Protocol Action: 'CBOR Web Token (CWT)' to Proposed Standard (draft-ietf-ace-cbor-web-token-14.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:
- 'CBOR Web Token (CWT)'
  (draft-ietf-ace-cbor-web-token-14.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/




Technical Summary

   CBOR Web Token (CWT) is a compact means of representing claims to be
   transferred between two parties.  The claims in a CWT are encoded in
   the Concise Binary Object Representation (CBOR) and CBOR Object
   Signing and Encryption (COSE) is used for added application layer
   security protection.  A claim is a piece of information asserted
   about a subject and is represented as a name/value pair consisting of
   a claim name and a claim value.  CWT is derived from JSON Web Token
   (JWT) but uses CBOR rather than JSON.

Working Group Summary

   The document was not controversial, and received a great deal of
   review from many participants.  A first WGLC revealed a few issues
   that required enough changes that a second WGLC was made.  The second
   WGLC attracted fewer comments, but the document is largely unchanged
   from the first WGLC, and we believe it to be in good shape.

Document Quality

   There are multiple implementations of this document, and the examples
   have been validated by at least two implementations.  This document
   is an important part of the ecosystem, with several specifications
   both inside and outside the IETF already referring to it.

   This document requests a new media type assignment from IANA that
   requires expert review; this request has already been sent to
   media-types@iana.org.

Personnel

   Benjamin Kaduk is the document shepherd; 
   Kathleen Moriarty is the responsible Area Director.

IANA Note

  This documents requests the creation of the CBOR Web
  Token (CWT) Claims registry and depending on the values
  requested, they will be evaluated on a Standards Track
  Required, Specification Required, Expert Review, or Private
  Use basis [RFC8126] after a three-week review period on the
  cwt-reg-review@ietf.org mailing list, on the  advice of one
  or more Designated Experts. 

  This document requests a new media type assignment from
  IANA that requires expert review; this request has already
  been sent to media-types@iana.org.

  This document requests a new CoAP Content-Formats
  assignment from IANA with a suggested value in the
 "Expert Review" space; this request has not yet been sent to
  IANA for review.

  This document requests a new CBOR Tag assignment from
  IANA; this value has already been assigned with this 
  document as the reference.




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux