draft-ietf-stir-rph-04.txt   draft-ietf-stir-rph-05.txt 
STIR R. Singh STIR R. Singh
Internet-Draft Vencore Labs Internet-Draft Vencore Labs
Intended status: Standards Track M. Dolly Intended status: Standards Track M. Dolly
Expires: October 27, 2018 AT&T Expires: November 5, 2018 AT&T
S. Das S. Das
Vencore Labs Vencore Labs
A. Nguyen A. Nguyen
Office of Emergency Communication/DHS Office of Emergency Communication/DHS
April 25, 2018 May 04, 2018
PASSporT Extension for Resource Priority Authorization PASSporT Extension for Resource Priority Authorization
draft-ietf-stir-rph-04 draft-ietf-stir-rph-05
Abstract Abstract
This document extends the PASSporT (Personal Assertion Token) This document extends the PASSporT (Personal Assertion Token)
specification defined in [RFC8225] to allow the inclusion of specification defined in [RFC8225] to allow the inclusion of
cryptographically signed assertions of authorization for the values cryptographically signed assertions of authorization for the values
populated in the 'Session Initiation Protocol (SIP) Resource- populated in the 'Session Initiation Protocol (SIP) Resource-
Priority' header field, which is used for communications resource Priority' header field, which is used for communications resource
prioritization. prioritization.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 27, 2018. This Internet-Draft will expire on November 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 21 skipping to change at page 2, line 21
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. PASSporT 'rph' Claim . . . . . . . . . . . . . . . . . . . . 4 3. PASSporT 'rph' Claim . . . . . . . . . . . . . . . . . . . . 4
4. 'rph' in SIP . . . . . . . . . . . . . . . . . . . . . . . . 5 4. 'rph' in SIP . . . . . . . . . . . . . . . . . . . . . . . . 5
4.1. Authentication Service Behavior . . . . . . . . . . . . . 5 4.1. Authentication Service Behavior . . . . . . . . . . . . . 5
4.2. Verification Service Behavior . . . . . . . . . . . . . . 6 4.2. Verification Service Behavior . . . . . . . . . . . . . . 6
5. Further Information Associated with 'Resource-Priority' . . . 6 5. Further Information Associated with 'Resource-Priority' . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6.1. PASSporT Extension Claims Registration . . . . . . . . . 7 6.1. JSON Web Token Claims . . . . . . . . . . . . . . . . . . 7
6.2. 'rph' Types . . . . . . . . . . . . . . . . . . . . . . . 7 6.2. PASSporT Types . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7.1. Avoidance of replay and cut and paste attacks . . . . . . 7 7.1. Avoidance of replay and cut and paste attacks . . . . . . 7
7.2. Solution Considerations . . . . . . . . . . . . . . . . . 7 7.2. Solution Considerations . . . . . . . . . . . . . . . . . 8
7.3. Acknowledgements . . . . . . . . . . . . . . . . . . . . 8 7.3. Acknowledgements . . . . . . . . . . . . . . . . . . . . 8
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.1. Normative References . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . 8
8.2. Informative References . . . . . . . . . . . . . . . . . 9 8.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
PASSporT [RFC8225] is a token format based on JSON Web Token (JWT) PASSporT [RFC8225] is a token format based on JSON Web Token (JWT)
[RFC7519] for conveying cryptographically signed information about [RFC7519] for conveying cryptographically signed information about
skipping to change at page 4, line 48 skipping to change at page 4, line 48
that correspond to the r-values indicated in the 'SIP Resource- that correspond to the r-values indicated in the 'SIP Resource-
Priority' header field. Priority' header field.
The following is an example "rph" claim for a 'SIP Resource-Priority' The following is an example "rph" claim for a 'SIP Resource-Priority'
header field with a r-value of "ets.0" and with another r-value of header field with a r-value of "ets.0" and with another r-value of
"wps.0". "wps.0".
{ {
"orig":{"tn":"12155550112"}, "orig":{"tn":"12155550112"},
"dest":{["tn":"12125550113"]}, "dest":{["tn":"12125550113"]},
"iat":"1443208345", "iat":1443208345,
"rph":{"auth":["ets.0", "wps.0"]} "rph":{"auth":["ets.0", "wps.0"]}
} }
After the header and claims PASSporT objects have been constructed, After the header and claims PASSporT objects have been constructed,
their signature is generated normally per the guidance in [RFC8225] their signature is generated normally per the guidance in [RFC8225]
using the full form of PASSPorT. The credentials (i.e., Certificate) using the full form of PASSPorT. The credentials (i.e., Certificate)
used to create the signature must have authority over the namespace used to create the signature must have authority over the namespace
of the "rph" claim and there is only one authority per claim. The of the "rph" claim and there is only one authority per claim. The
authority MUST use its credentials associated with the specific authority MUST use its credentials associated with the specific
service supported by the resource priority namespace in the claim. service supported by the resource priority namespace in the claim.
skipping to change at page 7, line 13 skipping to change at page 7, line 13
Priority'. Priority'.
A new IANA registry has been defined to hold potential values of the A new IANA registry has been defined to hold potential values of the
"rph" array; see Section 6.2. The definition of the "rph" claim may "rph" array; see Section 6.2. The definition of the "rph" claim may
have one or more such additional information field(s). Details of have one or more such additional information field(s). Details of
such "rph" claim to encompass other data elements are left for future such "rph" claim to encompass other data elements are left for future
version of this specification. version of this specification.
6. IANA Considerations 6. IANA Considerations
6.1. PASSporT Extension Claims Registration 6.1. JSON Web Token Claims
This document registers a new "ppt" value for the "Personal Assertion This specification requests that the IANA add a new claim to the JSON
Token (PASSporT) Extensions" table. Web Token Claims registry as defined in [RFC7519].
o Claim Name: "rph" o Claim Name: "rph"
o Claim Description: Resource Priority Header Authorization o Claim Description: Resource Priority Header Authorization
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3 of [RFCThis] o Specification Document(s): Section 3 of [RFCThis]
6.2. 'rph' Types 6.2. PASSporT Types
This specification also requests that the IANA creates a new registry This specification also requests that the IANA creates a new entry to
for "rph" types. Each registry entry must contain two fields: the the PASSporT Types registry for the type "rph" which is specified in
name of the "rph" type and the specification in which the type is [RFCThis]. In addition, another registry needs to be created in
described. This registry is to be initially populated with a single which each entry must contain two fields: the name of the "rph" type
value for "auth" which is specified in [RFCThis]. Registration of and the specification in which the type is described. This registry
new "rph" types shall be under the specification required policy. is to be initially populated with a single value for "auth" which is
specified in [RFCThis]. Registration of new "rph" types shall be
under the specification required policy.
7. Security Considerations 7. Security Considerations
The security considerations discussed in [RFC8224] in Section 12 are The security considerations discussed in [RFC8224] in Section 12 are
applicable here. applicable here.
7.1. Avoidance of replay and cut and paste attacks 7.1. Avoidance of replay and cut and paste attacks
The PASSporT extension with a "ppt" value of "rph" MUST only be sent The PASSporT extension with a "ppt" value of "rph" MUST only be sent
with SIP INVITE when 'Resource-Priority' header field is used to with SIP INVITE when 'Resource-Priority' header field is used to
 End of changes. 11 change blocks. 
18 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/