ECRIT R. Gellens Internet-Draft Core Technology Consulting Intended status: Standards Track B. Rosen Expires: February 2, 2017 NeuStar, Inc. H. Tschofenig Individual August 1, 2016 Next-Generation Vehicle-Initiated Emergency Calls draft-ietf-ecrit-car-crash-09.txt Abstract This document describes how to use IP-based emergency services mechanisms to support the next generation of emergency calls placed by vehicles (automatically in the event of a crash or serious incident, or manually invoked by a vehicle occupant) and conveying vehicle, sensor, and location data related to the crash or incident. Such calls are often referred to as "Automatic Crash Notification" (ACN), or "Advanced Automatic Crash Notification" (AACN), even in the case of manual trigger. The "Advanced" qualifier refers to the ability to carry a richer set of data. This document also registers a MIME Content Type and Emergency Call Additional Data Block for the vehicle, sensor, and location data (often referred to as "crash data" even though there is not necessarily a crash). An external specification for the data format, contents, and structure are referenced in this document. This document reuses the technical aspects of next-generation pan- European eCall (a mandated and standardized system for emergency calls by in-vehicle systems within Europe and other regions). However, this document specifies a different set of vehicle (crash) data, specifically, the Vehicle Emergency Data Set (VEDS) rather than the eCall Minimum Set of Data (MSD). This document is an extension of the eCall document, with the primary differences being that this document makes the MSD data set optional and VEDS mandatory, and adds attribute values to the eCall metadata/control object to permit greater functionality. This document registers a new INFO package (identical to that registered for eCall but with the addition of the VEDS MIME type). This document also describes legacy (circuit- switched) ACN systems and their migration to next-generation emergency calling, to provide background information and context. Gellens, et al. Expires February 2, 2017 [Page 1] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on February 2, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Document Scope . . . . . . . . . . . . . . . . . . . . . . . 8 4. Overview of Legacy Deployment Models . . . . . . . . . . . . 8 5. Migration to Next-Generation . . . . . . . . . . . . . . . . 10 6. Data Transport . . . . . . . . . . . . . . . . . . . . . . . 13 7. Call Setup . . . . . . . . . . . . . . . . . . . . . . . . . 14 8. Call Routing . . . . . . . . . . . . . . . . . . . . . . . . 15 9. New Metadata/Control Values . . . . . . . . . . . . . . . . . 16 9.1. New values for the 'action' attribute' . . . . . . . . . 17 9.2. Request Example . . . . . . . . . . . . . . . . . . . . . 18 9.3. The element . . . . . . . . . . . . . . . . . . . . 18 9.4. The element . . . . . . . . . . . . . . . 19 10. Test Calls . . . . . . . . . . . . . . . . . . . . . . . . . 20 Gellens, et al. Expires February 2, 2017 [Page 2] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 11. The emergencyCallData.eCall.VEDS INFO package . . . . . . . . 21 11.1. INFO Package Requirements . . . . . . . . . . . . . . . 22 12. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 13. Security Considerations . . . . . . . . . . . . . . . . . . . 29 14. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 15.1. MIME Content-type Registration for 'application/EmergencyCall.VEDS+xml' . . . . . . . . . . 30 15.2. Registration of the 'VEDS' entry in the Emergency Call Additional Data registry . . . . . . . . . . . . . . . . 31 15.3. New Action Values . . . . . . . . . . . . . . . . . . . 32 15.4. Static Message Registry . . . . . . . . . . . . . . . . 32 15.5. Lamp ID Registry . . . . . . . . . . . . . . . . . . . . 33 15.6. Camera ID Registry . . . . . . . . . . . . . . . . . . . 34 16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35 17. Changes from Previous Versions . . . . . . . . . . . . . . . 35 17.1. Changes from draft-ietf-08 to draft-ietf-09 . . . . . . 35 17.2. Changes from draft-ietf-07 to draft-ietf-08 . . . . . . 36 17.3. Changes from draft-ietf-06 to draft-ietf-07 . . . . . . 36 17.4. Changes from draft-ietf-05 to draft-ietf-06 . . . . . . 36 17.5. Changes from draft-ietf-04 to draft-ietf-05 . . . . . . 36 17.6. Changes from draft-ietf-03 to draft-ietf-04 . . . . . . 36 17.7. Changes from draft-ietf-02 to draft-ietf-03 . . . . . . 36 17.8. Changes from draft-ietf-01 to draft-ietf-02 . . . . . . 36 17.9. Changes from draft-ietf-00 to draft-ietf-01 . . . . . . 37 17.10. Changes from draft-gellens-02 to draft-ietf-00 . . . . . 37 17.11. Changes from draft-gellens-01 to -02 . . . . . . . . . . 37 17.12. Changes from draft-gellens-00 to -01 . . . . . . . . . . 37 18. References . . . . . . . . . . . . . . . . . . . . . . . . . 37 18.1. Normative References . . . . . . . . . . . . . . . . . . 37 18.2. Informative references . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. This document re-uses terminology defined in Section 3 of [RFC5012]. Additionally, we use the following abbreviations: Gellens, et al. Expires February 2, 2017 [Page 3] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 +--------+----------------------------------------------------------+ | Term | Expansion | +--------+----------------------------------------------------------+ | 3GPP | 3rd Generation Partnership Project | | AACN | Advanced Automatic Crash Notification | | ACN | Automatic Crash Notification | | APCO | Association of Public-Safety Communications Officials | | EENA | European Emergency Number Association | | ESInet | Emergency Services IP network | | GNSS | Global Navigation Satellite System (which includes | | | various systems such as the Global Positioning System or | | | GPS) | | IVS | In-Vehicle System | | MNO | Mobile Network Operator | | MSD | eCall Minimum Set of Data | | NENA | National Emergency Number Association | | POTS | Plain Old Telephone Service (normal, circuit-switched | | | voice calls) | | PSAP | Public Safety Answering Point | | TSP | Telematics Service Provider | | VEDS | Vehicle Emergency Data Set | +--------+----------------------------------------------------------+ 2. Introduction Emergency calls made by in-vehicle systems (e.g., automatically in the event of a crash or serious incident or manually by a vehicle occupant) assist in significantly reducing road deaths and injuries by allowing emergency services to respond quickly and appropriately to the specifics of the incident, often with better location accuracy. Drivers often have a poor location awareness, especially outside of major cities, at night and when away from home (especially abroad). In the most crucial cases, the victim(s) might not be able to call because they have been injured or trapped. For more than two decades, some vehicles have been equipped with telematics systems which, among other features, place an emergency call automatically in the event of a crash or manually in response to an emergency call button. Such systems generally have on-board location determination systems that make use of satellite-based positioning technology, inertial sensors, gyroscopes, etc., which can provide an accurate position for the vehicle. Such built-in systems can take advantage of the benefits of being integrated into a vehicle, such as more power capacity, ability to have larger or specialized antenna, ability to be engineered to avoid or minimise degradation by vehicle glass coatings, interference from other Gellens, et al. Expires February 2, 2017 [Page 4] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 vehicle systems, etc. Thus, the PSAP can be provided with a good estimate of where the vehicle is during an emergency. Vehicle manufacturers are increasingly adopting such systems, both for the safety benefits and for the additional features and services they enable (e.g., remote engine diagnostics, remote door unlock, stolen vehicle tracking and disabling, etc.). The general term for such systems is Automatic Crash Notification (ACN) or "Advanced Automatic Crash Notification" (AACN). "ACN" is used in this document as a general term. ACN systems transmit some amount of data specific to the incident, referred to generally as "crash data" (the term is commonly used even though there might not have been a crash). While different systems transmit different amounts of crash data, standardized formats, structures, and mechanisms are needed to provide interoperability among systems and PSAPs. As of the date of this document, currently deployed in-vehicle telematics systems are circuit-switched and lack a standards-based ability to convey crash data directly to the PSAP (generally relying on either a human advisor or an automated text-to-speech system to provide the PSAP call taker with some crash data orally, or in some cases via a proprietary mechanism). In most cases, the PSAP call taker needs to first realize that the call is related to a vehicle incident, and then listen to the data and transcribe it. Circuit- switched ACN systems are referred to here as CS-ACN. The transition to