Submitter's message This contribution proposes updates to ATIS-1000094.v002 draft baseline to address Editor's Notes.
Primary changes are…
1) Changed the term “RCD Authentication/Verification” to “PASSporT Authentication/Verification”.
2) Moved "rcd" claim validation (where we validate "rcd" claim using "rcdi" claim) out of the PASSporT verification procedure clause 5.2.2) and made it its own separate function (clause 5.3.2.1) that doesn’t affect the verification results, and that is performed optionally by the TSP.
3) Added a requirement (clause 5.2.2) that says a claim constraints failure results in response code 438 ‘Invalid Identity Header’.
4) Changed the rich call data authentication requirement to anonymize rcd info when privacy requested from shall to should (clause 5.2.1), plus added a note about the risks on including an "rcd" claim in this case.
5) Added a section describing how the TSP can avoid revealing customer endpoint IP addresses to remote entities when the endpoint downloads resources referenced by the "rcd" claim (clause 5.3.2.2).
6) To make the document flow better, created new level-2 clause 5.3 “OSP and TSP support of Rich Call Data” that describes OSP/TSP procedures outside of pure PASSporT authentication and verification (previously this material was covered under the authentication and verification clauses).
-- David Hancock