UAC that does not want the History-Info header added due to privacy considerations MUST include a Privacy header with a priv-value(s) of "session", "header", or "history" in the request. With the exception of the processing of a 3xx response described above, the processing of the History-Info header received in the Response is application specific and outside the scope of this document. However, the validity of the information SHOULD be ensured prior to any application usage. For example, the entries can be evaluated to determine gaps in indices, which could indicate that an entry has been maliciously removed or removed for privacy reasons. Either way, an application may want to be aware of potentially missing information.

The processing of the information in the History-Info header by a UAS in a Request depends upon local policy and specific applications at the UAS that might make use of the information. Prior to any application usage of the information, the validity SHOULD be ascertained. For example, the entries MAY be evaluated to determine gaps in indices, which could indicate that an entry has been maliciously removed or removed for privacy reasons. Either way, an application MAY want to be aware of potentially missing information. If the "histinfo" option tag is received in a request, the UAS MUST include any History-Info received in the request in the subsequent response.

A proxy conforming to this specification MUST add a hi-entry as it forwards a Request. Section 16.6 of defines the steps to be followed as the proxy forwards a Request. Step 5 prescribes the addition of optional headers. Although this would seem the appropriate step for adding the History-Info header, the interaction with Step 6, "Postprocess routing information", and the impact of a strict route in the Route header could result in the Request-URI being changed; thus, adding the History-Info header between Steps 8 (adding Via header) and 9 (adding Content-Length) is RECOMMENDED. Note that in the case of loose routing, the Request-URI does not change during the forwarding of a Request; thus, the capturing of History-Info for such a request results in duplicate Request-URIs with different indices, and with hi-target set to "noop." The hi-entry MUST be added following any hi-entry received in the request being forwarded. Additionally, if a request is received that doesn't include a History-Info header, the proxy MAY add a History-Info header with a hi-entry preceding the one being added for the current request being forwarded. The index for this hi-entry is MUST start at 1. The following subsections define the details of creating the information associated with each hi-entry.

If there is a Privacy header in the request with a priv-value of "session", "header", or "history", a hi-entry SHOULD be added, if the request is being forwarded to a Request-URI associated with a domain for which the processing entity is responsible (and provided local policy supports the History-Info header, etc.). If a request is being forwarded to a Request-URI associated with a domain for which the proxy is not responsible and there is a Privacy header in the request with a priv-value of "session", "header", or "history", the proxy MAY anonymize hi-entry(s) as per prior to forwarding, depending upon local policy and whether the proxy might know a priori that it can rely on a downstream privacy service to apply the requested privacy. If a request is being forwarded to a Request-URI associated with a domain for which the proxy is not responsible and local policy requires privacy associated with any, or with specific, hi-entries it has added, any hi-entry with a priv-value of "history" SHOULD be anonymized prior to forwarding.

For retargets that are the result of an explicit SIP response, a Reason MUST be associated with the hi-targeted-to-uri. If the SIP response does not include a Reason header, the SIP Response Code that triggered the retargeting MUST be included as the Reason associated with the hi-targeted-to-uri that has been retargeted. If the response contains a non-SIP Reason header (e.g., Q.850), it MUST be captured as an additional Reason associated with the hi-targeted-to- uri that has been retargeted, along with the SIP Response Code. If the Reason header is a SIP reason, then it MUST be used as the Reason associated with the hi-targeted-to-uri rather than the SIP response code. For retargets as a result of timeouts or internal events, a Reason MAY be associated with the hi-targeted-to-uri that has been retargeted. The addition of the Reason should occur prior to the forwarding of the request (which may add a new hi-entry with a new hi-targeted-to- uri) as it is associated with the hi-targeted-to-uri that has been retargeted, since it reflects the reason why the Request to that specific URI was not successful.

