ECRIT R. Gellens
Internet-Draft Core Technology Consulting
Intended status: Standards Track H. Tschofenig
Expires: March 27, 2017 Individual
September 23, 2016

Next-Generation Pan-European eCall
draft-ietf-ecrit-ecall-13.txt

Abstract

This document describes how to use IP-based emergency services mechanisms to support the next generation of the Pan European in-vehicle emergency call service defined under the eSafety initiative of the European Commission (generally referred to as "eCall"). eCall is a standardized and mandated system for a special form of emergency calls placed by vehicles, providing real-time communications and an integrated set of related data.

This document also registers MIME Content Types and an Emergency Call Additional Data Blocks for the eCall vehicle data and metadata/control data.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on March 27, 2017.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

This document re-uses terminology defined in Section 3 of [RFC5012].

Additionally, we use the following abbreviations:

Term Expansion
3GPP 3rd Generation Partnership Project
CEN European Committee for Standardization
EENA European Emergency Number Association
ESInet Emergency Services IP network
IMS IP Multimedia Subsystem
IVS In-Vehicle System
MNO Mobile Network Operator
MSD Minimum Set of Data
PSAP Public Safety Answering Point

2. Document Scope

This document is focused on the signaling, data exchange, and protocol needs of next-generation eCall (NG-eCall, also referred to as packet-switched eCall or all-IP eCall) within the SIP framework for emergency calls, as described in [RFC6443] and [RFC6881]. eCall itself is specified by 3GPP and CEN and these specifications include far greater scope than is covered here.

The eCall service operates over cellular wireless communication, but this document does not address cellular-specific details, nor client domain selection (e.g., circuit-switched versus packet-switched). All such aspects are the purview of their respective standards bodies. The scope of this document is limited to eCall operating within a SIP-based environment (e.g., 3GPP IMS Emergency Calling).

The technical contents of this document also provide a basis for reuse and extension for other vehicle-initiated emergency call systems.

Vehicles designed for multiple regions might need to support eCall and other Advanced Automatic Crash Notification (AACN) systems, such as described in [I-D.ietf-ecrit-car-crash].

3. Introduction

Emergency calls made from vehicles (e.g., in the event of a crash) assist in significantly reducing road deaths and injuries by allowing emergency services to be aware of the incident, the state of the vehicle, the location of the vehicle, and to have a voice channel with the vehicle occupants. This enables a quick and appropriate response.

The European Commission initiative of eCall was conceived in the late 1990s, and has evolved to a European Parliament decision requiring the implementation of a compliant in-vehicle system (IVS) in new vehicles and the deployment of eCall in the European Member States in the very near future. Other regions are developing eCall-compatible systems.

The pan-European eCall system provides a standardized and mandated mechanism for emergency calls by vehicles. eCall establishes procedures for such calls to be placed by in-vehicle systems, recognized and processed by the mobile network, and routed to a specialized PSAP where the vehicle data is available to assist the call taker in assessing and responding to the situation. eCall provides a standard set of vehicle, sensor (e.g., crash related), and location data.

An eCall can be either user-initiated or automatically triggered. Automatically triggered eCalls indicate a car crash or some other serious incident. Manually triggered eCalls might be reports of witnessed crashes or serious hazards. PSAPs might apply specific operational handling to manual and automatic eCalls.

Legacy eCall is standardized (by 3GPP [SDO-3GPP] and CEN [CEN]) as a 3GPP circuit-switched call over GSM (2G) or UMTS (3G). Flags in the call setup mark the call as an eCall, and further indicate if the call was automatically or manually triggered. The call is routed to an eCall-capable PSAP, a voice channel is established between the vehicle and the PSAP, and an eCall in-band modem is used to carry a defined set of vehicle, sensor (e.g., crash related), and location data (the Minimum Set of Data or MSD) within the voice channel. The same in-band mechanism is used for the PSAP to acknowledge successful receipt of the MSD, and to request the vehicle to send a new MSD (e.g., to check if the state of or location of the vehicle or its occupants has changed). NG-eCall moves from circuit switched to all-IP, and carries the vehicle data and eCall signaling as additional data carried with the call. This document describes how IETF mechanisms for IP-based emergency calls, including [RFC6443] and [RFC7852] are used to provide the signaling and data exchange of the next generation of pan-European eCall.

The European Telecommunications Standards Institute (ETSI) [SDO-ETSI] has published a Technical Report titled "Mobile Standards Group (MSG); eCall for VoIP" [MSG_TR] that presents findings and recommendations regarding support for eCall in an all-IP environment. The recommendations include the use of 3GPP IMS emergency calling with additional elements identifying the call as an eCall and as carrying eCall data and with mechanisms for carrying the data and eCall signaling. 3GPP IMS emergency services support multimedia, providing the ability to carry voice, text, and video. This capability is referred to within 3GPP as Multimedia Emergency Services (MMES).

A transition period will exist during which time the various entities involved in initiating and handling an eCall might support next-generation eCall, legacy eCall, or both. The issues of migration and co-existence during the transition period are outside the scope of this document.

The MSD is carried in the MIME type 'application/emergencyCallData.eCall.MSD+per' and the metadata/control block is carried in the MIME type 'application/emergencyCallData.control+xml' (both of which are registered in Section 15) An INFO package is defined (in Section 10) to enable these MIME types to be carried in SIP INFO requests, per [RFC6086].

4. eCall Requirements

eCall requirements are specified by CEN in [EN_16072] and by 3GPP in [TS22.101] clauses 10.7 and A.27. Requirements specific to vehicle data are contained in EN 15722 [msd].

5. Vehicle Data

Pan-European eCall provides a standardized and mandated set of vehicle related data, known as the Minimum Set of Data (MSD). The European Committee for Standardization (CEN) has specified this data in EN 15722 [msd], along with both ASN.1 and XML encodings. Both circuit-switched eCall and this document use the ASN.1 PER encoding, which is specified in Annex A of EN 15722 [msd] (the XML encoding specified in Annex C is not used in this document).

This document registers the 'application/emergencyCallData.eCall.MSD+per' MIME Content-Type to enable the MSD to be carried in SIP. As an ASN.1 PER encoded object, the data is binary and transported using binary content transfer encoding within SIP messages. This document also adds the 'eCall.MSD' entry to the Emergency Call Additional Data Blocks registry to enable the MSD to be recognized as such in a SIP-based eCall emergency call. (See [RFC7852] for more information about the registry and how it is used.)

See Section 6 for a discussion of how the MSD vehicle data is conveyed in an NG-eCall.

6. Data Transport

[RFC7852] establishes a general mechanism for attaching blocks of data to a SIP emergency call. This mechanism permits certain emergency call MIME types to be attached to SIP messages. This document makes use of that mechanism. This document also registers an INFO package (in Section 10) to enable eCall related data blocks to be carried in SIP INFO requests (per [RFC6086], new INFO usages require the definition of an INFO package).

Note that if other data sets need to be transmitted in the future, the appropriate signalling mechanism for such data needs to be evaluated, including factors such as the size and frequency of such data.

An In-Vehicle System (IVS) transmits the MSD (see Section 5) by encoding it per Annex A of EN 15722 [msd] and attaching it to a SIP message as a MIME body part per [RFC7852]. The body part is identified by its MIME content-type ('application/emergencyCallData.eCall.MSD+per') in the Content-Type header field of the body part. The body part is assigned a unique identifier which is listed in a Content-ID header field in the body part. The SIP message is marked as containing the MSD by adding (or appending to) a Call-Info header field at the top level of the SIP message. This Call-Info header field contains a CID URL referencing the body part's unique identifier, and a 'purpose' parameter identifying the data as the eCall MSD per the Emergency Call Additional Data Blocks registry entry; the 'purpose' parameter's value is 'emergencyCallData.eCall.MSD'. Per [RFC6086], an MSD is carried in a SIP INFO request by using the INFO package defined in Section 10.

