The IESG has approved the following document: - 'CBOR Web Token (CWT)' (draft-ietf-ace-cbor-web-token-14.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/ Technical Summary CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON. Working Group Summary The document was not controversial, and received a great deal of review from many participants. A first WGLC revealed a few issues that required enough changes that a second WGLC was made. The second WGLC attracted fewer comments, but the document is largely unchanged from the first WGLC, and we believe it to be in good shape. Document Quality There are multiple implementations of this document, and the examples have been validated by at least two implementations. This document is an important part of the ecosystem, with several specifications both inside and outside the IETF already referring to it. This document requests a new media type assignment from IANA that requires expert review; this request has already been sent to media-types@iana.org. Personnel Benjamin Kaduk is the document shepherd; Kathleen Moriarty is the responsible Area Director. IANA Note This documents requests the creation of the CBOR Web Token (CWT) Claims registry and depending on the values requested, they will be evaluated on a Standards Track Required, Specification Required, Expert Review, or Private Use basis [RFC8126] after a three-week review period on the cwt-reg-review@ietf.org mailing list, on the advice of one or more Designated Experts. This document requests a new media type assignment from IANA that requires expert review; this request has already been sent to media-types@iana.org. This document requests a new CoAP Content-Formats assignment from IANA with a suggested value in the "Expert Review" space; this request has not yet been sent to IANA for review. This document requests a new CBOR Tag assignment from IANA; this value has already been assigned with this document as the reference.