In order to maintain ordering and accurately reflect the nesting and retargeting of the request, an index MUST be included along with the Targeted-to-URI being captured. Per the syntax in , the index consists of a dot-delimited series of digits (e.g., 1.1.2). Each dot reflects a hop or level of nesting; thus, the number of hops is determined by the total number of dots. Within each level, the integer reflects the number of peer entities to which the request has been routed. Thus, the indexing results in a logical tree representation for the history of the Request. For each level of indexing, the index MUST start at 1. An increment of 1 MUST be used for advancing to a new branch. The basic rules for adding the index are summarized as follows: Basic Forwarding: In the case of a Request that is being forwarded, the index is determined by adding another level of indexing since the depth/length of the branch is increasing. To accomplish this, the proxy reads the value from the History-Info header in the received request, if available, and adds another level of indexing by appending the dot delimiter followed by an initial index for the new level of 1. For example, if the index in the last History-Info header field in the received request is 1.1, this proxy would initialize its index to 1.1.1 and forward the request. Retargeting within a Proxy - 1st instance: For the first instance of retargeting within a Proxy, the calculation of the index follows that prescribed for basic forwarding. Retargeting within a Proxy - subsequent instance: For each subsequent retargeting of a request by the same proxy, another branch is added. With the index for each new branch calculated by incrementing the last/lowest digit at the current level, the index in the next request forwarded by this same proxy, following the example above, would be 1.1.2. Retargeting based upon a Response: In the case of retargeting due to a specific response (e.g., 302), the index would be calculated per rule 3. That is, the lowest/last digit of the index is incremented (i.e., a new branch is created), with the increment of 1. For example, if the index in the History-Info header of the received request was 1.2, then the index in the History-Info header field for the new hi-targeted- to-URI would be 1.3. Retargeting the request in parallel (forking): If the request forwarding is done in parallel, the index MUST be captured for each forked request per the rules above, with each new Request having a unique index. The only difference in the messaging for this scenario and the messaging produced per basic proxy retargeting in rules 2 and 3 is these forwarded requests do not have History-Info entries associated with their peers. The proxy builds the subsequent response (or request) using the aggregated information associated with each of those requests and including the header entries in the order indicated by the indexing. Responses are processed as described in Section 16.7 of with the aggregated History-Info entries processed similar to Step 7 "Aggregate Authentication Header Field Values".

An hi-target attribute MUST be included in a request forwarded by a proxy. The addition of the hi-target parameter MUST occur prior to the forwarding of the request (which may add a new hi-entry with a new hi-targeted-to- uri) as it is associated with the hi-targeted-to-uri that has been retargeted. If the incoming request already contains a History-Info header field, and the hi-targeted-to-uri in the last hi-entry is identical to the Request-URI of the received request, the proxy MUST add a hi-target attribute with value "noop" to that hi-entry. In the case that the request did not contain a History-Info header, or if the last hi-entry is not identical to the Request-URI of the received request, the proxy MUST add another History-Info header field value as described in and MUST add a hi-target attribute to this hi-entry. If the Request-URI itself predetermined the routing as per the procedures of 16.5/, i.e., if there was a maddr parameter, or if the domain indicates a domain that the proxy is not responsible for, or strict routing is used and the request is forwarded to another proxy, the hi-target attribute MUST be set to "predetermined." If the Request-URI is being replaced with a registered Contact header, bound to the AOR indicated by the Request-URI, the hi-target attribute MUST be set to "reg-uri." If the Request-URI is replaced with a registered Contact bound to an AOR that is an alias of the Request-URI, the hi-target attribute MUST be set to "reg-uri-alias." If the request is being forwarded based on the receipt of a 3xx response with a Contact header and the previous (last) hi-entry already has an hi-target parameter, then another hi-target attribute MUST not be added to the hi-entry. This would occur in the case of a redirect server that has implemented this specification. In all other cases, the Request-URI is replaced with another URI that is not a Contact associated with the AOR in the Request-URI or one of its aliases. In this case, the hi-target attribute MUST be set to "mapped." The index is set as defined in . Once the proxy has translated the Request-URI into a contact URI based on a location service lookup, it MUST add an additional hi-entry containing the Contact URI for each request to be forwarded as described in . The hi-target attribute MUST NOT be added to this hi-entry.

A proxy that receives a Request with the "histinfo" option tag SHOULD return captured History-Info in subsequent, non-100 provisional, and final responses to the Request. The proxy MUST add the reason to the last hi-entry received in the request to the last hi-entry in the response. For non-3XXresponses, the proxy MUST NOT add a hi-target attribute to the last hi-entry received in the request to the last hi-entry in the response. For 3XX response, the proxy MUST add the hi-target attribute to the last hi-entry received in the request to the last hi-entry in the response per the rules defined in . The processing of History-Info in responses follows the methodology described in Section 16.7 of , with the processing of History-Info headers adding an additional step, just before Step 9, "Forwarding the Response".

