This document extends PASSporT, a token object that conveys cryptographically-signed information about the participants involved in personal communications, to include information defined as part of the SHAKEN [ATIS-1000074] specification for indicating an attestation level and originating ID.

1. Introduction

The SHAKEN specification defines a framework for using STIR protocols including PASSporT and the STIR certificate framework for implementing the cryptographic validation of an authorized originator of telephone calls using SIP. Because the current telephone network contains both VoIP and TDM/SS7 originated traffic, there is many scenarios that need to be accounted for where PASSporT signatures may represent either direct or indirect call origination scenarios. The SHAKEN [ATIS-1000074] specification defines levels of attribution of the origination of the call as well as an origination identifier that can help create a unique association with the origination of calls from various parts of the VoIP or TDM telephone network. This document specifies these indicators as a specified PASSporT extension.

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].

3. PASSporT ‘attest’ Claim

This indicator allows for both identifying the service provider that is vouching for the call as well as a clearly indicating what information the service provider is attesting to. The ‘attest’ claim can be one of the following three values, ‘A’, ‘B’, or ‘C’ as defined in [ATIS-1000074].

4. PASSporT ‘origid’ Claim

The purpose of the unique origination identifier is to assign an opaque identifier corresponding to the service provider-initiated calls themselves, customers, classes of devices, or other groupings that a service provider might want to use for determining things like reputation or trace back identification of customers or gateways. The value of ‘origid’ claim is a UUID as defined in [RFC4122].

Protected Header

6. Using ‘shaken’ in SIP

The use of the ‘shaken’ PASSporT type and the claims ‘attest’ and ‘origid’ are formally defined in [ATIS-1000074] for usage in SIP [RFC3261] aligned with the use of the identity header defined in [I-D.ietf-stir-rfc4474bis]. The carriage of the ‘attest’ and ‘origid’ values are in the full PASSporT token included in the identity header as specified in [ATIS-1000074].

7.1. JSON Web Token claims

This specification requests that the IANA add two new claims to the JSON Web Token Claims registry as defined in [RFC7519].

Claim Name: “attest”

Claim Description: Attestation level as defined in SHAKEN framework

Change Controller: IESG

Specification Document(s): [RFCThis]

Claim Name: “origid”

Claim Description: Originating Identifier as defined in SHAKEN framework

Change Controller: IESG

Specification Document(s): [RFCThis]

7.2. PASSporT Types

This specification requests that the IANA add a new entry to the PASSporT Types registry for the type “shaken” which is specified in [RFCThis].

