rfc9795.original   rfc9795.txt 
Network Working Group C. Wendt Internet Engineering Task Force (IETF) C. Wendt
Internet-Draft Somos Inc. Request for Comments: 9795 Somos Inc.
Intended status: Standards Track J. Peterson Category: Standards Track J. Peterson
Expires: 7 December 2023 Neustar Inc. ISSN: 2070-1721 Neustar Inc.
5 June 2023 May 2025
PASSporT Extension for Rich Call Data Personal Assertion Token (PASSporT) Extension for Rich Call Data
draft-ietf-stir-passport-rcd-26
Abstract Abstract
This document extends PASSporT, a token for conveying This document extends Personal Assertion Token (PASSporT), a token
cryptographically-signed call information about personal for conveying cryptographically signed call information about
communications, to include rich meta-data about a call and caller personal communications, to include rich metadata about a call and
that can be signed and integrity protected, transmitted, and caller that can be signed and integrity protected, transmitted, and
subsequently rendered to the called party. This framework is subsequently rendered to the called party. This framework is
intended to include and extend caller and call specific information intended to include and extend caller- and call-specific information
beyond human-readable display name comparable to the "Caller ID" beyond human-readable display name, comparable to the "Caller ID"
function common on the telephone network and is also enhanced with a function common on the telephone network. It is also enhanced with
integrity mechanism that is designed to protect the authoring and an integrity mechanism that is designed to protect the authoring and
transport of this information for different authoritative use-cases. transport of this information for different authoritative use cases.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 7 December 2023. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9795.
Copyright Notice Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Please review these documents carefully, as they describe your rights carefully, as they describe your rights and restrictions with respect
and restrictions with respect to this document. Code Components to this document. Code Components extracted from this document must
extracted from this document must include Revised BSD License text as include Revised BSD License text as described in Section 4.e of the
described in Section 4.e of the Trust Legal Provisions and are Trust Legal Provisions and are provided without warranty as described
provided without warranty as described in the Revised BSD License. in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology
3. Overview of the use of the Rich Call Data PASSporT 3. Overview of the Use of the Rich Call Data PASSporT Extension
extension . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Overview of Rich Call Data Integrity
4. Overview of Rich Call Data Integrity . . . . . . . . . . . . 5 5. PASSporT Claim "rcd" Definition and Usage
5. PASSporT Claim "rcd" Definition and Usage . . . . . . . . . . 7 5.1. PASSporT "rcd" Claim
5.1. PASSporT "rcd" Claim . . . . . . . . . . . . . . . . . . 7 5.1.1. "nam" key
5.1.1. "nam" key . . . . . . . . . . . . . . . . . . . . . . 7 5.1.2. "apn" key
5.1.2. "apn" key . . . . . . . . . . . . . . . . . . . . . . 7 5.1.3. "icn" key
5.1.3. "icn" key . . . . . . . . . . . . . . . . . . . . . . 8 5.1.4. "jcd" key
5.1.4. "jcd" key . . . . . . . . . . . . . . . . . . . . . . 9 5.1.5. "jcl" key
5.1.5. "jcl" key . . . . . . . . . . . . . . . . . . . . . . 9 6. "rcdi" RCD Integrity Claim Definition and Usage
6. "rcdi" RCD Integrity Claim Definition and Usage . . . . . . . 10 6.1. Creation of the "rcd" Element Digests
6.1. Creation of the "rcd" element digests . . . . . . . . . . 11 6.1.1. "nam" and "apn" Elements
6.1.1. "nam" and "apn" elements . . . . . . . . . . . . . . 12 6.1.2. "icn" Elements
6.1.2. "icn" elements . . . . . . . . . . . . . . . . . . . 12 6.1.3. "jcd" Elements
6.1.3. "jcd" elements . . . . . . . . . . . . . . . . . . . 12 6.1.4. "jcl" Elements
6.1.4. "jcl" elements . . . . . . . . . . . . . . . . . . . 14 6.2. JWT Claim Constraints for "rcd" Claims
6.2. JWT Claim Constraints for "rcd" claims . . . . . . . . . 15 6.3. JWT Claim Constraints Usage for "rcd" and "rcdi" Claims
6.3. JWT Claim Constraints usage for "rcd" and "rcdi" 7. PASSporT "crn" Claim - Call Reason Definition and Usage
claims . . . . . . . . . . . . . . . . . . . . . . . . . 15 7.1. JWT Constraint for "crn" Claim
7. PASSporT "crn" claim - Call Reason Definition and Usage . . . 16 8. Rich Call Data Claims Usage Rules
7.1. JWT Constraint for "crn" claim . . . . . . . . . . . . . 16 8.1. "rcd" PASSporT Verification
8. Rich Call Data Claims Usage Rules . . . . . . . . . . . . . . 16 8.2. "rcdi" Integrity Verification
8.1. "rcd" PASSporT Verification . . . . . . . . . . . . . . . 17 8.3. Example "rcd" PASSporTs
8.2. "rcdi" Integrity Verification . . . . . . . . . . . . . . 17 9. Compact Form of "rcd" PASSporT
8.3. Example "rcd" PASSporTs . . . . . . . . . . . . . . . . . 18 9.1. Compact Form of the "rcd" PASSporT Claim
9. Compact form of "rcd" PASSporT . . . . . . . . . . . . . . . 21 9.2. Compact Form of the "rcdi" PASSporT Claim
9.1. Compact form of the "rcd" PASSporT claim . . . . . . . . 21 9.3. Compact Form of the "crn" PASSporT Claim
9.2. Compact form of the "rcdi" PASSporT claim . . . . . . . . 21 10. Third-Party Uses
9.3. Compact form of the "crn" PASSporT claim . . . . . . . . 21 10.1. Signing as a Third Party
10. Third-Party Uses . . . . . . . . . . . . . . . . . . . . . . 21 10.2. Verification Using Third-Party RCD
10.1. Signing as a Third Party . . . . . . . . . . . . . . . . 23 11. Levels of Assurance
10.2. Verification using Third Party RCD . . . . . . . . . . . 23 12. Use of "rcd" PASSporTs in SIP
11. Levels of Assurance . . . . . . . . . . . . . . . . . . . . . 24 12.1. Authentication Service Behavior for SIP Protocol
12. Use of "rcd" PASSporTs in SIP . . . . . . . . . . . . . . . . 24 12.2. Verification Service Behavior for SIP Protocol
12.1. Authentication Service Behavior for SIP protocol . . . . 25 13. Using "rcd", "rcdi", and "crn" as Additional Claims to Other
12.2. Verification Service Behavior for SIP protocol . . . . . 26 PASSporT Extensions
13. Using "rcd", "rcdi", "crn" as additional claims to other 13.1. Procedures for Applying RCD Claims as Claims Only
PASSporT extensions . . . . . . . . . . . . . . . . . . . 27 13.2. Example for Applying RCD Claims as Claims Only
14. Further Information Associated with Callers
13.1. Procedures for applying RCD claims as claims only . . . 27 15. IANA Considerations
13.2. Example for applying RCD claims as claims only . . . . . 27 15.1. JSON Web Token Claim
14. Further Information Associated with Callers . . . . . . . . . 28 15.2. Personal Assertion Token (PASSporT) Extensions
15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29 15.3. PASSporT RCD Claim Types
16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 16. Security Considerations
16.1. JSON Web Token Claim . . . . . . . . . . . . . . . . . . 29 16.1. Use of JWT Claim Constraints in Delegate Certificates to
16.2. Personal Assertion Token (PASSporT) Extensions . . . . . 30 Exclude Unauthorized Claims
16.3. PASSporT RCD Claim Types . . . . . . . . . . . . . . . . 30 17. References
17. Security Considerations . . . . . . . . . . . . . . . . . . . 30 17.1. Normative References
17.1. The use of JWT Claim Constraints in delegate certificates 17.2. Informative References
to exclude unauthorized claims . . . . . . . . . . . . . 32 Acknowledgements
18. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 Authors' Addresses
18.1. Normative References . . . . . . . . . . . . . . . . . . 32
18.2. Informative References . . . . . . . . . . . . . . . . . 34
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34
1. Introduction 1. Introduction
PASSporT [RFC8225] is a token format based on JWT [RFC7519] for PASSporT [RFC8225] is a token format based on JSON Web Token (JWT)
conveying cryptographically-signed information about the parties [RFC7519] for conveying cryptographically signed information about
involved in personal communications; it is used to convey a signed the parties involved in personal communications; it is used to convey
assertion of the identity of the participants in real-time a signed assertion of the identity of the participants in real-time
communications established via a protocol like SIP [RFC8224]. The communications established via a protocol like SIP [RFC8224]. The
STIR problem statement [RFC7340] declared securing the display name Secure Telephone Identity Revisited (STIR) problem statement
of callers outside of STIR's initial scope. This document extends [RFC7340] declared securing the display name of callers outside of
the use of JWT and PASSporT in the overall STIR framework by defining STIR's initial scope. This document extends the use of JWT and
a PASSporT extension and the associated STIR procedures to protect PASSporT in the overall STIR framework by defining a PASSporT
additional caller and call related information. This is additional extension and the associated STIR procedures to protect additional
information beyond the calling party originating identity (e.g. caller- and call-related information. This is information beyond the
telephone number or SIP URI) that is intended to be rendered to calling party originating identity (e.g., telephone number or SIP
assist a called party in determining whether to accept or trust URI) that is intended to be rendered to assist a called party in
incoming communications. This includes information such as the name determining whether to accept or trust incoming communications. This
of the person or entity on one side of a communications session, for includes information such as the name of the person or entity on one
example, the traditional "Caller ID" of the telephone network along side of a communications session, for example, the traditional
with related display information that would be rendered to the called "Caller ID" of the telephone network along with related display
party during alerting or potentially used by an automaton to information that would be rendered to the called party during
determine whether and how to alert a called party to a call and whom alerting or potentially used by an automaton to determine whether and
is calling. how to alert a called party to a call and whom is calling.
Traditional telephone network signaling protocols have long supported Traditional telephone network signaling protocols have long supported
delivering a 'calling name' from the originating side, though in delivering a 'calling name' from the originating side, though in
practice, the terminating side is often left to determine a name from practice the terminating side is often left to determine a name from
the calling party number by consulting a local address book or an the calling party number by consulting a local address book or an
external database. SIP, for example, similarly can carry this external database. SIP, for example, similarly can carry this
information in a 'display-name' in the From header field value from information in a display-name in the From header field value (or
the originating to terminating side, or alternatively in the Call- alternatively the Call-Info header field) from the originating to
Info header field. In this document, we utilize the STIR framework terminating side. In this document, we utilize the STIR framework to
to more generally extend the assertion of an extensible set of more generally extend the assertion of an extensible set of identity
identity information not limited to but including calling name. information not limited to but including calling name.
This document extends PASSporT to provide cryptographic protection This document extends PASSporT to provide cryptographic protection
for the "display-name" field of SIP requests, or similar name fields for the "display-name" field of SIP requests, or similar name fields
in other protocols, as well as further "rich call data" (RCD) about in other protocols, as well as further "rich call data" (RCD) about
the caller, which includes the contents of the Call-Info header field the caller, which includes the contents of the Call-Info header field
or other data structures that can be added to the PASSporT. In or other data structures that can be added to the PASSporT. In
addition, Section 12 describes use-cases that enable external third- addition, Section 12 describes use cases that enable external third-
party authorities to convey rich information associated with a party authorities to convey rich information associated with a
calling number via a "rcd" PASSporT while clearly identifying the calling number via an "rcd" PASSporT while clearly identifying the
third-party as the source of the Rich Call Data information. third-party as the source of the Rich Call Data information.
Finally, this document describes how to preserve the integrity of the Finally, this document describes how to preserve the integrity of the
RCD in scenarios where there may be non-authoritative users RCD in scenarios where there may be non-authoritative users
initiating and signing RCD and therefore a constraint on the RCD data initiating and signing RCD and therefore a constraint on the RCD that
that a PASSporT can attest via certificate-level controls. a PASSporT can attest via certificate-level controls.
2. Terminology 2. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Overview of the use of the Rich Call Data PASSporT extension 3. Overview of the Use of the Rich Call Data PASSporT Extension
This document defines Rich Call Data (RCD) which is a PASSporT This document defines Rich Call Data (RCD), which is a PASSporT
extension [RFC8225] that defines an extensible claim for asserting extension [RFC8225] that defines an extensible claim for asserting
information about the call beyond the telephone number. This information about the call beyond the telephone number. This
includes information such as more detailed information about the includes more detailed information about the calling party, calling
calling party or calling number being presented or the purpose of the number, or the purpose of the call. There are many use cases that
call. There are many use-cases that will be described in this this document describes around the entities responsible for the
document around the entities responsible for the signing and signing and integrity of this information, whether it is the entity
integrity of this information, whether it is the entity that that originates a call, a service provider acting on behalf of a
originates a call, a service provider acting on behalf of a caller or caller, or when third-party services may be authoritative over the
use-cases where third-party services may be authoritative over the RCD on behalf of the caller. In general, PASSporT [RFC8225] has been
rich call data on behalf of the caller. In general, PASSporT defined to be independent of the communications protocol, but its
[RFC8225] has been defined to be a communications protocol initial usage as detailed in [RFC8224] is with the SIP protocol
independent technology, but it's initial usage as detailed in [RFC3261]. There are many SIP-specific references and definitions in
this document, but future specifications may extend the usage of RCD
[RFC8224] is with the SIP protocol [RFC3261]. There are many SIP PASSporTs and claims to other protocol-specific usage and
specific references and definitions in this document, but future definitions.
specifications may extend the usage of RCD PASSporTs and claims to
other protocol specific usage and definitions.