A redirect server SHOULD include the History-Info headers received in the request in the 3XX response. The redirect server MUST also add the appropriate hi-target attribute to the last hi-entry received in the request to the last hi-entry in the response per the rules defined in .

This section contains some basic call examples using the History-Info header, including the use of privacy and the hi-target attribute. All the examples in this section are using loose routing procedures. If strict routing procedures were used, instead of entries with hi-target set to "noop", there would be entries with hi-target set to "predetermined" instead. The formatting in these scenarios is for visual purposes; thus, backslash and CRLF are used between the fields for readability and the headers in the URI are not shown properly formatted for escaping. Refer to for the proper formatting. Additional detailed scenarios are available in the .

In this example, Alice (sip:alice@atlanta.example.com) calls Bob (sip:bob@biloxi.example.com). Alice's home proxy (sip:atlanta.example.com) forwards the request to Bob's proxy (sip:biloxi.example.com). When the request arrives at sip:biloxi.example.com, it does a location service lookup for bob@biloxi.example.com and changes the target of the request to Bob's Contact URI provided as part of normal SIP registration. One important thing illustrated by this call flow is that without History-Info, Bob would "lose" the target information, including any parameters in the request URI. Bob can now recover that information by looking for the last hi-entry marked as "reg-uri" or "reg-uri-alias" hi-target.

| | | | Supported: histinfo | | | | | | | | INVITE sip:bob@biloxi.example.com;p=x | |--------------->| | | History-Info: ;index=1;noop | History-Info: ;index=1.1 | | | | | | | INVITE sip:bob@192.0.2.3 | | |--------------->| | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | | | 200 | | | |<---------------| | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | | 200 | | | |<---------------| | | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | 200 | | | |<---------------| | | | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: | ACK | | | |--------------->| ACK | | | |--------------->| ]]>

The next example provides the basic call scenario using one of the privacy mechanisms, with sip:biloxi.example.com adding the Privacy header indicating that the History-Info header information is anonymized outside the biloxi.example.com domain. This scenario highlights the potential functionality lost with the use of "history" privacy in the Privacy header for the entire request and the need for careful consideration on the use of privacy for History-Info.

| | | | Supported: histinfo | | | | | | | | INVITE sip:bob@biloxi.example.com;p=x | |--------------->| | | History-Info: ;index=1;noop | History-Info: ;index=1.1 | | | | | | | INVITE sip:bob@192.0.2.3 | | |--------------->| | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | | | 200 | | | |<---------------| | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | | 200 | | | |<---------------| | | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | 200 | | | |<---------------| | | | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | ACK | | | |--------------->| ACK | | | |--------------->| ACK | | | |--------------->| ]]>

This example also provides the basic call scenario using one of the privacy mechanisms, however, due to local policy at sip:biloxi.example.com, only the final hi-entry in the History-Info, which is Bob's local URI, contains a priv-value of "history", thus providing Alice with some information about the history of the request, but anonymizing Bob's local URI.

| | | | Supported: histinfo | | | | | | | | INVITE sip:bob@biloxi.example.com;p=x | |--------------->| | | History-Info: ;index=1;noop | History-Info: ;index=1.1 | | | | | | | INVITE sip:bob@192.0.2.3 | | |--------------->| | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | | | 200 | | | |<---------------| | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | | 200 | | | |<---------------| | | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | 200 | | | |<---------------| | | | History-Info: ;index=1;noop | History-Info: ;index=1.1;reg-uri | History-Info: ;index=1.1.1 | | | | | ACK | | | |--------------->| ACK | | | |--------------->| ACK | | | |--------------->| ]]>

As seen by the example scenarios in the , History-Info provides a very flexible building block that can be used by intermediaries and UAs for a variety of services. As such, any services making use of History-Info must be designed with the following considerations: History-Info is optional; thus, a service MUST define default behavior for requests and responses not containing History-Info headers. History-Info may be impacted by privacy considerations. Applications requiring History-Info need to be aware that if Header-, Session-, or History-level privacy is requested by a UA (or imposed by an intermediary) that History-Info may not be available in a request or response. This would be addressed by an application in the same manner as the previous consideration by ensuring there is reasonable default behavior should the information not be available. History-Info may be impacted by local policy. Each application making use of the History-Info header SHOULD address the impacts of the local policies on the specific application (e.g., what specification of local policy is optimally required for a specific application and any potential limitations imposed by local policy decisions). Note that this is related to the optionality and privacy considerations identified in 1 and 2 above, but goes beyond that. For example, due to the optionality and privacy considerations, an entity may receive only partial History-Info entries; will this suffice? Note that this would be a limitation for debugging purposes, but might be perfectly satisfactory for some models whereby only the information from a specific intermediary is required.

This document defines a new header for SIP. The use of the Transport Layer Security (TLS) protocol as a mechanism to ensure the overall confidentiality of the History-Info headers (SEC- req-4) is strongly RECOMMENDED. This results in History-Info having at least the same level of security as other headers in SIP that are inserted by intermediaries. With TLS, History-Info headers are no less, nor no more, secure than other SIP headers, which generally have even more impact on the subsequent processing of SIP sessions than the History-Info header. With the level of security provided by TLS (SEC-req-3), the information in the History-Info header can thus be evaluated to determine if information has been removed by evaluating the indices for gaps (SEC-req-1, SEC-req-2). It would be up to the application to define whether it can make use of the information in the case of missing entries. Note that while using the SIPS scheme (as per ) protects History-Info from tampering by arbitrary parties outside the SIP message path, all the intermediaries on the path are trusted implicitly. A malicious intermediary could arbitrarily delete, rewrite, or modify History- Info. This specification does not attempt to prevent or detect attacks by malicious intermediaries.

This document requires several IANA registrations detailed in the following sections.

This document defines a new SIP header field name: History-Info and a new option tag: histinfo. The following changes have been made to http:///www.iana.org/assignments/sip-parameters The following row has been added to the header field section:

The following has been added to the Options Tags section:

Note to RFC Editor: Please replace RFC XXXX with the RFC number of this specification.

This document defines a new priv-value for the SIP Privacy header: history The following changes have been made to http://www.iana.org/assignments/sip-priv-values The following has been added to the registration for the SIP Privacy header:

Note to RFC Editor: Please replace RFC XXXX with the RFC number of this specification.

Cullen Jennings, Mark Watson, and Jon Peterson contributed to the development of the initial requirements for . Jonathan Rosenberg produced the initial document that provided the basis for the addition of the "target" parameter to the History-Info header, as well as some content for this document.

The editor would like to acknowledge the constructive feedback provided by Robert Sparks, Paul Kyzivat, Scott Orton, John Elwell, Nir Chen, Palash Jain, Brian Stucker, Norma Ng, Anthony Brown, Jayshree Bharatia, Jonathan Rosenberg, Eric Burger, Martin Dolly, Roland Jesske, Takuya Sawada, Sebastien Prouvost, and Sebastien Garcin in the development of . The editor would like to acknowledge the significant input from Rohan Mahy on some of the normative aspects of the ABNF for , particularly around the need for and format of the index and around the security aspects. Many thanks to Hans Eric Van Elburg, Christer Holmberg and Shida Shubert for the help on this update to , especially regarding the requirements for preserving target-URI information all the way to the UAS. Thanks to Ian Elz for his feedback on privacy.

NOTE TO THE RFC-Editor: Please remove this section prior to publication as an RFC. Changes from RFC4244 to individual -00: Clarified that HI captures both retargeting as well as cases of just forwarding a request. Added descriptions of the usage of the terms "retarget", "forward" and "redirect" to the terminology section. Added additional examples for the functionality provided by HI for core SIP. Added hi-target parameter values to HI header to ABNF and protocol description, as well as defining proxy, UAC and UAS behavior for the parameter. Simplified example call flow in section 4.5. Moved previous call flow to appendix. Fixed ABNF per RFC4244 errata "dot" -> "." and added new parameter. Fixed all the examples. Made sure loose routing was used in all of them. Removed example where a proxy using strict routing is using History-Info for avoiding trying same route twice. Remove redundant Redirect Server example. Index are now mandated to start at "1" instead of recommended. Clarified 3xx behavior as the entity sending the 3XX response MUST add the hi-target attribute to the previous hi-entry to ensure that it is appropriately tagged (i.e., it's the only one that knows how the contact in the 3xx was determined.) Removed lots of ambiguity by making many "MAYs" into "SHOULDs" and "some "SHOULDs" into "MUSTs". Privacy is now recommended to be done by anonymizing entries as per RFC 3323 instead of by removing or omitting hi-entry(s). Requirement for TLS is now same level as per RFC 3261.

