JSON Web Token Best Current Practices
draft-sheffer-oauth-jwt-bcp-01
| Document | Type | Replaced Internet-Draft (individual) | |
|---|---|---|---|
| Last updated | 2017-07-03 | ||
| Replaced by | draft-ietf-oauth-jwt-bcp | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
pdf
html
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-oauth-jwt-bcp | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-sheffer-oauth-jwt-bcp-01.txt
Abstract
JSON Web Tokens, also known as JWTs [RFC7519], are URL-safe JSON- based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity, and in other application areas. The goal of this Best Current Practices document is to provide actionable guidance leading to secure implementation and deployment of JWTs.
Authors
Yaron Sheffer
(yaronf.ietf@gmail.com)
Dick Hardt
(dick@amazon.com)
Michael Jones
(mbj@microsoft.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)