PASSporT: Personal Assertion Token
RFC 8225

Document Type RFC - Proposed Standard (February 2018; No errata)
Last updated 2018-02-14
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Robert Sparks
Shepherd write-up Show (last changed 2016-11-01)
IESG IESG state RFC 8225 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Adam Roach
Send notices to "Robert Sparks" <rjsparks@nostrum.com>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                          C. Wendt
Request for Comments: 8225                                       Comcast
Category: Standards Track                                    J. Peterson
ISSN: 2070-1721                                             Neustar Inc.
                                                           February 2018

                   PASSporT: Personal Assertion Token

Abstract

   This document defines a method for creating and validating a token
   that cryptographically verifies an originating identity or, more
   generally, a URI or telephone number representing the originator of
   personal communications.  The Personal Assertion Token, PASSporT, is
   cryptographically signed to protect the integrity of the identity of
   the originator and to verify the assertion of the identity
   information at the destination.  The cryptographic signature is
   defined with the intention that it can confidently verify the
   originating persona even when the signature is sent to the
   destination party over an insecure channel.  PASSporT is particularly
   useful for many personal-communications applications over IP networks
   and other multi-hop interconnection scenarios where the originating
   and destination parties may not have a direct trusted relationship.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8225.

Wendt & Peterson             Standards Track                    [Page 1]
RFC 8225                        PASSporT                   February 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Wendt & Peterson             Standards Track                    [Page 2]
RFC 8225                        PASSporT                   February 2018

Table of Contents

   1. Introduction ....................................................4
   2. Terminology .....................................................4
   3. PASSporT Overview ...............................................5
   4. PASSporT Header .................................................6
      4.1. "typ" (Type) Header Parameter ..............................6
      4.2. "alg" (Algorithm) Header Parameter .........................6
      4.3. "x5u" (X.509 URL) Header Parameter .........................6
      4.4. Example PASSporT Header ....................................7
   5. PASSporT Payload ................................................7
      5.1. JWT-Defined Claims .........................................7
           5.1.1. "iat" (Issued At) Claim .............................7
      5.2. PASSporT-Specific Claims ...................................8
           5.2.1. Originating and Destination Identity Claims .........8
           5.2.2. "mky" (Media Key) Claim ............................10
   6. PASSporT Signature .............................................11
   7. Compact Form of PASSporT .......................................12
      7.1. Example Compact Form of PASSporT ..........................13
   8. Extending PASSporT .............................................13
      8.1. "ppt" (PASSporT) Header Parameter .........................13
      8.2. Example Extended PASSporT Header ..........................14
      8.3. Extended PASSporT Claims ..................................14
   9. Deterministic JSON Serialization ...............................15
      9.1. Example PASSporT Deterministic JSON Form ..................16
   10. Security Considerations .......................................17
      10.1. Avoidance of Replay and Cut-and-Paste Attacks ............17
      10.2. Solution Considerations ..................................18
   11. IANA Considerations ...........................................18
      11.1. Media Type Registration ..................................18
Show full document text