The RCD associated with the identity of the calling party described The RCD associated with the identity of the calling party described
in this document is of two main categories. The first data is a more in this document is of two main categories. The first data is a more
traditional set of info about a caller associated with "display-name" traditional set of information about a caller associated with
in SIP [RFC3261], typically a textual description of the caller, or "display-name" in SIP [RFC3261], typically a textual description of
alternate presentation numbers often used in From Header field the caller, or alternate presentation numbers often used in the From
[RFC3261] or P-Asserted-Identity [RFC3325], or an icon associated header field [RFC3261] or P-Asserted-Identity header field [RFC3325],
with the caller. The second category is a set of RCD that is defined or an icon associated with the caller. The second category is a set
as part of the jCard definitions or extensions to that data. of RCD that is defined as part of the jCard definitions or extensions
[I-D.ietf-sipcore-callinfo-rcd] describes the optional use of jCard to that data. [RFC9796] describes the optional use of jCard in the
in Call-Info header field as RCD with the "jcard" Call-Info purpose Call-Info header field as RCD with the "jcard" Call-Info purpose
token. Either or both of these two types of data can be incorporated token. Either or both of these two types of data can be incorporated
into an "rcd" claim defined in this document. into an "rcd" claim as defined in this document.
Additionally, in relation to the description of the specific Additionally, in relation to the description of the specific
communications event itself (versus the identity description in communications event itself (versus the identity description in the
previous paragraph), [I-D.ietf-sipcore-callinfo-rcd] also describes a previous paragraph), [RFC9796] also describes a "call-reason"
"call-reason" parameter intended for description of the intent or parameter intended for description of the intent or reason for a
reason for a particular call. A new PASSporT claim "crn", or call particular call. A new PASSporT claim "crn", or call reason, can
reason, can contain a string that describes the intent of the call. contain a string that describes the intent of the call. This claim
This claim is intentionally kept separate from the "rcd" claim is intentionally kept separate from the "rcd" claim because it is
because it is envisioned that call reason is not the same as envisioned that call reason is not the same as information associated
information associated with the caller and may change on a more with the caller and may change on a more frequent, per-call basis.
frequent, per call, type of basis.
4. Overview of Rich Call Data Integrity 4. Overview of Rich Call Data Integrity
When incorporating call data that represents a user, even in When incorporating call data that represents a user, even in
traditional calling name services today, often there are policy and traditional calling name services today, often there are policy and
restrictions around what data elements are allowed to be used. restrictions around what data elements are allowed to be used.
Whether preventing offensive language or icons or enforcing Whether preventing offensive language or icons, enforcing uniqueness,
uniqueness, potential trademark or copyright violations or other notifying about potential trademark or copyright violations, or
policy enforcement, there might be the desire to pre-certify or "vet" enforcing other policies, there might be the desire to pre-certify or
the specific use of rich call data. This document defines a "vet" the specific use of RCD. This document defines a mechanism
mechanism that allows for a direct or indirect party that enforces that allows for a direct or indirect party that enforces the policies
the policies to approve or certify the content, create a to approve or certify the content, create a cryptographic digest that
cryptographic digest that can be used to validate that data and can be used to validate that data and applies a constraint in the
applies a constraint in the certificate to allow the recipient and certificate to allow the recipient and verifier to validate that the
verifier to validate that the specific content of the RCD is as specific content of the RCD is as intended at its creation and its
intended at its creation and approval or certification. approval or certification.
There are two mechanisms that are defined to accomplish that for two There are two mechanisms that are defined to accomplish that for two
distinct categories of purposes. The first of the mechanisms include distinct categories of purposes. The first of the mechanisms include
the definition of an integrity claim. The RCD integrity mechanism is the definition of an integrity claim. The RCD integrity mechanism is
a process of generating a cryptographic digest for each resource a process of generating a cryptographic digest for each resource
referenced by a URI within a claim value (e.g., an image file referenced by a URI within a claim value (e.g., an image file
referenced by "jcd" or a jCard referenced by "jcl"). This mechanism referenced by "jcd" or a jCard referenced by "jcl"). This mechanism
is inspired by and based on the W3C Subresource Integrity is inspired by and based on the W3C Subresource Integrity
specification [W3C-SubresourceIntegrity]. The second of the specification [W3C-SubresourceIntegrity]. The second of the
mechanisms uses the capability called JWT Claim Constraints, defined mechanisms uses the capability called JWT Claim Constraints, defined
in [RFC8226] and extended in [RFC9118]. The JWT Claim Constraints in [RFC8226] and extended in [RFC9118]. The JWT Claim Constraints
specifically guide the verifier within the certificate used to specifically guide the verifier within the certificate used to
compute the signature in the PASSporT for the inclusion (or compute the signature in the PASSporT for the inclusion (or
exclusion) of specific claims and their values, so that the content exclusion) of specific claims and their values, so that the content
intended by the signer can be verified to be accurate. intended by the signer can be verified to be accurate.
Both of these mechanisms, integrity digests and JWT Claims Both of these mechanisms, integrity digests and JWT Claims
Constraints, can be used together or separately depending on the Constraints, can be used together or separately depending on the
intended purpose. The first category of purpose is whether the rich intended purpose. The first category of purpose is whether the RCD
call data conveyed in the PASSporT claims is pass-by-value or pass- conveyed in the PASSporT claims is passed by value or passed by
by-reference; i.e., is the information contained in the PASSporT reference; i.e., is the information contained in the PASSporT claims
claims and therefore integrity protected by the PASSporT signature, and therefore integrity protected by the PASSporT signature, or is
or is the information contained in an external resource referenced by the information contained in an external resource referenced by a URI
a URI in the PASSporT. The second category of purpose is whether the in the PASSporT? The second category of purpose is whether the
signer is authoritative or has responsibility for the accuracy of the signer is authoritative or has responsibility for the accuracy of the
RCD based on the policies of the eco-system the "rcd" PASSporTs or RCD based on the policies of the ecosystem the "rcd" PASSporTs or
"rcd" claims are being used. "rcd" claims are being used.
The following table provides an overview of the framework for how The following table provides an overview of the framework for how
integrity should be used with RCD. ("Auth" represents integrity should be used with RCD. ("Auth" represents
"authoritative" in this table.) "authoritative" in this table.)
+----------+---------------------+--------------------------------+ +==========+=====================+==================================+
| Modes | No URI refs | Includes URI refs | | Modes | No URI refs | Includes URI refs |
+----------+---------------------+--------------------------------+ +==========+=====================+==================================+
| Auth | 1: No integrity req | 2: RCD Integrity | | Auth | 1: No integrity req | 2: RCD Integrity |
+----------+---------------------+--------------------------------+ +==========+---------------------+----------------------------------+
| Non-Auth | 3: JWT Claim Const. | 4: RCD Integ./JWT Claim Const. | | Non-Auth | 3: JWT Claim Const. | 4: RCD Integ. / |
+----------+---------------------+--------------------------------+ | | | JWT Claim Const. |
+==========+---------------------+----------------------------------+
Table 1
The first and simplest mode is exclusively for when all RCD content The first and simplest mode is exclusively for when all RCD content
is directly included as part of the claims (i.e. no URIs referencing is directly included as part of the claims (i.e., no URIs referencing
external content are included in the content) and when the signer is external content are included in the content) and when the signer is
authoritative over the content. In this mode, integrity protection authoritative over the content. In this mode, integrity protection
is not required and the set of claims is simply protected by the is not required, and the set of claims is simply protected by the
signature of the standard PASSporT [RFC8225] and SIP identity header signature of the standard PASSporT [RFC8225] and SIP identity header
[RFC8224] procedures. The second mode is an extension of the first [RFC8224] procedures. The second mode is an extension of the first
where the signer is authoritative and an "rcd" claim contents include where the signer is authoritative, and an "rcd" claim contents
a URI identifying external resources. In this mode, an RCD Integrity include a URI identifying external resources. In this mode, an RCD
or "rcdi" claim MUST be included. This integrity claim is defined Integrity or "rcdi" claim MUST be included. This integrity claim is
later in this document and provides a digest of the "rcd" claim defined later in this document and provides a digest of the "rcd"
content so that, particularly for the case where there are URI claim content so that, particularly for the case where there are URI
references in the RCD, the content of that RCD can be comprehensively references in the RCD, the content of that RCD can be comprehensively
validated that it was received as intended by the signer of the validated that it was received as intended by the signer of the
PASSporT. PASSporT.
The third and fourth modes cover cases where there is a different The third and fourth modes cover cases where there is a different
authoritative entity responsible for the content of the RCD, separate authoritative entity responsible for the content of the RCD, separate
from the signer of the PASSporT itself, allowing the ability, in from the signer of the PASSporT itself, allowing the ability, in
particular when delegating signing authority for PASSporT, to enable particular when delegating signing authority for PASSporT, to enable
a mechanism for allowing agreed or vetted content included in or a mechanism for allowing agreed or vetted content included in or
referenced by the RCD claim contents. The primary framework for referenced by the RCD claim contents. The primary framework for
allowing the separation of authority and the signing of PASSporTs by allowing the separation of authority and the signing of PASSporTs by
non-authorized entities is detailed in [RFC9060] although other cases non-authorized entities is detailed in [RFC9060], although other
may apply. As with the first and second modes, the third and fourth cases may apply. As with the first and second modes, the third and
modes differ with the absence or inclusion of referenced external fourth modes differ with the absence or inclusion of referenced
content using URIs. external content using URIs.
5. PASSporT Claim "rcd" Definition and Usage 5. PASSporT Claim "rcd" Definition and Usage
5.1. PASSporT "rcd" Claim 5.1. PASSporT "rcd" Claim
This document defines a new JSON Web Token claim for "rcd", Rich Call This document defines a new JSON Web Token claim for "rcd", Rich Call
Data, the value of which is a JSON object that can contain one or Data, the value of which is a JSON object that can contain one or
more key value pairs. This document defines a default set of key more key value pairs. This document defines a default set of key
values. values.
5.1.1. "nam" key 5.1.1. "nam" key
The "nam" key value is a display name, associated with the originator The "nam" key value is a display name, associated with the originator
of personal communications, which may for example match the display- of personal communications, which may, for example, match the
name component of the From header field value of a SIP request display-name component of the From header field value of a SIP
[RFC3261] or alternatively from the P-Asserted-Identity header field request [RFC3261] or alternatively of the P-Asserted-Identity header
value [RFC3325], or a similar field in other PASSporT using field value [RFC3325], or a similar field in other PASSporT using
protocols. This key MUST be included once as part of the "rcd" claim protocols. This key MUST be included once as part of the "rcd" claim
value JSON object. The key syntax of "nam" MUST follow the display- value JSON object. The key syntax of "nam" MUST follow the display-
name ABNF given in [RFC3261]. If there is no string associated with name ABNF given in [RFC3261]. If there is no string associated with
a display name, the claim value MUST then be an empty string. a display name, the claim value MUST be an empty string.
5.1.2. "apn" key 5.1.2. "apn" key
The "apn" key value is an optional alternate presentation number The "apn" key value is an optional alternate presentation number
associated with the originator of personal communications, which may associated with the originator of personal communications, which may,
for example match the user component of the From header field value for example, match the user component of the From header field value
of a SIP request (in cases where a network number is carried in the of a SIP request (in cases where a network number is carried in the
P-Asserted-Identity [RFC3325]), or alternatively from the Additional- P-Asserted-Identity [RFC3325]), or alternatively of the Additional-
Identity header field value [3GPP TS 24.229 v16.7.0], or a similar Identity header field value [TS.3GPP.24.229], or a similar field in
field in other PASSporT using protocols. Its intended semantics are other PASSporT-using protocols. Its intended semantics are to convey
to convey a number that the originating user is authorized to show to a number that the originating user is authorized to show to called
called parties in lieu of their default number, such as cases where a parties in lieu of their default number, such as cases where a remote
remote call agent uses the main number of a call center instead of call agent uses the main number of a call center instead of their
their personal telephone number. The "apn" key value is a personal telephone number. The "apn" key value is a canonicalized
canonicalized telephone number per [RFC8224] Section 8.3. If telephone number per [RFC8224], Section 8.3. If present, this key
present, this key MUST be included once as part of the "rcd" claim MUST be included once as part of the "rcd" claim value JSON object.
value JSON object.
The use of the optional "apn" key is intended for cases where the The use of the optional "apn" key is intended for cases where the
signer of an "rcd" PASSporT or "rcd" claims authorizes the use of an signer of an "rcd" PASSporT or "rcd" claims authorizes the use of an
alternate presentation number by the user. How the signer determines alternate presentation number by the user. How the signer determines
that a user is authorized to present the number in question is a that a user is authorized to present the number in question is a
policy decision outside the scope of this document, however, the policy decision outside the scope of this document. However, the
vetting of the alternate presentation number should follow the same vetting of the alternate presentation number should follow the same
level of vetting as telephone identities or any other information level of vetting as telephone identities or any other information
contained in an "rcd" PASSporT or "rcd" claims. This usage is contained in an "rcd" PASSporT or "rcd" claims. This usage is
intended as an alternative to conveying the presentation number in intended as an alternative to conveying the presentation number in
the "tel" key value of a jCard, in situations where no other rich the "tel" key value of a jCard, in situations where no other rich
jCard data needs to be conveyed with the call. Only one "apn" key jCard data needs to be conveyed with the call. Only one "apn" key
may be present. "apn" MUST be used when it is the intent of the may be present. "apn" MUST be used when it is the intent of the
caller or signer to display the alternate presentation number even if caller or signer to display the alternate presentation number even if
"jcd" or "jcl" keys are present in a PASSporT with a "tel" key value. "jcd" or "jcl" keys are present in a PASSporT with a "tel" key value.
5.1.3. "icn" key 5.1.3. "icn" key
The "icn" key value is an optional HTTPS URL reference to an image The "icn" key value is an optional HTTPS URL reference to an image
resource that can be used to pictorially represent the originator of resource that can be used to pictorially represent the originator of
personal communications. This icon key value should be used as a personal communications. This icon key value should be used as a
base or default method of associating an image with a calling party. base or default method of associating an image with a calling party.
