4 Originating Identification Presentation (OIP) and Originating Identification Restriction (OIR)
24.6073GPPOriginating Identification Presentation (OIP) and Originating Identification Restriction (OIR) using IP Multimedia (IM) Core Network (CN) subsystemProtocol specificationRelease 17TS
4.1 Introduction
The Originating Identification Presentation (OIP) service provides the terminating user with the possibility of receiving identity information in order to identify the originating user.
The Originating Identification Restriction (OIR) service enables the originating user to prevent presentation of its identity information to the terminating user.
4.2 Description
4.2.1 General description
The OIP service provides the terminating user with the possibility of receiving trusted (i.e. network‑provided) identity information in order to identify the originating user.
In addition to the trusted identity information, the identity information from the originating user can include identity information generated by the originating user and in general transparently transported by the network. In the particular case where the "no screening" special arrangement does not apply, the originating network shall verify the content of this user generated identity information. The terminating network cannot be responsible for the content of this user generated identity information.
The OIR service is a service offered to the originating user. It restricts presentation of the originating user’s identity information to the terminating user.
When the OIR service is applicable and activated, the originating network provides the destination network with the indication that the originating user’s identity information is not allowed to be presented to the terminating user. In this case, no originating user’s identity information shall be included in the requests sent to the terminating user. The presentation restriction function shall not influence the forwarding of the originating user’s identity information within the network as part of the supplementary service procedures.
4.3 Operational requirements
4.3.1 Provision/withdrawal
4.3.1.1 OIP Provision/withdrawal
The OIP service may be provided after prior arrangement with the service provider or be generally available.
The OIP service shall be withdrawn at the subscriber’s request or for administrative reasons.
As a general operator policy a special arrangement may exist on a per subscriber basis or on a general behaviour basis whereby the originating user’s identity information intended to be transparently transported by the network is not screened by the network.
4.3.1.2 OIR Provision/withdrawal
The OIR service, temporary mode, may be provided on a subscription basis or may be generally available.
The OIR service, permanent mode, shall be provided on a subscription basis.
As a network option, the OIR service can be offered with several subscription options. A network providing the OIR service shall support temporary mode at a minimum. Subscription options are summarized in table 1.
Table 1: OIR Subscription options
|
Subscription option values |
Values |
|
Mode |
‑ permanent mode (active for all requests) ‑ temporary mode (allows the UE to override the default behaviour on per call basis) |
|
Temporary mode default |
‑ presentation restricted ‑ presentation not restricted |
|
Restriction |
‑ restrict the asserted identity ‑ restrict all private information appearing in headers |
4.3.2 Requirements on the originating network side
As part of the basic communication procedures specified in 3GPP TS 24.229 [3], the following requirements apply at the originating network side in support of the OIP service and the OIR service. Unless noted otherwise, these requirements are meant to apply to all requests meant to initiate either a dialog or a standalone transaction. These procedures apply regardless of whether the originating or terminating parties subscribe to the OIP service or the OIR service:
1 The originating UE can insert two forms of identity information that correspond to the following two purposes:
As a suggestion to the network as to what public user identity the network should be included in the request as network asserted identity information.
As a UE‑provided identity to be transparently transported by the network.
2 In the case where no identity information is provided by the originating UE for the purpose of suggesting a network‑provided identity, the network shall include identity information based on the default public user identity associated with the originating UE.
3 In the case where identity information is provided by the originating UE for the purpose of suggesting a network-provided identity, the network shall attempt to match the information provided with the set of registered public identities of the originating UE. If a match is found, the network shall include an identity based on the information provided by the originating UE.
As a network option, if the "no screening" special arrangement does not exist with the originating UE, the network may attempt to match the UE‑provided identity information with the set of registered public identities of the originating user. If a match is not found, the network shall replace the UE‑provided identity with one that includes the default public user identity.
The UE can include an indication that it wishes to have the presentation of its identity information to be restricted. The following cases exist:
– If the originating user has subscribed to the OIR service in the permanent mode, then the network shall invoke the OIR service for each outgoing request.
– If the originating user has subscribed to the OIR service in the temporary mode with default value "presentation restricted", then the network shall invoke the OIR service for each outgoing request unless the default value is overridden by subscriber request at the time of outgoing request.
– If the originating user has subscribed to the OIR service in the temporary mode with default value "presentation not restricted", then the network shall only invoke the OIR service if requested by the subscriber at the time of outgoing initial request.
– If the originating user has not subscribed to the OIR service but the originating UE sends a SIP request initiating a dialog or standalone transaction with Privacy header fields indicating a privacy request or a digit sequence within the Request-URI that comprise the effective dial string for restricting the presentation of identity information then, the SIP request may be rejected by operator policy.
NOTE 1AA: Only when supporting the MMTEL for the OIP/OIR Service such a procedure is possible. This requires an initial filter criterion to be setup for the user who is not subscribed to the OIR service.
– If the OIR service is not invoked, the network‑provided identity shall be considered to be presentation allowed.
NOTE 1A: For the network to invoke the service, the S-CSCF will forward an initial request towards the AS that hosts the OIR service. This requires an initial filter criterion to be setup for the user who is subscribed to the service. Annex B provides an example of an initial filter criterion that can be applied for the OIR service.
As an originating network option, if the originating user invokes the OIR service for a particular request, the originating network may prevent any UE‑provided identification information (in addition to the trusted identity information) from being displayed to the terminating user.
NOTE 1: As an informative description, for OIP/OIR this means the following procedures are expected to be provided by the P‑CSCF regardless of whether the originating user does or does not subscribe to the OIP service or OIR service. When the P‑CSCF receives an initial request for a dialog or a request for a standalone transaction, and the request contains a P‑Preferred‑Identity header field that matches one of the registered public user identities, the P‑CSCF is expected to identify the initiator of the request by that public user identity. In particular, the P‑CSCF is expected to include a P‑Asserted‑Identity header field set to that public user identity. When the P‑CSCF receives an initial request for a dialog or a request for a standalone transaction, and the request contains as P‑Preferred‑Identity header field that does not match one of the registered public user identities, or does not contain a P‑Preferred‑Identity header field, the P‑CSCF is expected to identify the initiator of the request by a default public user identity. In particular, the P‑CSCF is expected to include a P‑Asserted‑Identity header field set to the default public user identity. If there is more then one default public user identity available, the P‑CSCF is expected to randomly select one of them.
NOTE 2: In the case where the S‑CSCF has knowledge of an associated tel‑URI for a SIP URI contained in the P‑Asserted‑Identity header field received in the request, the S‑CSCF adds a second P‑Asserted‑Identity header field containing this tel‑URI.
NOTE 3: For the S‑CSCF to forward an initial request towards the AS that hosts the OIR service, an initial filter criterion is to be setup for the user who is subscribed to the service. Annex B provides an example of an initial filter criterion that that can be applied for the OIR service.
NOTE 4: It is assumed that the IBCF is responsible for stripping the P‑Asserted‑Identity from the SIP header when interworking with untrusted networks.
4.3.3 Requirements on the terminating network side
For terminating users that subscribe to the OIP service, and if network provided identity information about the originator is available, and if presentation is allowed, the network shall include that information in the requests sent to the UE.
If the presentation of the public user identity is restricted, then the terminating UE shall receive an indication that the public user identity was not sent because of restriction.
If the public user identity is not available at the terminating network (for reasons such as interworking), then the network shall indicate to the terminating user that the public user identity was not included for reasons other than that the originating user invoked the OIR service.
For terminating users that do not subscribe to the OIP service, the network shall not send the network provided identity information about the originator in the requests sent to the UE, even if that information is available, and if presentation is allowed. Additionally, the network may prevent the transmission of any UE‑provided identity information.
NOTE 1: The priv-value "id" in the Privacy header is not expected be removed when removing any P-Asserted-Identity header as described in 3GPP TS 24.229 [3] subclauses 4.4.2 and 5.4.3.3.
