Musings on Digital Identity

JSON Web Token (JWT) Specification Draft

Recognizing that there is substantial interest in representing sets of claims in JSON tokens, Yaron Goland and I have put together a draft JSON Web Token (JWT) specification for that purpose and published it to the OAuth list, where it is being discussed.

While this was produced independently of Dirk Balfanz’s JSON token proposal, both of us agree that we should come up with a unified spec. Consider this draft an additional point in the possible design space from which to start discussions and drive consensus. (If you read the two proposals, I think you’ll find that there’s already a lot in common, which is great.)

By the way, the draft suggests that the acronym JWT be pronounced like the English word “jot”.

I’d love to hear your feedback.


NOTE: This specification version has been superseded by draft-ietf-oauth-json-web-token. Do not use this version other than for historical reference purposes.


Information Card SAML Token Profile Committee Specifications


AD FS 2.0 Interop Step-By-Step Guide: Shibboleth 2 and the InCommon Federation




Leave a Reply

Powered by WordPress & Theme by Anders Norén