ECRIT S. Norreys
Internet-Draft BT Group
Intended status: Informational H. Tschofenig
Expires: September 9, 2009 Nokia Siemens Networks
H. Schulzrinne
Columbia University
March 8, 2009
Authority-to-Individuals Communication for Emergency Situations:
Requirements, Terminology and Architecture
draft-norreys-ecrit-authority2individuals-requirements-02.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 9, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Norreys, et al. Expires September 9, 2009 [Page 1]
�
Internet-Draft Early Warning Communication March 2009
Abstract
Public safety agencies need to provide information to the general
public before and during large-scale emergencies. While many aspects
of such systems are specific to national or local jurisdictions,
emergencies span such boundaries and notifications need to reach
visitors from other jurisdictions. This document summarizes
requirements for protocols to alert individuals within a defined
geographic area.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Architectures . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Closed Warning Notification Provider and Aggregator
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Open Communication between Warning Notification
Provider and Aggregator . . . . . . . . . . . . . . . . . 6
3.3. Open Communication towards Warning Notification
Customers . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4. Notification Population . . . . . . . . . . . . . . . . . 9
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
6. Security considerations . . . . . . . . . . . . . . . . . . . 11
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
Norreys, et al. Expires September 9, 2009 [Page 2]
�
Internet-Draft Early Warning Communication March 2009
1. Introduction
During large-scale emergencies, public safety authorities need to
reliably communicate with citizens in the affected areas, to provide
warnings, indicate whether citizens should evacuate and how, and to
dispel misinformation. Accurate information can reduce the impact of
such emergencies.
Traditionally, emergency alerting has used church bells, sirens,
loudspeakers, radio and television to warn citizens and to provide
information. However, techniques such as sirens and bells provide
limited information content; loud speakers cover only very small
areas and are often hard to understand, even for those not hearing
impaired or fluent in the local language. Radio and television offer
larger information volume, but are hard to target geographically and
do not work well to address the "walking wounded" or other
pedestrians. Both are not suitable for warnings, as many of those
needing the information will not be listening or watching at any
given time, particularly during work/school and sleep hours.
This problem has recently been illustrated by the London underground
bombing on July 7, 2006, as described in a government report [ref].
The UK authorities could only use broadcast media and could not, for
example, easily announce to the "walking wounded" where to assemble.
This document summarizes key requirements for IP-based protocols to
enhance and complement existing authority-to-citizen warning systems.
These protocols may either directly reach the citizen or may be used
to trigger more traditional alerts, such as, among many others,
displays in subway stations, electronic bill boards, or SMS.
Public safety authorities need to reach, with an appropriate message,
as many affected people as possible within the area impacted by the
emergency, including not just residents, but also workers and
travelers who may only be in the area temporarily.
In addition, people around the immediately affected area should be
able to receive information and differentiated instructions, such as
warnings to avoid travel or to clear roads.
Emergency alerts may be issued once for an emergency or authorities
may repeat or update information during an event.
Some messages are addressed to all individuals within a certain
geographic area. Other messages may target only specific individuals
or groups of individuals, such as medical personnel or those
particularly susceptible to an incident.
Norreys, et al. Expires September 9, 2009 [Page 3]
�
Internet-Draft Early Warning Communication March 2009
Machine-parseable alerts may also be used to trigger automated
behaviors, such as closing vents during a chemical spill or
activating sirens or other warning systems in commercial buildings.
At least initially, mobile and stationary devices may not have the
appropriate capabilities to receive such warnings. Thus, protocols
need to be designed to allow gatewaying to traditional systems, e.g.,
the PSTN.
We assume an event notification model, i.e., individuals subscribe to
warnings that affect their current location. As a mobile device
moves, the subscription may need to be updated. Thus, location
information needs to be available during the subscription process.
Users may want to subscribe to warnings that do not affect their
current location. For example, parents may want to be alerted of
emergencies affecting the school attended by their children and adult
children may need to know about emergencies affecting elderly
parents.
Some technologies may also support network-level broadcast or
multicast.
2. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119], with the
important qualification that, unless otherwise stated, these terms
apply to the design of a protocol conveying emergency alerts and
early warning messages, not its implementation or application.
This document reuses the terminology introduced by [3GPP-TR-22.968]
and modifies it to fit to IETF terminology:
Notification Population:
The term notification population refers to the set of warning
notification consumers that receive a warning notification.
Public Warning System:
A public warning system delivers warning notifications provided by
warning notification providers to IP-capable end hosts within
notification areas.
Norreys, et al. Expires September 9, 2009 [Page 4]
�
Internet-Draft Early Warning Communication March 2009
Warning Notification:
Warning notifications inform recipients of the occurrence of
current or pending public safety-related events and additionally
may provide users with instructions on what to do and where to get
help for the duration of the emergency.
