The Internet Engineering Task Force are the authoritative source on how to implement things that are used over the internet. The Relevant RFCs to STIR/SHAKEN are below:

• RFC8224 - Adds the 'Identity' field to the SIP RFC, which contains a PASSporT (a JWT), and defines how an Authentication Service should behave
• RFC8225 - Defines the PASSPorT JWT Token Format
• RFC8226 - Defines the method of creating/validating PASSporT signatures
• RFC8588 - How to implement SHAKEN

Related RFCs, not directly related to SHAKEN/STIR

• RFC7519 - JSON Web Tokens
• RFC3261 - The original SIP RFC. Note there are many RFCs referenced as Updates, which should additionally be consulted

The Alliance for Telecommunications Industry Solutions (ATIS) has defined various standards for the implementation of the IETF RFCs above.

• ATIS-1000074 (v002) SHAKEN Description
• ATIS-1000080 (v003) - Governance Model and Certificate Management
• ATIS-1000082 - Technical Report on SHAKEN API for a Centralized Signing and Signature Validation Server
• ATIS-1000085 (v002) - SHAKEN Support of "div" PASSporT
• ATIS-1000088 - A Framework for SHAKEN Attestation and Origination Identifier
• ATIS-1000093 - Toll-Free numbers in the SHAKEN framework
• Rich Call Data (RCD) - How to assert the Caller ID Name and Calling Reason in a SHAKEN Identity header