Last Call: <draft-ietf-oauth-jwt-bcp-04.txt> (JSON Web Token Best Current Practices) to Best Current Practice

The IESG <iesg-secretary@ietf.org> Mon, 25 March 2019 15:29 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 370961203EB; Mon, 25 Mar 2019 08:29:46 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-oauth-jwt-bcp-04.txt> (JSON Web Token Best Current Practices) to Best Current Practice
X-Test-IDTracker: no
X-IETF-IDTracker: 6.94.1
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <iesg-secretary@ietf.org>
CC: draft-ietf-oauth-jwt-bcp@ietf.org, ekr@rtfm.com, Hannes Tschofenig <hannes.tschofenig@arm.com>, oauth@ietf.org, hannes.tschofenig@arm.com, oauth-chairs@ietf.org
Content-Transfer-Encoding: 7bit
Reply-To: ietf@ietf.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <155352778618.28984.3417845365296464992.idtracker@ietfa.amsl.com>
Date: Mon, 25 Mar 2019 08:29:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/PNUYFyLYzAwn9SaquM84hoCrlJA>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 15:29:47 -0000

The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document: - 'JSON Web Token Best Current
Practices'
  <draft-ietf-oauth-jwt-bcp-04.txt> as Best Current Practice

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2019-04-08. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


   JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
   tokens that contain a set of claims that can be signed and/or
   encrypted.  JWTs are being widely used and deployed as a simple
   security token format in numerous protocols and applications, both in
   the area of digital identity, and in other application areas.  The
   goal of this Best Current Practices document is to provide actionable
   guidance leading to secure implementation and deployment of JWTs.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ballot/


No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information: 
    rfc8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE) (Proposed Standard - IETF stream)
    rfc6979: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) (Informational - Independent Submission Editor stream)
    rfc7516: JSON Web Encryption (JWE) (Proposed Standard - IETF stream)
    rfc7515: JSON Web Signature (JWS) (Proposed Standard - IETF stream)
    rfc7519: JSON Web Token (JWT) (Proposed Standard - IETF stream)
    rfc7518: JSON Web Algorithms (JWA) (Proposed Standard - IETF stream)