A Document Format for Expressing Authorization Policies to tackle Spam and Unwanted Communication for Internet Telephony

SPAM, defined as sending unsolicited messages to someone in bulk, might be a problem on SIP open-wide deployed networks. The responsibility for filtering or blocking calls can belong to different elements in the call flow and may depend on various factors. This document defines an authorization based policy language that allows end users to upload anti-SPIT policies to intermediaries, such as SIP proxies. These policies mitigate unwanted SIP communications. It extends the Common Policy authorization framework with additional conditions and actions. The new conditions match a particular Session Initiation Protocol (SIP) communication pattern based on a number of attributes. The range of attributes includes information provided, for example, by SIP itself, by the SIP identity mechanism, by information carried within SAML assertions.

[1]  Jonathan D. Rosenberg,et al.  Presence Authorization Rules , 2007, RFC.

[2]  Saverio Niccolini,et al.  Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) based Robot Challenges for SIP , 2008 .

[3]  Miguel A. Garcia-Martin,et al.  A Session Description Protocol (SDP) Offer/Answer Mechanism to Enable File Transfer , 2009, RFC.

[4]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[5]  Henning Schulzrinne,et al.  RPID: Rich Presence Extensions to the Presence Information Data Format (PIDF) , 2006, RFC.

[6]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[7]  Henning Schulzrinne,et al.  The tel URI for Telephone Numbers , 2004, RFC.

[8]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[9]  Jonathan D. Rosenberg Identification of Communications Services in the Session Initiation Protocol (SIP) , 2010, RFC.

[10]  Henning Schulzrinne A Uniform Resource Name (URN) for Services , 2005 .

[11]  Gonzalo Camarillo,et al.  Support for IPv6 in Session Description Protocol (SDP) , 2002, RFC.

[12]  Jonathan D. Rosenberg A Presence Event Package for the Session Initiation Protocol (SIP) , 2004, RFC.

[13]  Martin J. Dürst,et al.  Internationalized Resource Identifiers (IRIs) , 2005, RFC.

[14]  Henning Schulzrinne,et al.  Communications Resource Priority for the Session Initiation Protocol (SIP) , 2006, RFC.

[15]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[16]  Cullen Jennings Computational Puzzles for SPAM Reduction in SIP , 2007 .

[17]  Henning Schulzrinne,et al.  A Uniform Resource Name (URN) for Emergency and Other Well-Known Services , 2008, RFC.

[18]  Henning Schulzrinne,et al.  Indicating User Agent Capabilities in the Session Initiation Protocol (SIP) , 2004, RFC.

[19]  Jonathan D. Rosenberg,et al.  The Extensible Markup Language (XML) Configuration Access Protocol (XCAP) , 2007, RFC.

[20]  Bernard Desruisseaux,et al.  Internet Calendaring and Scheduling Core Object Specification (iCalendar) , 2009, RFC.

[21]  Henning Schulzrinne,et al.  Common Policy: A Document Format for Expressing Privacy Preferences , 2007, RFC.

[22]  Jon Peterson,et al.  Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks , 2002, RFC.

[23]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[24]  Gonzalo Camarillo,et al.  A Framework for Consent-Based Communications in the Session Initiation Protocol (SIP) , 2008, RFC.

[25]  Jonathan D. Rosenberg,et al.  A Data Model for Presence , 2006, RFC.

[26]  Rohan Mahy The Calling Party's Category tel URI Parameter , 2007 .

[27]  Christian Huitema,et al.  Session Initiation Protocol (SIP) Extension for Instant Messaging , 2002, RFC.

[28]  David Schwartz SPAM for Internet Telephony (SPIT) Prevention using the Security Assertion Markup Language (SAML) , 2006 .

[29]  Tim Showalter,et al.  Sieve: A Mail Filtering Language , 2001, RFC.

[30]  Henning Schulzrinne,et al.  Call Processing Language (CPL): A Language for User Control of Internet Telephony Services , 2004, RFC.

[31]  Henning Schulzrinne,et al.  A Framework to tackle Spam and Unwanted Communication for Internet Telephony , 2008 .

[32]  Henning Schulzrinne,et al.  Requirements for Authorization Policies to tackle Spam and Unwanted Communication for Internet Telephony , 2008 .

[33]  Jon Peterson,et al.  Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.

[34]  Philip Guenther,et al.  Sieve: An Email Filtering Language , 2008, RFC.