| Internet-Draft | Identity Errors | July 2021 |
| Wendt | Expires 13 January 2022 | [Page] |
This document extends STIR and the Authenticated Identity Management in the Session Initiation Protocol (SIP) related to error handling for STIR verification services and how they feedback errors to STIR authentication services. Specifically, the use of a Reason header field and addressing scenarios that use multiple identity headers where some may have errors and others may not and the handling of those situations is defined.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 13 January 2022.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
[RFC8224] in Section 6.2.2 discusses future specifications for enhancement of how errors are communicated and the handling of multiple Identity header fields. This specification provides some additional mechanisms for solutions to address these problems.¶
In some deployments of STIR and specifically using SIP [RFC3261] as defined by [RFC8224], one issue with the current error handling, specifically with the use of the defined 4xx error responses, is that when an error occurs with the verification of the Identity header filed or the PASSporT contained in the Identity header field and a 4xx response is returned, the call is then terminated. It may be the case that the policy for handling errors dictates that calls should continue even if there is a verification error, in the case of, for example inadvertent errors, however the authentication service should still be notified of the error so that corrective action can be taken. This specification will discuss the use of the Reason header field in subsequent provisional (1xx) responses in order to accomplish this.¶
For the handling of multiple Identity header fields and the potential situation that some of the Identity header fields in a call may pass verification but others may have errors, this document provides a mechanism to add an identifier so that the authentication service can identify which Identity header field is being referred to in the case of an error.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
In cases where local policy dictates that a call should continue irregardless when any verification errors, including 4XX errors described in [RFC8224] Section 6.2.2, then the verification service SHOULD not send the 4XX as a response, but rather include the error response code and reason phrase in a Reason header field, defined in [RFC3326], in the next provisional or final responses sent to the authentication service.¶
Example Reason header field:¶
Reason: SIP ;cause=436 ;text="Bad Identity Info"¶
In cases where a SIP message includes multiple Identity header fields and one of those Identity header fields has an error, the verification service SHOULD include the error response code and reason phrase associated with the error in a Reason header field, defined in [RFC3326], in the next provisional or final responses sent to the authentication service. The reason cause in the Reason header field SHOULD represent the error that occurred when verifying the contents of the Identity header field. The association of a Reason header field and error to a specific Identity header field is accomplished by adding a "ppt" parameter containing the PASSporT that generated the error to the Reason header field. The "ppt" parameter for the Reason header field is optional, but RECOMMENDED, in particular for cases that a SIP INVITE contains multiple Identity header fields. The PASSporT can be included in full form, or optionally in compact form, where only the signature of the PASSporT is used to identify the reported Identity header field with an error.¶
Example Reason header field with full form PASSporT:¶
Reason: SIP ;cause=436 ;text="Bad Identity Info" ;ppt= \ "eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \ joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \ kZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhdC \ I6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0.r \ q3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \ ojNCpTzO3QfPOlckGaS6hEck7w"¶
Example Reason header field with compact form PASSporT: ~~~~~~~~~~~ Reason: SIP ;cause=436 ;text="Bad Identity Info" ;ppt= \ "..rq3pjT1akEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \ ojNCpTzO3QfPOlckGaS6hEck7w" ~~~~~~~~~~~¶
This specification updates [RFC3326] in that for STIR applications the use of multiple Reason header fields with the same "SIP" protocol string is allowed. So, if there is multiple Identity header field verification errors being reported the verification service SHOULD include corresponding Reason header fields with "ppt" parameters including full or compact form of the PASSporT with cause and text parameters identifying each error.¶
Example Reason header fields for two identity info errors:¶
Reason: SIP ;cause=436 ;text="Bad Identity Info" ;ppt= \ "eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \ joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \ kZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhdC \ I6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0.r \ q3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \ ojNCpTzO3QfPOlckGaS6hEck7w" Reason: SIP ;cause=436 ; text="Bad Identity Info" ;ppt= \ "eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \ joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \ xpY2VAZXhhbXBsZS5jb20iXX0sImlhdCkZXN0Ijp7InVyaSI6WyJzaXA6YW \ p7InRuIjoiMTIxNTU1NTEyMTIifX0I6IjE0NDMyMDgzNDUiLCJvcmlnIj.r \ J6F1VOgFWSjHBr8Qjpjlk-cpFYpFYsq3pjT1hoRwakEGjHCnWSwUnshd0-z \ ckGaS6hEck7wojNCpTzO3QfPOl"¶
When an Authentication Service [RFC8224] receives the Reason header field with a PASSporT it generated as part of an Identity header field and the authentication of a call, it should first follow local policy to recognize and acknowledge the error (e.g. perform operational actions like logging or alarming), but then MUST remove the identified Reason header field to avoid the PASSporT information going upstream to UAC or UAS that may not be authorized to see claim information contained in the PASSporT for privacy or other reasons.¶
Would like to thank David Hancock for help to identify these error scenarios and Jon Peterson, Roman Shpount, and STIR working group for helpful feedback and discussion.¶