&rfc3261; &rfc3326; &rfc3323; &rfc2119; &rfc5246; &rfc4244; &I-D.ietf-sip-gruu; &I-D.ietf-sip-sips; &I-D.rosenberg-sip-target-uri-delivery; &rfc3087; &rfc4240;

The scenarios in this section provide sample use cases for the History-Info header for informational purposes only. They are not intended to be normative.

This scenario highlights an example where the History-Info in the response is useful to an application or user that originated the request. Alice sends a call to Bob via sip:example.com. The proxy sip:example.com sequentially tries Bob on a SIP UA that has bound a contact with the sip:bob@example.com AOR, and then several alternate addresses (Office and Home) unsuccessfully before sending a response to Alice. In this example, note that Office and Home are not the same AOR as sip:bob@example.com, but rather different AORs that have been configured as alternate contacts for Bob in the proxy. In other words, Office and Bob are not bound through SIP Registration with Bob's AOR. This type of arrangement is common for example when a "routing" rule to a PSTN number is manually configured in a Proxy. This scenario is provided to show that by providing the History-Info to Alice, the end-user or an application at Alice could make a decision on how best to attempt finding Bob. Without this mechanism, Alice might well attempt Office (and thus Home) and then re-attempt Home on a third manual attempt at reaching Bob. With this mechanism, either the end-user or application could know that Bob is not answering in the Office, and his busy on his home phone. If there were an alternative address for Bob known to this end-user or application, that hasn't been attempted, then either the application or the end- user could attempt that. The intent here is to highlight an example of the flexibility of this mechanism that enables applications well beyond SIP as it is certainly well beyond the scope of this document to prescribe detailed applications.

| INVITE F2 | | | | |----------------->| | | | 100 Trying F3 | | | |<-----------| 302 Move Temporarily F4 | | | |<-----------------| | | | | ACK F5 | | | | |----------------->| | | | | INVITE F6 | | | |-------------------------->| | | | 180 Ringing F7 | | | |<--------------------------| | | 180 Ringing F8 | | |<-----------| retransmit INVITE | | | |-------------------------->| | | | ( timeout ) | | | | INVITE F9 | | |----------------------------------->| | | 100 Trying F10 | | |<-----------------------------------| | | 486 Busy Here F11 | | |<-----------------------------------| | 486 Busy Here F12 | |<-----------| ACK F13 | | |----------------------------------->| | ACK F14 | | |----------->| | ]]>

example.com INVITE sip:alice@example.com SIP/2.0 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Supported: histinfo Call-Id: 12345600@example.com CSeq: 1 INVITE Contact: Alice Content-Type: application/sdp Content-Length: ]]>

Bob INVITE sip:bob@192.0.2.4 SIP/2.0 Via: SIP/2.0/TCP proxy.example.com:5060 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Supported: histinfo Call-Id: 12345600@example.com CSeq: 1 INVITE Record-Route: History-Info: ;index=1;reg-uri History-Info: ;index=1.1 Contact: Alice Content-Type: application/sdp Content-Length: ]]>

alice SIP/2.0 100 Trying Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Call-Id: 12345600@example.com CSeq: 1 INVITE Content-Length: 0 ]]>

example.com SIP/2.0 302 Moved Temporarily Via: SIP/2.0/TCP proxy.example.com:5060 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob ;tag=3 Call-Id: 12345600@example.com CSeq: 1 INVITE Record-Route: History-Info: ;index=1;reg-uri History-Info: ;index=1.1 Contact: Content-Length: 0 ]]>

