Persona Assertion Token
draft-ietf-stir-passport-06

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 8225.
Authors Chris Wendt , Jon Peterson
Last updated 2016-08-22
RFC stream Internet Engineering Task Force (IETF)
Formats
txt htmlized pdf bibtex bibxml
Reviews
OPSDIR Last Call review (of -09) by Bert Wijnen Ready
GENART Last Call review (of -09) by Roni Even Ready
Additional resources Mailing list discussion
Stream WG state In WG Last Call
Document shepherd (None)
IESG IESG state Became RFC 8225 (Proposed Standard)
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits Search email archive
draft-ietf-stir-passport-06 
quot;signature", with the value BASE64URL(JWS Signature)

   Note: there will never be a JWS Unprotected Header for PASSporT.

   First, an example PASSporT Protected Header is as follows:

       {
           "typ":"passport",
           "alg":"ES256",
           "x5u":"https://cert.example.org/passport.cer"
       }

   This would be serialized to the form:

       {"alg":"ES256","typ":"passport","x5u":"https://cert.example.org/
           passport.cer"}

   Encoding this with UTF8 and BASE64 encoding produces this value:

       eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9j
       ZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9

   Second, an example PASSporT Payload is as follows:

       {
           "dest":{"uri":["sip:alice@example.com"]}
           "iat":"1443208345",
           "orig":{"tn":"12155551212"}
       }

   This would be serialized to the form:

       {"dest":{"uri":["sip:alice@example.com"]},"iat":"1443208345",
           "orig":{"tn":"12155551212"}}

   Encoding this with the UTF8 and BASE64 encoding produces this value:

       eyJkZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhd
       CI6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0

   Computing the digital signature of the PASSporT Signing Input
   ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS
   Payload))

       rq3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYso
       jNCpTzO3QfPOlckGaS6hEck7w

Wendt & Peterson        Expires February 23, 2017              [Page 15]
Internet-Draft                  PASSporT                     August 2016

   The final PASSporT token is produced by concatenating the values in
   the order Header.Payload.Signature with period (',') characters.  For
   the above example values this would produce the following:

       eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly
       9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9
       .
       eyJkZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhd
       CI6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0
       .
       rq3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYso
       jNCpTzO3QfPOlckGaS6hEck7w

A.1.  X.509 Private Key Certificate for Example

       -----BEGIN EC PRIVATE KEY-----
       MHcCAQEEIFeZ1R208QCvcu5GuYyMfG4W7sH4m99/7eHSDLpdYllFoAoGCCqGSM49
       AwEHoUQDQgAE8HNbQd/TmvCKwPKHkMF9fScavGeH78YTU8qLS8I5HLHSSmlATLcs
       lQMhNC/OhlWBYC626nIlo7XeebYS7Sb37g==
       -----END EC PRIVATE KEY-----

A.2.  X.509 Public Key Certificate for Example

       -----BEGIN PUBLIC KEY-----
       MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8HNbQd/TmvCKwPKHkMF9fScavGeH
       78YTU8qLS8I5HLHSSmlATLcslQMhNC/OhlWBYC626nIlo7XeebYS7Sb37g==
       -----END PUBLIC KEY-----

Authors' Addresses

   Chris Wendt
   Comcast
   One Comcast Center
   Philadelphia, PA  19103
   USA

   Email: chris-ietf@chriswendt.net

   Jon Peterson
   Neustar Inc.
   1800 Sutter St Suite 570
   Concord, CA  94520
   US

   Email: jon.peterson@neustar.biz

Wendt & Peterson        Expires February 23, 2017              [Page 16]