When being used for SIP [RFC3261] this claim key value used to When being used for SIP [RFC3261], this claim key value is used to
protect the Call-Info header field with a purpose parameter value of protect the Call-Info header field with a purpose parameter value of
"icon" as described in Section 20.9 [RFC3261]. Example as follows: "icon" as described in Section 20.9 of [RFC3261]. For example:
Call-Info: <http://wwww.example.com/alice/photo.jpg>; Call-Info: <http://wwww.example.com/alice/photo.jpg>;
purpose=icon purpose=icon
Note that [I-D.ietf-sipcore-callinfo-rcd] extends the specific usage Note that [RFC9796] extends the specific usage of "icon" in SIP in
of "icon" in SIP in the context of the larger rich call data the context of the larger rich call data framework with specific
framework with specific guidance on referencing images and image guidance on referencing images and image types, sizes, and formats.
types, sizes and formats.
It should be also noted that with jCard, as described in the It should be also noted that with jCard, as described for "jcd" and
following "jcd" and "jcl" key value sections and in "jcl" key values (Sections 5.1.4 and 5.1.5) and in [RFC9796], there
[I-D.ietf-sipcore-callinfo-rcd], there are alternative ways of are alternative ways of including photos and logos as HTTPS URL
including photos and logos as HTTPS URL references. The "icn" key references. The "icn" key should be considered a base or default
should be then considered a base or default image and jCard usage image, and jCard usage should be considered for profiles and
should be considered for profiles and extensions that provide more extensions that provide more direct guidance on the usage of what
direct guidance on the usage of specific defined usage of what each each image type represents for the proper rendering to end users.
image type represents for the proper rendering to end users.
5.1.4. "jcd" key 5.1.4. "jcd" key
The "jcd" key value is defined to contain a jCard [RFC7095] JSON The "jcd" key value is defined to contain a jCard JSON object
object. The jCard is defined in this specification as an extensible [RFC7095]. The jCard is defined in this specification as an
object format used to contain RCD information about the call extensible object format used to contain RCD information about the
initiator. This object is intended to directly match the Call-Info call initiator. This object is intended to directly match the Call-
header field value defined in [I-D.ietf-sipcore-callinfo-rcd] with a Info header field value defined in [RFC9796] with a type of "jcard",
type of "jcard" where the format of the jCard and properties used where the format of the jCard and properties used should follow the
should follow the normative usage and formatting rules and procedures normative usage and formatting rules and procedures in that document.
in that document. It is an extensible object where the calling party It is an extensible object where the calling party can provide both
can provide both the standard types of information defined in jCard the standard types of information defined in jCard or can use the
or can use the built-in extensibility of the jCard specification to built-in extensibility of the jCard specification to add additional
add additional information. The "jcd" key is optional. Either a information. The "jcd" key is optional. Either a "jcd" or "jcl" MAY
"jcd" or "jcl" MAY appear in the "rcd" claim, but not both. appear in the "rcd" claim, but not both.
The jCard object value for "jcd" MUST be a jCard JSON object that MAY The jCard object value for "jcd" MUST be a jCard JSON object that MAY
have URI referenced content, but that URI referenced content MUST NOT have URI-referenced content, but that URI-referenced content MUST NOT
further reference URIs. Future specifications may extend this further reference URIs. Future specifications may extend this
capability, but as stated in [I-D.ietf-sipcore-callinfo-rcd] it capability, but [RFC9796] constrains the security properties of RCD
constrains the security properties of RCD information and the information and the integrity of the content referenced by URIs.
integrity of the content referenced by URIs.
Note: even though we refer to [I-D.ietf-sipcore-callinfo-rcd] as the Note: Even though we refer to [RFC9796] as the definition of the
definition of the jcard properties for usage in "rcd" claims, using jCard properties for usage in "rcd" claims, using Call-Info as
Call-Info as protocol with the addition of an identity header protocol with the addition of an identity header carrying the
carrying the PASSPorT is not required. The identity header carrying PASSporT is not required. The identity header carrying a PASSporT
a PASSporT with "rcd" claim including a "jcd" value can be used as with an "rcd" claim including a "jcd" value can be used as the
the primary and only transport of the RCD information. primary and only transport of the RCD information.
5.1.5. "jcl" key 5.1.5. "jcl" key
The "jcl" key value is an HTTPS URL that refers to a jCard [RFC7095] The "jcl" key value is an HTTPS URL that refers to a jCard JSON
JSON object on a web server. The web server MUST use the MIME media object [RFC7095] on a web server. The web server MUST use the media
type for JSON text as application/json with a default encoding of type for JSON text as application/json with a default encoding of
UTF-8 [RFC8259]. This link may correspond to the Call-Info header UTF-8 [RFC8259]. This link may correspond to the Call-Info header
field value defined in [I-D.ietf-sipcore-callinfo-rcd] with a type of field value defined in [RFC9796] with a type of "jcard". As also
"jcard". As also defined in [I-D.ietf-sipcore-callinfo-rcd], format defined in [RFC9796], the format of the jCard and properties used
of the jCard and properties used should follow the normative usage should follow the normative usage and formatting rules and
and formatting rules and procedures. The "jcl" key is optional. The procedures. The "jcl" key is optional. The "jcd" or "jcl" keys MAY
"jcd" or "jcl" keys MAY only appear once in the "rcd" claim but MUST only appear once in the "rcd" claim but MUST be mutually exclusive.
be mutually exclusive.
The jCard object referenced by the URI value for "jcl" MUST be a The jCard object referenced by the URI value for "jcl" MUST be a
jCard JSON object that MAY have URI referenced content, but that URI jCard JSON object that MAY have URI-referenced content, but that URI-
referenced content MUST NOT further reference URIs. Future referenced content MUST NOT further reference URIs. Future
specifications may extend this capability, but as stated in specifications may extend this capability, but [RFC9796] constrains
[I-D.ietf-sipcore-callinfo-rcd] it constrains the security properties the security properties of RCD information and the integrity of the
of RCD information and the integrity of the content referenced by content referenced by URIs.
URIs.
6. "rcdi" RCD Integrity Claim Definition and Usage 6. "rcdi" RCD Integrity Claim Definition and Usage
The "rcdi" claim is included for the second and fourth modes The "rcdi" claim is included for the second and fourth modes
described in the integrity overview Section 4 of this document. described in the integrity overview (Section 4). "rcdi" and "rcd"
"rcdi" and "rcd" claims MAY each appear once in a PASSporT, but if claims MAY each appear once in a PASSporT, but if "rcdi" is included,
"rcdi" is included the "rcd" MUST correspondingly be present also. the "rcd" MUST be present correspondingly. The value of the "rcdi"
The value of the "rcdi" claim is a JSON object that is defined as claim is a JSON object that is defined as follows.
follows.
The claim value of "rcdi" claim key is a JSON object with a set of The claim value of the "rcdi" claim key is a JSON object with a set
JSON key/value pairs. These objects correspond to each of the of JSON key/value pairs. These objects correspond to each of the
elements of the "rcd" claim object that require integrity protection elements of the "rcd" claim object that require integrity protection
with an associated digest over the content referenced by the key with an associated digest over the content referenced by the key
string. The individual digest of different elements of the "rcd" string. The individual digest of different elements of the "rcd"
claim data and URI referenced external content is kept specifically claim data and URI-referenced external content is kept specifically
separate to allow the ability to verify the integrity of only the separate to allow the ability to verify the integrity of only the
elements that are ultimately retrieved or downloaded or rendered to elements that are ultimately retrieved, downloaded, or rendered to
the end-user. the end user.
The key value references a specific object within the "rcd" claim The key value references a specific object within the "rcd" claim
value using a JSON pointer defined in [RFC6901] with a minor value using a JSON pointer defined in [RFC6901] with a minor
additional rule to support URI references to external content that additional rule to support URI references to external content that
include JSON objects themselves, for the specific case of the use of include JSON objects themselves, for the specific case of the use of
"jcl", defined in Section 6.1.4. JSON pointer syntax is the key "jcl", defined in Section 6.1.4. JSON pointer syntax is the key
value that documents exactly the part of JSON that is used to value that documents exactly the part of JSON that is used to
generate the digest which produce the resulting string that makes up generate the digest that produces the resulting string that makes up
the value for the corresponding key. Detailed procedures are the value for the corresponding key. Detailed procedures are
provided below, but an example "rcdi" is provided here: provided below, but an example "rcdi" is provided here:
"rcdi" : { "rcdi" : {
"/jcl": "sha256-7kdCBZqH0nqMSPsmABvsKlHPhZEStgjojhdSJGRr3rk", "/jcl": "sha256-7kdCBZqH0nqMSPsmABvsKlHPhZEStgjojhdSJGRr3rk",
"/jcl/1/2/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI" "/jcl/1/2/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI"
} }
The values of each key/value pair consists of a digest across one of The values of each key/value pair consists of a digest across one of
the following objects referenced by the JSON pointer key, the following objects referenced by the JSON pointer key:
* content inline to the referenced object * the content inline to the referenced object,
* the content of a resource referenced by an inline URI object, or
* the content of a resource referenced by an inline URI object
* the content of a resource specified by a URI that is in embedded * the content of a resource specified by a URI that is in embedded
in content specified by an inline URI object(e.g., jcl) in content specified by an inline URI object (e.g., "jcl")
This is combined with a string that defines the crypto algorithm used This is combined with a string that defines the cryptographic
to generate the digest. RCD implementations MUST support the hash algorithm used to generate the digest. RCD implementations MUST
algorithms SHA-256, SHA-384, and SHA-512. These hash algorithms are support the hash algorithms SHA-256, SHA-384, and SHA-512. These
identified by "sha256", "sha384", and "sha512", respectively. SHA- hash algorithms are identified by "sha256", "sha384", and "sha512",
256, SHA-384, and SHA-512 are part of the SHA-2 set of cryptographic respectively. SHA-256, SHA-384, and SHA-512 are part of the SHA-2
hash functions [RFC6234] defined by the US National Institute of set of cryptographic hash functions [RFC6234] defined by the US
Standards and Technology (NIST). Implementations MAY support National Institute of Standards and Technology (NIST).
additional recommended hash algorithms in [IANA-COSE-ALG]; that is, Implementations MAY support additional recommended hash algorithms in
the hash algorithm has "Yes" in the "Recommended" column of the IANA [IANA-COSE-ALG], that is, the hash algorithms with "Yes" in the
registry. Hash algorithm identifiers MUST use only lowercase "Recommended" column of the IANA registry. Hash algorithm
letters, and they MUST NOT contain hyphen characters. The character identifiers MUST use only lowercase letters, and they MUST NOT
following the algorithm string MUST be a hyphen character, "-", or contain hyphen characters. The character following the algorithm
ASCII 45. The subsequent characters are the base64 encoded [RFC4648] string MUST be a hyphen character, "-", or ASCII 45. The subsequent
digest of a canonicalized and concatenated string or binary data characters are the base64 encoded [RFC4648] digest of a canonicalized
based on the JSON pointer referenced elements of "rcd" claim or the and concatenated string or binary data based on the JSON pointer
URI referenced content contained in the claim. The details of the referenced elements of the "rcd" claim or the URI-referenced content
determination of the input string used to determine the digest are contained in the claim. The next section covers the details of the
defined in the next section. determination of the input string used to determine the digest.
6.1. Creation of the "rcd" element digests 6.1. Creation of the "rcd" Element Digests
"rcd" claim objects can contain "nam", "apn", "icn", "jcd", or "jcl" "rcd" claim objects can contain "nam", "apn", "icn", "jcd", or "jcl"
keys as part of the "rcd" JSON object claim value. This document keys as part of the "rcd" JSON object claim value. This document
defines the use of JSON pointer [RFC6901] as a mechanism to reference defines the use of JSON pointer [RFC6901] as a mechanism to reference
specific "rcd" claim elements. specific "rcd" claim elements.
In order to facilitate proper verification of the digests and whether In order to facilitate proper verification of the digests and to
the "rcd" elements or content referenced by URIs were modified, the determine whether the "rcd" elements or content referenced by URIs
input to the digest must be completely deterministic at three points were modified, the input to the digest must be completely
in the process. First, at the certification point where the content deterministic at three points in the process. First, at the
is evaluated to conform to the application policy and the JWT Claim certification point where the content is evaluated to conform to the
Constraints is applied to the certificate containing the digest. application policy and the JWT Claim Constraints is applied to the
Second, when the call is signed at the Authentication Service, there certificate containing the digest. Second, when the call is signed
may be a local policy to verify that the provided "rcd" claim at the Authentication Service, there may be a local policy to verify
corresponds to each digest. Third, when the "rcd" data is verified that the provided "rcd" claim corresponds to each digest. Third,
at the Verification Service, the verification is performed for each when the "rcd" data is verified at the verification service, the
digest by constructing the input digest string for the element being verification is performed for each digest by constructing the input
verified and referenced by the JSON pointer string. digest string for the element being verified and referenced by the
JSON pointer string.
The procedure for the creation of each "rcd" element digest string The procedure for the creation of each "rcd" element digest string
corresponding to a JSON pointer string key is as follows. corresponding to a JSON pointer string key is as follows.
1. The JSON pointer either refers to a value that is a part or the 1. The JSON pointer either refers to a value that is a part or the
whole of a JSON object or to a string that is a URI referencing whole of a JSON object or to a string that is a URI referencing
an external resource. an external resource.
2. For a JSON value, serialize the JSON to remove all white space 2. For a JSON value, serialize the JSON to remove all white space
and line breaks. The procedures of this deterministic JSON and line breaks. The procedures of this deterministic JSON
serialization are defined in [RFC8225], Section 9. The resulting serialization are defined in [RFC8225], Section 9. The resulting
string is the input for the hash function. string is the input for the hash function.
3. For any URI referenced content, the bytes of the body of the HTTP 3. For any URI-referenced content, the bytes of the body of the HTTP
response is the input for the hash function. response are the input for the hash function.
Note that the digest is computed on the Json representation of the Note that the digest is computed on the JSON representation of the
string, which necessarily includes the beginning and ending double- string, which necessarily includes the beginning and ending double-
quote characters. quote characters.
6.1.1. "nam" and "apn" elements 6.1.1. "nam" and "apn" Elements
In the case of "nam" and "apn", the only allowed value is a string. In the case of "nam" and "apn", the only allowed value is a string.
