Month: April 2017

With the CBOR Web Token (CWT) specification nearing completion, which provides the CBOR equivalent of JWTs, I thought that it was also time to introduce the CBOR equivalent of RFC 7800, “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)”, so that applications using CWTs will have a standard representation for proof-of-possession keys. I know that PoP keys are important to ACE applications, for instance. I therefore took RFC 7800 and produced the CBOR/CWT equivalent of it.

The specification is available at:

• https://tools.ietf.org/html/draft-jones-ace-cwt-proof-of-possession-00

An HTML-formatted version is also available at:

• https://self-issued.info/docs/draft-jones-ace-cwt-proof-of-possession-00.html

A revised CBOR Web Token (CWT) draft has been published that corrects inconsistencies in the examples. Thanks to Jim Schaad for validating the examples and pointing out the inconsistencies and to Samuel Erdtman for fixing them. As before, people are highly encouraged to validate the updated examples.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04

An HTML-formatted version is also available at:

• https://self-issued.info/docs/draft-ietf-ace-cbor-web-token-04.html