&xep0166; defines a framework for negotiating and managing out-of-band data sessions over XMPP. In order to provide a flexible framework, the base Jingle specification defines neither data transport methods nor application formats, leaving that up to separate specifications.
+The current document defines a transport method for establishing and managing data exchanges between XMPP entities by means of the Interactive Connectivity Establishment (ICE) methodology specified in &rfc5245;. The Jingle usage of ICE was also the first technology to send ICE candidates incrementally, a technique that has since become known as "Trickle ICE" &trickle;.
+The process for ICE negotiation is largely the same in Jingle as it is in RFC 5245. There are several differences:
+As originally defined in XEP-0166 and then &xep0176; the use of ICE in Jingle applied only to negotiations that established a User Datagram Protocol association (see &rfc0768;) and thus resulted in a Jingle datagram transport suitable for media applications where some packet loss is tolerable (e.g., audio and video). However, since the publication of &rfc6544; in 2012 it has also been possible to exchange Transmission Control Protocol (see &rfc0793;) candidates during ICE negotiation. Therefore this document expands the use of ICE in Jingle to also establish a TCP connection and thus result in a Jingle stream transport suitable for media applications where packet loss cannot be tolerated (e.g., file transfer). To reduce the possibility of confusion, the expanded definition provided here is specified in a new XEP, which is intended to supersede XEP-0176.
+The reader is referred to RFC 5245 and draft-ietf-ice-trickle for a description of various terms used in the context of ICE. Those terms are not reproduced here.
+The Jingle transport method defined herein is designed to meet the following requirements:
+In accordance with Section 10 of XEP-0166, this document specifies the following information related to the Jingle ICE transport method:
+The transport negotiation process is defined in the Protocol Description section of this document.
The semantics of the &TRANSPORT; element are defined in the ICE Negotiation section of this document.
Depending on the kinds of candidates exchanged, successful negotiation of this method results in use of a datagram transport (suitable for applications where some packet loss is tolerable, such as audio and video) or of a streaming transport (suitable for applications where packet loss is not tolerable, such as file transfer).
If multiple components are to be communicated by the application type that uses the transport, the transport shall support those components and assign identifiers for them as described in the specification that defines the application type.
The overall protocol flow for negotiation of the Jingle ICE Transport Method is as follows (note: many of these events happen simultaneously, not in sequence).
+|
+ | Jingle ack (XMPP IQ-result) |
+ |<-------------------------------------|
+ | Jingle session-accept stanza |
+ | (with one or more candidates) |
+ |<-------------------------------------|
+ | Jingle ack (XMPP IQ-result) |
+ |------------------------------------->|
+ | multiple STUN Binding Requests |
+ |<====================================>|
+ | multiple STUN Binding Results |
+ |<====================================>|
+ |<=========MEDIA NOW FLOWS============>|
+ | optional Jingle transport-info |
+ | stanzas (one candidate per stanza) |
+ |<------------------------------------>|
+ | |
+ ]]>
+ Note: The examples in this document follow the scenario described in Section 17 of RFC 5245, except that we substitute the Shakespearean characters "Romeo" and "Juliet" for the generic entities "L" and "R".
+In order for the initiator in a Jingle exchange to start the negotiation, it sends a Jingle "session-initiate" stanza that includes at least one content type, as described in XEP-0166. If the initiator wishes to negotiate the ICE transport method for an application format, it MUST include a &TRANSPORT; child element qualified by the 'urn:xmpp:jingle:transports:ice:0' namespace &VNOTE;. This element SHOULD in turn contain one &CANDIDATE; element for each of the initiator's higher-priority transport candidates as determined in accordance with the ICE methodology, but MAY instead be empty (with each candidate to be sent as the payload of a transport-info message).
+The &TRANSPORT; element's 'pwd' and 'ufrag' attributes MUST be included whenever sending one or more candidates to the other party, e.g. in a session-initiate, session-accept, transport-info, content-add, or transport-replace message. The values for these attributes are separately generated for both the initiator and the responder, in accordance with RFC 5245 and as shown in the examples. The attributes of the <transport/> element are as follows.
+| Name | +Description | +SDP Syntax | +Example | +
|---|---|---|---|
| pwd | +A Password as defined in RFC 5245. | +a=ice-pwd line | +asd88fgpdd777uzjYhagZg | +
| ufrag | +A User Fragment as defined in RFC 5245. | +a=ice-ufrag line | +8hhy | +
The attributes of the <candidate/> element are as follows.
+| Name | +Description | +SDP Syntax | +Example | +
|---|---|---|---|
| component | +A Component ID as defined in RFC 5245. | +Component ID value in a=candidate line | +1 | +
| foundation | +A Foundation as defined in RFC 5245. (Note that version 1.0 of this specification container an error, whereby the data type for the Jingle 'foundation' attribute was defined as xs:unsignedByte; in version 1.1 this was corrected to xs:string, however some existing implementations might not use or expect strings.) | +Foundation value in a=candidate line | +2B78DADC1A9E | +
| generation | +An index, starting at 0, that enables the parties to keep track of updates to the candidate throughout the life of the session. For details, see the ICE Restarts section of this document. | +extended name/value pair in a=candidate line | +0 | +
| id | +A unique identifier for the candidate. | +N/A | +el0747fg11 | +
| ip | +The Internet Protocol (IP) address for the candidate transport mechanism; this can be either an IPv4 address or an IPv6 address. | +IP Address value in a=candidate line | +192.0.2.3 | +
| network | +An index, starting at 0, referencing which network this candidate is on for a given peer (used for diagnostic purposes if the calling hardware has more than one Network Interface Card). | +N/A | +0 | +
| port | +The port at the candidate IP address. | +Port value in a=candidate line | +45664 | +
| priority | +A Priority as defined in RFC 5245.
+ |
+ Priority value in a=candidate line | +2130706431 | +
| protocol | +The protocol to be used. The values allowed by this specification are "udp" (see RFC 5245) and "tcp" (see RFC 6455). | +Transport protocol field in a=candidate line | +udp | +
| rel-addr | +A related address as defined in RFC 5245. | +raddr value in a=candidate line | +10.0.1.1 | +
| rel-port | +A related port as defined in RFC 5245. | +rport value in a=candidate line | +8998 | +
| type | +A Candidate Type as defined in RFC 5245 or RFC 6455. The allowable values are "host" for host candidates, "prflx" for peer reflexive candidates, "relay" for relayed candidates, "srflx" for server reflexive candidates, "tcp-active" for TCP active candidates, "tcp-passive" for TCP passive candidates, and "tcp-so" for TCP simultaneous-open candidates (the last three map to values from RFC 6455). | +Typ field in a=candidate line | +srflx | +
Note this specification does not provide an no equivalent of the "ice-options" attribute defined in Section 15.5 of RFC 5245, since it is not needed in XMPP given the existence of the Service Discovery extension (XEP-0030).
+As described in XEP-0166, to acknowledge receipt of the session initiation request, the responder immediately returns an IQ-result.
+Depending on the application type, a user agent controlled by a human user might need to wait for the user to affirm a desire to proceed with the session before continuing. When the user agent has received such affirmation (or if the user agent can automatically proceed for any reason, e.g. because no human intervention is expected or because a human user has configured the user agent to automatically accept sessions with a given entity), it returns a Jingle session-accept message. This message MUST contain a &TRANSPORT; element qualified by the 'urn:xmpp:jingle:transports:ice:0' namespace, which SHOULD in turn contain one &CANDIDATE; element for each ICE candidate generated by or known to the responder, but MAY instead be empty (with each candidate to be sent as the payload of a transport-info message).
+Note: See the Security Considerations section of this document regarding the exposure of IP addresses by the responder's client.
+The initiator and responder negotiate connectivity over ICE by exchanging XML-formatted transport candidates for the channel. This negotiation proceeds immediately in order to maximize the possibility that connectivity can be established (and therefore media can be exchanged) as quickly as possible. In order to expedite session establishment, the initiator SHOULD include transport candidates in its session-initiate message but MAY also send additional transport candidates as soon as it learns of them, even before receiving the IQ-result that acknowledges the session-initiate message (i.e., the initiator MUST consider the session to be live as soon as it sends the session-initiate message).
