RFC 8588 — PASSporT Extension for SHAKEN
RFC 8588 (Wendt, Barnes — May 2019) is the IETF specification
that defines the SHAKEN PASSporT extension type. It encodes
the attestation level (A, B, or C — the originating provider’s
confidence in the calling party’s authority over the calling
number) and the origination identifier (origid — a UUID
identifying the originating service-provider component within
its network) into a PASSporT, registers them in the JWT Claims
registry, and registers shaken as a PASSporT extension type.
I am co-author. The document is the IETF protocol substrate
under ATIS-1000074, the SHAKEN
operational specification — every SHAKEN-signed call in
deployment carries an 8588 PASSporT.
What it specifies
Two JWT claims plus the PASSporT type registration:
- The
attestclaim. A string-valued claim with three permitted values —A,B, orC— corresponding to full, partial, and gateway attestation as defined by SHAKEN. The semantics of each level are defined in the ATIS spec; this document just encodes them on the wire. - The
origidclaim. A UUID identifying the originating service-provider component (or class of components) that signed the PASSporT. Used downstream for analytics and traceback when calls are problematic — provides a within-network identifier without leaking customer identity. - The
shakenPASSporT extension type. Registered in the PASSporT Extensions registry per RFC 8225. The type discriminator tells verifiers that the PASSporT carries the SHAKEN-specific claims.
The on-the-wire structure is otherwise standard PASSporT — a
JWS-signed JSON token with the base claims (orig, dest,
iat) plus the SHAKEN-specific additions.
Why a revision is in flight
The originally-specified attest and origid claim formats
allow encoding choices that, in retrospect, expose more
information than necessary. The privacy considerations section
of 8588 itself flags the concern: an origid generated with a
predictable structure can leak information about service
elements through correlation across calls.
draft-ietf-stir-8588bis
is the active working-group document that revises 8588 to
tighten these areas, register the type more cleanly, and
incorporate operational lessons from the years since
deployment.
The revision will obsolete this RFC when published. For now, all deployed SHAKEN signing reads from the original 8588 spec.
Where this document is referenced
- SHAKEN is the operational framework that profiles this PASSporT extension into the deployed US ecosystem.
- Attestation levels covers the A/B/C semantics that this document encodes.
- RFC 8225 is the base PASSporT spec that 8588 extends.
- draft-ietf-stir-8588bis is the in-flight revision.