For both of these key values an "rcdi" JSON pointer or integrity For both of these key values, an "rcdi" JSON pointer or integrity
digest is optional because the direct value is protected by the digest is optional because the direct value is protected by the
signature and can be constrained directly with JWTClaimConstraints. signature and can be constrained directly with JWTClaimConstraints.
6.1.2. "icn" elements 6.1.2. "icn" Elements
In the case of "icn", the only allowed value is a URI value that In the case of "icn", the only allowed value is a URI value that
references an image file. If the URI references externally linked references an image file. If the URI references externally linked
content there MUST be a JSON pointer and digest entry for the content content, there MUST be a JSON pointer and digest entry for the
in that linked resource. When creating a key/value representing content in that linked resource. When creating a key/value
"icn", the key is the JSON pointer string "/icn" and the digest value representing "icn", the key is the JSON pointer string "/icn", and
string would be created using the image file byte data referenced in the digest value string is created using the image file byte data
the URI. referenced in the URI.
6.1.3. "jcd" elements 6.1.3. "jcd" Elements
In the case of "jcd", the value associated is a jCard JSON object, In the case of "jcd", the value associated is a jCard JSON object,
which happens to be a JSON array with sub-arrays. JSON pointer which happens to be a JSON array with sub-arrays. JSON pointer
notation uses numeric indices into elements of arrays, including when notation uses numeric indices into elements of arrays, including when
those elements are arrays themselves. those elements are arrays themselves.
As example, for the following "rcd" claim: As an example, we have the following "rcd" claim:
"rcd": { "rcd": {
"jcd": ["vcard", "jcd": ["vcard",
[ ["version",{},"text","4.0"], [ ["version",{},"text","4.0"],
["fn",{},"text","Q Branch"], ["fn",{},"text","Q Branch"],
["org",{},"text","MI6;Q Branch Spy Gadgets"], ["org",{},"text","MI6;Q Branch Spy Gadgets"],
["photo",{},"uri", ["photo",{},"uri",
"https://example.com/photos/quartermaster-256x256.png"], "https://example.com/photos/quartermaster-256x256.png"],
["logo",{},"uri", ["logo",{},"uri",
"https://example.com/logos/mi6-256x256.jpg"], "https://example.com/logos/mi6-256x256.jpg"],
["logo",{},"uri", ["logo",{},"uri",
"https://example.com/logos/mi6-64x64.jpg"] "https://example.com/logos/mi6-64x64.jpg"]
] ]
], ],
"nam": "Q Branch Spy Gadgets" "nam": "Q Branch Spy Gadgets"
} }
In order to use JSON pointer to refer to the URIs, the following In order to use a JSON pointer to refer to the URIs, the following
example "rcdi" claim includes a digest for the entire "jcd" array example "rcdi" claim includes a digest for the entire "jcd" array
string as well as three additional digests for the URIs, where, as string as well as three additional digests for the URIs, where, as
defined in [RFC6901] zero-based array indices are used to reference defined in [RFC6901], zero-based array indices are used to reference
the URI strings. the URI strings.
"rcdi": { "rcdi": {
"/jcd": "sha256-7kdCBZqH0nqMSPsmABvsKlHPhZEStgjojhdSJGRr3rk", "/jcd": "sha256-7kdCBZqH0nqMSPsmABvsKlHPhZEStgjojhdSJGRr3rk",
"/jcd/1/3/3": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4", "/jcd/1/3/3": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4",
"/jcd/1/4/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI", "/jcd/1/4/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI",
"/jcd/1/5/3": "sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo" "/jcd/1/5/3": "sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo"
} }
} }
The use of a JSON pointer and integrity digest for the "jcd" claim The use of a JSON pointer and integrity digest for the "jcd" claim
key and value is optional. The "jcd" value is the directly included key and value is optional. The "jcd" value is the directly included
jCard array and can be protected by the signature and can be jCard array; it can be protected by the signature and can be
constrained directly with JWTClaimConstraints. However, for data constrained directly with JWTClaimConstraints. However, for data
length reasons (as with "icn" above) or more importantly for length reasons (as with "icn" above) or more importantly for
potential privacy and/or security considerations with a publically potential privacy and/or security considerations with a publicly
accessible certificate, the use of the "rcdi" JSON pointer and accessible certificate, the use of the "rcdi" JSON pointer and
integrity digest as the constraint value in JWTClaimConstraints over integrity digest as the constraint value in JWTClaimConstraints over
the jCard data is RECOMMENDED. the jCard data is RECOMMENDED.
It is important to remember the array indices for JSON Pointer are It is important to remember the array indices for JSON pointer are
dependent on the order of the elements in the jCard. The use of dependent on the order of the elements in the jCard. The use of
digest for the "/jcd" corresponding to the entire jCard array string digest for the "/jcd" corresponding to the entire jCard array string
can be included as a redundant mechanism to avoid any possibility of can be included as a redundant mechanism to avoid any possibility of
substitution, insertion attacks, or other potential techniques that substitution, insertion attacks, or other potential techniques to
may be possible to avoid integrity detection. undermine integrity detection.
Each URI referenced in the jCard array string MUST have a Each URI referenced in the jCard array string MUST have a
corresponding JSON pointer string key and digest value. corresponding JSON pointer string key and digest value.
6.1.4. "jcl" elements 6.1.4. "jcl" Elements
In the case of the use of a "jcl" URI reference to an external jCard, In the case of the use of a "jcl" URI reference to an external jCard,
the procedures are similar to "jcd" with the exception and the minor the procedures are similar to "jcd" with the exception and the minor
modification to JSON pointer, where "/jcl" is used to refer to the modification to JSON pointer, where "/jcl" is used to refer to the
external jCard array string and any following numeric array indices external jCard array string and any following numeric array indices
added to the "jcl" (e.g., "/jcl/1/2/3") are treated as if the added to the "jcl" (e.g., "/jcl/1/2/3") are treated as if the
external content referenced by the jCard was directly part of the external content referenced by the jCard was directly part of the
overall "rcd" claim JSON object. The following example illustrates a overall "rcd" claim JSON object. The following example illustrates a
"jcl" version of the above "jcd" example. "jcl" version of the above "jcd" example.
skipping to change at page 14, line 31 skipping to change at line 618
"nam": "Q Branch Spy Gadgets" "nam": "Q Branch Spy Gadgets"
}, },
"rcdi": { "rcdi": {
"/jcl": "sha256-7kdCBZqH0nqMSPsmABvsKlHPhZEStgjojhdSJGRr3rk", "/jcl": "sha256-7kdCBZqH0nqMSPsmABvsKlHPhZEStgjojhdSJGRr3rk",
"/jcl/1/3/3": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4", "/jcl/1/3/3": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4",
"/jcl/1/4/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI", "/jcl/1/4/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI",
"/jcl/1/5/3": "sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo" "/jcl/1/5/3": "sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo"
} }
The "rcdi" MUST have a "/jcl" key value and digest value to protect The "rcdi" MUST have a "/jcl" key value and digest value to protect
the referenced jCard object and each URI referenced in the referenced the referenced jCard object, and each URI referenced in the
jCard array string MUST have a corresponding JSON pointer string key referenced jCard array string MUST have a corresponding JSON pointer
and digest value. string key and digest value.
The following is the example contents of resource pointed to by The following is the example contents of the resource pointed to by
https://example.com/qbranch.json used to calculate the above digest https://example.com/qbranch.json; it is used to calculate the above
for "/jcl" digest for "/jcl"
["vcard", ["vcard",
[ ["version",{},"text","4.0"], [ ["version",{},"text","4.0"],
["fn",{},"text","Q Branch"], ["fn",{},"text","Q Branch"],
["org",{},"text","MI6;Q Branch Spy Gadgets"], ["org",{},"text","MI6;Q Branch Spy Gadgets"],
["photo",{},"uri", ["photo",{},"uri",
"https://example.com/photos/quartermaster-256x256.png"], "https://example.com/photos/quartermaster-256x256.png"],
["logo",{},"uri", ["logo",{},"uri",
"https://example.com/logos/mi6-256x256.jpg"], "https://example.com/logos/mi6-256x256.jpg"],
["logo",{},"uri", ["logo",{},"uri",
"https://example.com/logos/mi6-64x64.jpg"] "https://example.com/logos/mi6-64x64.jpg"]
] ]
] ]
6.2. JWT Claim Constraints for "rcd" claims 6.2. JWT Claim Constraints for "rcd" Claims
When using JWT Claim Constraints for "rcd" claims the procedure when When using JWT Claim Constraints for "rcd" claims, the procedure when
creating the signing certificate should follow the following creating the signing certificate should adhere to the following
guidelines. guidelines.
The "permittedValues" for the "rcd" claim MAY contain a single entry The "permittedValues" for the "rcd" claim MAY contain a single entry
or optionally MAY contain multiple entries with the intent of or optionally MAY contain multiple entries with the intent of
supporting cases where the certificate holder is authorized to use supporting cases where the certificate holder is authorized to use
different sets of rich call data corresponding to different call different sets of rich call data corresponding to different call
scenarios. scenarios.
Only including "permittedValues" for "rcd", with no "mustInclude", Only including "permittedValues" for "rcd", with no "mustInclude",
provides the ability for the construction a valid PASSPorT that can provides the ability for the construction a valid PASSporT that can
either have no "rcd" claim within or only the set of constrained either have no "rcd" claim within or only the set of constrained
"permittedValues" values for an included "rcd" claim. "permittedValues" values for an included "rcd" claim.
6.3. JWT Claim Constraints usage for "rcd" and "rcdi" claims 6.3. JWT Claim Constraints Usage for "rcd" and "rcdi" Claims
The use of JWT Claim Constraints with an "rcdi" claim is for cases The use of JWT Claim Constraints with an "rcdi" claim is for cases
where URI referenced content is to be protected by the authoritative where URI-referenced content is to be protected by the authoritative
certificate issuer. The objective for the use of JWT Claim certificate issuer. The objective for the use of JWT Claim
Constraints for the combination of both "rcd" and "rcdi" claims is to Constraints for the combination of both "rcd" and "rcdi" claims is to
constrain the signer to only construct the "rcd" and "rcdi" claims constrain the signer to only construct the "rcd" and "rcdi" claims
inside a PASSporT to contain and reference only a pre-determined set inside a PASSporT to contain and reference only a predetermined set
of content. Once both the contents of the "rcd" claim and any of content. Once both the contents of the "rcd" claim and any
referenced content is certified by the party that is authoritative referenced content are certified by the party that is authoritative
for the certificate being issued to the signer, the "rcdi" claim is for the certificate being issued to the signer, the "rcdi" claim is
constructed and linked to the STIR certificate associated with the constructed and linked to the STIR certificate associated with the
signature in the PASSporT via JWT Claim Constraints extension as signature in the PASSporT via the JWT Claim Constraints extension as
defined in [RFC8226] Section 8 and extended in [RFC9118]. It should defined in [RFC8226], Section 8 and extended in [RFC9118]. It should
be recognized that the "rcdi" set of digests is intended to be unique be recognized that the "rcdi" set of digests is intended to be unique
for only a specific combination of "rcd" content and URI referenced for only a specific combination of "rcd" content and URI-referenced
external content, and therefore provides a robust integrity mechanism external content, and therefore the set provides a robust integrity
for an authentication service being performed by a non-authoritative mechanism for an authentication service being performed by a non-
party. This would often be associated with the use of delegate authoritative party. This would often be associated with the use of
certificates [RFC9060] for the signing of calls by the calling party delegate certificates [RFC9060] for the signing of calls by the
directly as an example, even though the "authorized party" is not calling party directly, as an example, even though the "authorized
necessarily the subject of a STIR certificate. party" is not necessarily the subject of a STIR certificate.
For the cases that there should always be both "rcd" and "rcdi" For the cases where both "rcd" and "rcdi" claims should always be
claims included in the PASSporT, the certificate JWT Claims included in the PASSporT, the certificate JWT Claims Constraint
Constraint extension MUST include both of the following: extension MUST include both of the following:
* a "mustInclude" for the "rcd" claim, which simply constrains the * a "mustInclude" for the "rcd" claim, which simply constrains the
fact that an "rcd" must be included fact that an "rcd" must be included
* a "mustInclude" for the "rcdi" claim and a "permittedValues" equal * a "mustInclude" for the "rcdi" claim and a "permittedValues" equal
to the created "rcdi" claim value string. to the created "rcdi" claim value string.
Note that optionally the "rcd" claims may be included in the Note that optionally the "rcd" claims may be included in the
"permittedValues" however it is recognized that this may be redundant "permittedValues"; however, it is recognized that this may be
with the "rcdi" permittedValues because the "rcdi" digest will imply redundant with the "rcdi" permittedValues because the "rcdi" digest
the content of the "rcd" claims themselves. will imply the content of the "rcd" claims themselves.
The "permittedValues" for the "rcdi" claims (or "rcd" claims more The "permittedValues" for the "rcdi" claims (or "rcd" claims more
generally) may contain multiple entries, to support the case where generally) may contain multiple entries to support the case where the
the certificate holder is authorized to use different sets of rich certificate holder is authorized to use different sets of RCD.
call data.
7. PASSporT "crn" claim - Call Reason Definition and Usage 7. PASSporT "crn" Claim - Call Reason Definition and Usage
This document defines a new JSON Web Token claim for "crn", Call This document defines a new JSON Web Token claim for "crn", Call
Reason, the value of which is a single string that can contain Reason, the value of which is a single string that can contain
information as defined in [I-D.ietf-sipcore-callinfo-rcd] information as defined in [RFC9796] and corresponding to the "call-
corresponding to the "call-reason" parameter for the Call-Info reason" parameter for the Call-Info header. This claim is optional.
header. This claim is optional.
