Internet DRAFT - draft-bhatia-sipping-sip-php
draft-bhatia-sipping-sip-php
Internet Draft S. Bhatia
Document: draft-bhatia-sipping-sip-php-00.txt A. Niemi
Expires: January 2002 Nokia
July 2001
PHP: Hypertext Preprocessor for SIP
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
Due to the similarity of SIP and HTTP, many mechanisms that have
been instrumental in the success of the World Wide Web have been
replicated in SIP. PHP is a robust, cross-platform scripting
language, which has been tailored to simplify and accelerate service
development on the World Wide Web while empowering the developer
with easy and yet reliable connectivity with all modern databases.
This draft discusses the creation of SIP services using PHP.
Table of Contents
Status of this Memo................................................1
Abstract...........................................................1
1. Introduction....................................................2
2. Conventions used in this document...............................2
3. Motivations.....................................................3
4. SIP PHP Specification...........................................3
4.1. Introduction..................................................3
�Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
4.2. PHP script execution..........................................4
4.4. SIP functions in PHP..........................................4
4.5. Dynamic documents in SIP with PHP.............................6
5. Security Considerations.........................................6
5.1. Request Initiation............................................6
5.2. Authenticated and Encrypted Messages..........................7
6. Acknowledgements................................................7
References.........................................................7
Author's Addresses.................................................8
1. Introduction
One of the most important factors attributing to the phenomenal
success of the World Wide Web and its extraordinary growth in the
last decade has been the flexibility and robustness of technologies
that have enabled developers to rapidly create and deploy services
on web servers.
With the passage of time, new tools and technologies tailored to
specific tasks, levels of security, scalability of the application
etc. have emerged and have supplanted previous ones in numerous
domains in the industry.
PHP [1] is one of the most influential of these newly established
technologies and has pervaded nearly every sphere of the web in a
staggeringly short period of time.
Prior to the acceptance of the Session Initiation Protocol (SIP) [2]
as a standard for control in telephony networks, services in
telephony networks were developed for IN service environments. Due
to the strong similarity of SIP with HTTP [3], several technologies
that are used to develop services over HTTP have also been
standardized for building services over SIP.
PHP is one such technology, which with its variety of programming
interfaces (connectivity to databases, COM, CORBA, RMI, SNMP, LDAP
etc.), widespread acceptance and familiarity could profoundly
influence the potential as well as the swiftness of service
development for SIP.
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC-2119 [4].
Bhatia and Niemi Expires January 2002 2 �Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
3. Motivations
There are many benefits of using PHP to implement services for SIP.
Some of the most prominent of these are listed below:
1. Multi-platform: PHP component implementations are available for
nearly every conceivable platform existing today including Linux,
Solaris, BeOS, AIX, FreeBSD, Win32 etc.
2. Industry standard: PHP is a de facto industry standard that has
emerged out of a community of web developers and has gained millions
of followers as well having penetrated millions of web servers that
use it to deploy dynamic content.
3. Platform and Network functions: PHP supports high level functions
that provide PHP scripts access to numerous network and platform
interfaces such as SNMP, FTP, LDAP, SMTP, DOM and IMAP.
4. Database connectivity: PHP offers easy and yet reliable
connectivity to most of today's common databases including Oracle,
Sybase, MySQL, ODBC and others. PHP also offers integration with
various external libraries that enable the developer to do anything
from generating PDF documents to parsing XML.
5. Greater control: Since services written using PHP are interpreted
by an extension of the server they run with, they allow far greater
control to be exercised than services that might be executed as
platform-binaries.
6. Extensibility and Reusability: PHP is in the process of
continuous extension of functionality by the open-source community.
Complete scripts, classes and libraries are freely available on the
Internet, and can be used to create services fast and efficiently.
Since PHP is a scripting language, pieces of scripts are highly
reusable.
4. SIP PHP Specification
4.1. Introduction
It should be noted that although in the web domain, PHP is used
mainly to create dynamic XML content, its usage in SIP tends to
resemble other scripting environments used to enable enhanced call
routing and service creation.