Bob ACK sip:home@example.com SIP/2.0 Via: SIP/2.0/TCP proxy.example.com:5060 From: Alice To: Bob Call-Id: 12345600@example.com CSeq: 1 ACK Content-Length: 0 ]]>

office INVITE sip:office@192.0.2.3.com SIP/2.0 Via: SIP/2.0/TCP proxy.example.com:5060;branch=2 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Supported: histinfo Call-Id: 12345600@example.com Record-Route: History-Info: ;index=1;reg-uri History-Info: ;\ index=1.1;mapped History-Info: ;index=1.2;reg-uri History-Info: ;index=1.2.1 CSeq: 1 INVITE Contact: Alice Content-Type: application/sdp Content-Length: ]]>

example.com SIP/2.0 180 Ringing Via: SIP/2.0/TCP proxy.example.com:5060;branch=2 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob ;tag=5 Supported: histinfo Call-ID: 12345600@example.com Record-Route: History-Info: ;index=1;reg-uri History-Info: ;\ index=1.1;mapped History-Info: ;index=1.2;reg-uri History-Info: ;index=1.2.1 CSeq: 1 INVITE Content-Length: 0 ]]>

alice SIP/2.0 180 Ringing Via: SIP/2.0/TCP example.com:5060 From: Alice To: Bob Supported: histinfo Call-Id: 12345600@example.com History-Info: ;index=1;reg-uri History-Info: ;\ index=1.1;mapped History-Info: ;index=1.2;reg-uri History-Info: ;index=1.2.1 CSeq: 1 INVITE Content-Length: 0 ]]>

home INVITE sip:home@192.0.2.6 SIP/2.0 Via: SIP/2.0/TCP proxy.example.com:5060;branch=3 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Supported: histinfo Call-Id: 12345600@example.com Record-Route: History-Info: ;index=1;reg-uri History-Info: ;\ index=1.1;mapped History-Info: ;index=1.2;reg-uri History-Info: ;\ index=1.2.1;mapped History-Info: ;index=1.3;reg-uri History-Info: ;index=1.3.1 CSeq: 1 INVITE Contact: Alice Content-Type: application/sdp Content-Length: ]]>

example.com SIP/2.0 100 Trying Via: SIP/2.0/TCP proxy.example.com:5060;branch=3 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Call-Id: 12345600@example.com CSeq: 1 INVITE Content-Length: 0 ]]>

example.com SIP/2.0 486 Busy Here Via: SIP/2.0/TCP proxy.example.com:5060;branch=3 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Call-Id: 12345600@example.com Record-Route: History-Info: ;index=1;reg-uri History-Info: ;\ index=1.1;mapped History-Info: ;index=1.2;reg-uri History-Info: ;\ index=1.2.1;mapped History-Info: ;index=1.3;reg-uri History-Info: ;index=1.3.1 CSeq: 1 INVITE Content-Length: 0 ]]>

alice SIP/2.0 486 Busy Here Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Call-Id: 12345600@example.com History-Info: ;index=1;reg-uri History-Info: ;\ index=1.1;mapped History-Info: ;index=1.2;reg-uri History-Info: ;\ index=1.2.1;mapped History-Info: ;index=1.3;reg-uri History-Info: ;index=1.3.1 CSeq: 1 INVITE Content-Length: 0 ]]>

home ACK sip:home@example.com SIP/2.0 Via: SIP/2.0/TCP proxy.example.com:5060 From: Alice To: Bob Call-Id: 12345600@example.com CSeq: 1 ACK Content-Length: 0 ]]>

example.com ACK sip:bob@example.com SIP/2.0 Via: SIP/2.0/TCP 192.0.2.3:5060 From: Alice To: Bob Call-Id: 12345600@example.com Route: CSeq: 1 ACK Content-Length: 0 ]]>

This scenario highlights an example where the History-Info in the request is primarily of use by an edge service (e.g., voicemail server). It should be noted that this is not intended to be a complete specification for this specific edge service as it is quite likely that additional information is needed by the edge service. History-Info is just one building block that this service makes use of. Alice called Bob, which had been forwarded to Carol, which forwarded to VM (voicemail server). Based upon the retargeted URIs and Reasons (and other information) in the INVITE, the VM server makes a policy decision about what mailbox to use, which greeting to play, etc.

