Musings on Digital Identity

Month: April 2016

Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) is now RFC 7800

IETF logoThe Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) specification is now RFC 7800 — an IETF standard. The abstract describes the specification as:

This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of-possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.

Thanks to John Bradley, Hannes Tschofenig, and the OAuth working group for their work on this specification.

Using RSA Algorithms with COSE Messages

IETF logoI have published draft-jones-cose-rsa, which defines algorithm encodings and representations enabling RSA algorithms to be used for COSE messages. This addresses COSE Issue #21: Restore RSA-PSS and the “RSA” key type. The initial version of this specification incorporates text from draft-ietf-cose-msg-05 — the last COSE message specification version before the RSA algorithms were removed.

The specification is available at:

An HTML-formatted version is also available at:

Powered by WordPress & Theme by Anders Norén