A PSAP or IVS transmits a metadata/control object (see Section 9) by encoding it per the description in this document and attaching it to a SIP message as a MIME body part per [RFC7852]. The body part is identified by its MIME content-type ('application/emergencyCallData.control+xml') in the Content-Type header field of the body part. The body part is assigned a unique identifier which is listed in a Content-ID header field in the body part. The SIP message is marked as containing the metadata/control object by adding (or appending to) a Call-Info header field at the top level of the SIP message. This Call-Info header field contains a CID URL referencing the body part's unique identifier, and a 'purpose' parameter identifying the data as an eCall metadata/control block per the Emergency Call Additional Data Blocks registry entry; the 'purpose' parameter's value is 'emergencyCallData.control'. Per [RFC6086], a metadata/control object is carried in a SIP INFO request by using the INFO package defined in Section 10.

As is necessary with message bodies, if an MSD or a metadata/control block is sent in the same message with another body part, a multipart/mixed body part encloses all body parts. In some cases, there are intermediate multipart body parts between the top level multipart/mixed and the body part containing the MSD or metadata/control object.

A body part containing an MSD or metadata/control object has a Content-Disposition header field value containing "By-Reference" unless it is the only body part in a SIP INFO request, in which case, per [RFC6086], "INFO-Package" is used.

An In-Vehicle System (IVS) initiating an NG-eCall attaches the MSD to the initial INVITE and optionally attaches a metadata/control object informing the PSAP of its capabilities. The MSD body part (and metadata/control and PIDF-LO body parts if included) have a Content-Disposition header field with the value "By-Reference; handling=optional". Specifying handling=optional prevents the INVITE from being rejected if it is processed by a legacy element (e.g., a gateway between SIP and circuit-switched environments) that does not understand the MSD (or metadata/control object or PIDF-LO). The PSAP creates a metadata/control object acknowledging receipt of the MSD and attaches it to the SIP final response to the INVITE. The metadata/control object is not attached to provisional (e.g., 180) responses.

If the IVS receives an acknowledgment for an MSD with received=false, it indicates some fault with the transfer of the MSD, the MSD content, or the PSAP's ability to properly receive, decode and act on the MSD. The IVS action is not defined (e.g., it might only log an error). Since the PSAP is able to request an updated MSD during the call, if an initial MSD is unsatisfactory in any way, the PSAP can choose to request another one.

A PSAP can request that the vehicle send an updated MSD during a call. To do so, the PSAP creates a metadata/control object requesting an MSD and attaches it to a SIP INFO request and sends it within the dialog. The IVS then attaches an updated MSD to a SIP INFO request and sends it within the dialog. If the IVS is unable to send an MSD, it instead sends a metadata/control object acknowledging the request with the 'success' parameter set to 'false' and a 'reason' parameter (and optionally a 'details' parameter) indicating why the request cannot be accomplished. Per [RFC6086], metadata/control objects and MSDs are sent using the INFO package defined in Section 10 . In addition, to align with how an MSD or metadata/control block is transmitted in a SIP message other than an INFO request, one or more Call-Info header fields are included in the SIP INFO request to reference the MSD or metadata/control block. See Section 10 for information about the use of INFO requests to carry data within an eCall.

The IVS is not expected to send an unsolicited MSD during the call.

Support for the data blocks defined in [RFC7852] is NOT REQUIRED for conformance with this document.

7. Call Setup

In circuit-switched eCall, the IVS places a special form of a 112 emergency call which carries an eCall flag (indicating that the call is an eCall and also if the call was manually or automatically triggered); the mobile network operator (MNO) recognizes the eCall flag and routes the call to an eCall-capable PSAP; vehicle data is transmitted to the PSAP via the eCall in-band modem (in the voice channel).

   ///----\\\      112 voice call with eCall flag      +------+
  ||| IVS  |||---------------------------------------->+ PSAP |
   \\\----///   vehicle data via eCall in-band modem   +------+

Figure 1: circuit-switched eCall

For NG-eCall, the IVS establishes an emergency call using a Request-URI indicating a manual or automatic eCall; the MNO (or ESInet) recognizes the eCall URN and routes the call to an NG-eCall capable PSAP; the PSAP interpets the vehicle data sent with the call and makes it available to the call taker.

  ///----\\\     IMS emergency call with eCall URN    +------+
     IVS    ----------------------------------------->+ PSAP |
  \\\----///    vehicle data included in call setup   +------+

Figure 2: NG-eCall

See Section 6 for information on how the MSD is transported within an NG-eCall.

This document registers new service URN children within the "sos" subservice. These URNs provide the mechanism by which an eCall is identified, and differentiate between manually and automatically triggered eCalls (which might be subject to different treatment, depending on policy). The two service URNs are: urn:service:sos.ecall.automatic and urn:service:sos.ecall.manual, which requests resources associated with an emergency call placed by an in-vehicle system, carrying a standardized set of data related to the vehicle and incident.

Call routing is outside the scope of this document.

8. Test Calls

eCall requires the ability to place test calls (see [TS22.101] clause 10.7 and [EN_16062] clause 7.2.2). These are calls that are recognized and treated to some extent as eCalls but are not given emergency call treatment and are not handled by call takers. The specific handling of test eCalls is not itself standardized; typically, the test call facility allows the IVS or user to verify that an eCall can be successfully established with voice communication. The IVS might also be able to verify that the MSD was successfully received.

A service URN starting with "test." indicates a test call. For eCall, "urn:service:test.sos.ecall" indicates such a test feature. This functionality is defined in [RFC6881].

This document registers "urn:service:test.sos.ecall" for eCall test calls.

The CS-eCall test call facility is a non-emergency number so does not get treated as an emergency call. For NG-eCall, MNOs, emergency authorities, and PSAPs can determine how to treat a vehicle call requesting the "test" service URN so that the desired functionality is tested, but this is outside the scope of this document.

9. The Metadata/Control Object

eCall requires the ability for the PSAP to acknowledge successful receipt of an MSD sent by the IVS, and for the PSAP to request that the IVS send an MSD (e.g., the call taker can initiate a request for a new MSD to see if there have been changes in the vehicle's state, e.g., location, direction, number of fastened seatbelts).

This document defines a block of metadata/control data as an XML structure containing elements used for eCall and other vehicle-initiated emergency call systems (i.e., in other regions) and extension points. (This metadata/control block is in effect a high-level protocol between the PSAP and IVS.) When the PSAP sends an eCall metadata/control block in response to data sent by the IVS in a SIP request other than INFO (e.g., the MSD in the initial INVITE), the metadata/control block is sent in the SIP response to that request (e.g., the response to the INVITE request). When the PSAP sends a control block in other circumstances (e.g., mid-call), the control block is transmitted from the PSAP to the IVS in a SIP INFO request within the established dialog. The IVS sends the requested data (the MSD) in a new INFO request (per [RFC6086]). This mechanism flexibly allows the PSAP to send eCall-specific data to the IVS and the IVS to respond. INFO requests are sent using an appropriate INFO Package. See Section 6 for more information on attaching a metadata/control block to a SIP message. See Section 10 for information about the use of INFO requests to carry data within an eCall.

This mechanism requires

  • An XML definition of the control object
  • Extension points for use by eCall-like systems in other regions
  • A MIME type registration for the control object (so it can be carried in SIP messages and responses)
  • An entry in the Emergency Call Additional Data Blocks registry so that the control block can be recognized as emergency call specific data within SIP messages
  • An Info-Package registration per [RFC6086] permitting the metadata/control block and the MSD within INFO requests

When the IVS includes an unsolicited MSD in a SIP request (e.g., the initial INVITE), the PSAP sends a metadata/control block indicating successful/unsuccessful receipt of the MSD in the SIP response to the request. This also informs the IVS that an NG-eCall is in operation. If the IVS receives a SIP response without the metadata/control block, it indicates that the SIP dialog is not an NG-eCall (e.g., some part of the call is being handled as a legacy call). When the IVS sends a solicited MSD (e.g., in a SIP INFO request sent following receipt of a SIP INFO request containing a metadata/control block requesting an MSD), the PSAP does not send a metadata/control block indicating successful or unsuccessful receipt of the MSD. (Normal SIP retransmission handles non-receipt of requested data; if the IVS sends a requested MSD in an INFO request and does not receive a SIP status message for the INFO request, it resends it; if the PSAP requests an MSD and does not receive a SIP status message for the INFO request, it resends it.) If the IVS receives a request to send an MSD but it is unable to do so for any reason, the IVS sends a metadata/control object acknowledging the request and containing "success=false" and "reason" set to an appropriate code.