However, in the future many SIP-related services may be expected to
revolve around things other than pure telephony services.
For creating services not exclusively related to the call routing
process, PHP has inherent support for a much more elaborate set of
tools than other mechanisms, such as SIP-CGI [5] and CPL [6].
Bhatia and Niemi Expires January 2002 3 �Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
4.2. PHP script execution
This draft is based on the work-in-progress PHP manual, which can be
found at http://www.php.net/docs.php.
A PHP extension module (that parses and executes PHP scripts) in a
server is glued to it by means of a server abstraction layer (SAPI).
The engine for parsing PHP (The Zend Engine) and the PHP core, where
the actual functionality of the PHP execution environment resides,
are built on top of this abstraction layer.
This draft does not attempt to define a standard procedure for SIP
servers to use PHP scripts. Instead, it introduces some basic
concepts, which make PHP in SIP a viable mechanism.
4.3. Using PHP with SIP-CGI
A typical SIP network structure is shown in figure 1. Usually a SIP
network server may deploy services for its users. These services may
include mechanisms such as CPL and SIP-CGI scripting. A SIP-CGI
scripting environment can readily adopt PHP, since PHP can be
executed as any CGI program.
+----------+ +-----------+ +-------------+
| | req | | SIP | |
| User | ---------> | SIP | CGI | PHP |
| Agent | <--------- | Proxy | <---> | Scripting |
| | resp | Server | | Environment |
+----------+ | | | |
+-----------+ +-------------+
| ^
| | resp
| |
| |
req | |
v |
+-----------+
| |
| User |
| Agent |
| |
+-----------+
Fig 1. Normal SIP PHP environment
4.4. SIP functions in PHP
In general, SIP proxies are far more complex and functional than
their HTTP counterparts. Also, most HTTP scripts apply themselves to
a singular connection, i.e. the one bound to the client that has
Bhatia and Niemi Expires January 2002 4 �Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
issued the HTTP request. SIP scripts, as opposed to that, may need
to involve connections to other clients as well in the course of
processing a transaction or session.
+-----------+
| |
| User |
| Agent |
| |
+-----------+
| ^
| | resp
| |
req | |
| | [UA] [UA] [UA] [UA]
v | | | | /
+-----------+ +-------------+ -[UA]
| | SIP | |
| SIP | CGI | PHP | -[UA]
| (Network) | <---> | Scripting |
| Server | | Environment | -[UA]
| | | |
+-----------+ +-------------+ -[UA]
| | | \
[UA] [UA] [UA] [UA]
Fig 2. PHP scripts with server functionality
Consider for instance, a situation in which a user wishes to be
notified of any incoming call that is being forwarded by the proxy
by means of an instant message. A PHP script implementing this
functionality will need to create a new call-leg over which any such
notification would hence be dispatched.
In such a situation, it may not be desirable for the script to
initiate independent and arbitrary connections. It would be highly
beneficial if the scripts were to delegate these actions to the
actual SIP server to utilize operations specific to the SIP
protocol, authentication mechanisms etc. and keep administrative
policies pertaining to the domain uniform.
Thus, although generating dynamic documents and passing them to the
HTTP server empowers HTTP-PHP scripts sufficiently, SIP-PHP scripts
may require to perform other operations, such as creating new call-
legs in the SIP server. Thus, SIP-PHP scripts must be provided with
an additional API to invoke these operations through the SIP server.
This API will be described in more detail in future versions of this
draft.
Bhatia and Niemi Expires January 2002 5 �Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
4.5. Dynamic documents in SIP with PHP
In the web domain, PHP is used most commonly to generate dynamic XML
content. PHP scripts are embedded in XML and executed on document
retrieval. In SIP, documents of this sort are absent in normal call
routing or session establishment.
However, with SIP being used in applications such as presence [7]
and Instant Messaging [8], PHP can provide a myriad of powerful
tools for creating dynamic elements in SIP messages.