next-generation calling in general, and for emergency calling in particular, provides an opportunity to vastly improve the scope, breadth, reliability and usefulness of crash data during an emergency by allowing it to be transmitted during call set- up, and to be automatically processed by the PSAP and made available to the call taker in an integrated, automated way, as well as provide the ability for a PSAP call taker to request that a vehicle take certain actions, such as flashing lights or unlocking doors. In addition, vehicle manufacturers are provided an opportunity to take advantage of the same standardized mechanisms for data transmission and request processing for internal use if they wish (such as telemetry between the vehicle and a service center for both emergency and non-emergency uses, including location-based services, multi- media entertainment systems, remote door unlocking, and road-side assistance applications). Next-generation ACN provides an opportunity for such calls to be recognized and processed as such during call set-up, and routed to an equipped PSAP where the vehicle data is available to assist the call taker in assessing and responding to the situation. Next-generation (IP-based) ACN systems are referred to here as NG-ACN. Gellens, et al. Expires February 2, 2017 [Page 5] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 An ACN call can be initiated by a vehicle occupant or automatically initiated by vehicle systems in the event of a serious incident. (The "A" in "ACN" does stand for "Automatic," but the term is broadly used to refer to the class of calls that are placed by an in-vehicle system (IVS) or Telematics Service Providers (TSP) and that carry incident-related data as well as voice.) Automatically triggered calls indicate a car crash or some other serious incident (e.g., a fire). Manually triggered calls are often reports of observed crashes or serious hazards (such as impaired drivers or roadway debris). In some implementations, manually triggered calls might be more likely to be accidental. This document describes how the IETF mechanisms for IP-based emergency calls, including [RFC6443] and [RFC7852], are used to provide the realization of next-generation ACN. This document reuses the technical aspects of next-generation pan- European eCall (a mandated and standardized system for emergency calls by in-vehicle systems within Europe and other regions), as described in [I-D.ietf-ecrit-ecall]. However, this document specifies a different set of vehicle (crash) data, specifically, the Vehicle Emergency Data Set (VEDS) rather than the eCall Minimum Set of Data (MSD). This document is an extension of [I-D.ietf-ecrit-ecall], with the differences being that this document makes the MSD data set optional and VEDS mandatory, and adds new attribute values to the eCall metadata/control object defined in that document. This document also registers a new INFO package (identical to that defined in [I-D.ietf-ecrit-ecall] with the addition of the VEDS MIME type). The Association of Public-Safety Communications Officials (APCO) and the National Emergency Number Association (NENA) have jointly developed a standardized set of incident-related vehicle data for ACN use, called the Vehicle Emergency Data Set (VEDS) [VEDS]. Such data is often referred to as crash data although it is applicable in incidents other than crashes. VEDS provides a standard data set for the transmission, exchange, and interpretation of vehicle-related data. A standard data format allows the data to be generated by an IVS or TSP and interpreted by PSAPs, emergency responders, and medical facilities. It includes incident-related information such as airbag deployment, location and compass orientation of the vehicle, spatial orientation of the vehicle (e.g., upright, on its side or top or a bumper), various sensor data that can indicate the potential severity of the crash and the likelihood of severe injuries to the vehicle occupants, etc. This data better informs the PSAP and emergency responders as to the type of response that might be needed. Some of this information has Gellens, et al. Expires February 2, 2017 [Page 6] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 been included in U.S. government guidelines for field triage of injured patients [triage-2008] [triage-2011]. These guidelines are designed to help responders identify the potential existence of severe internal injuries and to make critical decisions about how and where a patient needs to be transported. This document registers the 'application/EmergencyCallData.VEDS+xml' MIME content-type, and registers the 'VEDS' entry in the Emergency Call Additional Data registry. VEDS is an XML structure (see [VEDS]) transported in SIP using the 'application/EmergencyCallData.VEDS+xml' MIME content-type.. VEDS is a versatile structure that can accomodate varied needs. However, if additional sets of data are determined to be needed (e.g., in the future or in different regions), the steps to enable each data block are very briefly summarized below: o A standardized format and encoding (such as XML) is defined and published by a Standards Development Organization (SDO) o A MIME Content-Type is registered for it (typically under the 'Application' media type) with a sub-type starting with 'EmergencyCallData.' o An entry for the block is added to the Emergency Call Additional Data Blocks sub-registry (established by [RFC7852]); the registry entry is the root of the MIME sub-type (not including the 'EmergencyCallData' prefix and any suffix such as '+xml') o A new INFO package is registered that permits carrying the new content type and the metadata/control object (defined in [I-D.ietf-ecrit-ecall]) in INFO messages. Section 6 describes how VEDA data and metadata/control are transported within NG-ACN calls. Section 7 describes how such calls are places. These mechanisms are thus used to place emergency calls that are identifiable as ACN calls and that carry standardized crash data in an interoperable way. Calls by in-vehicle systems are placed via cellular networks, which might ignore location information sent by an originating device in an emergency call INVITE, instead attaching their own location information (often determined in cooperation with the originating device). Standardized crash data structures often include location as determined by the IVS. A benefit of this is that it allows the Gellens, et al. Expires February 2, 2017 [Page 7] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 PSAP to see both the location as determined by the cellular network (often in cooperation with the originating device) and the location as determined by the IVS. This specification inherits the ability to utilize test call functionality from Section 15 of [RFC6881]. 3. Document Scope This document is focused on how an ACN emergency call is setup and incident-related data (including vehicle, sensor, and location data) is transmitted to the PSAP using IETF specifications. For the direct model, this is the end-to-end description (between the vehicle and the PSAP). For the TSP model, this describes the call leg between the TSP and the PSAP, leaving the call leg between the vehicle and the TSP up to the entities involved (i.e., IVS and TSP vendors) who are then free to use the same mechanism as for the right-hand side or not. Note that Europe has a mandated and standardized system for emergency calls by in-vehicle systems. This pan-European system is known as "eCall" and is the subject of a separate document, [I-D.ietf-ecrit-ecall], which this document builds on. Vehicles designed to operate in multiple regions might need to support eCall as well as NG-ACN as described here. A vehicle IVS might determine whether to use eCall or ACN by first determining the region or country in which it is located (e.g., from a GNSS location fix and/or identity of or information from an MNO). If other regions adopt other data formats, a multi-region vehicle might need to support those as well. This document adopts the call set-up and other technical aspects of [I-D.ietf-ecrit-ecall], which uses [RFC7852]; this makes it straightforward to use a different data set while keeping other technical aspects unchanged. Hence, both NG-eCall and the NG-ACN mechanism described here are compatible, differing primarily in the specific data block that is sent (the eCall MSD in the case of NG-eCall, and the APCO/NENA VEDS used in this document), and some additions to the metadata/control data block. If other regions adopt their own vehicle data sets, this can be similarly accomodated without changing other technical aspects. Note that any additional data blocks require a new INFO package to permit transport within INFO messages. 4. Overview of Legacy Deployment Models Legacy (circuit-switched) systems for placing emergency calls by in- vehicle systems generally have some ability to convey at least location and in some cases telematics data to the PSAP. Most such systems use one of three architectural models, which are described Gellens, et al. Expires February 2, 2017 [Page 8] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 here as: "Telematics Service Provider" (TSP), "direct", and "paired". These three models are illustrated below. In the TSP model, both emergency and non-emergency calls are placed to a Telematics Service Provider (TSP); a proprietary technique is used for data transfer (such as a proprietary in-band modem) between the TSP and the vehicle. In an emergency, generally the TSP call taker bridges in the PSAP and communicates location, crash data (such as impact severity and trauma prediction), and other data (such as the vehicle description) to the PSAP call taker verbally (in some cases, a proprietary out-of-band interface is used). Since the TSP knows the location of the vehicle (from on-board GNSS and sensors), location-based routing is usually used to route to the appropriate PSAP. In some cases, the TSP is able to transmit location automatically, using similar techniques as for wireless calls. Typically, a three-way voice call is established between the vehicle, the TSP, and the PSAP, allowing communication between the PSAP call taker, the TSP call taker, and the vehicle occupants (who might be unconscious). ///----\\\ proprietary +------+ 911 trunk or POTS +------+ ||| IVS |||-------------->+ TSP +------------------->+ PSAP | \\\----/// crash data +------+ location via trunk +------+ Figure 1: Legacy TSP Model. In the paired model, the IVS uses a Bluetooth link with a previously- paired handset to establish an emergency call with the PSAP (by dialing a standard emergency number; 9-1-1 in North America), and then communicates location data to the PSAP via text-to-speech; crash data might or might not be conveyed also using text-to-speech. Some such systems use an automated voice prompt menu for the PSAP call taker (e.g., "this is an automatic emergency call from a vehicle; press 1 to open a voice path to the vehicle; press 2 to hear the location read out") to allow the call taker to request location data via text-to-speech. +---+ ///----\\\ | H | 911/etc voice call via handset +------+ ||| IVS |||-->| S +----------------------------------->+ PSAP | \\\----/// +---+ location via text-to-speech +------+ Figure 2: Legacy Paired Model Gellens, et al. Expires February 2, 2017 [Page 9] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 In the direct model, the IVS directly places an emergency call with the PSAP by dialing a standard emergency number (9-1-1 in North America). Such systems might communicate location data to the PSAP via text-to-speech; crash data might or might not be conveyed using text-to-speech. Some such systems use an automated voice prompt menu (e.g., "this is an automatic emergency call from a vehicle; press 1 to open a voice path to the vehicle; press 2 to hear the location read out") to allow the call taker to request location data via text- to-speech. ///----\\\ 911/etc voice call via IVS +------+ ||| IVS |||---------------------------------------->+ PSAP | \\\----/// location via text-to-speech +------+ Figure 3: Legacy Direct Model 5. Migration to Next-Generation Migration of emergency calls placed by in-vehicle systems to next- generation (all-IP) technology per this document provides a standardized mechanism to identify such calls and to present crash data with the call, as well as enabling additional communications modalities and enhanced functionality. This allows ACN calls and crash data to be automatically processed by the PSAP and made available to the call taker in an integrated, automated way. Because the crash data is carried in the initial SIP INVITE (per [RFC7852]) the PSAP can present it to the call taker simultaneously with the appearance of the call. The PSAP can also process the data to take other actions (e.g., if multiple calls from the same location arrive when the PSAP is busy and a subset of them are NG-ACN calls, a PSAP might choose to store the information and reject the calls, since the IVS will receive confirmation that the information has been successfully received; a PSAP could also choose to include a message stating that it is aware of the incident and responders are on the way; a PSAP could call the vehicle back when a call taker is available). Origination devices and networks, PSAPs, emergency services networks, and other telephony environments are migrating to next-generation. This provides opportunities for significant enhancement to interoperability and functionality, especially for emergency calls carrying additional data such as vehicle crash data. (In the U.S., a network specifically for emergency responders is being developed. This network, FirstNet, will be next-generation from the start, enhancing the ability for data exchange between PSAPs and responders.) Gellens, et al. Expires February 2, 2017 [Page 10] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 Migration to next-generation (NG) provides an opportunity to significantly improve the handling and response to vehicle-initiated emergency calls. Such calls can be recognized as originating from a vehicle, routed to a PSAP equipped both technically and operationally to handle such calls, and the vehicle-determined location and crash data can be made available to the call taker simultaneously with the call appearance. The PSAP can take advantage of enhanced functionality, including the ability to request the vehicle to take an action, such as sending an updated set of data, converying a message to the occupants, flashing lights, unlocking doors, etc. Vehicle manufacturers using the TSP model can choose to take advantage of the same mechanism to carry telematics data and requests and responses between the vehicle and the TSP for both emergency and non-emergency calls as are used for the interface with the PSAP. A next-generation IVS establishes an emergency call using the emergency call solution as described in [RFC6443] and [RFC6881], with the difference that the Request-URI indicates an ACN type of emergency call, the IVS typically does not perform routing or location queries but relies on the carrier for this, and uses Call- Info header fields to indicates that vehicle crash and capabilities data is attached. When an ESInet is deployed, the MNO only needs to recognize the call as an emergency call and route it to an ESInet. The ESInet can recognize the call as an ACN with vehicle data and can route the call to an NG-ACN capable PSAP. Such a PSAP can interpret the vehicle data sent with the call and make it available to the call taker. [I-D.ietf-ecrit-ecall] registers new service URN children within the "sos" subservice. These URNs request NG-ACN resources, and differentiate between manually and automatically triggered NG-ACN calls (which might be subject to different treatment depending on policy). The two service URNs registered in [I-D.ietf-ecrit-ecall] are "urn:service:sos.ecall.automatic" and "urn:service:sos.ecall.manual". The same service URNs are used for ACN as for eCall since in any region only one of these is supported, making a distinction unnecessary. (Further, PSAP equipment might support multiple data formats, allowing a PSAP to handle a vehicle that erroneously sent the wrong data object.) Note that in North America, routing queries performed by clients outside of an ESInet typically treat all sub-services of "sos" identically to "sos" with no sub-service. However, the Request-URI header field retains the full sub-service; route and handling decisions within an ESInet or PSAP can take the sub-service into account. For example, in a region with multiple cooperating PSAPs, Gellens, et al. Expires February 2, 2017 [Page 11] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 an NG-ACN call might be routed to a PSAP that is NG-ACN capable, or one that specializes in vehicle-related incidents. Migration of the three architectural models to next-generation (all- IP) is described below. In the TSP model, the IVS transmits crash and location data to the TSP either by re-using the mechanisms and data objects described here, or using a proprietary mechanism. In an emergency, the TSP bridges in the PSAP and the TSP transmits crash and other data to the PSAP using the mechanisms and data objects described here. There is a three-way call between the vehicle, the TSP, and the PSAP, allowing communication between the PSAP call taker, the TSP call taker, and the vehicle occupants (who might be unconscious). The TSP relays PSAP requests and vehicle responses. proprietary ///----\\\ or standard +------+ standard +------+ ||| IVS ||| ------------------->+ TSP +------------------->+ PSAP | \\\----/// crash + other data +------+ crash + other data +------+ Figure 4: Next-Generation TSP Model The vehicle manufacturer and the TSP can choose to use the same mechanisms and data objects on the left call leg in Figure 4 as on the right. (Note that the TSP model can be more difficult when the vehicle is in a different country than the TSP (e.g., a US resident driving in Canada or Mexico) because of the additional complexity in choosing the correct PSAP based on vehicle location performed by a TSP in a different country.) In the direct model, the IVS communicates crash data to the PSAP directly using the mechanisms and data objects described here. ///----\\\ NG emergency call +------+ ||| IVS |||----------------------------------------->+ PSAP | \\\----/// crash + other data +------+ Figure 5: Next-Generation Direct Model In the paired model, the IVS uses a Bluetooth link to a previously- paired handset to establish an emergency call with the PSAP; it is undefined what facilities are or will be available for transmitting crash data through the Bluetooth link to the handset for inclusion in an NG emergency call. Hence, manufacturers that use the paired model for legacy calls might choose to adopt either the direct or TSP models for next-generation calls. Gellens, et al. Expires February 2, 2017 [Page 12] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 +---+ ///----\\\ (undefined) | H | standard +------+ ||| IVS |||------------------>| S +------------------->+ PSAP | \\\----/// (undefined) +---+ crash + other data +------+ Figure 6: Next-Generation Paired Model If the call is routed to a PSAP that is not capable of processing the vehicle data, the PSAP ignores (or does not receive) the vehicle data. This is detectable by the IVS or TSP when the status response to the INVITE (e.., 200 OK) lacks an eCall control structure acknowledging receipt of the data [I-D.ietf-ecrit-ecall]. The IVS or TSP then proceeds as it would for a CS-ACN call (e.g., verbal conveyance of data) 6. Data Transport [RFC7852] establishes a general mechanism for attaching blocks of data to a SIP emergency call. This mechanism permits certain emergency call MIME types to be attached to SIP messages. This document makes use of that mechanism. An In-Vehicle System (IVS) transmits a VEDS data block (see [VEDS]) by attaching it to a SIP message as a MIME body part per [RFC7852]. The body part is identified by its MIME content-type ('application/ emergencyCallData.eCall.VEDS+xml') in the Content-Type header field of the body part. The body part is assigned a unique identifier which is listed in a Content-ID header field in the body part. The SIP message is marked as containing the VEDS data by adding (or appending to) a Call-Info header field at the top level of the SIP message. This Call-Info header field contains a CID URL referencing the body part's unique identifier, and a 'purpose' parameter identifying the data as a VEDS data block per the Emergency Call Additional Data Blocks registry entry; the 'purpose' parameter's value is 'emergencyCallData.VEDS'. A PSAP or IVS transmits a metadata/control object (see [I-D.ietf-ecrit-ecall]) by attaching it to a SIP message as a MIME body part per [RFC7852]. The body part is identified by its MIME content-type ('application/emergencyCallData.eCall.control+xml') in the Content-Type header field of the body part. The body part is assigned a unique identifier which is listed in a Content-ID header field in the body part. The SIP message is marked as containing the metadata/control block by adding (or appending to) a Call-Info header field at the top level of the SIP message. This Call-Info header field contains a CID URL referencing the body part's unique identifier, and a 'purpose' parameter identifying the data as a metadata/control block per the Emergency Call Additional Data Blocks Gellens, et al. Expires February 2, 2017 [Page 13] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 registry entry; the 'purpose' parameter's value is 'emergencyCallData.eCall.control'. An In-Vehicle System (IVS) initiating an NG-ACN call includes in the initial INVITE a VEDS data block and a metadata/control object informing the PSAP of its capabilities. The PSAP creates a metadata/ control object acknowledging receipt of the VEDS data and includes it to the SIP response to the INVITE. A PSAP can request the vehicle to send an updated VEDS data block during a call. The PSAP creates a metadata/control object requesting the VEDS data and attaches it to a SIP INFO message which it sends within the dialog. The IVS then attaches an updated VEDS data to a SIP INFO message and sends it within the dialog. The metadata/ control object and the VEDS are attached to an INFO message in the same way they are attached to other messages (such as the INVITE and the reply to the INVITE as discussed above). INFO messages are sent using an appropriate INFO Package. See Section 11 for more information. When data is being carried in an INFO request message, the body part also carries a Content-Disposition header field set to "Info- Package". 7. Call Setup A next-generation In-Vehicle System (IVS) initiates an NG-ACN call with a SIP INVITE using one of the SOS sub-services "SOS.ecall.automatic" or "SOS.ecall.manual" in the Request-URI, standard sets of crash data and capabilities data encoded in standardized and registered formats, attached as additional data blocks as specified in Section 4.1 of [RFC7852]. As described in that document, each data block is identified by its MIME content- type, and pointed to by a CID URL in a Call-Info header with a 'purpose' parameter value corresponding to the data block. If new data blocks are needed (e.g., in other regions or in the future), the steps required during standardization are briefly summarized below: o A set of data is standardized by an SDO or appropriate organization o A MIME Content-Type for the crash data set is registered with IANA * If the data is specifically for use in emergency calling, the MIME type is normally under the 'application' type with a subtype starting with 'EmergencyCallData.' Gellens, et al. Expires February 2, 2017 [Page 14] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 * If the data format is XML, then by convention the name has a suffix of '+xml' o The item is registered in the Emergency Call Additional Data registry, as defined in Section 9.1.7 of [RFC7852] * For emergency-call-specific formats, the registered name is the root of the MIME Content-Type (not including the 'EmergencyCallData' prefix and any suffix such as '+xml') as described in Section 4.1 of [RFC7852]. o A new INFO package is registered that permits carrying the the new content type, the metadata/control object (defined in [I-D.ietf-ecrit-ecall]), and for compatibility, the MSD and VEDS objects, in INFO messages. When placing an emergency call, the crash data set and IVS capability data are transported as described in Section 6. The Vehicle Emergency Data Set (VEDS) is an XML structure defined by the Association of Public-Safety Communications Officials (APCO) and the National Emergency Number Association (NENA) [VEDS]. It is carried in body part with MIME content-type 'application/ EmergencyCallData.VEDS+xml'. Entities along the path between the vehicle and the PSAP are able to identify the call as an ACN call and handle it appropriately. The PSAP is able to identify the crash and capabilities data attached to the INVITE by examining the Call-Info header fields for 'purpose' parameters whose values start with 'EmergencyCallData.' The PSAP is able to access the data it is capable of handling and is interested in by checking the 'purpose' parameter values. This document extends [I-D.ietf-ecrit-ecall] by reusing the call set- up and other normative requirements with the exception that in this document, support for the eCall MSD is OPTIONAL and support for VEDS in REQUIRED. This document also adds new attribute values to the metadata/control object defined in [I-D.ietf-ecrit-ecall]. 8. Call Routing An Emergency Services IP Network (ESInet) is a network operated by or on behalf of emergency services authorities. It handles emergency call routing and processing before delivery to a PSAP. In the NG9-1-1 architecture adopted by NENA as well as the NG1-1-2 architecture adopted by EENA, each PSAP is connected to one or more ESInets. Each originating network is also connected to one or more ESInets. The ESInets maintain policy-based routing rules which Gellens, et al. Expires February 2, 2017 [Page 15] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 control the routing and processing of emergency calls. The centralization of such rules within ESInets provides for a cleaner separation between the responsibilities of the originating network and that of the emergency services network, and provides greater flexibility and control over processing of emergency calls by the emergency services authorities and PSAPs. This makes it easier to react quickly to unusual situations that require changes in how emergency calls are routed or handled (e.g., a natural disaster closes a PSAP), as well as ease in making long-term changes that affect such routing (e.g., cooperative agreements to specially handle calls requiring translation or relay services). In an environment that uses ESInets, the originating network need only detect that the service URN of an emergency call is or starts with "sos", passing all types of emergency calls to an ESInet. The ESInet is then responsible for routing such calls to an appropriate PSAP. In an environment without an ESInet, the emergency services authorities and the originating carriers determine how such calls are routed. 