# Configure Stir Shaken in DB Trunk setting can be defined in Class 4 DB. The name of the table is "resource." The resource DB table has fields for configuring stir shaken signing and verificaiton methods. * resource.shaken\_sign\_policy - conditions on which switch is *allowed* sign the call (for ingress trunks): {% code overflow="wrap" %} ``` 0 - Never sign calls 1 - Sign only US numbers 2 - Sign any telephone number (URI is not allowed) 3 - Sign only numbers from the pool ``` {% endcode %} * resource.shaken\_vfy\_policy (for ingress trunks) - conditions to block calls: ``` 0 - None: do not block calls based on shaken identity 1 - Reject the call if Identity is missing 2 - Reject the call if Identity is missing or invalid 3 - Pass through: allow all calls (same as 0) ``` * resource.shaken\_vfy\_policy (for egress trunks) - conditions to route the call to egress: {% code overflow="wrap" %} ``` 0 - None: route all calls; do not sign/validate 1 - Block if missing: route the call if Identity is provided in the inbound INVITE, or if it can be created. Do not perform validation. 2 - Block if invalid: route the call if inbound INVITE contains a _valid_ identity, or if inbound INVITE does not contain Identity but ingress sign policy allows to create one 3 - Pass through: if inbound INVITE does not have Identity, try to sign the call, if ingress allows it. Otherwise - pass the call as is, performing signature validation. ``` {% endcode %} * resource.shaken\_allow\_resign (for ingress trunks): {% code overflow="wrap" %} ``` If inbound INVITE contains an Identity, inside of which ANI/DNIS do not match outbound INVITE, switch is allowed to create a new signature. This flag takes effect if egress shaken_vfy_policy is "Block if invalid" or "Pass through", and if ingress sign policy allows to sign calls. ``` {% endcode %} * resource.shaken\_p\_headers - put SHAKEN signature parameters into INVITE headers (for egress trunks): {% code overflow="wrap" %} ``` 0 - None 1 - Regular: put verstat into P-Asserted-Identity header 2 - Extended: put verstat into P-Asserted-Identity header; origid into P-Origination-ID; attestation level into P-Attestation-Indicator ``` {% endcode %} Verstat value contains signature validation status, which should be shown on user's device. Since validation is configurable, the value depends on egress's vfy policy. vfy\_policy - possible verstat values: {% code overflow="wrap" %} ``` 0 - No-TN-Validation 1 - No-TN-Validation 2 - TN-Validation-Passed 3 - No-TN-Validation / TN-Validation-Passed / TN-Validation-Failed (depending on signature validation status) ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cookbook.denovolab.com/stir-shaken/configure-stir-shaken-in-db.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.