This provides flexibility to handle various circumstances. For example, if a PSAP is unable to accept an eCall (e.g., due to overload or too many calls from the same location), it can reject the INVITE. Since a metadata/control object is also included in the SIP response that rejects the call, the IVS knows if the PSAP received the MSD, and can inform the vehicle occupants that the PSAP successfully received the vehicle location and information but can't talk to the occupants at that time. Especially for SIP response codes that indicate an inability to conduct a call (as opposed to a technical inability to process the request), the IVS can also determine that the call was successful on a technical level (e.g., not helpful to retry as a CS-eCall). The SIP response codes 600 (Busy Everywhere), 486 (Busy Here), and 603 (Decline) are used when the PSAP wants to reject a call but inform the vehicle occupants that it is aware of the situation. (Note that there could be edge cases where the PSAP response is not received by the IVS, e.g., if an intermediary sends a CANCEL, and an error response is forwarded towards the IVS before the error response from the PSAP is received, the response will be dropped, but these are unlikely to occur here.)

The metadata/control block is carried in the MIME type 'application/emergencyCallData.control+xml'.

The metadata/control block is designed for use with pan-European eCall and also eCall-like systems (i.e., in other regions), and has extension points to accomodate variances. Note that eCall-like systems might define their own vehicle data blocks, and so might need to register a new INFO package to accomodate the new data content type and the metadata/control object.

9.1. The Control Block

The control block is an XML data structure allowing for acknowledgments, requests, and capabilities information. It is carried in a body part with a specific MIME content type. Three elements are defined for use within a control block:

ack
Acknowledges receipt of data or a request.
capabilities:
Used in a control block sent from the IVS to the PSAP (e.g., in the initial INVITE) to inform the PSAP of the vehicle capabilities. Child elements contain all actions and data types supported by the vehicle. It is OPTIONAL for the IVS to send this block. Omitting the block indicates that the IVS supports only the mandatory functionality defined in this document.
request
Used in a control block sent by the PSAP to the IVS, to request the vehicle to perform an action.

The <ack> element indicates the object being acknowledged and reports success or failure.

The <request> element contains attributes to indicate the request and to supply related information. The 'action' attribute is mandatory and indicates the specific action. An IANA registry is created in Section 15.8.1 to contain the allowed values.

The <capabilities> element has child <request> elements to indicate the actions supported by the IVS.

9.1.1. The <ack> element

The <ack> element acknowledges receipt of an eCall data object or request. An <ack> element references the unique ID of the data object being acknowledged. The PSAP MUST send an <ack> element acknowledging receipt of an unsolicited MSD (e.g., sent by the IVS in the INVITE); this <ack> element indicates if the PSAP considers the MSD successfully received or not. An <ack> element is not sent for a <capabilities> element.

The <ack> element has the following attributes:

9.1.1.1. Attributes of the <ack> element

The <ack> element has the following attributes:

Name:
ref
Usage:
Mandatory
Type:
anyURI
Direction:
In this document, sent from the PSAP to the IVS
Description:
References the Content-ID of the body part being acknowledged.
Example:
<ack received="true" ref="1234567890@atlanta.example.com"/>
Name:
received
Usage:
Conditional: mandatory in an >ack< element sent by a PSAP
Type:
Boolean
Direction:
In this document, sent from the PSAP to the IVS
Description:
Indicates if the referenced object was considered successfully received or not.
Example:
<ack received="true" ref="1234567890@atlanta.example.com"/>

9.1.1.2. Child Element of the <ack> element

For extensibility, the <ack> element has the following child element:

Name:
actionResult
Usage:
Optional
Direction:
Provided for extension, sent from the IVS to the PSAP
Description:
An <actionResult> element indicates the result of an action (other than a 'send-data' action). When an <ack> element is in response to a control object with multiple <request> elements, the <ack> element contains an <actionResult> element for each <request> element that is not a 'send-data' action. The <actionResult> element has the following attributes:
Name:
action
Usage:
Mandatory
Type:
token
Direction:
In this document, sent from the PSAP to the IVS
Description:
Contains the value of the 'action' attribute of the <request> element
Name:
success
Usage:
Mandatory
Type:
Boolean
Direction:
Sent from the IVS to the PSAP
Description:
Indicates if the action was successfully accomplished
Name:
reason
Usage:
Conditional
Type:
token
Direction:
Sent from the IVS to the PSAP
Description:
Used when 'success' is "false", this attribute contains a reason code for a failure. A registry for reason codes is defined in Section 15.8.2.
Name:
details
Usage:
optional
Type:
string
Direction:
Sent from the IVS to the PSAP
Description:
Contains further explanation of the circumstances of a success or failure. The contents are implementation-specific and human-readable.

9.1.1.3. Ack Examples

                
    <?xml version="1.0" encoding="UTF-8"?>
    <emergencyCallData.control
        xmlns="urn:ietf:params:xml:ns:EmergencyCallData:control"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation=
            "urn:ietf:params:xml:ns:EmergencyCallData:control">

    <ack received="true" ref="1234567890@atlanta.example.com"/>

    </emergencyCallData.control>
                
            

Figure 3: Ack Example from PSAP to IVS

9.1.2. The <capabilities> element

The <capabilities> element is transmitted by the IVS to indicate to the PSAP its capabilities. No attributes for this element are currently defined. The following child elements are defined:

9.1.2.1. Child Elements of the <capabilities> element

The <capabilities> element has the following child elements:

Name:
request
Usage:
Mandatory
Description:
The <capabilities> element contains a <request> child element per action supported by the vehicle.
Examples:

<request action="send-data" supported-values="eCall.MSD" />

It is OPTIONAL for the IVS to support the <capabilities> element. If the IVS does not send a <capabilities> element, this indicates that the only <request> action supported by the IVS is 'send-data' with 'datatype' set to 'eCall.MSD'.

9.1.2.2. Capabilities Example

                
    <?xml version="1.0" encoding="UTF-8"?>
    <EmergencyCallData.eCallControl
        xmlns="urn:ietf:params:xml:ns:EmergencyCallData:control"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:ietf:params:xml:ns:EmergencyCallData:control">

    <capabilities>
        <request action="send-data" supported-values="eCall.MSD"/>
    </capabilities>

    </EmergencyCallData.eCallControl>
                
            

Figure 4: Capabilities Example

9.1.3. The <request> element

A <request> element appears one or more times on its own or as a child of a <capabilities> element. It allows the PSAP to request that the IVS perform an action. The only action that MUST be supported is to send an MSD. The following attributes and child elements are defined:

9.1.3.1. Attributes of the <request> element

The <request> element has the following attributes:

Name:
action
Usage:
Mandatory
Type:
token
Direction:
In this document, sent from the PSAP to the IVS; for extension, sent from the IVS to the PSAP
Description:
Identifies the action that the vehicle is requested to perform. An IANA registry is established in Section 15.8.1 to contain the allowed values.
Example:
action="send-data"
Name:
msgid
Usage:
Conditional
Type:
int
Direction:
Sent from the PSAP to the IVS
Description:
Defined for extensibility.
Example:
msgid="3"
Name:
persistance
Usage:
Optional
Type:
duration
Direction:
Sent from the PSAP to the IVS
Description:
Defined for extensibility. Specifies how long to carry on the specified action. If absent, the default is for the duration of the call.
Example:
persistance="PT1H"
Name:
datatype
Usage:
Conditional
Type:
token
Direction:
In this document, sent from the PSAP to the IVS; as an extension, sent from the IVS to the PSAP
Description:
Mandatory with a "send-data" action within a <request> element that is not within a <capabilities> element. Specifies the data block that the IVS is requested to transmit, using the same identifier as in the 'purpose' attribute set in a Call-Info header field to point to the data block. Permitted values are contained in the 'Emergency Call Data Types' IANA registry established in [RFC7852]. Only the "eCall.MSD" value is mandatory to support.
Example:
datatype="eCall.MSD"
Name:
supported-values
Usage:
Conditional
Type:
string
Direction:
Sent from the IVS to the PSAP
Description:
Defined for extensibility. Used in a <request> element that is a child of a <capability> element, this attribute lists all supported values of the action type. Permitted values depend on the action value. Multiple values are separated with a semicolon.
Name:
requested-state
Usage:
Conditional
Type:
token
Direction:
Sent from the PSAP to the IVS
Description:
Defined for extension. Indicates the requested state of an element associated with the request type. Permitted values depend on the request type.
Name:
element-ID
Usage:
Conditional
Type:
token
Direction:
Sent from the PSAP to the IVS
Description:
Defined for extension. Identifies the element to be acted on. Permitted values depend on the request type.

9.1.3.2. Request Example

                
    <?xml version="1.0" encoding="UTF-8"?>
    <emergencyCallData.control
        xmlns="urn:ietf:params:xml:ns:EmergencyCallData:control"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation=
            "urn:ietf:params:xml:ns:EmergencyCallData:control">

    <request action="send-data" datatype="eCall.MSD"/>

    </emergencyCallData.control>
                
            

Figure 5: Request Example

10. The emergencyCallData.eCall.MSD INFO package

This document registers the 'emergencyCallData.eCall.MSD' INFO package.

Both endpoints (the IVS and the PSAP equipment) include 'emergencyCallData.eCall.MSD' in a Recv-Info header field per [RFC6086] to indicate ability to receive INFO requests carrying data as described here.

Support for the 'emergencyCallData.eCall.MSD' INFO package indicates the ability to receive eCall related body parts as specified in [TBD: THIS DOCUMENT].

An INFO request message carrying body parts related to an emergency call as described in [TBD: THIS DOCUMENT] has an Info-Package header field set to 'emergencyCallData.eCall.MSD' per [RFC6086].

The requirements of Section 10 of [RFC6086] are addressed in the following sections.

10.1. Overall Description

This section describes "what type of information is carried in INFO requests associated with the Info Package, and for what types of applications and functionalities UAs can use the Info Package."

INFO requests associated with the emergencyCallData.eCall.MSD INFO package carry data associated with emergency calls as defined in [TBD: THIS DOCUMENT]. The application is vehicle-initiated emergency calls established using SIP. The functionality is to carry vehicle data and metadata/control information between vehicles and PSAPs. Refer to [TBD: THIS DOCUMENT] for more information.

10.2. Applicability

This section describes "why the Info Package mechanism, rather than some other mechanism, has been chosen for the specific use-case...."

The use of INFO is based on an analysis of the requirements against the intent and effects of INFO versus other approaches (which included SIP MESSAGE, SIP OPTIONS, SIP re-INVITE, media plane transport, and non-SIP protocols). In particular, the transport of emergency call data blocks occurs within a SIP emergency dialog, per Section 6, and is normally carried in the initial INVITE and its response; the use of INFO only occurs when emergency-call-related data needs to be sent mid-call. While MESSAGE could be used, it is not tied to a SIP dialog as is INFO and thus might not be associated with the dialog. SIP OPTIONS or re-INVITE could also be used, but is seen as less clean than INFO. SUBSCRIBE/NOTIFY could be coerced into service, but the semantics are not a good fit, e.g., the subscribe/notify mechanism provides one-way communication consisting of (often multiple) notifications from notifier to subscriber indicating that certain events in notifier have occurred, whereas what's needed here is two-way communication of data related to the emergency dialog. Use of the media plane mechanisms was discounted because the number of messages needing to be exchanged in a dialog is normally zero or very few, and the size of the data is likewise very small. The overhead caused by user plane setup (e.g., to use MSRP as transport) would be disproportionately large.

Based on the the analyses, the SIP INFO method was chosen to provide for mid-call data transport.

10.3. Info Package Name

The info package name is emergencyCallData.eCall.MSD

10.4. Info Package Parameters

None

10.5. SIP Option-Tags

None

10.6. INFO Request Body Parts

The body for an emergencyCallData.eCall.MSD info package is:

  • an application/emergencyCallData.eCall.MSD+per (containing an MSD), or
  • an application/emergencyCallData.control+xml (containing a metadata/control object), or
  • a multipart body containing:
    • zero or one application/emergencyCallData.eCall.MSD+per part (containing an MSD),
    • zero or more application/emergencyCallData.control+xml (containing a metadata/control object),

The body parts are sent per [RFC6086], and in addition, to align with with how these body parts are sent in SIP messages other than INFO requests, each associated body part is referenced by a Call-Info header field at the top level of the SIP message. If the body part is the only body part, it has a Content-Disposition header field value of "INFO-Package". If the body part is contained within a multipart, it has a Content-Disposition header field value of "By-Reference".

See [TBD: THIS DOCUMENT] for more information.

10.7. Info Package Usage Restrictions

Usage is limited to vehicle-initiated emergency calls as defined in [TBD: THIS DOCUMENT].

10.8. Rate of INFO Requests

The rate of SIP INFO requests associated with the emergencyCallData.eCall.MSD info package is normally quite low (most dialogs are likely to contain zero INFO requests, while others can be expected to carry an occasional request).

10.9. Info Package Security Considerations

The MIME content type registations for the data blocks that can be carried using this INFO package contains a discussion of the security and/or privacy considerations specific to that data block. The "Security Considerations" and "Privacy Considerations" sections of [TBD: THIS DOCUMENT] discuss security and privacy considerations of the data carried in eCalls.

10.10. Implementation Details

See [TBD: THIS DOCUMENT] for protocol details.

10.11. Examples

See [TBD: THIS DOCUMENT] for protocol examples.

11. Examples

Figure 6 illustrates an eCall. The call uses the request URI 'urn:service:sos.ecall.automatic' service URN and is recognized as an eCall, and further as one that was invoked automatically by the IVS due to a crash or other serious incident. In this example, the originating network routes the call to an ESInet which routes the call to the appropriate NG-eCall capable PSAP. The emergency call is received by the ESInet's Emergency Services Routing Proxy (ESRP), as the entry point into the ESInet. The ESRP routes the call to a PSAP, where it is received by a call taker. In deployments where there is no ESInet, the originating network routes the call directly to the appropriate NG-eCall capable PSAP, an illustration of which would be identical to the one below except without an ESInet or ESRP.

            +------------+  +---------------------------------------+
            |            |  |                  +-------+            |
            |            |  |                  | PSAP2 |            |
            |            |  |                  +-------+            |
            |            |  |                                       |
            |            |  |  +------+     +-------+               |
  Vehicle-->|            |--+->| ESRP |---->| PSAP1 |--> Call-Taker |
            |            |  |  +------+     +-------+               |
            |            |  |                                       |
            |            |  |                  +-------+            |
            |            |  |                  | PSAP3 |            |
            | Originating|  |                  +-------+            |
            |   Mobile   |  |                                       |
            |  Network   |  |                ESInet                 |
            +------------+  +---------------------------------------+
            

Figure 6: Example of NG-eCall Message Flow

Figure 7 illustrates an eCall call flow with a mid-call PSAP request for an updated MSD. The call flow shows the IVS initiating an emergency call, including the MSD in the INVITE. The PSAP includes in the 200 OK response a metadata/control object acknowledging receipt of the MSD. During the call, the PSAP sends a request for an MSD in an INFO request. The IVS sends the requested MSD in a new INFO request.

         IVS                                         PSAP
          |(1) INVITE (eCall MSD)                      |
          |------------------------------------------->|
          |                                            |
          |(2) 200 OK (eCall metadata [ack MSD])       |
          |<-------------------------------------------|
          |                                            |
          |(3) start media stream(s)                   |
          |............................................|
          |                                            |
          |(4) INFO (eCall metadata [request MSD])     |
          |<-------------------------------------------|
          |                                            |
          |(5) 200 OK                                  |
          |------------------------------------------->|
          |                                            |
          |(6) INFO (eCall MSD)                        |
          |------------------------------------------->|
          |                                            |
          |(7) 200 OK                                  |
          |<-------------------------------------------|
          |                                            |
          |(8) BYE                                     |
          |<-------------------------------------------|
          |                                            |
          |(9) end media streams                       |
          |............................................|
          |                                            |
          |(10) 200 OK                                 |
          |------------------------------------------->|
            

Figure 7: NG-eCall Call Flow Illustration

The example, shown in Figure 8, illustrates a SIP eCall INVITE that contains an MSD. For simplicity, the example does not show all SIP headers, nor the SDP contents, nor does it show any additional data blocks added by the IVS or the originating mobile network. Because the MSD is encoded in ASN.1 PER, which is a binary encoding, its contents cannot be included in a text document.

   INVITE urn:service:sos.ecall.automatic SIP/2.0
   To: urn:service:sos.ecall.automatic 
   From: <sip:+13145551111@example.com>;tag=9fxced76sl
   Call-ID: 3848276298220188511@atlanta.example.com
   Geolocation: <cid:target123@example.com>
   Geolocation-Routing: no
   Call-Info: <cid:1234567890@atlanta.example.com>;
              purpose=emergencyCallData.eCall.MSD
   Accept: application/sdp, application/pidf+xml,
           application/emergencyCallData.control+xml
   CSeq: 31862 INVITE
   Recv-Info: emergencyCallData.eCall.MSD
   Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
          SUBSCRIBE, NOTIFY, UPDATE
   Content-Type: multipart/mixed; boundary=boundary1
   Content-Length: ...

   --boundary1
   Content-Type: application/sdp

        ...Session Description Protocol (SDP) goes here...

   --boundary1
   Content-Type: application/emergencyCallData.eCall.MSD+per
   Content-ID: <1234567890@atlanta.example.com>
   Content-Disposition: by-reference;handling=optional

        ...MSD in ASN.1 PER encoding goes here...

    --boundary1--

Figure 8: SIP NG-eCall INVITE

Continuing the example, Figure 9 illustrates a SIP 200 OK response to the INVITE of Figure 8, containing a control block acknowledging successful receipt of the eCall MSD. (For simplicity, the example does not show all SIP headers.)

   SIP/2.0 200 OK
   To: <sip:+13145551111@example.com>;tag=9fxced76sl
   From: Exemplar PSAP <urn:service:sos.ecall.automatic>
   Call-ID: 3848276298220188511@atlanta.example.com
   Call-Info: <cid:2345678901@atlanta.example.com>;
              purpose=emergencyCallData.control
   Accept: application/sdp, application/pidf+xml,
           application/emergencyCallData.control+xml,
           application/emergencyCallData.eCall.MSD+per
   CSeq: 31862 INVITE
   Recv-Info: emergencyCallData.eCall.MSD
   Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
          SUBSCRIBE, NOTIFY, UPDATE
   Content-Type: multipart/mixed; boundary=boundaryX
   Content-Length: ...

   --boundaryX
   Content-Type: application/sdp

        ...Session Description Protocol (SDP) goes here...

   --boundaryX
   Content-Type: application/emergencyCallData.control+xml
   Content-ID: <2345678901@atlanta.example.com>
   Content-Disposition: by-reference

   <?xml version="1.0" encoding="UTF-8"?>
   <emergencyCallData.control
       xmlns="urn:ietf:params:xml:ns:EmergencyCallData:control"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation=
           "urn:ietf:params:xml:ns:EmergencyCallData:control">

   <ack received="true" ref="1234567890@atlanta.example.com"/>

   </emergencyCallData.control>

   --boundaryX--

Figure 9: 200 OK response to INVITE

Figure 10 illustrates an INFO request containing an eCall metadata/control block requesting an eCall MSD. (For simplicity, the example does not show all SIP headers.)

   INFO sip:+13145551111@example.com SIP/2.0
   To: <sip:+13145551111@example.com>;tag=9fxced76sl
   From: Exemplar PSAP <urn:service:sos.ecall.automatic>
   Call-ID: 3848276298220188511@atlanta.example.com
   Call-Info: <cid:3456789012@atlanta.example.com>;
              purpose=emergencyCallData.control
   Accept: application/sdp, application/pidf+xml,
           application/emergencyCallData.control+xml,
           application/emergencyCallData.eCall.MSD+per
   CSeq: 41862 INFO
   Info-Package: emergencyCallData.eCall.MSD
   Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
          SUBSCRIBE, NOTIFY, UPDATE
   Content-Disposition: info-package
   Content-Type: application/emergencyCallData.control+xml
   Content-ID: <3456789012@atlanta.example.com>

   <?xml version="1.0" encoding="UTF-8"?>
   <emergencyCallData.control
       xmlns="urn:ietf:params:xml:ns:EmergencyCallData:control"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation=
           "urn:ietf:params:xml:ns:EmergencyCallData:control">

   <request action="send-data" datatype="eCall.MSD"/>

   </emergencyCallData.control>

Figure 10: INFO requesting MSD

Figure 11 illustrates a SIP eCall INFO that contains an MSD. For simplicity, the example does not show all SIP headers. Because the MSD is encoded in ASN.1 PER, which is a binary encoding, its contents cannot be included in a text document.

   INFO urn:service:sos.ecall.automatic SIP/2.0
   To: urn:service:sos.ecall.automatic 
   From: <sip:+13145551111@example.com>;tag=9fxced76sl
   Call-ID: 3848276298220188511@atlanta.example.com
   Call-Info: <cid:4567890123@atlanta.example.com>;
              purpose=emergencyCallData.eCall.MSD
   Accept: application/sdp, application/pidf+xml,
           application/emergencyCallData.control+xml
   CSeq: 51862 INFO
   Info-Package: emergencyCallData.eCall.MSD
   Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE,
          SUBSCRIBE, NOTIFY, UPDATE
   Content-Type: application/emergencyCallData.eCall.MSD+per
   Content-ID: <4567890123@atlanta.example.com>
   Content-Disposition: info-package

        ...MSD in ASN.1 PER encoding goes here...

Figure 11: INFO containing MSD

12. Security Considerations

The security considerations described in [RFC5069] apply here.

In addition to any network-provided location (which might be determined solely by the network, or in cooperation with or possibly entirely by the originating device), an eCall carries an IVS-supplied location within the MSD. This is likely to be useful to the PSAP, especially when no network-provided location is included, or when the two locations are independently determined. Even in situations where the network-supplied location is limited to the cell site, this can be useful as a sanity check on the device-supplied location contained in the MSD.

The document [RFC7378] discusses trust issues regarding location provided by or determined in cooperation with end devices.

Security considerations specific to the mechanism by which the PSAP sends acknowledgments and requests to the vehicle are discussed in the "Security Considerations" block of Section 15.3.

Data received from external sources inherently carries implementation risks. For example, depending on the platform, buffer overflows can introduce remote code execution vulnerabilities, null characters can corrupt strings, numeric values used for internal calculations can result in underflow/overflow errors, malformed XML objects can expose parsing bugs, etc. Implementations need to be cognizant of the potential risks, observe best practices (which might include sufficiently capable static code analysis, fuzz testing, component isolation, avoiding use of unsafe coding techniques, third-party attack tests, signed software, over-the-air updates, etc.), and have multiple levels of protection. Implementors need to be aware that, potentially, the data objects described here and elsewhere might be malformed, might contain unexpected characters, excessively long attribute values, elements, etc.

