PASSporT: Personal Assertion Token
RFC 8225, “PASSporT: Personal Assertion Token”, is a Proposed Standard document published in February 2018 by C. Wendt, J. Peterson. The canonical text is published by the RFC Editor.
Abstract
This document defines a method for creating and validating a token that cryptographically verifies an originating identity or, more generally, a URI or telephone number representing the originator of personal communications. The Personal Assertion Token, PASSporT, is cryptographically signed to protect the integrity of the identity of the originator and to verify the assertion of the identity information at the destination. The cryptographic signature is defined with the intention that it can confidently verify the originating persona even when the signature is sent to the destination party over an insecure channel. PASSporT is particularly useful for many personal-communications applications over IP networks and other multi-hop interconnection scenarios where the originating and destination parties may not have a direct trusted relationship.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8225 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8224 Authenticated Identity Management in the Session Initiation Protocol
- RFC 8226 Secure Telephone Identity Credentials: Certificates
- RFC 8278 Mobile Access Gateway Multipath Options
- RFC 8289 Controlled Delay Active Queue Management
- RFC 8290 The Flow Queue CoDel Packet Scheduler and Active Queue Management Algorithm
- RFC 8293 A Framework for Multicast in Network Virtualization over Layer 3
- RFC 8295 EST Extensions
- RFC 8296 Encapsulation for Bit Index Explicit Replication in MPLS and Non-MPLS Networks