IETF Logo Mail Archive

[Ace] “CBOR Web Token (CWT)” is now RFC 8392

Mike Jones <Michael.Jones@microsoft.com> Tue, 08 May 2018 23:06 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A12B1124234 for <ace@ietfa.amsl.com>; Tue, 8 May 2018 16:06:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RvKe42LLGcCj for <ace@ietfa.amsl.com>; Tue, 8 May 2018 16:06:14 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0138.outbound.protection.outlook.com [104.47.41.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26DEF12D7EC for <ace@ietf.org>; Tue, 8 May 2018 16:06:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TSbclIXxnmvz6al2ImU4jZypU6msxPkPNtxGk1miy80=; b=bzqp9ymzFPJIXMJCcCyU51JYOstJaaSO5ZSY63BOmN4t28BUQMab3b8jwmpEzjPiM5x5mevXTOBBm+xEzOpo2lYZNnR5GWhKwoGdy/5Mr+TKA3VZwcGTgr43AqcOT2Zqm+RdhvDni4yObRWyeL7A/M2z5cbFV+/dsBDHPLrrNBI=
Received: from BL0PR00MB0292.namprd00.prod.outlook.com (2603:10b6:207:1e::30) by BL0PR00MB0386.namprd00.prod.outlook.com (2603:10b6:207:1f::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.792.0; Tue, 8 May 2018 23:05:56 +0000
Received: from BL0PR00MB0292.namprd00.prod.outlook.com ([fe80::84a0:cb3c:39ec:1b01]) by BL0PR00MB0292.namprd00.prod.outlook.com ([fe80::84a0:cb3c:39ec:1b01%5]) with mapi id 15.20.0792.000; Tue, 8 May 2018 23:05:56 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: “CBOR Web Token (CWT)” is now RFC 8392
Thread-Index: AdPm+m+37+zcynCXRhyE23ZIy52Dxg==
Date: Tue, 08 May 2018 23:05:56 +0000
Message-ID: <BL0PR00MB02922C6F48756589B0EB6AF8F59A0@BL0PR00MB0292.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-05-08T23:05:55.0550431Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:3::291]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BL0PR00MB0386; 7:JVIe8mmPzzUCDcJpAPE2FOfdfV9g9D0KNqKVyBL1cqCo7tH3XduGeqvpFGGJcpmvGYYoGNxUwzug8CT+M2eaaoH5v7Bv31v2GWvJUKNTQgGKx7xi7wBQxN7X9joVfOUlaSSeQZt9ukAgwEt2Q6DHNEGa8Dv1zp/o75cGY4OTjc6nKAf8HP4ndyA53pPP9dnnhn6xcJX+P8GYwbEPSsrOhmJXr10RHG2M3CHUa6ndA43tU/zLGdkbj2DtKWRuVvnJ; 20:wdIjoe8717K+tun39nqmZNsJaezydBuN+aJDHHURjOnszqDGdbQNQJcZ1TmzqQdzF9xJm/60J3DLDADdHtU3sQpDKk7xXL1lw21ijroDCwS0D5nqrAIY1B5VffME79kHAQ/mX6CKKlDktKYcmPwqxtWygaiTzUvzucYXudTN/f8=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603328)(7193020); SRVR:BL0PR00MB0386;
x-ms-traffictypediagnostic: BL0PR00MB0386:
x-microsoft-antispam-prvs: <BL0PR00MB0386C51AF34FBC5534EFF75FF59A0@BL0PR00MB0386.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(31418570063057)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3002001)(93006095)(93001095)(10201501046)(3231254)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:BL0PR00MB0386; BCL:0; PCL:0; RULEID:; SRVR:BL0PR00MB0386;
x-forefront-prvs: 0666E15D35
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(366004)(396003)(346002)(376002)(209900001)(189003)(199004)(86362001)(10290500003)(81156014)(81166006)(86612001)(8990500004)(10090500001)(1730700003)(97736004)(476003)(2906002)(6346003)(74316002)(478600001)(966005)(186003)(3280700002)(3660700001)(2351001)(9686003)(8936002)(5250100002)(99286004)(7736002)(54896002)(53376002)(55016002)(14454004)(236005)(53936002)(6306002)(606006)(52396003)(105586002)(68736007)(316002)(6916009)(790700001)(106356001)(6116002)(2501003)(5630700001)(59450400001)(33656002)(7696005)(6506007)(2900100001)(486006)(5660300001)(102836004)(6436002)(5640700003)(22452003)(72206003)(25786009)(46003)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR00MB0386; H:BL0PR00MB0292.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: Xf7cWh4z0z555VZiQbq+MdfmbNir4yKB0ohWXGn2F2c7WhCD8N1OFvXsG8lNVTzTpJPoEmucm7dDs1ySuSXDxZXEdlT9Ng3Pgk9OHgk5NFcDBmxUe5CuEiOmZWd2kRhPRqUPCFVlImyawTzzqZ+RhVTkiZb+sDJop1u000VLjoWM0VG3iNaa1RhQdaDxlrnW
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BL0PR00MB02922C6F48756589B0EB6AF8F59A0BL0PR00MB0292namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 34b3d1d3-07db-4137-6bc2-08d5b53841a4
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 34b3d1d3-07db-4137-6bc2-08d5b53841a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2018 23:05:56.4582 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0386
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/-fphwNmYnEMpUtSmeaH7AUywFVc>
Subject: [Ace] “CBOR Web Token (CWT)” is now RFC 8392
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 23:06:16 -0000

The “CBOR Web Token (CWT)” specification is now RFC 8392<https://www.rfc-editor.org/rfc/rfc8392.txt> - an IETF standard.  The abstract for the specification is:

CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties.  The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection.  A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value.  CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.

Special thanks to Erik Wahlström<https://twitter.com/erik_wahlstrom> for starting this work and to Samuel Erdtman<https://twitter.com/serdtman> for doing most of the heavy lifting involved in creating correct and useful CBOR<https://tools.ietf.org/html/rfc7049> and COSE<https://tools.ietf.org/html/rfc8152> examples.

Next up – finishing “Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)<https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-02>”, which provides the CWT equivalent of “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)” [RFC 7800<https://tools.ietf.org/html/rfc7800>].

                                                                -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1844 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email