IETF Logo Mail Archive

[COSE] A draft on CBOR Web Tokens (CWT)

Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com> Thu, 12 November 2015 19:10 UTC

Return-Path: <erik.wahlstrom@nexusgroup.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 478C61B3151; Thu, 12 Nov 2015 11:10:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.309
X-Spam-Level:
X-Spam-Status: No, score=-2.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1e_UILfDlpT; Thu, 12 Nov 2015 11:10:20 -0800 (PST)
Received: from smtp.nexusgroup.com (smtp.nexusgroup.com [83.241.133.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 945821B3150; Thu, 12 Nov 2015 11:10:19 -0800 (PST)
Received: from NG-EX01.ad.nexusgroup.com (10.75.28.40) by NG-EX01.ad.nexusgroup.com (10.75.28.40) with Microsoft SMTP Server (TLS) id 15.0.995.29; Thu, 12 Nov 2015 20:10:17 +0100
Received: from NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab]) by NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab%12]) with mapi id 15.00.0995.032; Thu, 12 Nov 2015 20:10:17 +0100
From: Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com>
To: "<oauth@ietf.org>" <oauth@ietf.org>, "ace@ietf.org" <ace@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: A draft on CBOR Web Tokens (CWT)
Thread-Index: AQHRHX3DyXQEi0Hb60mPSXqbnVxSew==
Date: Thu, 12 Nov 2015 19:10:16 +0000
Message-ID: <53BB1987-979C-4945-9C7D-CDB6619AEFFC@nexusgroup.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.2104)
x-originating-ip: [37.247.26.197]
Content-Type: multipart/alternative; boundary="_000_53BB1987979C49459C7DCDB6619AEFFCnexusgroupcom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/ZS-7qonWJuBhY7xD_Vk07TAByo8>
Cc: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Subject: [COSE] A draft on CBOR Web Tokens (CWT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 19:10:23 -0000

Hi,

In the ACE WG a straw man proposal of a CBOR Web Token (CWT) was defined in the draft "Authorization for the Internet of Things using OAuth 2.0” [1]. We just broke out the CBOR Web Token into a separate draft and the new draft is submitted to the OAUTH WG. It can be found here:

https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/

Abstract:
"CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties.  CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection.  A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value."

/ Erik


[1] https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00

v2.23.0 | Report a Bug | By Email