Example "crn" claim with "rcd": Example "crn" claim with "rcd":
"crn" : "For your ears only", "crn" : "For your ears only",
"rcd": { "nam": "James Bond", "rcd": { "nam": "James Bond",
"jcl": "https://example.org/james_bond.json"} "jcl": "https://example.org/james_bond.json"}
7.1. JWT Constraint for "crn" claim 7.1. JWT Constraint for "crn" Claim
The integrity of the "crn" claim contents can optionally be protected The integrity of the "crn" claim contents can optionally be protected
by the authoritative certificate issuer using JWT Constraints in the by the authoritative certificate issuer using JWT Constraints in the
certificate. When the signer of the PASSporT intends to always certificate. When the signer of the PASSporT intends to always
include a call reason string of any value, a "mustInclude" for the include a call reason string of any value, a "mustInclude" for the
"crn" claim in the JWT Claim Constraints indicates that a "crn" claim "crn" claim in the JWT Claim Constraints indicates that a "crn" claim
must always be present and is RECOMMENDED to be included by the must always be present and is RECOMMENDED to be included by the
certificate issuer. If the signer of the "crn" claim wants to certificate issuer. If the signer of the "crn" claim wants to
constrain the contents of "crn", then "permittedValues" for "crn" in constrain the contents of "crn", then "permittedValues" for "crn" in
JWT Claim Constraints should match the contents of the allowed JWT Claim Constraints should match the contents of the allowed
strings and is RECOMMENDED to be included by the certificate issuer. strings and is RECOMMENDED to be included by the certificate issuer.
8. Rich Call Data Claims Usage Rules 8. Rich Call Data Claims Usage Rules
The "rcd" or "crn" claims MAY appear in any PASSporT claims object as The "rcd" or "crn" claims MAY appear in any PASSporT claims object as
optional elements. The creator of a PASSporT MAY also add a PASSporT optional elements. The creator of a PASSporT MAY also add a PASSporT
extension ("ppt") value, defined in [RFC8225] Section 8.1, of "rcd" extension ("ppt") value, defined in [RFC8225], Section 8.1, of "rcd"
to the header of a PASSporT as well, in which case the PASSporT to the header of a PASSporT. In that case, the PASSporT claims MUST
claims MUST contain at least one or both an "rcd" or "crn" claim. contain at least one or both an "rcd" or "crn" claim. Any entities
Any entities verifying the PASSporT claims defined in this document verifying the PASSporT claims defined in this document are required
are required to understand the PASSporT extension in order to process to understand the PASSporT extension in order to process the PASSporT
the PASSporT in question. An example PASSporT header with the in question. An example PASSporT header with the PASSporT extension
PASSporT extension ("ppt") value of "rcd" included is shown as ("ppt") value of "rcd" included is shown as follows:
follows:
{ "typ":"passport", { "typ":"passport",
"ppt":"rcd", "ppt":"rcd",
"alg":"ES256", "alg":"ES256",
"x5u":"https://www.example.com/cert.cer" } "x5u":"https://www.example.com/cert.cer" }
The PASSporT claims object contains the "rcd" key with its The PASSporT claims object contains the "rcd" key with its
corresponding value. The value of "rcd" is an array of JSON objects, corresponding value. The value of "rcd" is an array of JSON objects,
of which one, the "nam" key and value, is mandatory. of which one, the "nam" key and value, is mandatory.
After the header and claims PASSporT objects have been constructed, After the header and claims PASSporT objects have been constructed,
their signature is computed normally per the guidance in [RFC8225]. their signature is computed normally per the guidance in [RFC8225].
8.1. "rcd" PASSporT Verification 8.1. "rcd" PASSporT Verification
A verifier that successfully verifies a PASSportT that contains an A verifier that successfully verifies a PASSporT that contains an
"rcd" claim MUST ensure the following about the PASSporT: "rcd" claim MUST ensure the following about the PASSporT:
* it has a valid signature per the verification procedures detailed * It has a valid signature per the verification procedures detailed
in [RFC8225] in [RFC8225].
* it abides by all rules set forth in the proper construction of the * It abides by all rules set forth in the proper construction of the
claims defined in Section 5 of this document claims defined in Section 5.
* it abides by JWT Claims Constraint rules defined in [RFC8226] * It abides by JWT Claims Constraint rules defined in [RFC8226],
Section 8 or extended in [RFC9118] if present in the certificate Section 8 or extended by [RFC9118] if present in the certificate
used to compute the signature in the PASSporT used to compute the signature in the PASSporT.
In addition if the "iss" claim is included in the PASSPorT, In addition, if the "iss" claim is included in the PASSporT,
verification should follow procedures described in Section 10.2. verification should follow procedures described in Section 10.2.
Consistent with the verification rules of PASSporTs more generally Consistent with the verification rules of PASSporTs more generally
[RFC8225], if any of the above criteria is not met, relying parties [RFC8225], if any of the above criteria is not met, relying parties
MUST NOT use any of the claims in the PASSporT. MUST NOT use any of the claims in the PASSporT.
8.2. "rcdi" Integrity Verification 8.2. "rcdi" Integrity Verification
When the "rcdi" claim exists, the verifier should verify the digest When the "rcdi" claim exists, the verifier should verify the digest
for each JSON pointer key. Any digest string that doesn't match a for each JSON pointer key. Any digest string that doesn't match a
generated digest MUST be considered a failure of the verification of generated digest MUST be considered a failure of the verification of
the content referenced by the JSON pointer. the content referenced by the JSON pointer.
If there is any issue with completing the integrity verification If there is any issue with completing the integrity verification
procedures for referenced external content, including HTTP or HTTPS procedures for referenced external content, including HTTP or HTTPS
errors, the referenced content MUST be considered not verified. This errors, the referenced content MUST be considered not verified.
SHOULD NOT however impact the result of base PASSporT verification However, this SHOULD NOT impact the result of base PASSporT
for claims content that is directly included in the claims of the verification for claims content that is directly included in the
PASSporT. claims of the PASSporT.
As a potential optimization of verification procedure, an entity that As a potential optimization of verification procedures, an entity
does not otherwise need to dereference a URI from the "rcd" claim for that does not otherwise need to dereference a URI from the "rcd"
display to end-user is NOT RECOMMENDED to unnecessarily dereference claim for display to the end user is NOT RECOMMENDED to unnecessarily
the URI solely to perform integrity verification. dereference the URI solely to perform integrity verification.
8.3. Example "rcd" PASSporTs 8.3. Example "rcd" PASSporTs
An example of a "nam" only PASSporT claims object is shown next (with An example of a "nam"-only PASSporT claims object is shown next (with
line breaks for readability only). line breaks for readability only).
{ "orig":{"tn":"12025551000"}, { "orig":{"tn":"12025551000"},
"dest":{"tn":["12025551001"]}, "dest":{"tn":["12025551001"]},
"iat":1443208345, "iat":1443208345,
"rcd":{"nam":"James Bond"} } "rcd":{"nam":"James Bond"} }
An example of a "nam", "apn", and "icn" using an https URI PASSporT An example of a "nam", "apn", and "icn" using an https URI PASSporT
claims object is shown next (with line breaks for readability only). claims object is shown next (with line breaks for readability only).
Note, in this example, there is no integrity protection over the Note, in this example, there is no integrity protection over the
skipping to change at page 18, line 43 skipping to change at line 815
"dest":{"tn":["12155551001"]}, "dest":{"tn":["12155551001"]},
"iat":1443208345, "iat":1443208345,
"rcd":{ "rcd":{
"apn":"12025559990", "apn":"12025559990",
"icn":"https://example.com/photos/quartermaster-256x256.png", "icn":"https://example.com/photos/quartermaster-256x256.png",
"nam":"Her Majesty's Secret Service" } } "nam":"Her Majesty's Secret Service" } }
An example of a "nam", "apn", and "icn" using data URI PASSporT An example of a "nam", "apn", and "icn" using data URI PASSporT
claims object is shown next (with line breaks for readability only). claims object is shown next (with line breaks for readability only).
Note, in this example, the "icn" data is incorporated directly in the Note, in this example, the "icn" data is incorporated directly in the
"rcd" claim and therefore separate integrity protection is not "rcd" claim, and therefore separate integrity protection is not
required. required.
{ "orig":{"tn":"12025551000"}, { "orig":{"tn":"12025551000"},
"dest":{"tn":["12155551001"]}, "dest":{"tn":["12155551001"]},
"iat":1443208345, "iat":1443208345,
"rcd":{ "rcd":{
"apn":"12025559990", "apn":"12025559990",
"icn":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAY "icn":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAY
AAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OH AAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OH
wAAAABJRU5ErkJggg==", wAAAABJRU5ErkJggg==",
"nam":"Her Majesty's Secret Service" } } "nam":"Her Majesty's Secret Service" } }
An example of an "rcd" claims object that includes the "jcd" and also An example of an "rcd" claims object that includes the "jcd" and also
contains URI references to content which requires the inclusion of an contains URI references to content, which require the inclusion of an
"rcdi" claim and corresponding digests. Note, in this example, the "rcdi" claim and corresponding digests. Note, in this example, the
"rcdi" claim includes integrity protection of the URI referenced "rcdi" claim includes integrity protection of the URI-referenced
content. content.
{ {
"crn": "Rendezvous for Little Nellie", "crn": "Rendezvous for Little Nellie",
"orig": { "tn": "12025551000"}, "orig": { "tn": "12025551000"},
"dest": { "tn": ["12155551001"]}, "dest": { "tn": ["12155551001"]},
"iat": 1443208345, "iat": 1443208345,
"rcd": { "rcd": {
"jcd": ["vcard", "jcd": ["vcard",
[ ["version",{},"text","4.0"], [ ["version",{},"text","4.0"],
skipping to change at page 19, line 45 skipping to change at line 858
"nam": "Q Branch Spy Gadgets" "nam": "Q Branch Spy Gadgets"
}, },
"rcdi": { "rcdi": {
"/jcd/1/3/3":"sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4", "/jcd/1/3/3":"sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4",
"/jcd/1/4/3":"sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI", "/jcd/1/4/3":"sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI",
"/jcd/1/5/3":"sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo" "/jcd/1/5/3":"sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo"
} }
} }
In an example PASSporT, where a jCard is linked via HTTPS URL using In an example PASSporT, where a jCard is linked via HTTPS URL using
"jcl", a jCard file served at a particular URL. "jcl", a jCard file is served at a particular URL.
An example jCard JSON file hosted at the example web address of An example jCard JSON file hosted at the example web address of
https://example.com/qbranch.json is shown as follows: https://example.com/qbranch.json is shown as follows:
["vcard", ["vcard",
[ ["version",{},"text","4.0"], [ ["version",{},"text","4.0"],
["fn",{},"text","Q Branch"], ["fn",{},"text","Q Branch"],
["org",{},"text","MI6;Q Branch Spy Gadgets"], ["org",{},"text","MI6;Q Branch Spy Gadgets"],
["photo",{},"uri","https://example.com/photos/q-256x256.png"], ["photo",{},"uri","https://example.com/photos/q-256x256.png"],
["logo",{},"uri","https://example.com/logos/mi6-256x256.jpg"], ["logo",{},"uri","https://example.com/logos/mi6-256x256.jpg"],
skipping to change at page 21, line 5 skipping to change at line 911
"rcd": { "rcd": {
"nam": "Q Branch Spy Gadgets", "nam": "Q Branch Spy Gadgets",
"icn": "https://example.com/photos/q-256x256.png" "icn": "https://example.com/photos/q-256x256.png"
}, },
"rcdi": { "rcdi": {
"/nam": "sha256-sM275lTgzCte+LHOKHtU4SxG8shlOo6OS4ot8IJQImY", "/nam": "sha256-sM275lTgzCte+LHOKHtU4SxG8shlOo6OS4ot8IJQImY",
"/icn": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4" "/icn": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4"
} }
} }
9. Compact form of "rcd" PASSporT 9. Compact Form of "rcd" PASSporT
9.1. Compact form of the "rcd" PASSporT claim 9.1. Compact Form of the "rcd" PASSporT Claim
The specific usage of compact form of an "rcd" PASSporT claim, The specific usage of the compact form of an "rcd" PASSporT claim,
defined in [RFC8225] Section 7, has some restrictions that will be defined in [RFC8225], Section 7, has some restrictions that will be
enumerated below, but mainly follows standard PASSporT compact form enumerated below, but it mainly follows standard PASSporT compact
procedures. Compact form only provides the signature from the form procedures. Compact form only provides the signature from the
PASSporT, requiring the re-construction of the other PASSporT claims PASSporT, requiring the reconstruction of the other PASSporT claims
from the SIP header fields as discussed in [RFC8224] Section 4.1. from the SIP header fields as discussed in Section 4.1 of [RFC8224].
The re-construction of the "nam" claim, if using SIP protocol, should The reconstruction of the "nam" claim, if using the SIP protocol,
use the display-name string in the From header field. For other should use the display-name string in the From header field. For
protocols, if there is a display name field that exists, the string other protocols, if there is a display name field that exists, the
should be used, otherwise the string should be an empty string, e.g., string should be used; otherwise, the string should be an empty
"". "jcl" and "jcd" MUST NOT be used with compact form due to string, e.g., "". "jcl" and "jcd" MUST NOT be used with compact form
integrity rules and URI reference rules in this document leading to due to integrity rules and URI reference rules in this document
too restrictive of a set of constraints. Future specifications may leading to too restrictive of a set of constraints. Future
revisit this to propose a consistent and comprehensive way of specifications may revisit this to propose a consistent and
addressing integrity and security of information and to provide comprehensive way of addressing integrity and security of information
specific guidance for other protocol usage. and to provide specific guidance for other protocol usage.
9.2. Compact form of the "rcdi" PASSporT claim 9.2. Compact Form of the "rcdi" PASSporT Claim
The use of compact form of a PASSporT using an "rcdi" claim is not The use of the compact form of a PASSporT using an "rcdi" claim is
supported, so if "rcdi" is required compact form MUST NOT be used. not supported, so if "rcdi" is required, compact form MUST NOT be
used.
