Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
draft-ietf-oauth-proof-of-possession-11

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: draft-ietf-oauth-proof-of-possession@ietf.org, oauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, kepeng.lkp@alibaba-inc.com, "The IESG" <iesg@ietf.org>, oauth@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)' to Proposed Standard (draft-ietf-oauth-proof-of-possession-11.txt)

The IESG has approved the following document:
- 'Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)'
  (draft-ietf-oauth-proof-of-possession-11.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working
Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-proof-of-possession/

Ballot Text

Technical Summary

   This specification defines how to express a declaration in a JSON Web
   Token (JWT) that the presenter of the JWT possesses a particular key
   and that the recipient can cryptographically confirm proof-of-
   possession of the key by the presenter.  This property is also
   sometimes described as the presenter being a holder-of-key.

Working Group Summary

The document was developed by the working group based on the
requirements and architecture described in
draft-ietf-oauth-pop-architecture.
There is strong consensus behind this work.

Document Quality

There is at least one implementation of this draft
confirmed on the OAuth mailing list.

Personnel

    Kepeng Li is the document shepherd and
    Kathleen Moriarty is the responsible AD.

IANA Note

     This specification establishes the IANA "JWT Confirmation Methods"
     registry for JWT "cnf" member values with Specification Required [RFC5226]
     and designated expert review on the oauth-pop-reg-review@ietf.org
     mailing list. 

     CNF value is also added to the registry established in RFC7519

RFC Editor Note