Draft -01 of the Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification updates the examples to use CBOR diagnostic notation, thanks to Ludwig Seitz. A table summarizing the “cnf” names, keys, and value types was added, thanks to Samuel Erdtman. Finally, some of Jim Schaad’s feedback on -00 was addressed (with more to be addressed by the opening of IETF 100 in Singapore).
The specification is available at:
An HTML-formatted version is also available at:
A new CBOR Web Token (CWT) draft has been published that adds CBOR_Key values and Key IDs to examples. Thanks to Samuel Erdtman for working on the examples, as always. Thanks to Giridhar Mandyam for validating the examples!
I believe that it’s time to request publication, as there remain no known issues with the specification.
The specification is available at:
An HTML-formatted version is also available at:
The OAuth 2.0 Token Binding specification has been updated to enable Token Binding of JWT Authorization Grants and JWT Client Authentication. The discussion of phasing in Token Binding was improved and generalized. See the Document History section for other improvements applied.
The specification is available at:
An HTML-formatted version is also available at:
An update to the closely-related OpenID Connect Token Bound Authentication 1.0 specification was also simultaneously published. Its discussion of phasing in Token Binding was correspondingly updated.
The OpenID Connect Token Binding specification is available in HTML and text versions at:
Thanks to Brian Campbell for doing the bulk of the editing for both sets of revisions.
I gave the following presentations at the Monday, October 16, 2017 OpenID Workshop at PayPal:
I also gave the following “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, October 17th:
Powered by WordPress & Theme by Anders Norén