Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHAKEN Governance Authority Criteria

Published byClarissa Booker Modified over 5 years ago

Similar presentations

Presentation on theme: "SHAKEN Governance Authority Criteria"— Presentation transcript:

1 SHAKEN Governance Authority Criteria
Jim McEachern Senior Technology Consultant ATIS April 2017

2 Background The protocols required to deploy SHAKEN are complete, or nearing completion: SHAKEN provides the on-the-wire encoding for SIP identity header Governance model, including the protocol to obtain STI certificates SHAKEN deployment: Initial focus will be to gain operational experience Volume deployment beginning in 2018 Formal Governance Authority: Not essential for initial deployment between “cooperating” service providers Will be critical as deployment increases

3 SHAKEN Governance Model Ecosystem
SHAKEN Governance Model defines mechanism for service provider to obtain SHAKEN STI Certificates: Roles Protocols Out of Scope for “Governance Model” In Scope for “Governance Model”

4 SHAKEN Terminology Service Provider Token: obtained from STI-PA and used by SP to request STI Certificate from STI-CA 1 STI Certificates: used for “authentication” and “verification” in SHAKEN 2 PASSporT Token: included in SIP Identity header “on-the-wire” 3

5 SHAKEN Governance Model: Defined Roles
STI-CA: The STI Certificate Authority is approved by the STI Policy Administrator to issue STI Certificates to authorized Service providers. Service Provider: Obtains STI Certificates from STI-CA and uses these to authenticate calling party information. Out of Scope for “Governance Model” In Scope for “Governance Model”

6 SHAKEN Governance Model – Key Roles
Key roles in SHAKEN Governance model: STI Governance Authority STI Policy Administrator These roles are identified and relationships noted but details are stated to be “out of scope” for the SHAKEN Governance Model document. Further industry work is needed to “flesh out” the details of these roles separate from the development of the protocol for obtaining certificates. This presentation is intended to begin the discussion of how to fill these roles Focus of this presentation

7 Role of the STI Governance Authority
Defines the rules governing STI Certificates: Who can obtain STI Certificates (i.e., criteria) Basis for revoking STI (if required) Criteria for STI Certification Authority (STI-CA) Selects the STI Policy Administrator. Would consult appropriate experts when developing rules: PTSC, IP-NNI TF, INC, NGIIF, etc. One governance authority per country Industry consensus driven (e.g., INC, LNPA WG, IMSI Oversight Committee)

8 Criteria for Governance Authority
Neutral industry body, representing a full range of stakeholders Service providers: large, small, competitive, fixed, mobile, cable, VoIP and OTT Vendors, including third party application providers Others? Non-profit organization Use open, multi-stakeholder, consensus-based processes Recognized by the national regulator, but independent: Provide regular briefings to regulator Mechanism to accept ongoing input from regulator Minimize bureaucracy and costs

9 Role of the STI Policy Administrator
Applies the rules as set by the STI Governance Authority Validates that individual service providers are authorized to obtain STI Certificates When service provider requests credentials Issues ACME Key Credentials to authorized service providers allowing them to request STI Certificates Valid for a period of time (e.g., one year) Approves STI-CAs Maintains a secure list of all authorized STI-CAs May host STI Certificate public key repository STI-GA and STI-PA are separate “roles” but may be a single entity.

10 Industry Consensus Based
SHAKEN governance ecosystem will need flexibility as the industry gains experience and robocallers/spammers respond with new strategies: Identify and stop service providers if they abuse the system Develop rules for “corner cases” (e.g., WebRTC, resellers, etc.) Extend SHAKEN to introduce new functionality: CNAM, NS/EP support, Biometric authentication Enhanced traceback A neutral, multi-stakeholder, consensus-based, industry body is best positioned to provide this flexibility while ensuring accountability. SHAKEN Governance Authority based on industry consensus.

11 NANPA vs. SHAKEN Governance: Focus
There would not be any efficiencies from combining NANPA and SHAKEN Governance Authority: NANPA manages numbers and number ranges SHAKEN Governance Authority “authenticates” SHAKEN service providers Both are experiencing significant evolution of functionality, but no overlap: NANPA investigating new ways to assign numbers SHAKEN Governance Authority developing industry consensus for using SHAKEN to verify calling party information Combining these two initiatives would not provide significant value, and could be a distraction. We do not recommend combining SHAKEN Governance with NANPA.

12 NANPA vs. SHAKEN Governance: Scale
Dealing with number blocks of varying sizes. Need to track all number assignments and reassignments. One size does not fit all – need a flexible, scalable solution. Complexity is proportional to the number of potential phone numbers. => Billions SHAKEN Governance Validate carriers and assign ACME Key Credentials to each carrier. Carrier uses ACME Key Credentials to obtain STI Certificates from STI-CA. No need to track. Solution is the same for all carriers. Complexity is proportional to the number of carriers. => Thousands

13 Governance Authority: Potential Models
Regulatory Mandate: Costs paid by all members of the industry, based on assigned phone numbers Industry “committee”: Costs paid by participating carriers Hybrid model: Structured as an industry committee Allocation based on assigned phone numbers Open to other stakeholders Criteria for membership and costs tbd

Download ppt "SHAKEN Governance Authority Criteria"

Similar presentations

Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.

Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.
IS Audit Function Knowledge

IS Audit Function Knowledge
Purpose of the Standards

Purpose of the Standards
Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.

Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.

STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
CDM Project Cycle & Project Design Document Project Design Document First Extended & Regional Workshops CD4CDM Project Siem Reap, Cambodia 23- 26 March.

CDM Project Cycle & Project Design Document Project Design Document First Extended & Regional Workshops CD4CDM Project Siem Reap, Cambodia March.
1 Market Evolution Program Long-Term Resource Adequacy Regulatory Affairs Standing Committee Meeting May 14, 2003.

1 Market Evolution Program Long-Term Resource Adequacy Regulatory Affairs Standing Committee Meeting May 14, 2003.
Dispensary and Administration Site Information Presentation.

Dispensary and Administration Site Information Presentation.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
June 20071 California Investor Owned Utilities (IOU) HAN vision statement development 15 June 2007.

June California Investor Owned Utilities (IOU) HAN vision statement development 15 June 2007.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
APNIC member survey 2007 Paul Wilson Director General.

APNIC member survey 2007 Paul Wilson Director General.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
ICC roundtable Istanbul, 30 April 2010 Procedural Fairness: Update on Recent OECD Activities Antonio Capobianco OECD Competition Division

ICC roundtable Istanbul, 30 April 2010 Procedural Fairness: Update on Recent OECD Activities Antonio Capobianco OECD Competition Division
Jim McEachern Senior Technology Consultant ATIS July 8, 2015.

Jim McEachern Senior Technology Consultant ATIS July 8, 2015.
Timeline – Standards & Requirements

Timeline – Standards & Requirements
Principles of Good Governance

Principles of Good Governance

Similar presentations

Ads by Google