“CBOR Web Token (CWT)” is now RFC 8392

The “CBOR Web Token (CWT)” specification is now RFC 8392 – an IETF standard. The abstract for the specification is:

CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.

Special thanks to Erik WahlstrÃƒÂ¶m for starting this work and to Samuel Erdtman for doing most of the heavy lifting involved in creating correct and useful CBOR and COSE examples.

Next up — finishing “Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)“, which provides the CWT equivalent of “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)” [RFC 7800].

Musings on Digital Identity

“CBOR Web Token (CWT)” is now RFC 8392

Leave a Reply

“CBOR Web Token (CWT)” is now RFC 8392

On our journey to deprecate the password: Public Implementation Draft of FIDO2 Client to Authenticator Protocol (CTAP) specification

JWT BCP updates addressing WGLC feedback

Leave a Reply