SHAKEN Governance Authority
Criteria
Jim McEachern
Senior Technology Consultant
ATIS
April 2017
Background
• The protocols required to deploy SHAKEN are complete, or nearing completion:
– SHAKEN provides the on-the-wire encoding for SIP identity header
– Governance model, including the protocol to obtain STI certificates
• SHAKEN deployment:
– Initial focus will be to gain operational experience
– Volume deployment beginning in 2018
• Formal Governance Authority:
– Not essential for initial deployment between “cooperating” service providers
– Will be critical as deployment increases
SHAKEN Governance Authority
April 2017
2
SHAKEN Governance Model Ecosystem
SHAKEN Governance
Model defines mechanism
for service provider to obtain
SHAKEN STI Certificates:
• Roles
• Protocols
Out of Scope for
“Governance Model”
SHAKEN Governance Authority
April 2017
In Scope for
“Governance Model”
3
SHAKEN Terminology
Service Provider Token: 1
obtained from STI-PA and
used by SP to request STI
Certificate from STI-CA
PASSporT Token:
included in SIP Identity
header “on-the-wire”
SHAKEN Governance Authority
April 2017
STI Certificates: used for
“authentication” and
“verification” in SHAKEN
3
4
2
SHAKEN Governance Model: Defined Roles
STI-CA: The STI Certificate
Authority is approved by the
STI Policy Administrator to
issue STI Certificates to
authorized Service providers.
Out of Scope for
“Governance Model”
SHAKEN Governance Authority
April 2017
In Scope for
“Governance Model”
Service Provider: Obtains
STI Certificates from STI-CA
and uses these to
authenticate calling party
information.
5
SHAKEN Governance Model – Key Roles
• Key roles in SHAKEN Governance model:
– STI Governance Authority
– STI Policy Administrator
• These roles are identified and relationships noted but
details are stated to be “out of scope” for the SHAKEN
Governance Model document.
• Further industry work is needed to “flesh out” the details
of these roles separate from the development of the
protocol for obtaining certificates.
• This presentation is intended to begin the discussion of
how to fill these roles
SHAKEN Governance Authority
April 2017
Focus of
this presentation
6
Role of the STI Governance Authority
• STI Governance Authority:
– Defines the rules governing STI Certificates:
• Who can obtain STI Certificates (i.e., criteria)
• Basis for revoking STI (if required)
• Criteria for STI Certification Authority (STI-CA)
– Selects the STI Policy Administrator.
– Would consult appropriate experts when developing rules:
• PTSC, IP-NNI TF, INC, NGIIF, etc.
– One governance authority per country
– Industry consensus driven (e.g., INC, LNPA WG, IMSI
Oversight Committee)
SHAKEN Governance Authority
April 2017
7
Criteria for Governance Authority
• Neutral industry body, representing a full range of stakeholders
– Service providers: large, small, competitive, fixed, mobile, cable, VoIP and OTT
– Vendors, including third party application providers
– Others?
• Non-profit organization
• Use open, multi-stakeholder, consensus-based processes
• Recognized by the national regulator, but independent:
– Provide regular briefings to regulator
– Mechanism to accept ongoing input from regulator
• Minimize bureaucracy and costs
SHAKEN Governance Authority
April 2017
8
Role of the STI Policy Administrator
• STI Policy Administrator:
– Applies the rules as set by the STI Governance Authority
– Validates that individual service providers are authorized to
obtain STI Certificates
• When service provider requests credentials
– Issues ACME Key Credentials to authorized service providers
allowing them to request STI Certificates
• Valid for a period of time (e.g., one year)
– Approves STI-CAs
– Maintains a secure list of all authorized STI-CAs
– May host STI Certificate public key repository
SHAKEN Governance Authority
April 2017
STI-GA and STI-PA
are separate “roles”
but may be a single
entity.
9
Industry Consensus Based
• SHAKEN governance ecosystem will need flexibility as the industry gains
experience and robocallers/spammers respond with new strategies:
– Identify and stop service providers if they abuse the system
– Develop rules for “corner cases” (e.g., WebRTC, resellers, etc.)
– Extend SHAKEN to introduce new functionality:
• CNAM, NS/EP support, Biometric authentication
• Enhanced traceback
• A neutral, multi-stakeholder, consensus-based, industry body is best positioned
to provide this flexibility while ensuring accountability.
SHAKEN Governance Authority based on industry consensus.
SHAKEN Governance Authority
April 2017
10
NANPA vs. SHAKEN Governance: Focus
• There would not be any efficiencies from combining NANPA and SHAKEN
Governance Authority:
– NANPA manages numbers and number ranges
– SHAKEN Governance Authority “authenticates” SHAKEN service providers
• Both are experiencing significant evolution of functionality, but no overlap:
– NANPA investigating new ways to assign numbers
– SHAKEN Governance Authority developing industry consensus for using SHAKEN to
verify calling party information
• Combining these two initiatives would not provide significant value, and could be
a distraction.
• We do not recommend combining SHAKEN Governance with NANPA.
SHAKEN Governance Authority
April 2017
11
NANPA vs. SHAKEN Governance: Scale
NANPA
SHAKEN Governance
• Dealing with number blocks of
varying sizes.
• Validate carriers and assign ACME
Key Credentials to each carrier.
• Need to track all number
assignments and reassignments.
• Carrier uses ACME Key Credentials to
obtain STI Certificates from STI-CA.
No need to track.
• One size does not fit all – need a
flexible, scalable solution.
• Solution is the same for all carriers.
• Complexity is proportional to the
number of potential phone numbers.
• Complexity is proportional to the
number of carriers.
=> Billions
=> Thousands
SHAKEN Governance Authority
April 2017
12
Governance Authority: Potential Models
• Regulatory Mandate:
– Costs paid by all members of the industry, based on assigned phone numbers
• Industry “committee”:
– Costs paid by participating carriers
• Hybrid model:
–
–
–
–
Structured as an industry committee
Costs paid by participating carriers
Allocation based on assigned phone numbers
Open to other stakeholders
• Criteria for membership and costs tbd
SHAKEN Governance Authority
April 2017
13