9. New Metadata/Control Values This document adds new attribute values to the metadata/control structure defined in [I-D.ietf-ecrit-ecall]. In addition to the base usage from the PSAP to the IVS to acknowledge receipt of crash data, the element is also contained in a metadata/control block sent by the IVS to the PSAP. This is used by the IVS to acknowledge receipt of a request by the PSAP and indicate if the request was carried out when that request would not otherwise be acknowledged (if the PSAP requests the vehicle to send data and the vehicle does so, the data serves as a success acknowledgement). The element is used in a metadata/control block sent from the IVS to the PSAP (e.g., in the initial INVITE) to inform the PSAP of the vehicle capabilities. Child elements contain all actions and data types supported by the vehicle and all available lamps (lights) and cameras. New request values are added to the element to enable the PSAP to request the vehicle to perform actions. Mandatory Actions (the IVS and the PSAP MUST support): o Transmit data object (VEDS MUST be supported; MSD MAY be supported) Gellens, et al. Expires February 2, 2017 [Page 16] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 Optional Actions (the IVS and the PSAP MAY support): o Play and/or display static (pre-defined) message o Speak/display dynamic text (text supplied in action) o Flash or turn on or off a lamp (light) o Honk horn o Enable a camera The element indicates the object being acknowledged (i.e., a data object or a metadata/control block containing elements), and reports success or failure. The element has child elements indicating the actions supported by the IVS. The element contains attributes to indicate the request and to supply any needed information, and MAY contain a child element to contain the text for a dynamic message. The 'action' attribute is mandatory and indicates the specific action. [I-D.ietf-ecrit-ecall] established an IANA registry to contain the allowed values; this document adds new values to that registry in Table 2. Per [I-D.ietf-ecrit-ecall], the PSAP sends a control/metadata block in response to the VEDS data sent by the IVS in SIP requests other than INFO (e.g., the INVITE). This metadata/control block is sent in the SIP response to the request (e.g., the INVITE response). When the PSAP needs to send a control block that is not an immediate response to a VEDS or other data sent by the IVS, the control block is transmitted from the PSAP to the IVS in a SIP INFO request within the established dialog. The IVS sends the requested data (e.g., the VEDS) or an acknowledgment (for requests other than to send data) in a new INFO request. This mechanism flexibly allows the PSAP to send metadata/control data to the IVS and the IVS to respond. If control data sent in a response message requests the IVS to send a new VEDS or other data block, or to perform an action other than sending data, the IVS sends the requested data or an acknowledgment regarding the action in an INFO message within the dialog. 9.1. New values for the 'action' attribute' The following new "action" values are defined: msg-static: displays or plays a predefined message (translated as appropriate for the language of the vehicle's interface). A registry is created in Section 15.4 for messages and their IDs. Vehicles include the highest registered message in their Gellens, et al. Expires February 2, 2017 [Page 17] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 element to indicate support for all messages up to and including the indicated value. msg-dynamic displays or speaks (via text-to-speech) a dynamic message included in the request. honk sounds the horn. lamp turns a lamp (light) on, off, or flashes. enable-camera adds a one-way media stream (established via SIP re- INVITE sent by the vehicle) to enable the PSAP call taker to view a feed from a camera. Note that there is no 'request' action to play dynamic media (such as an audio message). The PSAP can send a SIP re-INVITE to establish a one-way media stream for this purpose. 9.2. Request Example Remain calm. Help is on the way. Figure 7: Request Example 9.3. The element In [I-D.ietf-ecrit-ecall], the element is transmitted by the PSAP to acknowledge the MSD. Here, the element is also transmitted by the PSAP to acknowledge the VEDS data and by the IVS to acknowledge receipt of a element that requested the IVS to perform an action other than transmitting a data object (e.g., a Gellens, et al. Expires February 2, 2017 [Page 18] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 request to display a message would be acknowledged, but a request to transmit VEDS data would not result in a separate element being sent, since the data object itself serves as acknowledgment.) An element sent by an IVS references the unique ID of the metadata/control object containing the request(s) and indicates whether the request was successfully performed, and if not, optionally includes an explanation. 9.3.1. Ack Examples Figure 8: Ack Example from IVS to PSAP 9.4. The element The element ([I-D.ietf-ecrit-ecall]) is transmitted by the IVS to indicate its capabilities to the PSAP. The element contains a child element per action supported by the vehicle. The vehicle MUST support sending the VEDS data object and so includes at a minimum a child element with the 'action' attribute set to "send-data" and the 'supported-values' attribute containing all data blocks supported by the IV, which MUST include 'VEDS'. All other actions are OPTIONAL. If the "msg-static" action is supported, a child element with the 'action' attribute set to "msg-static" is included, with the 'msgid' attribute set to the highest supported static message supported by the vehicle. A registry is created in Section 15.4 to map 'msgid' values to static text messages. By sending the highest supported static message number in its element, the Gellens, et al. Expires February 2, 2017 [Page 19] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 vehicle indicates its support for all static messages in the registry up to and including that value. If the "lamp" action is supported, a child element with the 'action' attribute set to "lamp" is included, with the 'supported- values' attribute set to all supported lamp IDs. A registry is created in Section 15.5 to contain lamp ID values. If the "enable-camera" action is supported, a child element with the 'action' attribute set to "enable-camera" is included, with the 'supported-values' attribute set to all supported camera IDs. A registry is created in Section 15.6 to contain camera ID values. 9.4.1. Capabilities Example Figure 9: Capabilities Example 10. Test Calls An NG-ACN test call is a call that is recognized and treated to some extent as an NG-ACN call but not given emergency call treatment and not handled by a call taker. The specific handling of test NG-ACN calls is not itself standardized; the test call facility is intended to allow the IVS, user, or TSP to verify that an NG-ACN call can be successfully established with voice and/or other media communication. Gellens, et al. Expires February 2, 2017 [Page 20] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 The IVS might also be able to verify that the crash data was successfully received. This document builds on [I-D.ietf-ecrit-ecall], which inherits the ability to utilize test call functionality from Section 15 of [RFC6881]. A service URN starting with "test." indicates a test call. [I-D.ietf-ecrit-ecall] registered "urn:service:test.sos.ecall" for test calls. MNOs, emergency authorities, ESInets, and PSAPs determine how to treat a vehicle call requesting the "test" service URN so that the desired functionality is tested, but this is outside the scope of this document. (One possibility is that MNOs route such calls as non-emergency calls to an ESInet, which routes them to a PSAP that supports NG-ACN calls; the PSAP accepts test calls, sends a crash data acknowledgment, and plays an audio clip (for example, saying that the call reached an appropriate PSAP and the vehicle data was successfully processed) in addition to supporting media loopback per [RFC6881]). Note that since test calls are placed using "test" as the parent service URN and "sos" as a child, such calls are not treated as an emergency call and so some functionality might not apply (such as preemption or service availability for devices lacking service ("non- service-initialized" or "NSI" devices) if those are available for emergency calls). 11. The emergencyCallData.eCall.VEDS INFO package This document registers the 'emergencyCallData.eCall.VEDS' INFO package. Both endpoints (the IVS and the PSAP equipment) include 'emergencyCallData.eCall.VEDS' in a Recv-Info header field per [RFC6086] to indicate ability to receive INFO messages carrying data as described here. Support for the 'emergencyCallData.eCall.VEDS' INFO package indicates the ability to receive the VEDS body part as specified in [TBD: THIS DOCUMENT] and the metadata/control body part as specified in [I-D.ietf-ecrit-ecall]. An INFO request message carrying data related to an emergency call as described in [TBD: THIS DOCUMENT] has an Info-Package header field set to 'emergencyCallData.eCall.VEDS' per [RFC6086]. Gellens, et al. Expires February 2, 2017 [Page 21] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 11.1. INFO Package Requirements The requirements of Section 10 of [RFC6086] are addressed in the following sections. 