The security considerations discussed in [RFC7852] apply here (see especially the discussion of TLS, TLS versions, cypher suites, and PKI).

When vehicle data or control/metadata is contained in a signed or encrypted body part, the enclosing multipart (e.g., multipart/signed or multipart/encrypted) has the same Content-ID as the enclosed data part. This allows an entity to identify and access the data blocks it is interested in without having to dive deeply into the message structure or decrypt parts it is not interested in. (The 'purpose' parameter in a Call-Info header field identifies the data and contains a CID URL pointing to the data block in the body, which has a matching Content-ID body part header field).

13. Privacy Considerations

The privacy considerations discussed in [RFC7852] apply here. The MSD carries some identifying and personal information (mostly about the vehicle and less about the owner), as well as location information, and so needs to be protected against unauthorized disclosure. Local regulations may impose additional privacy protection requirements.

Privacy considerations specific to the data structure containing vehicle information are discussed in the "Security Considerations" block of Section 15.2.

Privacy considerations specific to the mechanism by which the PSAP sends acknowledgments and requests to the vehicle are discussed in the "Security Considerations" block of Section 15.3.

14. XML Schema

This section defines an XML schema for the control block. The text description of the control block in Section 9.1 is normative and supersedes any conflicting aspect of this schema.

        
        <artwork>
        <![CDATA[
    <?xml version="1.0"?>
    <xs:schema
        targetNamespace="urn:ietf:params:xml:ns:EmergencyCallData:control"
        xmlns:xs="http://www.w3.org/2001/XMLSchema"
        xmlns:pi="urn:ietf:params:xml:ns:EmergencyCallData:control"
        xmlns:xml="http://www.w3.org/XML/1998/namespace"
        elementFormDefault="qualified"
        attributeFormDefault="unqualified">

        <xs:import namespace="http://www.w3.org/XML/1998/namespace"
            schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>

        <xs:element name="EmergencyCallData.eCallControl"
                    type="pi:eCallControlType"/>

        <xs:complexType name="eCallControlType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:choice>
                        <xs:element name="capabilities" 
                                    type="pi:capabilitiesType"/>
                        <xs:element name="request" type="pi:requestType"/>
                        <xs:element name="ack" type="pi:ackType"/>
                        <xs:any namespace="##any" processContents="lax"
                                minOccurs="0"
                                maxOccurs="unbounded"/>
                    </xs:choice>
                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>

        <xs:complexType name="ackType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:sequence minOccurs="1" maxOccurs="unbounded">
                        <xs:element name="actionResult" minOccurs="0"
                                    maxOccurs="unbounded">
                            <xs:complexType>
                                <xs:attribute name="action"
                                              type="xs:token"
                                              use="required"/>
                                <xs:attribute name="success"
                                              type="xs:boolean"
                                              use="required"/>
                                <xs:attribute name="reason"
                                              type="xs:token">
                                    <xs:annotation>
                                        <xs:documentation>conditionally
                                             mandatory when @success='false"
                                            to indicate reason code for a
                                            failure </xs:documentation>
                                    </xs:annotation>
                                </xs:attribute>
                                <xs:attribute name="details"
                                              type="xs:string"/>
                                <xs:anyAttribute processContents="skip"/>
                            </xs:complexType>
                        </xs:element>
                        <xs:any namespace="##any" processContents="lax"
                                minOccurs="0"
                                maxOccurs="unbounded"/>
                    </xs:sequence>
                    <xs:attribute name="ref"
                                  type="xs:anyURI"
                                  use="required"/>
                    <xs:attribute name="received"
                                  type="xs:boolean"/>
                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>

        <xs:complexType name="capabilitiesType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:sequence minOccurs="1" maxOccurs="unbounded">
                        <xs:element name="request"
                                    type="pi:requestType" 
                                    minOccurs="1"
                            maxOccurs="unbounded"/>
                        <xs:any namespace="##any" processContents="lax"
                                 minOccurs="0"
                            maxOccurs="unbounded"/>
                    </xs:sequence>
                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>

        <xs:complexType name="requestType">
            <xs:complexContent>
                <xs:restriction base="xs:anyType">
                    <xs:choice minOccurs="1" maxOccurs="unbounded">
                        <xs:any namespace="##any" processContents="lax"
                                minOccurs="0"
                                maxOccurs="unbounded"/>
                    </xs:choice>
                    <xs:attribute name="action" type="xs:token" use="required"/>
                    <xs:attribute name="msgid" type="xs:unsignedInt"/>
                    <xs:attribute name="persistence" type="xs:duration"/>
                    <xs:attribute name="datatype" type="xs:token"/>
                    <xs:attribute name="supported-values" type="xs:string"/>
                    <xs:attribute name="element-id" type="xs:token"/>
                    <xs:attribute name="requested-state" type="xs:token"/>
                    <xs:anyAttribute/>
                </xs:restriction>
            </xs:complexContent>
        </xs:complexType>

    </xs:schema>
        
        

Figure 12: Control Block Schema

15. IANA Considerations

15.1. Service URN Registrations

IANA is requested to register the URN 'urn:service:sos.ecall' under the sub-services 'sos' registry defined in Section 4.2 of [RFC5031].

This service requests resources associated with an emergency call placed by an in-vehicle system, carrying a standardized set of data related to the vehicle and incident. Two sub-services are registered as well:

urn:service:sos.ecall.manual


Used with an eCall invoked due to manual interaction by a vehicle occupant.
urn:service:sos.ecall.automatic


Used with an eCall invoked automatically, for example, due to a crash or other serious incident.

IANA is also requested to register the URN 'urn:service:test.sos.ecall' under the sub-service 'test' registry defined in Setcion 17.2 of [RFC6881].

15.2. MIME Content-type Registration for 'application/emergencyCallData.eCall.MSD+per'

IANA is requested to add application/emergencyCallData.eCall.MSD+per as a MIME content type, with a reference to this document, in accordance to the procedures of RFC 6838 [RFC6838] and guidelines in RFC 7303 [RFC7303].

  • MIME media type name: application
  • MIME subtype name: emergencyCallData.eCall.MSD+per
  • Mandatory parameters: none
  • Optional parameters: none
  • Encoding scheme: binary
  • Encoding considerations: Uses ASN.1 PER, which is a binary encoding; when transported in SIP, binary content transfer encoding is used.
  • Security considerations: This content type is designed to carry vehicle and incident-related data during an emergency call. This data contains personal information including vehicle VIN, location, direction, etc. Appropriate precautions need to be taken to limit unauthorized access, inappropriate disclosure to third parties, and eavesdropping of this information. In general, it is acceptable for the data to be unprotected while briefly in transit within the Mobile Network Operator (MNO); the MNO is trusted to not permit the data to be accessed by third parties. Sections 7 and Section 8 of [RFC7852] contain more discussion.
  • Interoperability considerations: None
  • Published specification: Annex A of EN 15722 [msd]
  • Applications which use this media type: Pan-European eCall compliant systems
  • Additional information: None
  • Magic Number: None
  • File Extension: None
  • Macintosh file type code: 'BINA'
  • Person and email address for further information: Randall Gellens, rg+ietf@randy.pensive.org
  • Intended usage: LIMITED USE
  • Author: The MSD specification was produced by the European Committee For Standardization (CEN). For contact information, please see <http://www.cen.eu/cen/Pages/contactus.aspx>.
  • Change controller: The European Committee For Standardization (CEN)

15.3. MIME Content-type Registration for 'application/emergencyCallData.control+xml'

IANA is requested to add application/emergencyCallData.control+xml as a MIME content type, with a reference to this document, in accordance to the procedures of RFC 6838 [RFC6838] and guidelines in RFC 7303 [RFC7303].