| | | | | | INVITE sip:bob@192.0.2.3 | | | |------------->| | | History-Info: ;index=1;reg-uri History-Info: ;index=1.1 | | | | | | 100 Trying | | | | |<-------------| 302 Moved Temporarily | | | |<-------------| | | History-Info: ;index=1;reg-uri History-Info: ;index=1.1 | | | | | | | INVITE sip:Carol@192.0.2.4 | | | |--------------------------->| | History-Info: ;index=1;reg-uri History-Info: ;index=1.1;mapped History-Info: ;index=2;reg-uri History-Info: ;index=2.1 | | | | | | | 180 Ringing | | | |<---------------------------| | History-Info: ;index=1;reg-uri History-Info: ;index=1.1;mapped History-Info: ;index=2;reg-uri History-Info: ;index=2.1 | | | | | | 180 Ringing | | | | |<-------------| | | | | | | | | | . . . | retransmit INVITE | | | |--------------------------->| | History-Info: ;index=1;reg-uri History-Info: ;index=1.1;mapped History-Info: ;index=2;reg-uri History-Info: ;index=2.1 | . . . | | | | | | (timeout) | | | | | | | | | INVITE sip:vm@192.0.2.5 | | |-------------------------------------->| History-Info: ;index=1;reg-uri History-Info: ;index=1.1;mapped History-Info: ;index=2;reg-uri History-Info: ;index=2.1;mapped History-Info: ;index=3;reg-uri History-Info: ;index=3.1 | | | | | | | 200 OK | | |<--------------------------------------| History-Info: ;index=1;reg-uri History-Info: ;index=1.1;mapped History-Info: ;index=2;reg-uri History-Info: ;index=2.1;mapped History-Info: ;index=3;reg-uri History-Info: ;index=3.1 | 200 OK | | | | |<-------------| | | | | | | | | | ACK | | | | |------------->| ACK | | |-------------------------------------->| ]]>

This scenario highlights an example of an Automatic Call Distribution service, where the agents are divided into groups based upon the type of customers they handle. In this example, the Gold customers are given higher priority than Silver customers, so a Gold call would get serviced even if all the agents servicing the Gold group were busy, by retargeting the request to the Silver Group for delivery to an agent. Upon receipt of the call at the agent assigned to handle the incoming call, based upon the History-Info header in the message, the application at the agent can provide an indication that this is a Gold call, from how many groups it might have overflowed before reaching the agent, etc. and thus can be handled appropriately by the agent. For scenarios whereby calls might overflow from the Silver to the Gold, clearly the alternate group identification, internal routing, or actual agent that handles the call should not be sent to UA1. Thus, for this scenario, one would expect that the Proxy would not support the sending of the History-Info in the response, even if requested by Alice. As with the other examples, this is not prescriptive of how one would do this type of service but an example of a subset of processing that might be associated with such a service. In addition, this example is not addressing any aspects of Agent availability, which might also be done via a SIP interface.

| | | | | Supported: histinfo | | | | | | | INVITE sip:Gold@example.com | | |------------->| | | History-Info: ;index=1;noop History-Info: ;index=1.1 | | | | | | | 302 Moved Temporarily | | | |<-------------| | | History-Info: ;index=1;noop History-Info: ;index=1.1 Contact: | | | | | | INVITE sip:Silver@example.com | | |--------------------------->| | History-Info: ;index=1;noop History-Info: ;\ index=1.1;mapped History-Info: ;index=2;noop History-Info: ;index=2.1 | | | | | | | | INVITE sip:Silver@192.0.2.7 | | | |----------->| History-Info: ;index=1;noop History-Info: ;\ index=1.1;mapped History-Info: ;index=2;noop History-Info: ;index=2.1;reg-id History-Info: ;index=2.1.1> | | | | | | | | | 200 OK | | | | |<-----------| History-Info: ;index=1;noop History-Info: ;\ index=1.1;mapped History-Info: ;index=2;noop History-Info: ;index=2.1;reg-id History-Info: ;index=2.1.1> | | | | | | | 200 OK | | | |<---------------------------| | History-Info: ;index=1;noop History-Info: ;\ index=1.1;mapped History-Info: ;index=2;noop History-Info: ;index=2.1;reg-id History-Info: ;index=2.1.1> | | | | | 200 OK | | | | |<-------------| | | | | | | | | | ACK | | | | |------------->| ACK | | |---------------------------------------->| ]]>