Recognizing that there is substantial interest in representing sets of claims in JSON tokens, Yaron Goland and I have put together a draft JSON Web Token (JWT) specification for that purpose and published it to the OAuth list, where it is being discussed.
While this was produced independently of Dirk Balfanz’s JSON token proposal, both of us agree that we should come up with a unified spec. Consider this draft an additional point in the possible design space from which to start discussions and drive consensus. (If you read the two proposals, I think you’ll find that there’s already a lot in common, which is great.)
By the way, the draft suggests that the acronym JWT be pronounced like the English word “jot”.
I’d love to hear your feedback.
====
NOTE: This specification version has been superseded by draft-ietf-oauth-json-web-token. Do not use this version other than for historical reference purposes.
iotabits.com/kent/
iotabits.com/kent/
metadaddy.ssocircle.com/
metadaddy.ssocircle.com/