  • MIME media type name: application
  • MIME subtype name: emergencyCallData.control+xml
  • Mandatory parameters: none
  • Optional parameters: charset
  • Indicates the character encoding of the XML content.
  • Encoding considerations: Uses XML, which can employ 8-bit characters, depending on the character encoding used. See Section 3.2 of RFC 7303 [RFC7303].
  • Security considerations:
    • This content type carries metadata and control information and requests, such as from a Public Safety Answering Point (PSAP) to an In-Vehicle System (IVS) during an emergency call.
    • Metadata (such as an acknowledgment that data sent by the IVS to the PSAP was successfully received) has limited privacy and security implications. Control information (such as requests from the PSAP that the vehicle perform an action) has some privacy and security implications. The privacy concern arises from the ability to request the vehicle to transmit a data set, which as described in Section 15.2, can contain personal information. The security concern is the ability to request the vehicle to perform an action. Control information needs to originate only from a PSAP or other emergency services provider, and not be modified en-route. The level of integrity of the cellular network over which the emergency call is placed is a consideration: when the IVS initiates an eCall over a cellular network, in most cases it relies on the MNO to route the call to a PSAP. (Calls placed using other means, such as Wi-Fi or over-the-top services, generally incur somewhat higher levels of risk than calls placed "natively" using cellular networks.) A call-back from a PSAP merits additional consideration, since current mechanisms are not ideal for verifying that such a call is indeed a call-back from a PSAP in response to an emergency call placed by the IVS. See the discussion in Section 12 and the PSAP Callback document [RFC7090].
    • Sections 7 and Section 8 of [RFC7852] contain more discussion.

  • Interoperability considerations: None
  • Published specification: This document
  • Applications which use this media type: Pan-European eCall compliant systems
  • Additional information: None
  • Magic Number: None
  • File Extension: .xml
  • Macintosh file type code: 'TEXT'
  • Person and email address for further information: Randall Gellens, rg+ietf@randy.pensive.org
  • Intended usage: LIMITED USE
  • Author: The IETF ECRIT WG.
  • Change controller: The IETF ECRIT WG.

15.4. Registration of the 'eCall.MSD' entry in the Emergency Call Additional Data Blocks registry

This specification requests IANA to add the 'eCall.MSD' entry to the Emergency Call Additional Data Blocks registry, with a reference to this document.

15.5. Registration of the 'control' entry in the Emergency Call Additional Data Blocks registry

This specification requests IANA to add the 'control' entry to the Emergency Call Additional Data Blocks registry, with a reference to this document.

15.6. Registration of the emergencyCallData.eCall Info Package

IANA is requested to add emergencyCallData.eCall to the Info Packages Registry under "Session Initiation Protocol (SIP) Parameters", with a reference to this document.

15.7. URN Sub-Namespace Registration

15.7.1. Registration for urn:ietf:params:xml:ns:eCall

This section registers a new XML namespace, as per the guidelines in RFC 3688 [RFC3688].

                    
    BEGIN
    <?xml version="1.0"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
        "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="content-type"
              content="text/html;charset=iso-8859-1"/>
        <title>Namespace for eCall Data</title>
    </head>
    <body>
        <h1>Namespace for eCall Data</h1>
        <p>See [TBD: This document].</p>
    </body>
    </html>
    END

                    

URI:
urn:ietf:params:xml:ns:eCall
Registrant Contact:
IETF, ECRIT working group, <ecrit@ietf.org>, as delegated by the IESG <iesg@ietf.org>.
XML:

15.7.2. Registration for urn:ietf:params:xml:ns:control

This section registers a new XML namespace, as per the guidelines in RFC 3688 [RFC3688].

            
   BEGIN
   <?xml version="1.0"?>
   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
        "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
        <meta http-equiv="content-type"
              content="text/html;charset=iso-8859-1"/>
        <title>Namespace for eCall Data: 
               Control Block</title>
   </head>
   <body>
        <h1>Namespace for eCall Data</h1>
        <h2>Control Block</h2>
   <p>See [TBD: This document].</p>
   </body>
   </html>
   END
   
            

URI:
urn:ietf:params:xml:ns:control
Registrant Contact:
IETF, ECRIT working group, <ecrit@ietf.org>, as delegated by the IESG <iesg@ietf.org>.
XML:

15.8. Registry creation

This document creates a new registry called 'eCall Metadata/Control Data'. The following sub-registries are created for this registry.

15.8.1. Action Registry

This document creates a new sub-registry called "Action Registry". As defined in [RFC5226], this registry operates under "Expert Review" rules. The expert should determine that the proposed action is within the purview of a vehicle, is sufficiently distinguishable from other actions, and the action is clearly and fully described. In most cases, a published and stable document is referenced for the description of the action.

The content of this registry includes:

Name:
The identifier to be used in the 'action' attribute of a control <request> element.
Description:
A description of the action. In most cases this will be a reference to a published and stable document. The description MUST specify if any attributes or child elements are optional or mandatory, and describe the action to be taken by the vehicle.

The initial set of values is listed in Table 2.

Action Registry Initial Values
Name Description
send-data See Section 9.1.3.1 of this document

15.8.2. Reason Registry

This document creates a new sub-registry called "Reason Registry" which contains values for the 'reason' attribute of the <actionResult> element. As defined in [RFC5226], this registry operates under "Expert Review" rules. The expert should determine that the proposed reason is sufficiently distinguishable from other reasons and that the proposed description is understandable and correctly worded.

The content of this registry includes:

ID:
A short string identifying the reason, for use in the 'reason' attribute of an <actionResult> element.
Description:
A description of the reason.

The initial set of values is listed in Table 3.

Reason Registry
ID Description
unsupported The 'action' value is not supported.
damaged Required components are damaged.
unable The action could not be accomplished (a generic error for use when no other code is appropriate).
data-unsupported The data item referenced in a 'send-data' request is not supported.
security-failure The authenticity of the request or the authority of the requestor could not be verified.

16. Contributors

Brian Rosen was a co-author of the original document upon which this document is based.

17. Acknowledgements

We would like to thank Bob Williams and Ban Al-Bakri for their feedback and suggestion; Rex Buddenberg, Lena Chaponniere, Keith Drage, Stephen Edge, Wes George, Christer Holmberg, Ivo Sedlacek, and James Winterbottom for their review and comments; Robert Sparks and Paul Kyzivat for their help with the SIP mechanisms. We would like to thank Michael Montag, Arnoud van Wijk, Gunnar Hellstrom, and Ulrich Dietz for their help with the original document upon which this document is based.

18. Changes from Previous Versions

18.1. Changes from draft-ietf-12 to draft-ietf-13

  • Clarifications suggested by Christer
  • Corrections to Content-Disposition text and examples as suggested by Paul Kyzivat
  • Clarifications to Content-Disposition text and examples to clarify that handling=optional is only used in the initial INVITE

18.2. Changes from draft-ietf-11 to draft-ietf-12

  • Fixed errors in examples found by Dale
  • Removed enclosing sub-section of INFO package registration section
  • Added text per Christer and Dale's suggestions that the MSD and metadata/control blocks are sent in INFO with a Call-Info header field referencing them
  • Deleted Call Routing section (7.1) in favor of a statement that call routing is outside the scope of the document
  • Other text changes per comments received from Christer and Ivo.

18.3. Changes from draft-ietf-09 to draft-ietf-11

  • Renamed INFO package to emergencyCallData.eCall.MSD
  • Changed INFO package to only permit MSD and metadata/control MIME types
  • Moved <capabilities> element back from car-crash but made it OPTIONAL
  • Moved other extension points back from car-crash so that extension points are in base spec (and also to get XML schema to compile)
  • Text changes for clarification.