11.1.1. Overall Description This section describes "what type of information is carried in INFO requests associated with the Info Package, and for what types of applications and functionalities UAs can use the Info Package." INFO requests associated with the emergencyCallData.eCall.VEDS INFO package carry data associated with emergency calls as defined in [TBD: THIS DOCUMENT]. The application is vehicle-initiated emergency calls established using SIP. The functionality is to carry vehicle data and metadata/control information between vehicles and PSAPs. Refer to [TBD: THIS DOCUMENT] for more information. 11.1.2. Applicability This section describes "why the Info Package mechanism, rather than some other mechanism, has been chosen for the specific use-case...." The use of INFO is based on an analysis of the requirements against the intent and effects of INFO versus other approaches (which included SIP MESSAGE, SIP OPTIONS, SIP re-INVITE, media plane transport, and non-SIP protocols). In particular, the transport of emergency call data blocks occurs within a SIP emergency dialog, per Section 6, and is normally carried in the initial INVITE and its response; the use of INFO only occurs when emergency-call-related data needs to be sent mid-call. While MESSAGE could be used, it is not tied to a SIP dialog as is INFO and thus might not be associated with the dialog. SIP OPTIONS or re-INVITE could also be used, but is seen as less clean than INFO. SUBSCRIBE/NOTIFY could be coerced into service, but the semantics are not a good fit, e.g., the subscribe/ notify mechanism provides one-way communication consisting of (often multiple) notifications from notifier to subscriber indicating that certain events in notifier have occurred, whereas what's needed here is two-way communication of data related to the emergency dialog. Use of the media plane mechanisms was discounted because the number of messages needing to be exchanged in a dialog is normally zero or very few, and the size of the data is likewise very small. The overhead caused by user plane setup (e.g., to use MSRP as transport) would be disproportionately large. Based on the the analyses, the SIP INFO method was chosen to provide for mid-call data transport. Gellens, et al. Expires February 2, 2017 [Page 22] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 11.1.3. Info Package Name The info package name is emergencyCallData.eCall.VEDS 11.1.4. Info Package Parameters None 11.1.5. SIP Option-Tags None 11.1.6. INFO Message Body Parts The 'application/emergencyCallData.eCall.VEDS+xml' and 'application/ emergencyCallData.eCall.control+xml' MIME types are associated with this INFO package. See [TBD: THIS DOCUMENT] and [I-D.ietf-ecrit-ecall] for more information. 11.1.7. Info Package Usage Restrictions Usage is limited to vehicle-initiated emergency calls as defined in [TBD: THIS DOCUMENT]. 11.1.8. Rate of INFO Requests The rate of SIP INFO requests associated with the emergencyCallData.eCall.VEDS info package is normally quite low (most dialogs are likely to contain zero INFO requests, while others can be expected to carry an occasional request). 11.1.9. Info Package Security Considerations The MIME content type registations for the data blocks that can be carried using this IFO package contains a discussion of the security and/or privacy considerations specific to that data block. The "Security Considerations" and "Privacy Considerations" sections of [TBD: THIS DOCUMENT] discuss security and privacy considerations of the data carried in vehicle-initiated emergency calls as described in that document. 11.1.10. Implementation Details See [TBD: THIS DOCUMENT] for protocol details. Gellens, et al. Expires February 2, 2017 [Page 23] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 11.1.11. Examples See [TBD: THIS DOCUMENT] for protocol examples. 12. Example Figure 10 shows an NG-ACN call routing. The mobile network operator (MNO) routes the call to an Emergency services IP Network (ESInet), as for any emergency call. The ESInet routes the call to an appropriate NG-ACN-capable PSAP (using location information and the fact that that it is an NG-ACN call). The call is processed by the Emergency Services Routing Proxy (ESRP), as the entry point to the ESInet. The ESRP routes the call to an appropriate NG-ACN-capable PSAP, where the call is received by a call taker. (In deployments where there is no ESInet, the MNO itself routes the call directly to an appropriate NG-ACN-capable PSAP.) +---------------------------------------+ | | +------------+ | +-------+ | | | | | PSAP2 | | | | | +-------+ | | Originating| | | | Mobile | | +------+ +-------+ | Vehicle-->| Network |--+->| ESRP |---->| PSAP1 |--> Call-Taker | | | | +------+ +-------+ | | | | | +------------+ | +-------+ | | | PSAP3 | | | +-------+ | | | | | | | | ESInet | +---------------------------------------+ Figure 10: Example of Vehicle-Placed Emergency Call Message Flow The example, shown in Figure 11, illustrates a SIP emergency call INVITE with location information (a PIDF-LO), VEDS crash data (a VEDS data block), and capabilities data (an eCall metadata/control block with extensions defined in this document) attached to the SIP INVITE message. The INVITE has a request URI containing the 'urn:service:sos.ecall.automatic' service URN. The example VEDS data structure shows information about about a crashed vehicle. The example communicates that the car is a model year 2015 Saab 9-5 (a car which does not exist). The front airbag Gellens, et al. Expires February 2, 2017 [Page 24] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 deployed as a consequence of the crash. The 'VehicleBodyCategoryCode' indicates that the crashed vehicle is a passenger car (the code is set to '101') and that it is not a convertible (the 'ConvertibleIndicator' value is set to 'false'). The 'VehicleCrashPulse' element provides further information about the crash, namely that the force of impact based on the change in velocity over the duration of the crash pulse was 100 MPH. The principal direction of the force of the impact is set to '12' (which refers to 12 O'Clock, corresponding to a frontal collision). This value is described in the 'CrashPulsePrincipalDirectionOfForceValue' element. The 'CrashPulseRolloverQuarterTurnsValue' indicates the number of quarter turns in concert with a rollover expressed as a number; in our case 1. No roll bar was deployed, as indicated in 'VehicleRollbarDeployedIndicator' being set to 'false'. Next, there is information indicating seatbelt and seat sensor data for individual seat positions in the vehicle. In our example, information from the driver seat is available (value '1' in the 'VehicleSeatLocationCategoryCode' element), that the seatbelt was monitored ('VehicleSeatbeltMonitoredIndicator' element), that the seatbelt was fastened ('VehicleSeatbeltFastenedIndicator' element) and the seat sensor determined that the seat was occupied ('VehicleSeatOccupiedIndicator' element). Finally, information about the weight of the vehicle, which is 600 kilogram in our example. In addition to the information about the vehicle, further indications are provided, namely the presence of fuel leakage ('FuelLeakingIndicator' element), an indication whether the vehicle was subjected to multiple impacts ('MultipleImpactsIndicator' element), the orientation of the vehicle at final rest ('VehicleFinalRestOrientationCategoryCode' element) and an indication that there are no parts of the vehicle on fire (the 'VehicleFireIndicator' element). INVITE urn:service:sos.ecall.automatic SIP/2.0 To: urn:service:sos.ecall.automatic From: ;tag=9fxced76sl Call-ID: 3848276298220188511@atlanta.example.com Geolocation: Geolocation-Routing: no Call-Info: cid:1234567890@atlanta.example.com; Gellens, et al. Expires February 2, 2017 [Page 25] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 purpose=EmergencyCallData.VEDS Call-Info: cid:1234567892@atlanta.example.com; purpose=EmergencyCallData.ecall.control Accept: application/sdp, application/pidf+xml, application/emergencyCallData.eCall.control+xml Recv-Info: emergencyCallData.eCall Allow: INVITE, ACK, PRACK, INFO, OPTIONS, CANCEL, REFER, BYE, SUBSCRIBE, NOTIFY, UPDATE CSeq: 31862 INVITE Content-Type: multipart/mixed; boundary=boundary1 Content-Length: ... --boundary1 Content-Type: application/sdp ...Session Description Protocol (SDP) goes here --boundary1 Content-Type: application/pidf+xml Content-ID: -34.407 150.883 278 gps 2012-04-5T10:18:29Z 1M8GDM9A_KP042788 Gellens, et al. Expires February 2, 2017 [Page 26] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 --boundary1 Content-Type: application/EmergencyCallData.VEDS+xml Content-ID: 1234567890@atlanta.example.com Content-Disposition: by-reference;handling=optional Saab 9-5 2015 FRONT true false MAIN 101 100 MPH 12 1 false Gellens, et al. Expires February 2, 2017 [Page 27] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 1 true true true 600 kilogram true false true Driver false --boundary1 Content-Type: application/EmergencyCallData.ecall.control+xml Content-ID: 1234567892@atlanta.example.com Content-Disposition: by-reference;handling=optional --boundary1-- Figure 11: SIP INVITE indicating a Vehicule-Initated Emergency Call 13. Security Considerations Since this document relies on [I-D.ietf-ecrit-ecall] and [RFC7852], the security considerations described there and in [RFC5069] apply here. Implementors are cautioned to read and understand the discussion in those documents. As with emergency service systems where location data is supplied or determined with the assistance of an end host, there is the possibility that that location is incorrect, either intentially (e.g., in a denial of service attack against the emergency services infrastructure) or due to a malfunctioning device. The reader is referred to [RFC7378] for a discussion of some of these vulnerabilities. In addition to the security considerations discussion specific to the metadata/control object in [I-D.ietf-ecrit-ecall], note that vehicles MAY decline to carry out any requested action (e.g., if the vehicle requires but is unable to verify the certificate used to sign the request). The vehicle MAY use any value in the reason registry to indicate why it did not take an action (e.g., the generic "unable" or the more specific "security-failure"). 