9.3. Compact form of the "crn" PASSporT claim 9.3. Compact Form of the "crn" PASSporT Claim
Compact form of a "crn" PASSporT claim shall be re-constructed using Compact form of a "crn" PASSporT claim shall be reconstructed using
the "call-reason" parameter of a Call-Info header as defined by the "call-reason" parameter of a Call-Info header as defined by
[I-D.ietf-sipcore-callinfo-rcd]. [RFC9796].
10. Third-Party Uses 10. Third-Party Uses
While rich data about the call can be provided by an originating While rich data about the call can be provided by an originating
authentication service, an intermediary in the call path could also authentication service, an intermediary in the call path could also
acquire rich call data by querying a third-party service. Such a acquire rich call data by querying a third-party service. Such a
service effectively acts as a STIR Authentication Service, generating service effectively acts as a STIR Authentication Service, generating
its own PASSporT, and that PASSporT could be attached to a call by its own PASSporT, and that PASSporT could be attached to a call by
either the originating or terminating side. This third-party either the originating or terminating side. This third-party
PASSporT attests information about the calling number, rather than PASSporT attests information about the calling number, rather than
skipping to change at page 22, line 14 skipping to change at line 970
for a call. for a call.
In telephone operations today, a third-party information service is In telephone operations today, a third-party information service is
commonly queried with the calling party's number in order to learn commonly queried with the calling party's number in order to learn
the name of the calling party, and potentially other helpful the name of the calling party, and potentially other helpful
information could also be passed over that interface. The value of information could also be passed over that interface. The value of
using a PASSporT to convey this information from third parties lies using a PASSporT to convey this information from third parties lies
largely in the preservation of the third party's signature over the largely in the preservation of the third party's signature over the
data, and the potential for the PASSporT to be conveyed from data, and the potential for the PASSporT to be conveyed from
intermediaries to endpoint devices. Effectively, these use cases intermediaries to endpoint devices. Effectively, these use cases
form a sub-case of out-of-band [RFC8816] use cases. The manner in form a sub-case of out-of-band use cases [RFC8816]. The manner in
which third-party services are discovered is outside the scope of which third-party services are discovered is outside the scope of
this document. this document.
An intermediary use case might look as follows using SIP protocol for An intermediary use case might look as follows using the SIP protocol
this example: a SIP INVITE carries a display name in its From header for this example: a SIP INVITE carries a display name in its From
field value and an initial PASSporT object without the "rcd" claim. header field value and an initial PASSporT object without the "rcd"
When a terminating verification service implemented at a SIP proxy claim. When a terminating verification service implemented at a SIP
server receives this request, and determines that the signature is proxy server receives this request and determines that the signature
valid, it might query a third-party service that maps telephone is valid, it might query a third-party service that maps telephone
numbers to calling party names. Upon receiving the PASSporT in a numbers to calling party names. Upon receiving the PASSporT in a
response from that third-party service, the terminating side could response from that third-party service, the terminating side could
add a new Identity header field to the request for the PASSporT add a new Identity header field to the request for the PASSporT
object provided by the third-party service. It would then forward object provided by the third-party service. It would then forward
the INVITE to the terminating user agent. If the display name in the the INVITE to the terminating user agent. If the display name in the
PASSporT object matches, or is string equivelent to, the display name PASSporT object matches, or is string-equivalent to, the display name
in the INVITE, then the name would presumably be rendered to the end in the INVITE, then the name would presumably be rendered to the end
user by the terminating user agent. user by the terminating user agent.
A very similar flow could be followed by an intermediary closer to A very similar flow could be followed by an intermediary closer to
the origination of the call. Presumably such a service could be the origination of the call. Presumably such a service could be
implemented at an originating network in order to decouple the implemented at an originating network in order to decouple the
systems that sign for calling party numbers from the systems that systems that sign for calling party numbers from the systems that
provide rich data about calls. provide rich data about calls.
In an alternative use case, the terminating user agent might query a In an alternative use case, the terminating user agent might query a
skipping to change at page 23, line 10 skipping to change at line 1007
would be generated, though the terminating user agent might receive a would be generated, though the terminating user agent might receive a
PASSporT object in return from the third-party service, and use the PASSporT object in return from the third-party service, and use the
"rcd" field in the object as a calling name to render to users while "rcd" field in the object as a calling name to render to users while
alerting. alerting.
While in the traditional telephone network, the business relationship While in the traditional telephone network, the business relationship
between calling customers and their telephone service providers is between calling customers and their telephone service providers is
the ultimate root of information about a calling party's name, some the ultimate root of information about a calling party's name, some
other forms of data like crowdsourced reputation scores might derive other forms of data like crowdsourced reputation scores might derive
from third parties. When those elements are present, they MUST be in from third parties. When those elements are present, they MUST be in
a third-party "rcd" PASSporT using "iss" claim described in the next a third-party "rcd" PASSporT using the "iss" claim described in the
section. next section.
10.1. Signing as a Third Party 10.1. Signing as a Third Party
A third-party PASSporT contains an "iss" element to distinguish its A third-party PASSporT contains an "iss" element to distinguish its
PASSporTs from first-party PASSporTs. Third-party "rcd" PASSporTs PASSporTs from first-party PASSporTs. Third-party "rcd" PASSporTs
are signed with credentials that do not have authority over the are signed with credentials that do not have authority over the
identity that appears in the "orig" element of the PASSporT claims. identity that appears in the "orig" element of the PASSporT claims.
The presence of "iss" signifies that a different category of The presence of "iss" signifies that a different category of
credential is being used to sign a PASSporT than the [RFC8226] credential is being used to sign a PASSporT than the certificates (as
certificates used to sign STIR calls; it is instead a certificate defined in [RFC8226]) used to sign STIR calls; it is instead a
that identifies the source of the "rcd" data. How those credentials certificate that identifies the source of the "rcd" data. How those
are issued and managed is outside the scope of this document; the credentials are issued and managed is outside the scope of this
value of "iss" however MUST reflect the Subject of the certificate document; however, the value of "iss" MUST reflect the Subject of the
used to sign a third-party PASSporT. The explicit mechanism for certificate used to sign a third-party PASSporT. The explicit
reflecting the subject field of the certificate is out of scope of mechanism for reflecting the Subject field of the certificate is out
this document and left to the certificate governance policies that of scope of this document and left to the certificate governance
define how to map the "iss" value in the PASSporT to the subject policies that define how to map the "iss" value in the PASSporT to
field in the certificate. Relying parties in STIR have always been the Subject field in the certificate. Relying parties in STIR have
left to make their own authorization decisions about whether to trust always been left to make their own authorization decisions about
the signers of PASSporTs, and in the third-party case, where an whether to trust the signers of PASSporTs; in the third-party case,
entity has explicitly queried a service to acquire the PASSporT where an entity has explicitly queried a service to acquire the
object, it may be some external trust or business relationship that PASSporT object, it may be some external trust or business
induces the relying party to trust a PASSporT. relationship that induces the relying party to trust a PASSporT.
An example of a Third Party issued PASSporT claims object is as An example of a PASSporT claims object issued by a third party is as
follows. follows.
{ "orig":{"tn":"12025551000"}, { "orig":{"tn":"12025551000"},
"dest":{"tn":["12025551001"]}, "dest":{"tn":["12025551001"]},
"iat":1443208345, "iat":1443208345,
"iss":"Zorin Industries", "iss":"Zorin Industries",
"rcd":{"nam":"James St. John Smythe"} } "rcd":{"nam":"James St. John Smythe"} }
10.2. Verification using Third Party RCD 10.2. Verification Using Third-Party RCD
The third-party "rcd" PASSporT cases must be considered in the The third-party "rcd" PASSporT cases must be considered in the
verification service, as an attacker could attempt to cut-and-paste verification service, as an attacker could attempt to cut and paste
such a third-party PASSporT into a SIP request in an effort to get such a third-party PASSporT into a SIP request in an effort to get
the terminating user agent to render the display name or confidence the terminating user agent to render the display name or confidence
values it contains to a call that should have no such assurance. values it contains to a call that should have no such assurance.
Following the rules of [RFC8225] and in particular if there is Following the rules of [RFC8225] and in particular if there are
multiple identity headers, for example with the case of the inclusion multiple identity headers (as in the case of the inclusion of an
of an "rcd" and "shaken" PASSporTs from two different signing "rcd" and "shaken" PASSporTs from two different signing providers), a
providers, a verification service MUST determine that the calling verification service MUST determine that the calling party number
party number shown in the "orig" of the "rcd" PASSporT corresponds to shown in the "orig" of the "rcd" PASSporT corresponds to the calling
the calling party number of the call it has received, and that the party number of the call it has received, and that the "iat" field of
"iat" field of the "rcd" PASSporT is within the date interval that the "rcd" PASSporT is within the date interval that the verification
the verification service would ordinarily accept for a PASSporT. It service would ordinarily accept for a PASSporT. It is possible that
is possible that if there is multiple identity headers are present, if multiple identity headers are present, only the verified identity
only the verified identity information should be considered when information should be considered when presenting call information to
presenting call information to an end user. an end user.
Verification services may alter their authorization policies for the Verification services may alter their authorization policies for the
credentials accepted to sign PASSporTs when third parties generate credentials accepted to sign PASSporTs when third parties generate
PASSporT objects, per Section 10.1. This may include accepting a PASSporT objects, per Section 10.1. This may include accepting a
valid signature over a PASSporT even if it is signed with a valid signature over a PASSporT even if it is signed with a
credential that does not attest authority over the identity in the credential that does not attest authority over the identity in the
"orig" claim of the PASSporT, provided that the verification service "orig" claim of the PASSporT, provided that the verification service
has some other reason to trust the signer. No further guidance on has some other reason to trust the signer. No further guidance on
verification service authorization policy is given here. verification service authorization policy is given here.
11. Levels of Assurance 11. Levels of Assurance
As "rcd" can be provided by either first party providers that are As "rcd" can be provided by either first-party providers that are
directly authorized to sign PASSporTs in the STIR eco-system or third directly authorized to sign PASSporTs in the STIR ecosystem or third-
party providers that are indirectly or delegated authority to sign party providers that are indirectly or delegated authority to sign
PASSporTs. Relying parties could benefit from an additional claim PASSporTs. Relying parties could benefit from an additional claim
that indicates the identification, in the form of a uniquely that indicates the identification, in the form of a uniquely
identifiable name, of the attesting party to the caller. Even in identifiable name, of the attesting party to the caller. Even in
first party cases, the Communications Service Provider (CSP) to which first-party cases, the Communications Service Provider (CSP) to which
a number was assigned might in turn delegate the number to a a number was assigned might in turn delegate the number to a
reseller, who would then sell the number to an enterprise, in which reseller, who would then sell the number to an enterprise, in which
case the CSP might have little insight into the caller's name. In case the CSP might have little insight into the caller's name. In
third party cases, a caller's name could be determined from any third-party cases, a caller's name could be determined from any
number of data sources, on a spectrum between public data scraped number of data sources, on a spectrum between public data scraped
from web searches to a direct business relationship to the caller. from web searches to a direct business relationship to the caller.
As multiple PASSporTs can be associated with the same call, As multiple PASSporTs can be associated with the same call,
potentially a verification service could receive attestations of the potentially a verification service could receive attestations of the
caller name from multiple sources, which have different levels of caller name from multiple sources, which have different levels of
granularity or accuracy. Therefore, third-party PASSporTs that carry granularity or accuracy. Therefore, third-party PASSporTs that carry
"rcd" data are RECOMMENDED to also carry an indication of the "rcd" data are RECOMMENDED to also carry an indication of the
identity of the generator of the PASSporT in the form of the 'iss' identity of the generator of the PASSporT in the form of the 'iss'
claim. claim.
12. Use of "rcd" PASSporTs in SIP 12. Use of "rcd" PASSporTs in SIP
This section documents SIP-specific usage for "rcd" PASSporTs and in This section documents SIP-specific usage for "rcd" PASSporTs and in
the SIP Identity header field value. Other using protocols of the SIP Identity header field value. Other protocols using PASSporT
PASSporT may define their own usages for the "rcd" PASSporTs. may define their own guidance for "rcd" PASSporTs.
12.1. Authentication Service Behavior for SIP protocol 12.1. Authentication Service Behavior for SIP Protocol
An authentication service creating a PASSporT containing an "rcd" An authentication service creating a PASSporT containing an "rcd"
claim MAY include a PASSporT extension ("ppt" value) of "rcd" or not. claim MAY include a PASSporT extension ("ppt" value) of "rcd".
Third-party authentication services following the behavior in Third-party authentication services following the behavior in
Section 10.1 MUST include a PASSporT extension value of "rcd". If Section 10.1 MUST include a PASSporT extension value of "rcd". If
PASSporT extension does contain an "rcd", then any SIP authentication the PASSporT extension does contain an "rcd", then any SIP
services MUST add a PASSporT extension "ppt" parameter to the authentication services MUST add a PASSporT extension "ppt" parameter
Identity header field containing that PASSporT with a value of "rcd". to the Identity header field containing that PASSporT with a value of
The resulting Identity header field might look as follows: "rcd". The resulting Identity header field might look as follows:
Identity: sv5CTo05KqpSmtHt3dcEiO/1CWTSZtnG3iV+1nmurLXV/HmtyNS7Ltrg9 Identity: sv5CTo05KqpSmtHt3dcEiO/1CWTSZtnG3iV+1nmurLXV/HmtyNS7Ltrg9
dlxkWzoeU7d7OV8HweTTDobV3itTmgPwCFjaEmMyEI3d7SyN21yNDo2ER/Ovgt dlxkWzoeU7d7OV8HweTTDobV3itTmgPwCFjaEmMyEI3d7SyN21yNDo2ER/Ovgt
w0Lu5csIppPqOg1uXndzHbG7mR6Rl9BnUhHufVRbp51Mn3w0gfUs=; w0Lu5csIppPqOg1uXndzHbG7mR6Rl9BnUhHufVRbp51Mn3w0gfUs=;
info=<https://biloxi.example.org/biloxi.cer>;alg=ES256; info=<https://biloxi.example.org/biloxi.cer>;alg=ES256;
ppt="rcd" ppt="rcd"
This document assumes that by default when using the SIP protocol, an This document assumes that by default when using the SIP protocol, an
authentication service determines the value of "rcd", specifically authentication service determines the value of "rcd", specifically
only for the "nam" key value, from the display-name component of the only for the "nam" key value, from the display-name component of the
From header field value of the request, alternatively for some calls From header field value of the request. Alternatively, for some
this may come from the P-Asserted-ID header. It is however a matter calls this may come from the P-Asserted-ID header. It is however a
of authentication service policy to decide how it populates the value matter of authentication service policy to decide how it populates
of "nam" key, which MAY also match or be determined by other fields the value of the "nam" key, which MAY also match or be determined by
in the request, from customer profile data, or from access to other fields in the request, from customer profile data or from
external services. If the authentication service generates an "rcd" access to external services. If the authentication service generates
claim containing "nam" with a value that is not string equivalent to an "rcd" claim containing "nam" with a value that is not string-
the From header field display-name value, it MUST use the full form equivalent to the From header field display-name value, it MUST use
of the PASSporT object in SIP. the full form of the PASSporT object in SIP.