18.4. Changes from draft-ietf-08 to draft-ietf-09

  • Created a new "Data Transport" section that describes how the MSD and metadata/control blocks are attached, and then referred to that section rather than repeat the information about the CID and Call-Info and so forth, which means most references to the additional-data draft have now been deleted
  • Mentioned edge cases where a PSAP response to INVITE isn't received by the IVS
  • Reworded description of which status codes are used when a PSAP wishes to reject a call but inform the vehicle occupants that it is aware of the situation to be more definite
  • Added examples showing INFO
  • Added references for eCall test call requirement
  • Described meaning of eCall URNs in Section 8 as well as in IANA registration

18.5. Changes from draft-ietf-07 to draft-ietf-08

  • eCall MSD now encoded as ASN.1 PER, using binary content transfer encoding
  • Added text to point out aspects of call handling and metadata/control usage, such as use in rejected calls, and solicited MSDs
  • Revised use of INFO to require that when a request for an MSD is sent in INFO, the MSD sent in response is in its own INFO, not the response to the requesting INFO
  • Added material to INFO package registation to comply with Section 10 of [RFC6086]
  • Moved material not required by 3GPP into [I-D.ietf-ecrit-car-crash], e.g., some of the eCall metadata/control elements, attributes, and values
  • Revised test call wording to clarify that specific handling is out of scope
  • Revised wording throughout the document to simplify
  • Moved new Section 7.1 to be a subsection of 7
  • Moved new Section Section 10 to be a main section instead of a subsection of Section 9
  • Revised SIP INFO usage and package registration per advice from Robert Sparks and Paul Kyzivat

18.6. Changes from draft-ietf-06 to draft-ietf-07

  • Fixed typo in Acknowledgements

18.7. Changes from draft-ietf-05 to draft-ietf-06

  • Added additional security and privacy clarifications regarding signed and encrypted data
  • Additional security and privacy text
  • Deleted informative section on ESINets as unnecessary.

18.8. Changes from draft-ietf-04 to draft-ietf-05

  • Reworked the security and privacy considerations material in the document as a whole and in the MIME registation sections of the MSD and control objects
  • Clarified that the <actionResult> element can appear multiple times within an <ack> element
  • Fixed IMS definition
  • Added clarifying text for the 'msgid' attribute

18.9. Changes from draft-ietf-03 to draft-ietf-04

  • Added Privacy Considerations section
  • Reworded most uses of non-normative "may", "should", "must", and "recommended."
  • Fixed nits in examples

18.10. Changes from draft-ietf-02 to draft-ietf-03

  • Added request to enable cameras
  • Improved examples and XML schema
  • Clarifications and wording improvements

18.11. Changes from draft-ietf-01 to draft-ietf-02

  • Added clarifying text reinforcing that the data exchange is for small blocks of data infrequently transmitted
  • Clarified that dynamic media is conveyed using SIP re-INVITE to establish a one-way media stream
  • Clarified that the scope is the needs of eCall within the SIP emergency call environment
  • Added informative statement that the document may be suitable for reuse by other ACN systems
  • Clarified that normative language for the control block applies to both IVS and PSAP
  • Removed 'ref', 'supported-mime', and <media> elements
  • Minor wording improvements and clarifications

18.12. Changes from draft-ietf-00 to draft-ietf-01

  • Added further discussion of test calls
  • Added further clarification to the document scope
  • Mentioned that multi-region vehicles may need to support other crash notification specifications in addition to eCall
  • Added details of the eCall metadata and control functionality
  • Added IANA registration for the MIME content type for the control object
  • Added IANA registries for protocol elements and tokens used in the control object
  • Minor wording improvements and clarifications

18.13. Changes from draft-gellens-03 to draft-ietf-00

  • Renamed from draft-gellens- to draft-ietf-.
  • Added mention of and reference to ETSI TR "Mobile Standards Group (MSG); eCall for VoIP"
  • Added text to Introduction regarding migration/co-existence being out of scope
  • Added mention in Security Considerations that even if the network-supplied location is just the cell site, this can be useful as a sanity check on the IVS-supplied location
  • Minor wording improvements and clarifications

18.14. Changes from draft-gellens-02 to -03

  • Clarifications and editorial improvements.

18.15. Changes from draft-gellens-01 to -02

  • Minor wording improvements
  • Removed ".automatic" and ".manual" from "urn:service:test.sos.ecall" registration and discussion text.

18.16. Changes from draft-gellens-00 to -01

  • Now using 'EmergencyCallData' for purpose parameter values and MIME subtypes, in accordance with changes to [RFC7852]
  • Added reference to RFC 6443
  • Fixed bug that caused Figure captions to not appear

19. References

19.1. Normative References

[EN_16062] CEN, , "Intelligent transport systems - eSafety - eCall High Level Application Requirements (HLAP) Using GSM/UMTS Circuit Switched Networks, EN 16062", April 2015.
[EN_16072] CEN, , "Intelligent transport systems - eSafety - Pan-European eCall operating requirements, EN 16072", April 2015.
[msd] CEN, , "Intelligent transport systems -- eSafety -- eCall minimum set of data (MSD), EN 15722", April 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004.
[RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for Emergency and Other Well-Known Services", RFC 5031, DOI 10.17487/RFC5031, January 2008.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008.
[RFC6443] Rosen, B., Schulzrinne, H., Polk, J. and A. Newton, "Framework for Emergency Calling Using Internet Multimedia", RFC 6443, DOI 10.17487/RFC6443, December 2011.
[RFC6838] Freed, N., Klensin, J. and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, DOI 10.17487/RFC6838, January 2013.
[RFC6881] Rosen, B. and J. Polk, "Best Current Practice for Communications Services in Support of Emergency Calling", BCP 181, RFC 6881, DOI 10.17487/RFC6881, March 2013.
[RFC7303] Thompson, H. and C. Lilley, "XML Media Types", RFC 7303, DOI 10.17487/RFC7303, July 2014.
[RFC7852] Gellens, R., Rosen, B., Tschofenig, H., Marshall, R. and J. Winterbottom, "Additional Data Related to an Emergency Call", RFC 7852, DOI 10.17487/RFC7852, July 2016.
[TS22.101] 3GPP, , "3GPP TS 22.101: Technical Specification Group Services and System Aspects; Service aspects; Service principles"

19.2. Informative references

, ", ", "
[CEN]European Committee for Standardization"
[I-D.ietf-ecrit-car-crash] Gellens, R., Rosen, B. and H. Tschofenig, Next-Generation Vehicle-Initiated Emergency Calls", Internet-Draft draft-ietf-ecrit-car-crash-11, September 2016.
[MSG_TR] ETSI, , ETSI Mobile Standards Group (MSG); eCall for VoIP", ETSI Technical Report TR 103 140 V1.1.1 (2014-04), April 2014.
[RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for Emergency Context Resolution with Internet Technologies", RFC 5012, DOI 10.17487/RFC5012, January 2008.
[RFC5069] Taylor, T., Tschofenig, H., Schulzrinne, H. and M. Shanmugam, "Security Threats and Requirements for Emergency Call Marking and Mapping", RFC 5069, DOI 10.17487/RFC5069, January 2008.
[RFC6086] Holmberg, C., Burger, E. and H. Kaplan, "Session Initiation Protocol (SIP) INFO Method and Package Framework", RFC 6086, DOI 10.17487/RFC6086, January 2011.
[RFC7090] Schulzrinne, H., Tschofenig, H., Holmberg, C. and M. Patel, "Public Safety Answering Point (PSAP) Callback", RFC 7090, DOI 10.17487/RFC7090, April 2014.
[RFC7378] Tschofenig, H., Schulzrinne, H. and B. Aboba, "Trustworthy Location", RFC 7378, DOI 10.17487/RFC7378, December 2014.
[SDO-3GPP]3d Generation Partnership Project"
[SDO-ETSI]European Telecommunications Standards Institute (ETSI)"

Authors' Addresses

Randall Gellens Core Technology Consulting EMail: rg+ietf@randy.pensive.org
Hannes Tschofenig Individual EMail: Hannes.Tschofenig@gmx.net URI: http://www.tschofenig.priv.at