14. Privacy Considerations Since this document builds on [I-D.ietf-ecrit-ecall], which itself builds on [RFC7852], the data structures specified there, and the corresponding privacy considerations discussed there, apply here as well. The VEDS data structure contains optional elements that can carry identifying and personal information, both about the vehicle and about the owner, as well as location information, and so needs to be protected against unauthorized disclosure, as discussed in Gellens, et al. Expires February 2, 2017 [Page 29] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 [RFC7852]. Local regulations may impose additional privacy protection requirements. The additional functionality enabled by this document, such as access to vehicle camera streams, carries a burden of protection and so implementations need to be careful that access is only provided within the context of an emergency call or to an emergency services provider (e.g., by verifying that the request for camera access is signed by a certificate issued by an emergency services registrar). 15. IANA Considerations This document registers the 'application/EmergencyCall.VEDS+xml' MIME content type, and adds "VEDS" to the Emergency Call Additional Data registry. This document adds to and creates sub-registries in the 'Metadata/Control Data' registry created in [I-D.ietf-ecrit-ecall]. This document registers a new INFO package. 15.1. MIME Content-type Registration for 'application/ EmergencyCall.VEDS+xml' This specification requests the registration of a new MIME content type according to the procedures of RFC 4288 [RFC4288] and guidelines in RFC 3023 [RFC3023]. MIME media type name: application MIME subtype name: EmergencyCallData.VEDS+xml Mandatory parameters: none Optional parameters: charset Indicates the character encoding of enclosed XML. Encoding considerations: Uses XML, which can employ 8-bit characters, depending on the character encoding used. See Section 3.2 of RFC 3023 [RFC3023]. Security considerations: This content type is designed to carry vehicle crash data during an emergency call. This data can contain personal information including vehicle VIN, location, direction, etc. Appropriate precautions need to be taken to limit unauthorized access, inappropriate disclosure to third parties, and eavesdropping of this information. Gellens, et al. Expires February 2, 2017 [Page 30] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 Please refer to Section 7 and Section 8 of [RFC7852] for more information. When this content type is contained in a signed or encrypted body part, the enclosing multipart (e.g., multipart/signed or multipart/encrypted) has the same Content-ID as the data part. This allows an entity to identify and access the data blocks it is interested in without having to dive deeply into the message structure or decrypt parts it is not interested in. (The 'purpose' parameter in a Call-Info header field identifies the data, and the CID URL points to the data block in the body, which has a matching Content-ID body part header field). Interoperability considerations: None Published specification: [VEDS] Applications which use this media type: Emergency Services Additional information: None Magic Number: None File Extension: .xml Macintosh file type code: 'TEXT' Persons and email addresses for further information: Randall Gellensm rg+ietf@randy.pensive.org; Hannes Tschofenig, Hannes.Tschofenig@gmx.net Intended usage: LIMITED USE Author: This specification is a work item of the IETF ECRIT working group, with mailing list address . Change controller: The IESG 15.2. Registration of the 'VEDS' entry in the Emergency Call Additional Data registry This specification requests IANA to add the 'VEDS' entry to the Emergency Call Additional Data registry, with a reference to this document. The Emergency Call Additional Data registry was established by [RFC7852]. Gellens, et al. Expires February 2, 2017 [Page 31] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 15.3. New Action Values This document adds new values for the 'action' attribute of the element in the "Action Registry" registry created by [I-D.ietf-ecrit-ecall]. +---------------+-------------------------------------+ | Name | Description | +---------------+-------------------------------------+ | msg-static | Section 9.1 of [TBD: THIS DOCUMENT] | | | | | msg-dynamic | Section 9.1 of [TBD: THIS DOCUMENT] | | | | | honk | Section 9.1 of [TBD: THIS DOCUMENT] | | | | | lamp | Section 9.1 of [TBD: THIS DOCUMENT] | | | | | enable-camera | Section 9.1 of [TBD: THIS DOCUMENT] | +---------------+-------------------------------------+ Table 2: Action Registry New Values 15.4. Static Message Registry This document creates a new sub-registry called "Static Message Registry" in the "Metadata/Control Data" registry established by [I-D.ietf-ecrit-ecall]. Because all compliant vehicles are expected to support all static messages translated into all languages supported by the vehicle, it is important to limit the number of such messages. As defined in [RFC5226], this registry operates under "Publication Required" rules, which require a stable, public document and implies expert review of the publication. The expert should determine that the document has been published by an appropriate emergency services organization (e.g., NENA, EENA, APCO) or by the IETF with input from an emergency services organization, and that the proposed message is sufficiently distinguishable from other messages. The contents of this registry are: ID: An integer identifier to be used in the 'msgid' attribute of a metadata/control element. Message: The text of the message. Messages are listed in the registry in English; vehicles are expected to implement translations into languages supported by the vehicle. When new messages are added to the registry, the message text is determined by the registrant; IANA assigns the IDs. Each message is Gellens, et al. Expires February 2, 2017 [Page 32] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 assigned a consecutive integer value as its ID. This allows an IVS to indicate by a single integer value that it supports all messages with that value or lower. The initial set of values is listed in Table 3. +----+--------------------------------------------------------------+ | ID | Message | +----+--------------------------------------------------------------+ | 1 | Emergency authorities are aware of your incident and | | | location, but are unable to speak with you right now. We | | | will help you as soon as possible. | +----+--------------------------------------------------------------+ Table 3: Static Message Registry 15.5. Lamp ID Registry This document creates a new sub-registry called "Lamp ID Registry" in the "Metadata/Control Data" registry established by [I-D.ietf-ecrit-ecall]. This new sub-registry uniquely identifies the names of automotive lamps (lights). As defined in [RFC5226], this registry operates under "Expert Review" rules. The expert should determine that the proposed lamp name is clearly understandable and is sufficiently distinguishable from other lamp names. The contents of this registry are: Name: The identifier to be used in the 'lamp-ID' attribute of a metadata/control element. Description: A description of the lamp (light). The initial set of values is listed in Table 4. Gellens, et al. Expires February 2, 2017 [Page 33] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 +----------------+---------------------------------------------+ | Name | Description | +----------------+---------------------------------------------+ | head | The main lamps used to light the road ahead | | | | | interior | Interior lamp, often at the top center | | | | | fog-front | Front fog lamps | | | | | fog-rear | Rear fog lamps | | | | | brake | Brake indicator lamps | | | | | brake-center | Center High Mounted Stop Lamp | | | | | position-front | Front position/parking/standing