Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)

Document Type Replaced Internet-Draft (individual)
Authors Michael Jones  , Ludwig Seitz  , Göran Selander  , Erik Wahlstroem  , Samuel Erdtman  , Hannes Tschofenig 
Last updated 2017-06-30
Replaced by RFC 8747
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-ace-cwt-proof-of-possession
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This specification describes how to declare in a CBOR Web Token (CWT) that the presenter of the CWT possesses a particular proof-of- possession key. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key. This specification provides equivalent functionality to "Proof-of- Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800), but using CBOR and CWTs rather than JSON and JWTs.


Michael Jones (
Ludwig Seitz (
Göran Selander (
Erik Wahlstroem (
Samuel Erdtman (
Hannes Tschofenig (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)