appliedbits
LIBRARY  ·  IETF LIBRARY ENTRY
Last updated 2026-05-06 drafted

RFC 9027 — Assertion Values for RPH/SIP Priority Header Claims for Emergency Services Networks

RFC 9027 (Dolly, Wendt — June 2021) is the IETF specification that closes a gap in RFC 8443 for emergency services networks. It adds a new set of auth array values (esnet.x) to the rph claim, covering emergency-call origination and callback scenarios, and defines a new PASSporT claim sph that protects the SIP Priority header field’s psap-callback value. I am co-author. The work is small — 7 pages — but operationally specific: emergency-services networks have particular trust requirements that the generic priority-authorization mechanism didn’t cover.

What it specifies

Two additions to the priority-authorization story:

  • New auth values for the rph claim. The esnet.x family of values, where x is a specific emergency-services context (e.g., esnet.1 for emergency call origination). An originating provider asserting esnet.x is signing that the call is destined for emergency services — the orig claim represents the calling-party number, the dest claim must be a country-/region-specific emergency dial string (911, 112) or urn:service:sos (RFC 5031). The Resource-Priority header field can then carry the appropriate priority value with cryptographic backing for the emergency-services assertion.
  • The sph claim. A new PASSporT claim, registered in the JWT Claims registry. Protects the SIP Priority header field’s psap-callback value (RFC 7090) — the value asserted on a callback from a Public Safety Answering Point to a calling party that initiated an emergency call. The sph claim signs that the Priority value is being asserted by a PSAP authorized to initiate such callbacks.

The two additions cover both directions of an emergency-call flow: outbound (citizen → PSAP, secured via rph with esnet.x) and inbound (PSAP → citizen on callback, secured via sph with psap-callback).

Why this work was needed

RFC 8443 defined the base priority-authorization mechanism but didn’t enumerate emergency-services namespaces — those were left to follow-on specifications, and the emergency-services use case is particularly sensitive because calls falsely asserting emergency-service destination can affect routing decisions in ways that matter for public safety. Without an emergency-services namespace and verification path, emergency-services networks either had to trust unauthenticated priority assertions or rely on out-of-band identification of emergency-service calls.

The companion psap-callback protection covers a related but distinct case. PSAPs frequently call back when an emergency call drops or callback information is needed. Networks preferentially route these callbacks based on the Priority header field. Without cryptographic backing, the callback value is forgeable. The sph claim closes that gap for the PSAP side.

Where this document is referenced

  • RFC 8443 is the base priority-authorization spec this document extends. Read 8443 first for the rph claim mechanics; 9027 picks up with the emergency-services-specific values.
  • RFC 8225 defines the PASSporT extension framework both documents plug into.
  • STIR extensions is the topic page that catalogs the PASSporT extension family.