I posted JSON Web Token (JWT) draft -05 today, with the only change being to define an optional “nbf” (not before) claim that is distinct from the “iat” (issued at) claim. (This more closely parallels the capabilities of SAML tokens, where there are NotBefore, NotAfter, and IssueInstant values.) The “nbf” and “exp” claims should be used for bounding the token validity period, whereas “iat” should be used to determine token age.
The draft is available at these locations:
- http://www.ietf.org/internet-drafts/draft-jones-json-web-token-05.txt
- http://www.ietf.org/internet-drafts/draft-jones-json-web-token-05.xml
- https://self-issued.info/docs/draft-jones-json-web-token-05.html
- https://self-issued.info/docs/draft-jones-json-web-token-05.txt
- https://self-issued.info/docs/draft-jones-json-web-token-05.xml
- https://self-issued.info/docs/draft-jones-json-web-token.html (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-jones-json-web-token.txt (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-jones-json-web-token.xml (will point to new versions as they are posted)
- http://svn.openid.net/repos/specifications/json_web_token/1.0/ (Subversion repository, with html, txt, and html versions available)
Leave a Reply
You must be logged in to post a comment.