For example, presence agent functionality might be fully contained
in a simple PHP script run adjunct to a presence server. In this
scenario, there is clear analogy between the type of SIP services
offered and modern day web services. An example of a PHP enhanced
presence document is shown in figure 3.
<?xml version="1.0"?>
<presence
<?php
echo "entityInfo=/"$SIP_TO/">";
include("presence_agent.php");
?>
</presence>
Fig 3. Simple presence document using PHP
On the event of an incoming SUBSCRIBE, the above document would be
relayed through corresponding NOTIFYs. The embedded PHP script would
generate the presentity information using PHP's network and/or
database functions.
5. Security Considerations
5.1. Request Initiation
PHP is a powerful language and the PHP scripts are allowed to access
files, execute commands and open network connections on a server.
Similarly, PHP scripts can initiate arbitrary SIP transactions, and
produce spoofed responses of any sort. These properties make any
script run on a server insecure by default.
This document does not specify restrictions to the actions PHP
scripts can take, but instead suggests that server administrators
MUST consider PHP scripts as security-sensitive, and monitor and
review the security of PHP scripts before installing them.
Also, it should be noted that uploading PHP scripts should be made
in a secure fashion, i.e. the authenticity and integrity of the
scripts should be guaranteed.
Bhatia and Niemi Expires January 2002 6 �Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
5.2. Authenticated and Encrypted Messages
PHP scripts must be careful not to interfere with authentication.
Adding or removing of headers, or modifying the message payload that
has been included in an integrity checksum by the user agent, will
effectively break authentication at the user agent.
When SIP requests are encrypted, the headers in cleartext are passed
to the script as specified in SIP-CGI. The encrypted portion is
passed to the script as a body. Any added headers may be discarded
upon decryption, if those headers are also contained in the
encrypted portion.
5.3. SIP Server API
In HTTP-PHP, the interface between scripts and the HTTP server is a
lightweight one, and does not require any security additional to
that which the platform and web server itself imposes.
In SIP, however, it may sometimes be necessary to deny ordinary
scripts access to certain functions and programmatic interfaces that
might be provided by the API. This security feature is also a future
work item.
6. Acknowledgements
The authors would like to acknowledge Tommi Komulainen, Jens Staack,
Patrik Flykt, Sami Uskela, Markus Isomaki and Yrjo Raivio for
interesting discussions on the subject.
References
1 http://www.php.net/
2 Handley, M., Schulzrinne, H., Schooler, E., Rosenberg, J., "SIP:
Session Initiation Protocol", RFC 2543, March 1999
3 Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P., Berners-Lee, T., "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999
4 Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997
Bhatia and Niemi Expires January 2002 7 �Internet Draft PHP: Hypertext Preprocessor for SIP July 2001
5 Lennox, J., Schulzrinne, H., Rosenberg, J., "Common Gateway
Interface for SIP", RFC 3050, January 2001
6 Lennox, J., Schulzrinne, H., "CPL: A Language for User Control of
Internet Telephony Services", Internet Draft, November, 2000,
Work in progress
7 Rosenberg, J., et al., "SIP Extensions for Presence", Internet
Draft, March 2001, Work in progress
8 Rosenberg, J., Willis, D., Sparks, R., Campbell, B.,
Schultzrinne, H., Lennox, J., Huitema, C., Aboba, B., Gurle, D.,
Oran, D., "SIP Extensions for Instant Messaging", Internet Draft,
April 2001, Work in progress
Author's Addresses
Sapan Bhatia
Nokia
P.O. Box 301 Phone: +358-50-3891646
FIN-00045 NOKIA GROUP Email: sapan.bhatia@nokia.com
Finland
Aki Niemi
Nokia
P.O. Box 301 Phone: +358-50-3891644
FIN-00045 NOKIA GROUP Email: aki.niemi@nokia.com
Finland
Bhatia and Niemi Expires January 2002 8 �
