Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)' to Proposed Standard (draft-ietf-ace-cwt-proof-of-possession-11.txt) The IESG has approved the following document: - 'Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)' (draft-ietf-ace-cwt-proof-of-possession-11.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-cwt-proof-of-possession/
Technical Summary This document specifies describes how to declare in a CBOR Web Token (CWT) that the presenter of the CWT possesses a particular proof-of-possession key. It is a functional equivalent to the proof of possession key semantics in JSON Web Tokens (JWTs) (RFC 7800) but using CBOR/CWT instead of JSON/JWT. Working Group Summary The WG has reached consensus to publish this protocol specification as a Proposed Standard so that it tracks the equivalent work with JWTs (RFC 7800). It has been subjected to review from the community of interest and the details have been testing through various CWT implementations. Document Quality This document went through the usual level of review for the WG. WGLC and AD evaluation revealed some issues to address with respect to clarity, but no major flaws were found. Personnel Roman Danyliw is the document shepherd. Benjamin Kaduk is the responsible AD.