Signature-based Handling of Asserted Information using toKENs (SHAKEN): Delegate Certificates (ATIS-000092)

The base SHAKEN framework enables a SHAKEN-authorized VoIP Service Provider to deliver a cryptographically
protected assertion (the ”attestation” value) to a terminating service provider that under specified conditions
indicates the calling user is authorized to use the calling telephone number. This specification extends the base
SHAKEN framework to enable SHAKEN-authorized TN Service Providers to issue delegate certificates defined in
this document to their non-SHAKEN-authorized customers that allows the customer to prove it possesses an
assignment or delegation of a calling TN to a SHAKEN originating service provider that is not also the TN Service
Provider. This is one possible method for an originating service provider to determine that its customer’s call is
entitled to full attestation for certain enterprise or legitimate call spoofing scenarios where the originating service
provider does not have a direct association with the calling entity and/or the calling TN.  Published 2020-10-05.