appliedbits
LIBRARY  ·  IETF LIBRARY ENTRY
Last updated 2026-05-06 drafted

RFC 8443 — PASSporT Extension for Resource Priority Authorization

RFC 8443 (Singh, Dolly, Das, Nguyen — August 2018) is the IETF specification that extends PASSporT with the rph claim, carrying a cryptographically signed assertion of authorization for the SIP Resource-Priority header field. The motivation was straightforward: SIP networks act on Resource-Priority to give certain calls preferential routing or treatment (NS/EP communications, public-safety calls, MLPP for military networks), and an unsigned priority assertion is trivial to spoof. The rph claim binds the priority assertion to the originator’s authority through the same certificate hierarchy that authenticates the calling number.

What it specifies

The mechanism is small:

  • The rph claim. A JSON object with one required key, auth — an array of strings, each carrying a namespace and priority value (e.g., ets.0 for the Emergency Telecommunications Service highest priority, wps.0 for Wireless Priority Service). The structure can carry multiple authorization assertions for cases where a call is authorized in multiple priority namespaces simultaneously.
  • PASSporT type extension semantics. A SIP request carrying a Resource-Priority header field with prioritized values can carry an Identity header field whose PASSporT includes the rph claim. The verifier checks the signature against a certificate authorized for the asserted priority namespace, confirming the originator’s authority.

If signature validation fails, RFC 8443 specifies that the verifier should infer the calling party is not authorized for the asserted priority and treat the call as ordinary — specifically, the Resource-Priority header field SHOULD be stripped before further routing. This is the right default-deny posture for priority systems that gate scarce resources.

Where this document is referenced

  • RFC 9027 extends this document’s rph claim with emergency-services-specific assertion values (esnet.x) and adds a new sph claim for SIP Priority Header protection. The two documents work together for emergency-services use cases.
  • RFC 8225 is the base PASSporT spec this document extends.
  • STIR extensions is the topic page that catalogs PASSporT extensions and auxiliary mechanisms; the priority-authorization extension is one of the catalog entries.

The author team reflects the spec’s origins in the emergency-communications and national-security communications community — Vencore Labs, AT&T, and the DHS Office of Emergency Communications were the primary contributors. The work tracks back through the longstanding NS/EP and MLPP priority-marking work in SIP.