In addition, {I-D.ietf-sipcore-callinfo-rcd}} defines a Call-Info In addition, [RFC9796] defines a Call-Info header field that MAY be
header field that MAY be used as a source of RCD information that an used as a source of RCD information that an authentication service
authentication services uses to construct the appropriate PASSporT uses to construct the appropriate PASSporT RCD claim types used.
RCD claim types used.
Note also that, as a best practice, the accuracy and legitimacy of Note also that, as a best practice, the accuracy and legitimacy of
Rich Call Data information that is included in the claims is Rich Call Data information that is included in the claims is
RECOMMENDED to follow a trust framework that is out of scope of this RECOMMENDED to follow a trust framework that is out of scope of this
document. As with telephone numbers for the STIR framework the document. As with telephone numbers for the STIR framework, the
authentication of Rich Call Data should follow some type of vetting authentication of Rich Call Data should follow some type of vetting
process by an entity that is authoritative over determining the process by an entity that is authoritative over determining the
accuracy and legitimacy of that information. This includes the accuracy and legitimacy of that information. This includes the
mechanisms for how and from whom that information is received by the mechanisms for how and from whom that information is received by the
authentication service. For example, the general use of Call-Info authentication service. For example, the general use of Call-Info
via SIP as a trusted source of RCD information on the authentication via SIP as a trusted source of RCD information on the authentication
side is NOT RECOMMENDED. side is NOT RECOMMENDED.
12.2. Verification Service Behavior for SIP protocol 12.2. Verification Service Behavior for SIP Protocol
[RFC8224] Section 6.2 Step 5 requires that future specifications [RFC8224], Section 6.2, Step 5 requires that future specifications
defining PASSporT extension ("ppt") values describe any additional defining PASSporT extension ("ppt") values describe any additional
verifier behavior specific to the SIP protocol. The general verifier behavior specific to the SIP protocol. The general
verification proceedures defined in Section 8.1 should be followed, verification procedures defined in Section 8.1 should be followed,
but the following paragraphs describe some of the specifics needed to but the following paragraphs describe some of the specifics needed to
implement a verification service using the SIP protocol. implement a verification service using the SIP protocol.
If the PASSporT is in compact form, then the verification service If the PASSporT is in compact form, then the verification service
MUST extract the display-name from the From header field value, if MUST extract the display-name from the From header field value, if
any, and MUST use that as the string value for the "nam" key when it any, and MUST use that as the string value for the "nam" key when it
recomputes the header and claims of the PASSporT object. recomputes the header and claims of the PASSporT object.
Additionally, if there exists a Call-Info header field as defined in Additionally, if there exists a Call-Info header field as defined in
[I-D.ietf-sipcore-callinfo-rcd], the "jcard" JSON object value MUST [RFC9796], the "jcard" JSON object value MUST be used to construct
be used to construct the "jcd" key value when it recomputes the the "jcd" key value when it recomputes the header and claims of the
header and claims of the PASSporT object. If the signature validates PASSporT object. If the signature validates over the recomputed
over the recomputed object, then the verification is considered object, then the verification is considered successful.
successful.
If the PASSporT is in full form with a PASSporT extension value of If the PASSporT is in full form with a PASSporT extension value of
"rcd", then the verification service MUST extract the value "rcd", then the verification service MUST extract the value
associated with the "rcd" claim "nam" key in the object. If the associated with the "rcd" claim "nam" key in the object. If the
PASSporT signature is verified successfully then the verification PASSporT signature is verified successfully, then the verification
service MUST additionally compare the string value of the "rcd" claim service MUST additionally compare the string value of the "rcd" claim
"nam" key value with the From header field value or the preferred "nam" key value with the From header field value or the preferred
value. The preferred value depends on local policy of the SIP value. The preferred value depends on local policy of the SIP
network technique that conveys the display name string through a network technique that conveys the display name string through a
field other than the From header field to interoperate with this field other than the From header field to interoperate with this
specification (e.g. P-Asserted-Identity) as discussed in [RFC8224]. specification (e.g., P-Asserted-Identity) as discussed in [RFC8224].
Similarly, "jcd" or "jcl" jcard information, "icn", "apn", or "crn" Similarly, "jcd" or "jcl" jCard information, "icn", "apn", or "crn"
can be optionally, based on local policy for devices that support it, can be optionally, based on local policy for devices that support it,
used to populate a Call-Info header field following the format of used to populate a Call-Info header field following the format of
[I-D.ietf-sipcore-callinfo-rcd]. If future defined PASSporT RCD [RFC9796]. If PASSporT RCD claims types defined in the future are
claims types are present, they should follow similar defined present, they should follow similar defined proceedures and policies.
proceedures and policies.
The behavior of a SIP UAS upon receiving an INVITE or other type of The behavior of a SIP User Agent Server (UAS) upon receiving an
session initiation request containing a PASSporT object with an "rcd" INVITE or other type of session initiation request containing a
claim largely remains a matter of implementation policy. In most PASSporT object with an "rcd" claim largely remains a matter of
cases, implementations would render this calling party name implementation policy. In most cases, implementations would render
information to the user while alerting. Any user interface additions this calling party name information to the user while alerting. Any
to express confidence in the veracity of this information are outside user interface additions to express confidence in the veracity of
the scope of this specification. this information are outside the scope of this specification.
13. Using "rcd", "rcdi", "crn" as additional claims to other PASSporT 13. Using "rcd", "rcdi", and "crn" as Additional Claims to Other
extensions PASSporT Extensions
Rich Call Data, including calling name information, as a common Rich Call Data, including calling name information, as a common
example, is often data that is additive to the personal example, is often data that is additive to the personal
communications information defined in the core PASSporT data required communications information defined in the core PASSporT data required
to support the security properties defined in [RFC8225]. For cases to support the security properties defined in [RFC8225]. For cases
where the entity originating the personal communications is where the entity originating the personal communications is
supporting the authentication service for the calling identity and is supporting the authentication service for the calling identity and is
the authority of the Rich Call Data, rather than creating multiple the authority of the Rich Call Data, rather than creating multiple
Identity header fields corresponding to multiple PASSporT extensions, Identity header fields corresponding to multiple PASSporT extensions,
the authentication service can alternatively directly add the "rcd" the authentication service can alternatively directly add the "rcd"
claim to a PASSporT that authenticates the calling identity. claim to a PASSporT that authenticates the calling identity.
13.1. Procedures for applying RCD claims as claims only 13.1. Procedures for Applying RCD Claims as Claims Only
For a given PASSporT using some other extension than "rcd", the For a given PASSporT using some other extension than "rcd", the
Authentication Service MAY additionally include the "rcd" defined in Authentication Service MAY additionally include the "rcd" defined in
{#rcd_define}, "rcdi" defined in {#rcdi_define}, and "crn" defined in Section 5, "rcdi" defined in Section 6, and "crn" defined in
{#crn_define} claims. This would result in a set of claims that Section 7 claims. This would result in a set of claims that
correspond to the original intended extension with the addition of correspond to the original intended extension with the addition of
the "rcd" claim. the "rcd" claim.
The Verification service that receives the PASSporT, if it supports The verification service that receives the PASSporT, if it supports
this specification and chooses to, should interpret the "rcd" claim this specification and chooses to, should interpret the "rcd" claim
as simply just an additional claim intended to deliver and/or as simply just an additional claim intended to deliver and/or
validate delivered Rich Call Data. validate delivered Rich Call Data.
13.2. Example for applying RCD claims as claims only 13.2. Example for Applying RCD Claims as Claims Only
In the case of [RFC8588] which is the PASSporT extension supporting In the case of [RFC8588], which is the PASSporT extension supporting
the SHAKEN specification [ATIS-1000074.v002], a common case for an the Signature-based Handling of Asserted information using toKENs
Authentication service to co-exist in a CSP network along with the (SHAKEN) specification [ATIS-1000074.v002], a common case is for an
authentication service to coexist in a CSP network along with the
authority over the calling name used for the call. Rather than authority over the calling name used for the call. Rather than
require two identity headers, the CSP Authentication Service can require two identity headers, the CSP authentication service can
apply both the SHAKEN PASSporT claims and extension and simply add apply both the SHAKEN PASSporT claims and extension and simply add
the "rcd" required claims defined in this document. the "rcd" required claims defined in this document.
For example, the PASSporT claims for the "shaken" PASSporT with "rcd" For example, the PASSporT claims for the "shaken" PASSporT with "rcd"
claims would be as follows: claims would be as follows:
Protected Header Protected Header
{ {
"alg":"ES256", "alg":"ES256",
"typ":"passport", "typ":"passport",
skipping to change at page 28, line 22 skipping to change at line 1247
Payload Payload
{ {
"attest":"A", "attest":"A",
"dest":{"tn":["12025551001"]}, "dest":{"tn":["12025551001"]},
"iat":1443208345, "iat":1443208345,
"orig":{"tn":"12025551000"}, "orig":{"tn":"12025551000"},
"origid":"123e4567-e89b-12d3-a456-426655440000", "origid":"123e4567-e89b-12d3-a456-426655440000",
"rcd":{"nam":"James Bond"} "rcd":{"nam":"James Bond"}
} }
A Verification Service that understands and supports claims defined A verification service that understands and supports claims defined
in the "rcd" and "shaken" PASSporT extensions is able to receive the in the "rcd" and "shaken" PASSporT extensions is able to receive the
above PASSporT and interpret both the "shaken" claims as well as the above PASSporT and interpret both the "shaken" claims as well as the
"rcd" defined claims. "rcd" claims.
If the Verification Service only understands the "shaken" PASSporT If the verification service only understands the "shaken" PASSporT
extension claims and doesn't support "rcd" PASSporT extension or extension claims and doesn't support the "rcd" PASSporT extension or
claims, then the "rcd" claim, in this example, is used during claims, then the "rcd" claim in this example is used during PASSporT
PASSporT signature validation but is otherwise ignored and signature validation but is otherwise ignored and disregarded.
disregarded.
14. Further Information Associated with Callers 14. Further Information Associated with Callers
Beyond naming information and the information that can be contained Beyond naming information and the information that can be contained
in a jCard [RFC7095] object, there may be additional human-readable in a jCard object [RFC7095], there may be additional human-readable
information about the calling party that should be rendered to the information about the calling party that should be rendered to the
end user in order to help the called party decide whether or not to end user in order to help the called party decide whether or not to
pick up the phone. This is not limited to information about the pick up the phone. This is not limited to information about the
caller, but includes information about the call itself, which may caller; it includes information about the call itself, which may
derive from analytics that determine based on call patterns or derive from analytics that determine (based on call patterns or
similar data if the call is likely to be one the called party wants similar data) if the call is likely to be one the called party wants
to receive. Such data could include: to receive. Such data could include:
* information related to the location of the caller, or * information related to the location of the caller, or
* any organizations or institutions that the caller is associated * any organizations or institutions that the caller is associated
with, or even categories of institutions (is this a government with, or even categories of institutions (whether this a
agency, or a bank, or what have you), or government agency, a bank, or what have you), or
* hyperlinks to images, such as logos or pictures of faces, or to * hyperlinks to images, such as logos or pictures of faces, or to
similar external profile information, or similar external profile information, or
* information processed by an application before rendering it to a * information processed by an application before rendering it to a
user, like social networking data that shows that an unknown user, like social networking data that shows that an unknown
caller is a friend-of-a-friend, or reputation scores derived from caller is a friend-of-a-friend, or reputation scores derived from
crowdsourcing, or confidence scores based on broader analytics crowdsourcing, or confidence scores based on broader analytics
about the caller and callee. about the caller and callee.
All of these data elements would benefit from the secure attestations All of these data elements would benefit from the secure attestations
provided by the STIR and PASSporT frameworks. A new IANA registry provided by the STIR and PASSporT frameworks. A new IANA registry
has been defined to hold potential values of the "rcd" array; see has been defined to hold potential values of the "rcd" array; see
Section 16.3. Specific extensions to the "rcd" PASSporT claim are Section 15.3. Specific extensions to the "rcd" PASSporT claim are
left for future specification. left for future specification.
There is a few ways RCD can be extended in the future, jCard is an There are a few ways RCD can be extended in the future; jCard is an
extensible object and the key/values in the RCD claim object can also extensible object and the key/values in the RCD claim object can also
be extended. General guidance for future extensibility that were be extended. General guidance for future extensibility that was
followed by the authors is that jCard generally should refer to data followed by the authors is that jCard typically should refer to data
that references the caller as an individual or entity, where other that references the caller as an individual or entity, whereas other
claims, such as "crn" refer to data regarding the specific call. claims, such as "crn", refer to data regarding the specific call.
There may be other considerations discovered in the future, but this There may be other considerations discovered in the future, but this
logical grouping of data to the extent possible should be followed logical grouping of data should be followed to the extent possible
for future extensibility. for future extensibility.
