Persona Assertion Token
draft-ietf-stir-passport-06
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 8225.
|
|
---|---|---|---|
Authors | Chris Wendt , Jon Peterson | ||
Last updated | 2016-08-22 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Reviews | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | In WG Last Call | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 8225 (Proposed Standard) | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-ietf-stir-passport-06
quot;signature", with the value BASE64URL(JWS Signature) Note: there will never be a JWS Unprotected Header for PASSporT. First, an example PASSporT Protected Header is as follows: { "typ":"passport", "alg":"ES256", "x5u":"https://cert.example.org/passport.cer" } This would be serialized to the form: {"alg":"ES256","typ":"passport","x5u":"https://cert.example.org/ passport.cer"} Encoding this with UTF8 and BASE64 encoding produces this value: eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9j ZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9 Second, an example PASSporT Payload is as follows: { "dest":{"uri":["sip:alice@example.com"]} "iat":"1443208345", "orig":{"tn":"12155551212"} } This would be serialized to the form: {"dest":{"uri":["sip:alice@example.com"]},"iat":"1443208345", "orig":{"tn":"12155551212"}} Encoding this with the UTF8 and BASE64 encoding produces this value: eyJkZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhd CI6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0 Computing the digital signature of the PASSporT Signing Input ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)) rq3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYso jNCpTzO3QfPOlckGaS6hEck7w Wendt & Peterson Expires February 23, 2017 [Page 15] Internet-Draft PASSporT August 2016 The final PASSporT token is produced by concatenating the values in the order Header.Payload.Signature with period (',') characters. For the above example values this would produce the following: eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly 9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9 . eyJkZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhd CI6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0 . rq3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYso jNCpTzO3QfPOlckGaS6hEck7w A.1. X.509 Private Key Certificate for Example -----BEGIN EC PRIVATE KEY----- MHcCAQEEIFeZ1R208QCvcu5GuYyMfG4W7sH4m99/7eHSDLpdYllFoAoGCCqGSM49 AwEHoUQDQgAE8HNbQd/TmvCKwPKHkMF9fScavGeH78YTU8qLS8I5HLHSSmlATLcs lQMhNC/OhlWBYC626nIlo7XeebYS7Sb37g== -----END EC PRIVATE KEY----- A.2. X.509 Public Key Certificate for Example -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8HNbQd/TmvCKwPKHkMF9fScavGeH 78YTU8qLS8I5HLHSSmlATLcslQMhNC/OhlWBYC626nIlo7XeebYS7Sb37g== -----END PUBLIC KEY----- Authors' Addresses Chris Wendt Comcast One Comcast Center Philadelphia, PA 19103 USA Email: chris-ietf@chriswendt.net Jon Peterson Neustar Inc. 1800 Sutter St Suite 570 Concord, CA 94520 US Email: jon.peterson@neustar.biz Wendt & Peterson Expires February 23, 2017 [Page 16]