The Entity Attestation Token (EAT)

The information below is for an old version of the document
Document Type Expired Internet-Draft (rats WG)
Authors Giridhar Mandyam  , Laurence Lundblade  , Miguel Ballesteros  , Jeremy O'Donoghue 
Last updated 2020-08-23 (latest revision 2020-02-20)
Replaces draft-mandyam-rats-eat
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document (wg milestone: Mar 2021 - Submit EAT draft to ... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


An Entity Attestation Token (EAT) provides a signed (attested) set of claims that describe state and characteristics of an entity, typically a device like a phone or an IoT device. These claims are used by a relying party to determine how much it wishes to trust the entity. An EAT is either a CWT or JWT with some attestation-oriented claims. To a large degree, all this document does is extend CWT and JWT. Contributing TBD


Giridhar Mandyam (
Laurence Lundblade (
Miguel Ballesteros (
Jeremy O'Donoghue (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)