The first step in negotiating connectivity is for each party to send transport candidates to the other party.
Each candidate shall be sent as a <candidate/> child of a &TRANSPORT; element qualified by the 'urn:xmpp:jingle:transports:ice:0' namespace. The &TRANSPORT; element is sent via a Jingle message of type session-initiate, session-accept, or transport-info.
+Either party MAY include multiple <candidate/> elements in one &TRANSPORT; element, especially in the session-initiate and session-accept messages sent at the beginning of the session negotiation. Including multiple candidates in the session-initiate and session-accept messages can help to ensure interoperability with entities that implement the SDP offer/answer model described in RFC 3264; in particular, an entity SHOULD include multiple candidates in its session-initiate or session-accept message if the other party advertises support for the "urn:ietf:rfc:3264" service discovery feature as described in the SDP Offer / Answer Support section of this document. However, including one candidate per subsequent transport-info message typically results in a faster negotiation because the candidates most likely to succeed are sent first (in the session-info and session-accept messages) and it is not necessary to gather all candidates before beginning to send any candidates; furthermore, because certain candidates can be more "expensive" in terms of bandwidth or processing power, either party might not want to advertise the existence of such candidates unless it is necessary to do so after other candidates have failed.
+If the party that receives a candidate in a Jingle message can successfully process a given candidate or set of candidates, it returns an IQ-result (if not, for example because the candidate data is improperly formatted, it returns an IQ-error). At this point, the receiving entity is only indicating receipt of the candidate or set of candidates, not telling the other party that the candidate will be used.
+The initiator can keep sending candidates (without stopping to receive an acknowledgement of receipt from the responder for each candidate) until it has exhausted its supply of possible or desirable transport candidates. The responder can also keep sending potential candidates, which the initiator will acknowledge.
+As the initiator and responder receive candidates, they probe the candidates for connectivity. In performing these connectivity checks, each party SHOULD follow the procedure specified in Section 7 of RFC 5245. The following business rules apply:
+When it receives a STUN Binding Request, each party MUST return a STUN Binding Response, which indicates either an error case or the success case. As described in Section 7.1.2.2 of RFC 5245, a connectivity check succeeds if all of the following are true:
+For the candidates exchanged in the previous section, the connectivity checks would be as follows (this diagram mirrors the example in RFC 5245).
+| |
+ | | STUN Binding Request |
+ | | from 192.0.2.3:45664 |
+ | | to 192.0.2.1:3478 |
+ | | USE-CANDIDATE |
+ | |======================>|
+ | | STUN Binding Response |
+ | | from 192.0.2.1:3478 |
+ | | to 192.0.2.3:45664 |
+ | |<======================|
+ | STUN Binding Response | |
+ | from 192.0.2.1:3478 | |
+ | to 10.0.1.1:8998 | |
+ | map 192.0.2.3:45664 | |
+ |<======================| |
+ | | |
+ |<==Media Now Can Flow==| |
+ | | |
+ | | STUN Binding Request |
+ | | from 192.0.2.1:3478 |
+ | | to 192.0.2.3:45664 |
+ | |<======================|
+ | STUN Binding Request | |
+ | from 192.0.2.1:3478 | |
+ | to 10.0.1.1:8998 | |
+ |<======================| |
+ | STUN Binding Response | |
+ | from 10.0.1.1:8998 | |
+ | to 192.0.2.1:3478 | |
+ | map 192.0.2.1:3478 | |
+ |======================>| |
+ | | STUN Binding Response |
+ | | from 192.0.2.3:45664 |
+ | | to 192.0.2.1:3478 |
+ | | map 192.0.2.1:3478 |
+ | |======================>|
+ | | |
+ | |==Media Now Can Flow==>|
+ | | |
+ ]]>
+ Note: Here the initiator (controlling agent) is using "aggressive nomination" as described in Section 8.1.1.2 of RFC 5245 and therefore includes the USE-CANDIDATE attribute in the STUN Binding Requests it sends.