NOTE 2: When removing the P‑Asserted‑identity any following service in the chain could be affected. Therefore service based on the originating identity (such as ICB and ACR), are expected to precede the OIP service in the chain.
NOTE 3: It is assumed that the IBCF is responsible for stripping the P‑Asserted‑Identity from the SIP header when interworking with untrusted networks.
4.4 Syntax requirements
The syntax for the relevant header fields in the SIP requests are normatively described in 3GPP TS 24.229 [3]. The relevant headers are:
– The P‑Preferred‑Identity header field, which shall conform to the specifications in IETF RFC 3325 [7] and IETF RFC 3966 [9].
– The P‑Asserted‑Identity header field, which shall conform to the specifications in IETF RFC 3325 [7] and IETF RFC 3966 [9].
– The Privacy header field, which shall conform to the specifications in IETF RFC 3323 [6] and IETF RFC 3325 [7].
NOTE: The privacy level "session" and "critical" are not used in this specification.
– The From header field, which shall conform to the specifications in IETF RFC 3261 [10] and IETF RFC 3966 [9].
4.5 Signalling procedures
4.5.0 General
Configuration of supplementary services by the user should:
– take place over the Ut interface using XCAP as enabling protocol as described in 3GPP TS 24.623 [13]; or
– use SIP based user configuration as described in 3GPP TS 24.238 [15];
NOTE: Other possibilities for user configuration, such as web-based provisioning or pre-provisioning by the operator are outside the scope of the present document, but are not precluded.
The enhancements to the XML schema for use over the Ut interface are described in subclause 4.10.
4.5.1 Activation/deactivation
The OIP service is activated at provisioning and deactivated at withdrawal.
The OIR service is activated at provisioning and deactivated at withdrawal.
4.5.1A Registration/erasure
The OIP service requires no registration. Erasure is not applicable.
The OIR service requires no registration. Erasure is not applicable.
4.5.1B Interrogation
For interrogation of OIP and OIR, the mechanisms specified in subclause 4.5.0 should be used.
4.5.2 Invocation and operation
4.5.2.1 Actions at the originating UE
As part of basic communication, the originating UE may insert a P‑Preferred‑Identity header field in any initial SIP request for a dialog or in any SIP request for a standalone transaction as a hint for creation of a public user identity as described in 3GPP TS 24.229 [3].
NOTE 1: According 3GPP TS 24.229 [3], the UE can include any of the following in the P‑Preferred‑Identity header field:
a public user identity which has been registered by the user;
a public user identity returned in a registration‑state event package of a NOTIFY request as a result of an implicit registration that was not subsequently deregistered or has expired; or
any other public user identity which the user has assumed by mechanisms outside the scope of 3GPP TS 24.229 [3] to have a current registration.
If the originating user wishes to override the default setting of "presentation not restricted" of the OIR service in temporary mode:
– The originating UE shall include an "anonymous" From header field. The convention for configuring an anonymous From header field described in IETF RFC 3323 [6] should be followed; i.e. From: "Anonymous" <sip:anonymous@anonymous.invalid>;tag= xxxxxxx.
– If only the P‑Asserted‑Identity needs to be restricted the originating UE shall include a Privacy header field [6] set to "id" in accordance with IETF RFC 3325 [7].
– If all headers containing private information that the UE cannot anonymize itself need to be restricted, the originating UE shall include a Privacy header field set to "header" in accordance with IETF RFC 3323 [6].
NOTE 2: The Privacy header field value "header" does not apply to the identity in the From header field.
If the originating user wishes to override the default setting of "presentation restricted" of the OIR service in temporary mode:
– The originating UE shall include a Privacy header field of privacy type "none" in accordance with
3GPP TS 24.229 [3] (IETF RFC 3323 [6]).
4.5.2.2 Void
4.5.2.3 Void
4.5.2.4 Actions at the AS serving the originating UE
For an originating user that subscribes to the OIR service in "permanent mode", the AS shall:
1) insert a Privacy header field set to:
a) "id" if only the P-Asserted-Identity header field needs to be restricted as described in RFC 3325 [7]; or
b) "header" if all the header fields, containing private information that the UE cannot anonymize need to be restricted as described in RFC 3323 [6]. This choice is based on the subscription option.
NOTE 1: The Privacy header field value "header" does not apply to the identity in the From header field.
2) If the request includes a Privacy header field that is set to "none", remove the "none" value from the Privacy header field; and
3) based on operator policy, either modify the From header field to remove the identification information, or add a Privacy header field set to "user".
For an originating user that subscribes to the OIR service in "temporary mode" with default "presentation-restricted", if the request does not include a Privacy header field, or the request includes a Privacy header field that is not set to "none", the AS shall:
1) insert a Privacy header field set to:
a) "id" if only the P-Asserted-Identity header field needs to be restricted as described in RFC 3325 [7]; or
b) "header" if all the header fields, containing private information that the UE cannot anonymize need to be restricted as described in RFC 3323 [6]. This choice is based on the subscription option.
NOTE 2: The Privacy header field value "header" does not apply to the identity in the From header field.
2) based on operator policy, either modify the From header field to remove the identification information, or add a Privacy header field set to "user".
NOTE 3: When the OIR service is used, the originating UE is supposed to already have removed identity information from the From header field. However because this UE is not trusted, this is also done by the AS to ensure that this information is removed.
For an originating user that subscribes to the OIR service in "temporary mode" with default "presentation-not-restricted", if the request includes a Privacy header field is set to "id" or "header", based on operator policy, the AS shall either modify the From header field to remove the identification information or add a Privacy header field set to "user". As an originating network option, if the "no screening" special arrangement does not exist with the originating user, the AS may attempt to match the information in the From header with the set of registered public identities of the originating user. If a match is not found, the AS may set the From header to the SIP URI that includes the default public user identity.
For an originating user who has not subscribed to the OIR service but requests the restriction of its identity information by sending Privacy header fields requesting privacy as defined in subclause 4.5.2.1, then the SIP request for initiating a dialog or standalone transaction may be rejected by operator policy with a 403(Forbidden) response including a warning header field 399 "OIR not subscribed".
NOTE 4: Only when supporting the MMTEL for the OIP/OIR Service such a procedure is possible. This requires an initial filter criterion to be setup for the user who is not subscribed to the OIR service.
4.5.2.5 Void
4.5.2.6 Void
4.5.2.7 Void
4.5.2.8 Void
4.5.2.9 Actions at the AS serving the terminating UE
If OIP service of the terminating user is not activated, then the AS shall remove any P-Asserted-Identity or Privacy header fields included in the request. Additionally, the Application Server may as a network option anonymize the contents of the From header field by setting it to a default non significant value. As a network option, if the terminating user has an override category, the AS shall send the P-Asserted-Identity header fields and remove the Privacy header fields.
Based on local policy, if a P-Asserted-Identity header field and a From header field exist and carry different user identities, the AS may remove the P-Asserted-Identity header fields. As part of this policy, this removal can be limited to scenarios where the From header field fulfils some operator specific prerequisites (e.g. specific national number ranges).
NOTE 1: This option is used to achieve an identical behaviour for different access types where just one identity is provided to the UE.
When the Privacy header field is set to "id", with the exception of the cases listed above, the AS should not remove this Privacy header entry.
NOTE 2: The priv-value "id" in the Privacy header will be used by the terminating UE to distinguish the request of OIR by the originating user.
If the request includes the Privacy header field set to "header" the AS shall:
a) anonymize the contents of all header fields containing private information that are not "user configurable" in accordance with IETF RFC 3323 [6];
b) add a Privacy header field with the priv-value set to "id" if not already present in the request; and
c) remove the priv-value "header" from the Privacy header field in accordance with IETF RFC 3323 [6].
NOTE 3: The Privacy header field value "header" does not apply to the identity in the From header field.
If the request includes the Privacy header field set to "user" the AS shall remove or anonymize the contents of all "user configurable" headers (e.g. the From header field), and remove the priv-value "user" from the Privacy header field in accordance with IETF RFC 3323 [6]. In the latter case, the AS may need to act as transparent back‑to‑back user agent as described in IETF RFC 3323 [6].
4.5.2.10 Void
4.5.2.11 Void
4.5.2.12 Actions at the terminating UE
A terminating UE shall support the receipt of one or more P-Asserted-Identity header fields in SIP requests initiating a dialog or standalone transactions.
The UE may support the operator’s originating party identity determination policy.
The UE may support being configured with the operator’s originating party identity determination policy in the "FromPreferred" leaf node of 3GPP TS 24.417 [17].
Editor’s note [CR#0055, IOC_UE_conf]: Handling of any configuration on UICC related to the operator’s originating party identity determination policy is FFS.
If the UE supports the operator’s originating party identity determination policy:
1) if the operator’s originating party identity determination policy indicates that the From header field is not used for determination of the originating party identity in OIP service, the UE shall determine that the identity(ies) in the P-Asserted-Identity header field(s) is(are) the originating user identity. If the P-Asserted-Identity header field is absent and the Privacy header field is set to "id", the UE shall determine the originating party identity is anonymized. If the P-Asserted-Identity header field is absent and the Privacy header field is set to "none" or absent, the UE shall determine the originating party identity is unavailable; and
2) if the operator’s originating party identity determination policy indicates that the identity provided within the From header field is used for determination of the originating party identity in OIP service, then regardless of the presence or absence of the P-Asserted-Identity header field, the UE shall determine that the identity in the From header field is the originating user identity.
NOTE 1: The UE finds the network-asserted identity(ies) of the originating user in the P-Asserted-Identity header field(s). The UE finds the additional identity in the From header field.
NOTE 2: If the UE does not support the operator’s originating party identity determination policy, it is dependent on the UE implementation whether the additional identity, the network-asserted identity(ies), all or none are presented to the user.
NOTE 3: It is not guaranteed that the additional identity is trusted.
NOTE 4: If no P-Asserted-Identity header fields are present, but a Privacy header field was present, then the one or more network-asserted identities of the originating user can have been withheld due to presentation restriction.
NOTE 5: If neither P-Asserted‑Identity header fields nor a Privacy header field are present, then the network-asserted identities of the originating user can lack availability (due to, for example, interworking with other networks), or the user can be without a subscription to the OIP service.
4.6 Interaction with other services
4.6.1 Communication Hold (HOLD)
No impact, i.e. neither service shall affect the operation of the other service.
4.6.2 Terminating Identity Presentation (TIP)
No impact, i.e. neither service shall affect the operation of the other service.
4.6.3 Terminating Identity Restriction (TIR)
No impact, i.e. neither service shall affect the operation of the other service.
4.6.4 Originating Identity Presentation (OIP)
The OIR service shall normally take precedence over the OIP service.
The OIP service can take precedence over the OIR service when the destination subscriber has an override category. This is a national matter, and is outside the scope of the present document.
4.6.5 Originating Identity Restriction (OIR)
The OIR service shall normally take precedence over the OIP service.
The OIP service can take precedence over the OIR service when the destination user has an override category. This is a national matter, and is outside the scope of the present document.
4.6.6 Conference calling (CONF)
No impact, i.e. neither service shall affect the operation of the other service.
4.6.7 Communication diversion services (CDIV)
When a request has been diverted and the diverted‑to user has been provided with the OIP service, the diverted‑to UE shall receive the identity information of the original originating user. When the OIR service has been invoked, the originating user’s identity information shall not be presented to the diverted‑to user unless the diverted‑to user has an override category.
4.6.8 Malicious Communication IDentification (MCID)
No impact, i.e. neither service shall affect the operation of the other service.
NOTE: When the MCID service is invoked, the identity of an incoming communication is registered in the network whether or not the originating user has activated the OIR service.
4.6.9 Incoming Communication Barring (ICB)
Within the network execution of ICB and ACR services shall precede the OIP service.
4.6.10 Explicit Communication Transfer (ECT)
No impact, i.e. neither service shall affect the operation of the other service.