Warning Notification Provider:
A warning notification provider is an agency that injects warning
notifications in the communication system. Examples of such
agencies are branches of governments, public transport providers
or weather organizations. A private institution, such as a
university, hospital or enterprise, may also provide such warnings
to people located within their facilities.
Warning Notification Consumer: A warning notification consumer is
the final recipient of a warning notification from an IP
communication point of view. Examples are Web browsers and SIP
clients on mobile phones and laptops that process warning
notification messages. Once received such a warning is shown to
the user (a human) via an appropriately designed user interface to
ensure that it is properly understood.
Warning Notification Aggregator:
A warning notification aggregator receives alert notifications
from different providers, performs security functions (e.g.,
authentication, authorization) and may need to transform message
into a different format before forwarding them towards warning
notification consumers.
3. Architectures
The following sub-sections illustrate different architectural
approaches.
3.1. Closed Warning Notification Provider and Aggregator Groups
The first architectural variant allows the distribution of warning
notifications from warning notification providers to warning
notification aggregators. The communication is largely in a point-
to-point fashion and the number of involved players is rather small,
particularly on the side of the warning notification providers.
Furthermore, a new warning notification aggregator is allowed to
receive warning notifications only after certain verification
procedures are conducted and thereby the entire communication
Norreys, et al. Expires September 9, 2009 [Page 5]
�
Internet-Draft Early Warning Communication March 2009
infrastructure re-essembles a closed group. To ensure that the
content of the warning notifications is properly understood the
involved parties are very likely to agree on the detailed semantics
of the warning messages prior to distributing any alert.
Figure 1 shows the involved parties graphically.
+----------------------------------------+
| .--------------. |
| | Warning | Closed |
| | Notification |\ Federation |
| Aggregator A | \ |
| `--------------' \\ |
| \ |
| \\ |
| \ |
| \\ |
| \ |
| .--------------. .............. |
| | Warning | : Warning : |
| | Notification |-----: Notification : |
| Aggregator B | : Provider : |
| `--------------' `..............' |
| / |
| // |
| // |
| // |
| .--------------. // |
| | Warning | // |
| | Notification | / |
| Aggregator C | |
| `--------------' |
+----------------------------------------+
Figure 1: Closed Warning Notification Provider and Aggregator Groups
An example of this system can be seen in national early warning
systems where regulatory requirements force warning notification
provider and aggregators to work together.
3.2. Open Communication between Warning Notification Provider and
Aggregator
This model is similar to the closed group presented in the previous
section with a difference in the way how warning notification
aggregators can retrieve warning notifications from warning
Norreys, et al. Expires September 9, 2009 [Page 6]
�
Internet-Draft Early Warning Communication March 2009
notification providers. When the aggregator interacts with the
provider then no special client-side authentication procedure is
assumed and no access restrictions are enforced. As such, the
aggregator might be located anywhere on the Internet to retrieve the
warning notifications. Warning notification aggregators might offer
their subscribers the ability to receive warnings of a certain type
(e.g., weather alerts) for a specific region (e.g., for a specific
country or an entire continent). Hence, the aggregator might find
the relevant warning notification providers and interacts with them
to retrieve alerts. Finally, the aggregator might use different
protocol mechanisms (e.g., SMS, Web pages) towards the warning
notification customers, often depending on the client capabilities.
In general, the number of aggregators is very likely larger than in a
closed group but there are no significant challenges with respect to
scalability or congestion to expect.
Figure 2 shows the involved parties graphically.
o
\|/
| ..............
/ \ : Warning :
.--------------. : Notification :
| Warning | : Provider X :
| Notification |-- `..............'
Consumer (1)| -- --
`--------------' --- --- /
--- .--------------. --- /
-- | Warning | --- /
--| Notification |-- /
Aggregator A | \ /
...... `--------------' \\ /
\ //
X\
o / \
\|/ / \\
| / \
/ \ .--------------. / ..............
.--------------. | Warning |/ : Warning :
| Warning | ------- | Notification |-----: Notification :
| Notification |------ Aggregator B | : Provider Y :
Consumer (n)| `--------------' `..............'
`--------------'
Figure 2: Open Communication between Warning Notification Provider
and Aggregator
Norreys, et al. Expires September 9, 2009 [Page 7]
�
Internet-Draft Early Warning Communication March 2009
3.3. Open Communication towards Warning Notification Customers
In the following architectural variant the customers directly
interact with various warning notification providers that a relevant
for a specific type of alert type. In order to learn about the
relevant warning notification providers it may be necessary to
consult some form of discovery service; this may be done out-of-band
via manual configuration or via a protocol mechanism.
Scalability and congestion control concerns arise with this scenario
as this model assumes an opt-in approach from the customer. The
total number of warning notification customers are provider has to
serve may be considerable. There are a more security challenges
since there are no pre-established trust relationships between the
warning notification customers and the providers.
.-----------.
| Discovery |
| Service |
`-----------'
^
/
/ ..............
/ : Warning :
/ / : Notification :
/ // : Provider X :
/ // `..............'
/ //
o / //
\|/ / /
| / //
/ \ v //
.--------------. // ..............
| Warning | // : Warning :
| Notification |-------------------- : Notification :
Consumer (1)|-- : Provider Y :
`--------------' -- `..............'
---
--
---
--
---
-- : Warning :
--: Notification :
: Provider Y :
`..............'
Norreys, et al. Expires September 9, 2009 [Page 8]
�
Internet-Draft Early Warning Communication March 2009
Open Communication towards Warning Notification Customers
3.4. Notification Population
What warning notification customers are put into the notification
population is an important architectural aspect that is largely
orthongonal to the architecture presented in Section 3.1 and
Section 3.2.
In an opt-in model the the warning notification customer need to
provide information about what type of alerts it is interested in
and, in order for the warning notification aggregator or the warning
notification provider to be able to distribute warnings it is
necessary for them to know the context, such as the current location,
preferred language or device capabilities. This information may be
provided by the customer itself or by other entities, such as the
access provider.
Alternatively, the topological structure of networks is used to
distribute warning notifications to all hosts that are located within
a specific IP-subsetwork or hosts in a specific link layer broadcast
domain. This approach typically requires co-operation from the
network provider.
4. Requirements
The following requirements are related to the communication protocol
and the context.
Req-1:
The protocol mechanisms MUST allow targeting notifications to
specific individuals, groups of individuals or specific geographic
regions. Different regions or groups may receive different
instructions for the same disaster. (For example, people very
close to a chemical spill may be asked to evacuate, while those
further away may be asked to close windows.)
Req-2:
The protocol solution MUST provide real-time message delivery.
Req-3:
The solution MUST support the delivery of warning notifications
that allow for predictable or likely events.
Norreys, et al. Expires September 9, 2009 [Page 9]
�
Internet-Draft Early Warning Communication March 2009
Req-4
The protocol mechanisms MUST allow delivery of messages
simultaneously to a large audience.
Req-5
The protocol mechanisms MAY provide an option to return a receipt
on reading message. However, the confirmation SHOULD NOT be
required.
Req-6:
The protocol mechanism MUST be independent of the underlying
access network technology.
Req-7:
Protocol mechanisms MUST allow to tailor the message to the
language preferences of the receiver and/or deliver multiple
versions in different languages within the same message, so that
the recipient can choose the most appropriate one.
Req-8:
A user SHOULD be able to indicate the preferred method of
communication to the public warning service, such as notification
by email, different instant messaging protocols or automated voice
calls.
Req-9:
The protocol conveying warning notifications SHOULD identify the
warning notification provider in a secure manner.
Req-10:
The solution MUST provide a mechanism for transmitting warning
notification test messages.
Req-11:
A solution MUST support delivery of notification messages (e.g.,
with different media types) to those with special needs, such as
hearing and vision impaired.
Norreys, et al. Expires September 9, 2009 [Page 10]
�
Internet-Draft Early Warning Communication March 2009
5. IANA Considerations
This document does not require actions by IANA.
6. Security considerations
This document outlines requirements and security security
requirements are a part of them.
7. Acknowledgments
This document reuses requirements captured outside the IETF, namely
ETSI (with [ETSI-TS-102-182]), and the 3GPP (with [3GPP-TR-22.968]).
We would like to thank the authors of these specifications for their
work. Note, however, that only a small subset of the requirements
have been reflected that do not relate to specific deployments, user
interface aspects, detailed regulatory requirements, management and
operational considerations, and non-IP specific technologies.
We would like to thank Leopold Murhammer for his review in July 2007.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References
[3GPP-TR-22.968]
, ., "3GPP TR 22.968, V1.0.0 (2007-04), 3rd Generation
Partnership Project; Technical Specification Group
Services and System Aspects; Study for requirements for a
Public Warning System (PWS) Service (Release 8)",
December 2006.
[ETSI-TS-102-182]
, ., "ETSI TS 102 182, V1.2.1 (2006-12), Technical
Specification, Emergency Communications (EMTEL);
Requirements for communications from authorities/
organizations to individuals, groups or the general public
during emergencies", December 2006.
Norreys, et al. Expires September 9, 2009 [Page 11]
�
Internet-Draft Early Warning Communication March 2009
Authors' Addresses
Steve Norreys
BT Group
1 London Road
Brentwood, Essex CM14 4QP
UK
Phone: +44 1277 32 32 20
Email: steve.norreys@bt.com
Hannes Tschofenig
Nokia Siemens Networks
Linnoitustie 6
Espoo 02600
Finland
Phone: +358 (50) 4871445
Email: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at
Henning Schulzrinne
Columbia University
Department of Computer Science
450 Computer Science Building
New York, NY 10027
US
Phone: +1 212 939 7004
Email: hgs+ecrit@cs.columbia.edu
URI: http://www.cs.columbia.edu
Norreys, et al. Expires September 9, 2009 [Page 12]