+As explained in the Trickle ICE specification, when a party has completed gathering of candidates it will send an "end-of-candidates indication" to the other party. In Jingle, this takes the form of an informational message as described under Informational Messages. This specificaton defines only a standalone "end-of-candidates indication" (i.e., not a way to indicate ICE completion in an offer or answer).
+If, based on STUN connectivity checks, the parties determine that they will be able to exchange media between a given pair of local candidates and remote candidates (i.e., the pair is "nominated" and ICE processing is "completed"), they can then begin using that candidate pair to exchange media.
+Once the parties have connectivity and therefore the initiator has completed ICE as explained in RFC 5245, the initiator MAY communicate the in-use candidate pair in the signalling channel by sending a transport-info message that contains a <remote-candidate/> element (this maps to the SDP "remote-candidates" attribute as described in Section B.6 of RFC 5245, i.e., remote candidates are "the actual candidates at R that were selected by the offerer", of which there will be only one at this stage of the ICE negotiation).
+(In accordance with Jingle core, the responder will also acknowledge the transport-info message.)
+In the unlikely event that one of the parties determines that it cannot establish connectivity even after sending and checking lower-priority candidates, it SHOULD terminate the session as described in XEP-0166.
+Even after media has begun to flow, either party MAY continue to send additional candidates to the other party (e.g., because the user agent has become aware of a new media proxy or network interface card). Such candidates are shared by sending a transport-info message.
+The receiving party MUST acknowledge receipt of the candidate.
+The parties would check the newly-offered candidate for connectivity, as described previously. If the parties determine that media can flow over the candidate, they MAY then use the new candidate in subsequent communications.
+At any time, either party MAY restart the process of ICE negotiation by sending a candidate with a 'generation' value that is greater than the previous generation of candidates; when it does so, it MUST generate new values for the 'pwd' and 'ufrag' attributes, consistent with the definition of an ICE restart in Section 9.1.1.1 of RFC 5245 (because an ICE restart is signalled by a change in the 'pwd' and 'ufrag' attributes, strictly speaking the 'generation' attribute is not absolutely necessary). As explained in RFC 5245, typically the ICE negotiation would be restarted to change the media target (e.g., an IP address change for one of the parties) and certain third-party-call-control scenarios.
+The recipient then acknowledges receipt.
+The parties would then exchange new candidates to renegotiate connectivity and would check the new candidates for connectivity, as described previously. If the parties determine that media can flow over one of the new candidates, they can then use the successful candidate in subsequent communications. However, while ICE is being renegotiated the parties can continue to send media with the existing candidate-in-use.
+It can happen that the responder does not support ICE, in which case it can be necessary to fall back to use of the &xep0177;. One typical scenario is communication between an ICE-aware Jingle endpoint and a non-ICE-aware SIP endpoint through a Jingle-to-SIP gateway, as follows:
+The session flow is as follows.
+| |
+ | ack | |
+ |<------------------------| |
+ | transport-replace | |
+ | (Raw UDP) | |
+ |<------------------------| |
+ | ack | |
+ |------------------------>| |
+ | transport-accept | |
+ |------------------------>| |
+ | ack | |
+ |<------------------------| SIP INVITE |
+ | |------------------------>|
+ | | 200 OK |
+ | |<------------------------|
+ | session-accept | |
+ |<------------------------| |
+ | ack | |
+ |------------------------>| |
+ | MEDIA SESSION |
+ |<=================================================>|
+ | | SIP BYE |
+ | |<------------------------|
+ | session-terminate | |
+ |<------------------------| |
+ | ack | |
+ |------------------------>| ack |
+ | |------------------------>|
+ | | |
+ ]]>
+ The protocol flow is as follows, showing only the stanzas sent between Romeo and the gateway (acting on Juliet's behalf).
+Immediately the gateway sends a transport-replace message to Romeo, specifying a transport of Raw UDP with a candidate whose IP address and port identify a media relay at the gateway.
+Romeo then acknowledges the transport-replace message and immediately also sends a transport-accept.
+The gateway then acknowledges the acceptance on behalf of Juliet.
+The responder then sends a session-accept through the gateway.
+The endpoints now begin to exchange session media, and can continue the session as long as desired.
+Informational messages can be sent by either party within the context of Jingle to communicate the status of a Jingle ICE "session". The informational message MUST be an IQ-set containing a &JINGLE; element of type "transport-info", where the informational message is a payload element qualified by the 'urn:xmpp:jingle:transports:ice:info:0' namespace.
+The only payload element defined so far is the <ice-gathering-complete/> element. This element is used only to signal that gathering of ICE candidates has been completed (i.e., to send an "end-of-candidates indication"), as in the following example.
+To advertise its support for the Jingle ICE Transport Method, when replying to &xep0030; information requests an entity MUST return URNs for any version of this protocol that the entity supports -- e.g., "urn:xmpp:jingle:transports:ice:0" for this version (and "urn:xmpp:jingle:transports:ice-udp:1" for the "ICE-UDP" version previously specified in XEP-0176 &VNOTE;.
+In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.
+If an entity supports the SDP offer / answer model described in RFC 3264 and therefore prefers to receive multiple candidates in a single transport-info message, it MUST advertise support for the "urn:ietf:rfc:3264" service discovery feature. Typically this feature will be advertised only by gateways between Jingle and SIP.
+In order to speed the negotiation process so that media can flow as quickly as possible, the initiator SHOULD gather and prioritize candidates in advance, or as soon as the principal begins the process of initiating a session.
+This specification applies exclusively to Jingle clients and places no additional requirements on XMPP servers. However, service administrators might wish to deploy a STUN server in order to ease the client-to-client negotiation process and a TURN server for media relaying (see &turn;). Deployment of support for &xep0215; might also be helpful.
+By definition, the exchange of transport candidates results in exposure of the sender's IP addresses, which comprise a form of personally identifying information. A Jingle client MUST enable a user to control which entities will be allowed to receive such information. If a human user explicitly accepts a session request, then the client SHOULD consider that action to imply approval of IP address sharing. However, waiting for a human user to explicitly accept the session request can result in delays during session setup, since it is more efficient to immediately begin sharing transport candidates. Therefore, it is RECOMMENDED for the client to immediately send transport candidates to a contact (without waiting for explicit user approval of the session request) in the following cases:
+A Jingle implementation SHOULD support security preconditions that are enforced before application media is allowed to flow over a UDP association, such as those described in &xtls;.
+Application types that use the Jingle ICE transport method MAY also define their own application-specific encryption methods, such as the Secure Real-time Transport Protocol (SRTP) for RTP exchanges as described in &xep0167;.
+This document requires no interaction with &IANA;.
+This specification defines the following XML namespace:
+The ®ISTRAR; includes the foregoing namespace in its registry at &NAMESPACES;, as governed by &xep0053;.
+If an entity supports the SDP offer / answer model described in RFC 3264 and therefore prefers to receive one transport-info message with multiple candidates, it MUST advertise support for the "urn:ietf:rfc:3264" feature.
+The registry submission is as follows.
+
+ urn:ietf:rfc:3264
+
+ Signals support for the SDP offer / answer model
+ described in RFC 3264
+
+ XEP-0176
+
+ ]]>
+ The XMPP Registrar includes "ice" in its registry of Jingle transport methods at &JINGLETRANSPORTS;. The registry submission is as follows:
+
+ ice
+
+ A method for negotiation of out-of-band UDP associations
+ or TCP connections with built-in NAT and firewall traversal
+ using the IETF's Interactive Connectivity Establishment (ICE)
+ methodology.
+
+ datagram or streaming
+ XEP-0176
+
+ ]]>
+
+
+
+
+
+
+ The protocol documented by this schema is defined in
+ XEP-0176: http://www.xmpp.org/extensions/xep-0176.html
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+Special thanks to Joe Beda, Scott Ludwig, Joe Hildebrand, Sean Egan, and Robert McQueen for co-authoring XEP-0176, from which this document was forked.
+Thanks also to Diana Cionoiu, Olivier Crête, Philipp Hancke, Tim Julien, Steffen Larsen, Unnikrishnan Vikrama Panicker, Mike Ruprecht, Lance Stout, Justin Uberti, and Paul Witty for their feedback.
+