Proof-of-Possession Key Semantics for JWTs draft -04 addresses the remaining working group comments received – both a few leftover WGLC comments and comments received during IETF 93 in Prague. The changes were:
- Allowed the use of “
jwk
†for symmetric keys when the JWT is encrypted. - Added the “
jku
†(JWK Set URL) member. - Added privacy considerations.
- Reordered sections so that the “
cnf
†(confirmation) claim is defined before it is used. - Noted that applications can define new claim names, in addition to “
cnf
â€, to represent additional proof-of-possession keys, using the same representation as “cnf
â€. - Applied wording clarifications suggested by Nat Sakimura.
The updated specification is available at:
An HTML formatted version is also available at:
No Comments » Posted under Claims & Cryptography & JSON & OAuth & Specifications