The following is the shepherd write-up for draft-ietf-ace-cwt-proof-of-possession-06.
The document shepherd is Roman Danyliw. The responsible Area Director is Benjamin Kaduk.
This document specifies describes how to declare in a CBOR Web Token (CWT) that the presenter of the CWT possesses a particular proof-of-possession key. It is a functional equivalent to the proof of possession key semantics in JSON Web Tokens (JWTs) (RFC 7800) using CBOR/CWT.
The WG has reached consensus to publish this protocol specification as a Proposed Standard so that it tracks the equivalent work with JWTs (RFC 7800). It has been subjected to review from the community of interest and the details have been testing through various CWT implementations.
2. Review and Consensus
This draft tracked the JSON Web Token (JWT) specification. The WG adopted this draft in September 2017 (-00) from an individual submission which was first published in April 2017.
WG convened WGLC on -02 of the draft in May 2018 (https://www.ietf.org/mail-archive/web/ace/current/msg02744.html). Several months of discussion ensued to resolve the identified issues reflected in -03, -04 and -05. Final nits were addressed in -06.
This draft builds upon the CWT specification (RFC8392) which has seen a variety of implementations:
** ACE-Java (Java) -- https://bitbucket.org/lseitz/ace-java
** CWT (C#) -- https://github.com/Com-AugustCellars/CWT
** ChariWTs (Ruby) -- https://github.com/AnimaGUS-minerva/ChariWTs
** ARM Secure Device Access (SDA) -- https://cloud.mbed.com/docs/v1.2/device-management/secure-device-access.html
3. Intellectual Property
Each author has confirmed conformance with BCPs 78 and 79 on the ACE mailing list:
** Michael Jones -- https://www.ietf.org/mail-archive/web/ace/current/msg03126.html
** Ludwig Seitz -- https://www.ietf.org/mail-archive/web/ace/current/msg03120.html
** Göran Selander -- https://www.ietf.org/mail-archive/web/ace/current/msg03125.html
** Sam Erdtman -- https://www.ietf.org/mail-archive/web/ace/current/msg03119.html
** Hannes Tschofenig -- https://www.ietf.org/mail-archive/web/ace/current/msg03121.html
There are no IPR disclosures on the document.
4. Other Points
Idnits reports the no issues that require action.
There are no yang modules present in this document requiring validation.
All examples (Section 3.2, 3.3 and 3.4) were validated with http://cbor.me/.
There are two actions for IANA:
(1) Registration of a new URI, urn:ietf:params:xml:ns:yang:ietf-dots-data-channel, in the “IETF XML Registry"; and
(2) Registration of new YANG module, ietf-dots-data-channel, in the “YANG Module Names” registry
No early expert review has been requested for the above IANA allocation.