Protocol Action: 'JSON Web Token Best Current Practices' to Best Current Practice (draft-ietf-oauth-jwt-bcp-07.txt)

The IESG <iesg-secretary@ietf.org> Mon, 21 October 2019 15:50 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 74C0B1200B9; Mon, 21 Oct 2019 08:50:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'JSON Web Token Best Current Practices' to Best Current Practice (draft-ietf-oauth-jwt-bcp-07.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.106.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: rdd@cert.org, draft-ietf-oauth-jwt-bcp@ietf.org, The IESG <iesg@ietf.org>, Hannes Tschofenig <hannes.tschofenig@arm.com>, oauth@ietf.org, hannes.tschofenig@arm.com, oauth-chairs@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157167303740.31854.3658812972923333005.idtracker@ietfa.amsl.com>
Date: Mon, 21 Oct 2019 08:50:37 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/zqWooydEdMu34EwFKnEBPabTEpE>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 15:50:38 -0000

The IESG has approved the following document:
- 'JSON Web Token Best Current Practices'
  (draft-ietf-oauth-jwt-bcp-07.txt) as Best Current Practice

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/





Technical Summary

JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
tokens that contain a set of claims that can be signed and/or
encrypted.  JWTs are being widely used and deployed as a simple
security token format in numerous protocols and applications, both in
the area of digital identity, and in other application areas.  The
goal of this Best Current Practices document is to provide actionable
guidance leading to secure implementation and deployment of JWTs.

Working Group Summary

This document has been written in response to reports about insecure implementations and deployments of JWT.
The working group is in agreement that this document provides value to the community. 

Document Quality

The document has received substantial review and suggestions for threat mitigations to cover. Many of the recommendations have been provided by researchers and implementers outside the working group. 

Personnel

The document shepherd is Hannes Tschofenig. 
The responsible Area Director is Roman Danyliw (and was previously Eric Rescorla).