lamps | | | | | position-rear | Rear position/parking/standing lamps | | | | | turn-left | Left turn/directional lamps | | | | | turn-right | Right turn/directional lamps | | | | | hazard | Hazard/four-way lamps | +----------------+---------------------------------------------+ Table 4: Lamp ID Registry Initial Values 15.6. Camera ID Registry This document creates a new sub-registry called "Camera ID Registry" in the "Metadata/Control Data" registry established by [I-D.ietf-ecrit-ecall]. This new sub-registry uniquely identifies automotive cameras. As defined in [RFC5226], this registry operates under "Expert Review" rules. The expert should determine that the proposed camera name is clearly understandable and is sufficiently distinguishable from other camera names. The contents of this registry are: Name: The identifier to be used in the 'camera-ID' attribute of an eCall control element. Description: A description of the camera. The initial set of values is listed in Table 5. Gellens, et al. Expires February 2, 2017 [Page 34] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 +-------------+-----------------------------------------------------+ | Name | Description | +-------------+-----------------------------------------------------+ | backup | Shows what is behind the vehicle, e.g., often used | | | for driver display when the vehicle is in reverse. | | | Also known as rearview, reverse, rear visibility, | | | etc. | | | | | left-rear | Shows view to the left and behind (e.g., left side | | | rear-view mirror or blind spot view) | | | | | right-rear | Shows view to the right and behind (e.g., right | | | side rear-view mirror or blind spot view) | | | | | forward | Shows what is in front of the vehicle | | | | | rear-wide | Shows what is behind vehicle (e.g., used by rear- | | | collision detection systems), separate from backup | | | view | | | | | lane | Used by systems to identify road lane and/or | | | monitor vehicle's position within lane | | | | | interior | Shows the interior (e.g., driver) | | | | | night-front | Night-vision view of what is in front of the | | | vehicle | +-------------+-----------------------------------------------------+ Table 5: Camera ID Registry Initial Values 16. Acknowledgements We would like to thank Christer Holmberg for his suggestions; Michael Montag, Arnoud van Wijk, Ban Al-Bakri, Wes George, Gunnar Hellstrom, and Rex Buddenberg for their feedback; and Ulrich Dietz for his help with earlier versions of the original version of this document. 17. Changes from Previous Versions 17.1. Changes from draft-ietf-08 to draft-ietf-09 o Added INFO package registration for eCall.VEDS o Moved element and other extension points back to eCall document so that extension points are in base spec (and also to get XML schema to compile) o Text changes for clarification. Gellens, et al. Expires February 2, 2017 [Page 35] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 17.2. Changes from draft-ietf-07 to draft-ietf-08 o Moved much of the metadata/control object from [I-D.ietf-ecrit-ecall] to this document as extensions o Editorial clarifications and simplifications o Moved "Call Routing" to be a subsection of "Call Setup" o Deleted "Profile" section and moved some of its text into "Introduction" 17.3. Changes from draft-ietf-06 to draft-ietf-07 o Minor editorial changes 17.4. Changes from draft-ietf-05 to draft-ietf-06 o Added clarifying text regarding signed and encrypted data o Additional informative text in "Migration to Next-Generation" section o Additional clarifying text regarding security and privacy. 17.5. Changes from draft-ietf-04 to draft-ietf-05 o Reworded security text in main document and in MIME registration for the VEDS object 17.6. Changes from draft-ietf-03 to draft-ietf-04 o Added example VEDS object o Additional clarifications and corrections o Removed references from Abstract o Moved Document Scope section to follow Introduction 17.7. Changes from draft-ietf-02 to draft-ietf-03 o Additional clarifications and corrections 17.8. Changes from draft-ietf-01 to draft-ietf-02 o This document now refers to [I-D.ietf-ecrit-ecall] for technical aspects including the service URN; this document no longer proposes a unique service URN for non-eCall NG-ACN calls; the same service URN is now used for all NG-ACN calls including NG-eCall and non-eCall o Added discussion of an NG-ACN call placed to a PSAP that doesn't support it o Minor wording improvements and clarifications Gellens, et al. Expires February 2, 2017 [Page 36] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 17.9. Changes from draft-ietf-00 to draft-ietf-01 o Added further discussion of test calls o Added further clarification to the document scope o Mentioned that multi-region vehicles may need to support other crash notification specifications such as eCall o Minor wording improvements and clarifications 17.10. Changes from draft-gellens-02 to draft-ietf-00 o Renamed from draft-gellens- to draft-ietf- o Added text to Introduction to clarify that during a CS ACN, the PSAP call taker usually needs to listen to the data and transcribe it 17.11. Changes from draft-gellens-01 to -02 o Fixed case of 'EmergencyCallData', in accordance with changes to [RFC7852] 17.12. Changes from draft-gellens-00 to -01 o Now using 'EmergencyCallData' for purpose parameter values and MIME subtypes, in accordance with changes to [RFC7852] o Added reference to RFC 6443 o Fixed bug that caused Figure captions to not appear 18. References 18.1. Normative References [I-D.ietf-ecrit-ecall] Gellens, R. and H. Tschofenig, "Next-Generation Pan- European eCall", draft-ietf-ecrit-ecall-10 (work in progress), July 2016. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types", RFC 3023, DOI 10.17487/RFC3023, January 2001, . [RFC4119] Peterson, J., "A Presence-based GEOPRIV Location Object Format", RFC 4119, DOI 10.17487/RFC4119, December 2005, . Gellens, et al. Expires February 2, 2017 [Page 37] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 [RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and Registration Procedures", RFC 4288, DOI 10.17487/RFC4288, December 2005, . [RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for Emergency and Other Well-Known Services", RFC 5031, DOI 10.17487/RFC5031, January 2008, . [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, . [RFC5491] Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV Presence Information Data Format Location Object (PIDF-LO) Usage Clarification, Considerations, and Recommendations", RFC 5491, DOI 10.17487/RFC5491, March 2009, . [RFC5962] Schulzrinne, H., Singh, V., Tschofenig, H., and M. Thomson, "Dynamic Extensions to the Presence Information Data Format Location Object (PIDF-LO)", RFC 5962, DOI 10.17487/RFC5962, September 2010, . [RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, "Framework for Emergency Calling Using Internet Multimedia", RFC 6443, DOI 10.17487/RFC6443, December 2011, . [RFC6881] Rosen, B. and J. Polk, "Best Current Practice for Communications Services in Support of Emergency Calling", BCP 181, RFC 6881, DOI 10.17487/RFC6881, March 2013, . [RFC7852] Gellens, R., Rosen, B., Tschofenig, H., Marshall, R., and J. Winterbottom, "Additional Data Related to an Emergency Call", RFC 7852, DOI 10.17487/RFC7852, July 2016, . [VEDS] Advanced Automatic Crash Notification (AACN) Joint APCO/ NENA Data Standardization Workgroup, , "Vehicular Emergency Data Set (VEDS) version 3", July 2012, . Gellens, et al. Expires February 2, 2017 [Page 38] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 18.2. Informative references [RFC5012] Schulzrinne, H. and R. Marshall, Ed., "Requirements for Emergency Context Resolution with Internet Technologies", RFC 5012, DOI 10.17487/RFC5012, January 2008, . [RFC5069] Taylor, T., Ed., Tschofenig, H., Schulzrinne, H., and M. Shanmugam, "Security Threats and Requirements for Emergency Call Marking and Mapping", RFC 5069, DOI 10.17487/RFC5069, January 2008, . [RFC6086] Holmberg, C., Burger, E., and H. Kaplan, "Session Initiation Protocol (SIP) INFO Method and Package Framework", RFC 6086, DOI 10.17487/RFC6086, January 2011, . [RFC7378] Tschofenig, H., Schulzrinne, H., and B. Aboba, Ed., "Trustworthy Location", RFC 7378, DOI 10.17487/RFC7378, December 2014, . [triage-2008] National Center for Injury Prevention and Control, and Centers for Disease Control and Prevention, "Recommendations from the Expert Panel: Advanced Automatic Collision Notification and Triage of the Injured Patient", 2008, . [triage-2011] National Center for Injury Prevention and Control, and Centers for Disease Control and Prevention, "Guidelines for field triage of injured patients: recommendations of the National Expert Panel on Field Triage", January 2012, . Authors' Addresses Randall Gellens Core Technology Consulting Email: rg+ietf@randy.pensive.org Gellens, et al. Expires February 2, 2017 [Page 39] Internet-Draft Vehicle-Initiated Emergency Calls August 2016 Brian Rosen NeuStar, Inc. 470 Conrad Dr Mars, PA 16046 US Email: br@brianrosen.net Hannes Tschofenig Individual Email: Hannes.Tschofenig@gmx.net URI: http://www.tschofenig.priv.at Gellens, et al. Expires February 2, 2017 [Page 40]