4.6.11 Enhanced Calling Name (eCNAM)
For users that subscribe to both OIP and eCNAM, and subject to service provider policy, the name information retrieved through eCNAM may override any name information available via OIP. Enhanced CNAM service is described in described in 3GPP TS 24.196 [18].
Subject to service provider policy, eCNAM metadata and other OIP data may both be presented to the end user with or without individual marking to distinguish the eCNAM service data from other call information.
If OIP is not activated, eCNAM data will not be available.
4.6.12 Multi-Device (MuD)
No impact. Neither service shall affect the operation of the other service.
4.6.13 Multi-Identity (MiD)
No impact. Neither service shall affect the operation of the other service.
4.7 Interactions with other networks
4.7.1 Void
4.7.2 Void
4.7.3 Void
4.8 Signalling flows
No OIP or OIR service specific signalling flow is necessary in addition to the basic communication control according to 3GPP TS 24.229 [3].
4.9 Parameter values (timers)
No specific timers are required.
4.10 Service configuration
4.10.0 General
Originating Identity documents are sub‑trees of the simservs XML document specified in 3GPP TS 24.623 [13]. As such, Originating Identity documents use the XCAP application usage in 3GPP TS 24.623 [13].
Data semantics: The semantics of the Originating Identity XML configuration document is specified in subclause 4.10.1.
XML schema: Implementations in compliance with the present document shall implement the XML schema that minimally includes the XML Schema defined in subclause 4.10.2 and the simservs XML schema specified in subclause 6.3 of 3GPP TS 24.623 [13].
An instance of an Originating Identity document is shown:
<?xml version="1.0" encoding="UTF-8"?>
<simservs xmlns="http://uri.etsi.org/ngn/params/xml/simservs/xcap" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
<originating-identity-presentation active="true"/>
<originating-identity-presentation-restriction active="true">
<default-behaviour>presentation-restricted</default-behaviour>
</originating-identity-presentation-restriction>
</simservs>
4.10.1 Data semantics
The OIP service can be activated/deactivated using the active attribute of the <originating‑identity‑presentation> service element.
The OIR service can be activated/deactivated using the active attribute of the <originating‑identity‑presentation‑restriction> service element. Activating the OIR service this way activates the temporary mode OIR service. When deactivated and not overruled by operator settings, basic communication procedures apply.
The behaviour of the temporary mode OIR is configured with the optional <default‑behaviour> element. There are two values that this element can take:
– Presentation‑restricted: This configures the service to behave as specified in subclause 4.5.2.4 for the case OIR service in "temporary mode" with default "presentation-restricted".
– Presentation‑not‑restricted: This configures the service to behave as specified in subclause 4.5.2.4 for the case OIR service in "temporary mode" with default "presentation-not-restricted".
Manipulation of the active attribute of the <originating‑identity‑presentation> service element and of the <originating‑identity‑presentation‑restriction> service element is subject to authorization via local policy. Unauthorized manipulation attempts are rejected with an HTTP 409 (Conflict) response as defined in IETF RFC 4825 [16].
4.10.2 XML schema
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:ss="http://uri.etsi.org/ngn/params/xml/simservs/xcap" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://uri.etsi.org/ngn/params/xml/simservs/xcap" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:element name="originating-identity-presentation-restriction" substitutionGroup="ss:absService">
<xs:annotation>
<xs:documentation>Originating Identity presentation Restriction
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:complexContent>
<xs:extension base="ss:simservType">
<xs:sequence>
<xs:element name="default-behaviour" default="presentation-restricted" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="presentation-restricted"/>
<xs:enumeration value="presentation-not-restricted"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
<xs:element name="originating-identity-presentation" type="ss:simservType" substitutionGroup="ss:absService">
<xs:annotation>
<xs:documentation>Originating Identity Presentation
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:schema>
Annex A (informative):
Signalling flows
No signalling flows are provided.
Annex B (informative):
Example of filter criteria
This annex provides an example of a filter criterion that triggers SIP requests that are subject to
Initial Filter Criteria (IFC) evaluation.