Personal Assertion Token (PASSporT)
draft-ietf-stir-passport-11

Document Type Active Internet-Draft (stir WG)
Last updated 2017-02-09
Stream IETF
Intended RFC status Proposed Standard
Formats plain text xml pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Robert Sparks
Shepherd write-up Show (last changed 2016-11-01)
IESG IESG state IESG Evaluation::AD Followup
Consensus Boilerplate Yes
Telechat date
Has enough positions to pass.
Responsible AD Alissa Cooper
Send notices to "Robert Sparks" <rjsparks@nostrum.com>
IANA IANA review state Version Changed - Review Needed
IANA action state None
STIR                                                            C. Wendt
Internet-Draft                                                   Comcast
Intended status: Standards Track                             J. Peterson
Expires: August 13, 2017                                    Neustar Inc.
                                                       February 09, 2017

                  Personal Assertion Token (PASSporT)
                      draft-ietf-stir-passport-11

Abstract

   This document defines a method for creating and validating a token
   that cryptographically verifies an originating identity, or more
   generally a URI or telephone number representing the originator of
   personal communications.  The PASSporT token is cryptographically
   signed to protect the integrity of the identity the originator and to
   verify the assertion of the identity information at the destination.
   The cryptographic signature is defined with the intention that it can
   confidently verify the originating persona even when the signature is
   sent to the destination party over an insecure channel.  PASSporT is
   particularly useful for many personal communications applications
   over IP networks and other multi-hop interconnection scenarios where
   the originating and destination parties may not have a direct trusted
   relationship.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 13, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Wendt & Peterson         Expires August 13, 2017                [Page 1]
Internet-Draft                  PASSporT                   February 2017

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  PASSporT Token Overview . . . . . . . . . . . . . . . . . . .   4
   4.  PASSporT Header . . . . . . . . . . . . . . . . . . . . . . .   5
     4.1.  "typ" (Type) Header Parameter . . . . . . . . . . . . . .   5
     4.2.  "alg" (Algorithm) Header Parameter  . . . . . . . . . . .   5
     4.3.  "x5u" (X.509 URL) Header Parameter  . . . . . . . . . . .   5
     4.4.  Example PASSporT header . . . . . . . . . . . . . . . . .   6
   5.  PASSporT Payload  . . . . . . . . . . . . . . . . . . . . . .   6
     5.1.  JWT defined claims  . . . . . . . . . . . . . . . . . . .   6
       5.1.1.  "iat" - Issued At claim . . . . . . . . . . . . . . .   6
     5.2.  PASSporT specific claims  . . . . . . . . . . . . . . . .   6
       5.2.1.  Originating and Destination Identity Claims . . . . .   7
       5.2.2.  "mky" - Media Key claim . . . . . . . . . . . . . . .   8
   6.  PASSporT Signature  . . . . . . . . . . . . . . . . . . . . .  10
   7.  Compact form of PASSporT  . . . . . . . . . . . . . . . . . .  10
     7.1.  Example Compact form PASSporT Token . . . . . . . . . . .  11
   8.  Extending PASSporT  . . . . . . . . . . . . . . . . . . . . .  11
     8.1.  "ppt" (PASSporT) header parameter . . . . . . . . . . . .  12
     8.2.  Example extended PASSporT header  . . . . . . . . . . . .  12
     8.3.  Extended PASSporT Claims  . . . . . . . . . . . . . . . .  13
   9.  Deterministic JSON Serialization  . . . . . . . . . . . . . .  13
     9.1.  Example PASSport deterministic JSON form  . . . . . . . .  14
   10. Security Considerations . . . . . . . . . . . . . . . . . . .  15
     10.1.  Avoidance of replay and cut and paste attacks  . . . . .  15
     10.2.  Solution Considerations  . . . . . . . . . . . . . . . .  15
Show full document text