A new CBOR Web Token (CWT) draft has been published that addresses the Working Group Last Call (WGLC) feedback received. Changes were:
- Say that CWT is derived from JWT, rather than CWT is a profile of JWT.
- Used CBOR type names in descriptions, rather than major/minor type numbers.
- Clarified the NumericDate and StringOrURI descriptions.
- Changed to allow CWT claim names to use values of any legal CBOR map key type.
- Changed to use the CWT tag to identify nested CWTs instead of the CWT content type.
- Added an example using a floating-point date value.
- Acknowledged reviewers.
Thanks to Samuel Erdtman for doing the majority of the editing for this draft. As always, people are highly encouraged to validate the examples.
The specification is available at:
An HTML-formatted version is also available at: