JWS Unencoded Payload Option draft -09 addresses Stephen Farrell’s IESG review. In particular, the use of “crit” is now required with “b64“. This should be the version that is sent to the RFC Editor.
The specification is available at:
An HTML-formatted version is also available at:
Proof-of-Possession Key Semantics for JWTs draft -11 addresses Sec-Dir review comments by Chris Lonvick and ballot comments by Stephen Farrell. This should enable clearing the “point raised” status from yesterday’s IESG telechat and progressing the document to the RFC Editor.
The specification is available at:
An HTML-formatted version is also available at:
JWS Unencoded Payload Option draft -08 was published for consideration on the IESG telechat later today. The changes addressed Gen-Art review comments by Robert Sparks, Ops-Dir review comments by Stefan Winter, and ballot comments by Benoit Claise and Ben Campbell. Normative text was added describing the use of “crit” with “b64“.
The specification is available at:
An HTML-formatted version is also available at:
Proof-of-Possession Key Semantics for JWTs draft -10 was published for consideration on the IESG telechat later today. All changes were editorial and addressed ballot comments by Barry Leiba.
The specification is available at:
An HTML-formatted version is also available at:
Authentication Method Reference Values draft -04 added the values “face” (facial recognition), “geo” (geolocation), “hwk” (proof-of-possession of a hardware-secured key), “pin” (Personal Identification Number or pattern), and “swk” (proof-of-possession of a software-secured key), and removed the value “pop” (proof-of-possession), based on input from members of the OpenID Foundation MODRNA working group.
The specification is available at:
An HTML formatted version is also available at:
I’m happy to report that a substantially revised OAuth 2.0 Token Exchange draft has been published that enables a broad range of use cases, while still remaining as simple as possible. This draft unifies the approaches taken in the previous working group draft and draft-campbell-oauth-sts, incorporating working group input from the in-person discussions in Prague and mailing list discussions. Thanks to all for your interest in and contributions to OAuth Token Exchange! Brian Campbell deserves special recognition for doing much of the editing heavy lifting for this draft.
The core functionality remains token type independent. That said, new claims are also defined to enable representation of delegation actors in JSON Web Tokens (JWTs). Equivalent claims could be defined for other token types by other specifications.
See the Document History section for a summary of the changes made. Please check it out!
The specification is available at:
An HTML-formatted version is also available at:
Draft -07 of the JWS Unencoded Payload Option specification addresses Gen-Art review comments by Robert Sparks and Sec-Dir review comments by Benjamin Kaduk. Thanks to both of you for your useful reviews!
The specification is available at:
An HTML-formatted version is also available at:
After input from many interested people, IETF Security Area Director Kathleen Moriarty decided that the right place for the CBOR Web Token (CWT) work is the ACE working group. Today Erik Wahlström posted a new draft of the CBOR Web Token (CWT) specification that is intended for ACE.
This version of the spec references the JSON Web Token (JWT) claim definitions, rather than repeating them, and intentionally only includes equivalents of the claims defined by the JWT spec. Other CWT claims, including those needed by ACE applications, will be defined by other specs and registered in the CWT claims registry.
The specification is available at:
An HTML-formatted version is also available at:
Authentication Method Reference Values draft -03 adds the criterion to the IANA registration instructions that the value being registered be in actual use.
The specification is available at:
An HTML formatted version is also available at:
Powered by WordPress & Theme by Anders Norén