15. Acknowledgements 15. IANA Considerations
We would like to thank David Hancock, Robert Sparks, Russ Housley,
Eric Burger, Alec Fenichel, Ben Campbell, Jack Rickard, Jordan
Simpson for helpful suggestions, review, and comments.
16. IANA Considerations
16.1. JSON Web Token Claim
This document requests that the IANA add three new claims to the JSON
Web Token Claims registry as defined in [RFC7519].
Claim Name: "rcd"
Claim Description: Rich Call Data Information
Change Controller: IESG
Specification Document(s): [RFCThis]
Claim Name: "rcdi"
Claim Description: Rich Call Data Integrity Information
Change Controller: IESG 15.1. JSON Web Token Claim
Specification Document(s): [RFCThis]
Claim Name: "crn" Per this document, IANA has added three new claims to the "JSON Web
Token Claims" registry as defined in [RFC7519].
Claim Description: Call Reason Claim Name: "rcd"
Claim Description: Rich Call Data Information
Change Controller: IETF
Reference: RFC 9795
Change Controller: IESG Claim Name: "rcdi"
Claim Description: Rich Call Data Integrity Information
Change Controller: IETF
Reference: RFC 9795
Specification Document(s): [RFCThis] Claim Name: "crn"
Claim Description: Call Reason
Change Controller: IETF
Reference: RFC 9795
16.2. Personal Assertion Token (PASSporT) Extensions 15.2. Personal Assertion Token (PASSporT) Extensions
This document requests that the IANA add a new entry to the Personal Per this document, IANA has added a new entry to the "Personal
Assertion Token (PASSporT) Extensions registry for the type "rcd" Assertion Token (PASSporT) Extensions" registry for the type "rcd"
which is specified in [RFCThis]. which is specified in this document.
16.3. PASSporT RCD Claim Types 15.3. PASSporT RCD Claim Types
This document requests that the IANA create a new registry for IANA has created a new "PASSporT RCD Claim Types" registry in the
PASSporT RCD claim types. This new registry should be added to the "Personal Assertion Token (PASSporT)" registry group. Registration
"Personal Assertion Token (PASSporT)" group. Registration of new of new PASSporT RCD claim types shall be under the Specification
PASSporT RCD claim types shall be under the Specification Required Required policy [RFC8126].
policy.
This registry is to be initially populated with five claim name This registry is initially populated with five claim name values,
values, "nam", "apn", "icn", "jcd", and "jcl", which are specified in "nam", "apn", "icn", "jcd", and "jcl", which are specified in this
[RFCThis]. This is a two column registry with column1 = "Name" and document. The columns are "Name" and "Reference". Any new
column2 = "Reference Document". Any new registrations should consist registrations should consist of only of the name and the reference
of only of the name and the reference document. There is an document. There is an obligation for expert review, where the
obligation for expert review, where the designated expert should designated expert should validate that the proposed new PASSporT RCD
validate that the proposed new PASSporT RCD claim type has a scope claim type has a scope that doesn't potentially conflict or overlap
that doesn't potentially conflict or overlap with the usage or with the usage or interpretation of the other existing types in the
interpretation of the other existing types in the registry. registry.
17. Security Considerations 16. Security Considerations
The process of signing information contained in a "rcd" PASSporT, The process of signing information contained in a "rcd" PASSporT
whether the identities, identifiers, alternate identities or (whether the identities, identifiers, alternate identities or
identifiers, images, logos, physical addresses, or otherwise should identifiers, images, logos, physical addresses, or otherwise) should
follow some vetting process in which an authoritative entity should follow some vetting process in which an authoritative entity follows
follow an appropriate consistent policy defined and governed by the an appropriate consistent policy defined and governed by the
eco-system using RCD and the STIR framework. This can be of many ecosystem using RCD and the STIR framework. This can be of many
forms, depending on the setup and constraints of the policy forms, depending on the setup and constraints of the policy
requirements of the eco-system and is therefore out-of-scope of this requirements of the ecosystem, and is therefore out of scope of this
document. However, the general chain of trust that signers of "rcd" document. However, the general chain of trust that signers of "rcd"
PASSporT are either directly authoritative or have been delegated PASSporT are either directly authoritative or have been delegated
authority through certificates using JWT Claim Constraints and authority through certificates using JWT Claim Constraints and
integrity mechanisms defined in this and related documents is integrity mechanisms defined in this and related documents is
critical to maintain the integrity of the eco-system utilizing this critical to maintain the integrity of the ecosystem utilizing this
and other STIR related specifications. and other STIR-related specifications.
Revealing information such as the name, location, and affiliation of Revealing information such as the name, location, and affiliation of
a person necessarily entails certain privacy risks. Baseline a person necessarily entails certain privacy risks. Baseline
PASSporT has no particular confidentiality requirement, as the PASSporT has no particular confidentiality requirement, as the
information it signs in many current base communications protocols, information it signs in many current base communications protocols
for example SIP, is information that carried in the clear anyway. (for example, SIP) is information that is carried in the clear
Transport-level security can hide those SIP fields from anyway. Transport-level security can hide those SIP fields from
eavesdroppers, and the same confidentiality mechanisms would protect eavesdroppers, and the same confidentiality mechanisms would protect
any PASSporT(s) carried in SIP. any PASSporT(s) carried in SIP.
The dereferencing and download of any RCD URI linked resources as The dereferencing and download of any RCD URI-linked resources as
part of verification either in-network or on device could provide part of verification either in-network or on device could provide
some level of information about calling patterns, so this should be some level of information about calling patterns, so this should be
considered when making these resources available. considered when making these resources available.
The use of JWTClaimConstraints, a mechanism defined in [RFC8226] and The use of JWTClaimConstraints, a mechanism defined in [RFC8226] and
extended in [RFC9118] to constrain any of the RCD information in the extended in [RFC9118], to constrain any of the RCD information in the
public certificate by including that information in the certificate, public certificate by including that information in the certificate,
depending on the availability in the deployment of the PKI system, depending on the availability in the deployment of the PKI system,
may present a privacy issue. The use of "rcdi" claim and digests for may present a privacy issue. The use of the "rcdi" claim and digests
representing JWT claim contents is RECOMMENDED for the prevention of for representing JWT claim contents is RECOMMENDED for the prevention
the exposure of that information through the certificates which are of the exposure of that information through the certificates that are
often publically accessible and available. often publicly accessible and available.
Since computation of "rcdi" digests for URIs requires the loading of Since computation of "rcdi" digests for URIs requires the loading of
referenced content, it would be best practice to validate that referenced content, it would be best practice to validate that
content at the creation of the "rcdi" or corresponding JWT claim content at the creation of the "rcdi" or corresponding JWT claim
constraint value by checking for content that may cause issues for constraint value by checking for content that may cause issues for
verification services or that doesn't follow the behavior defined in verification services or that doesn't follow the behavior defined in
this document, e.g., unreasonably sized data, the inclusion of this document, e.g., unreasonably sized data, the inclusion of
recursive URI references, etc. Along the same lines, the recursive URI references, etc. Along the same lines, the
verification service should also use precautionary best practices to verification service should also use precautionary best practices to
avoid attacks when accessing URI linked content. avoid attacks when accessing URI-linked content.
As general guidance, the use of URLs and URIs that reference As general guidance, the use of URLs and URIs that reference
potentially dangerous or intentionally harmful content should be potentially dangerous or intentionally harmful content should be
considered in implimenting this specification. [RFC3986] Section 7 considered in implementing this specification. [RFC3986], Section 7
contains good additional guidance to consider when communicating or contains good additional guidance to consider when communicating or
dereferencing URLs and URIs. dereferencing URLs and URIs.
17.1. The use of JWT Claim Constraints in delegate certificates to 16.1. Use of JWT Claim Constraints in Delegate Certificates to Exclude
exclude unauthorized claims Unauthorized Claims
While this can apply to any PASSporT that is signed with a STIR While this can apply to any PASSporT that is signed with a STIR
Delegate Certificates [RFC9060], it is important to note that when Delegate Certificate [RFC9060], it is important to note that when
constraining PASSporTs to include specific claims or contents of constraining PASSporTs to include specific claims or contents of
claims, it is also important to consider potential attacks by non- claims, it is also important to consider potential attacks by non-
authorized signers that may include other potential PASSporT claims authorized signers that may include other potential PASSporT claims
that weren't originally vetted by the authorized entity providing the that weren't originally vetted by the authorized entity providing the
delegate certificate. The use of JWT claims constraints as defined delegate certificate. The use of JWT claims constraints (as defined
in [RFC9118] for preventing the ability to include claims beyond the in [RFC9118]) for preventing the ability to include claims beyond the
claims defined in this document may need to be considered. claims defined in this document may need to be considered.
18. References 17. References
18.1. Normative References
[I-D.ietf-sipcore-callinfo-rcd] 17.1. Normative References
Wendt, C. and J. Peterson, "SIP Call-Info Parameters for
Rich Call Data", Work in Progress, Internet-Draft, draft-
ietf-sipcore-callinfo-rcd-06, 3 June 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-
callinfo-rcd-06>.
[IANA-COSE-ALG] [IANA-COSE-ALG]
"COSE Algorithms IANA, "COSE Algorithms",
<https://www.iana.org/assignments/cose/cose.xhtml>", n.d.. <https://www.iana.org/assignments/cose>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002, DOI 10.17487/RFC3261, June 2002,
skipping to change at page 34, line 14 skipping to change at line 1499
[RFC9060] Peterson, J., "Secure Telephone Identity Revisited (STIR) [RFC9060] Peterson, J., "Secure Telephone Identity Revisited (STIR)
Certificate Delegation", RFC 9060, DOI 10.17487/RFC9060, Certificate Delegation", RFC 9060, DOI 10.17487/RFC9060,
September 2021, <https://www.rfc-editor.org/info/rfc9060>. September 2021, <https://www.rfc-editor.org/info/rfc9060>.
[RFC9118] Housley, R., "Enhanced JSON Web Token (JWT) Claim [RFC9118] Housley, R., "Enhanced JSON Web Token (JWT) Claim
Constraints for Secure Telephone Identity Revisited (STIR) Constraints for Secure Telephone Identity Revisited (STIR)
Certificates", RFC 9118, DOI 10.17487/RFC9118, August Certificates", RFC 9118, DOI 10.17487/RFC9118, August
2021, <https://www.rfc-editor.org/info/rfc9118>. 2021, <https://www.rfc-editor.org/info/rfc9118>.
18.2. Informative References [RFC9796] Wendt, C. and J. Peterson, "SIP Call-Info Parameters for
Rich Call Data", RFC 9796, DOI 10.17487/RFC9796, May 2025,
<https://www.rfc-editor.org/info/rfc9796>.
17.2. Informative References
[ATIS-1000074.v002] [ATIS-1000074.v002]
ATIS/SIP Forum NNI Task Group, "Signature-based Handling Alliance for Telecommunications Industry Solutions,
of Asserted information using toKENs (SHAKEN) "Signature-based Handling of Asserted information using
<https://access.atis.org/apps/group_public/ toKENs (SHAKEN)", November 2021.
download.php/62391/ATIS-1000074.v002.pdf>", November 2021.
[RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private [RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private
Extensions to the Session Initiation Protocol (SIP) for Extensions to the Session Initiation Protocol (SIP) for
Asserted Identity within Trusted Networks", RFC 3325, Asserted Identity within Trusted Networks", RFC 3325,
DOI 10.17487/RFC3325, November 2002, DOI 10.17487/RFC3325, November 2002,
<https://www.rfc-editor.org/info/rfc3325>. <https://www.rfc-editor.org/info/rfc3325>.
[RFC7340] Peterson, J., Schulzrinne, H., and H. Tschofenig, "Secure [RFC7340] Peterson, J., Schulzrinne, H., and H. Tschofenig, "Secure
Telephone Identity Problem Statement and Requirements", Telephone Identity Problem Statement and Requirements",
RFC 7340, DOI 10.17487/RFC7340, September 2014, RFC 7340, DOI 10.17487/RFC7340, September 2014,
<https://www.rfc-editor.org/info/rfc7340>. <https://www.rfc-editor.org/info/rfc7340>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8816] Rescorla, E. and J. Peterson, "Secure Telephone Identity [RFC8816] Rescorla, E. and J. Peterson, "Secure Telephone Identity
Revisited (STIR) Out-of-Band Architecture and Use Cases", Revisited (STIR) Out-of-Band Architecture and Use Cases",
RFC 8816, DOI 10.17487/RFC8816, February 2021, RFC 8816, DOI 10.17487/RFC8816, February 2021,
<https://www.rfc-editor.org/info/rfc8816>. <https://www.rfc-editor.org/info/rfc8816>.
[TS.3GPP.24.229]
3GPP, "IP multimedia call control protocol based on
Session Initiation Protocol (SIP) and Session Description
Protocol (SDP); Stage 3", 16.7.0, 3GPP TS 24.229,
September 2020,
<https://www.3gpp.org/ftp/Specs/html-info/24229.htm>.
[W3C-SubresourceIntegrity] [W3C-SubresourceIntegrity]
W3C, "Subresource Integrity <https://www.w3.org/TR/SRI/>", Akhawe, D., Ed., Braun, F., Ed., Marier, F., Ed., and J.
23 June 2016. Weinberger, Ed., "Subresource Integrity", W3C
Recommendation, 23 June 2016,
<https://www.w3.org/TR/2016/REC-SRI-20160623/>.
Acknowledgements
We would like to thank David Hancock, Robert Sparks, Russ Housley,
Eric Burger, Alec Fenichel, Ben Campbell, Jack Rickard, Jordan
Simpson for helpful suggestions, review, and comments.
Authors' Addresses Authors' Addresses
Chris Wendt Chris Wendt
Somos Inc. Somos Inc.
Email: chris-ietf@chriswendt.net Email: chris-ietf@chriswendt.net
Jon Peterson Jon Peterson
Neustar Inc. Neustar Inc.
Email: jon.peterson@neustar.biz Email: jon.peterson@neustar.biz
 End of changes. 192 change blocks. 
630 lines changed or deleted 614 lines changed or added

This html diff was produced by rfcdiff 1.48.