[OAUTH-WG] Protocol Action: 'JSON Web Token (JWT)' to Proposed Standard (draft-ietf-oauth-json-web-token-32.txt)
The IESG <iesg-secretary@ietf.org> Tue, 13 January 2015 00:13 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1BE31ACE1C; Mon, 12 Jan 2015 16:13:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PlsbCpLICtl; Mon, 12 Jan 2015 16:13:19 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 080751ACE3F; Mon, 12 Jan 2015 16:13:11 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150113001311.28323.2958.idtracker@ietfa.amsl.com>
Date: Mon, 12 Jan 2015 16:13:11 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/0x7mBuAA7jYFjC9UZrTUfGxVW1c>
Cc: oauth chair <oauth-chairs@tools.ietf.org>, oauth mailing list <oauth@ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [OAUTH-WG] Protocol Action: 'JSON Web Token (JWT)' to Proposed Standard (draft-ietf-oauth-json-web-token-32.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 00:13:23 -0000
The IESG has approved the following document: - 'JSON Web Token (JWT)' (draft-ietf-oauth-json-web-token-32.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/ Technical Summary JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted. Working Group Summary This document was uncontroversial. It defines a JSON-based security token format to increase interoperability both among OAuth deployments and in other application contexts as well. (ID tokens are specified in http://openid.net/specs/openid-connect-core-1_0.html#IDToken) Document Quality A substantial number of implementations exist, as documented at http://openid.net/developers/libraries/#jwt (scroll down to the 'JWT/JWS/JWE/JWK/JWA Implementations' section) An Excel sheet providing additional details about implementations can be found here: http://www.oauth-v2.org/wp-content/uploads/2014/04/JWT-Implementations.xlsx In last call, the discussions on "duplicate member names" also applies to this draft and is unresolved. This can get discussed generally as it applies to at least 3 of the drafts in the set under IESG review. Personnel The document shepherd is Hannes Tschofenig and the responsible area director is Kathleen Moriarty. IANA Note 'The registries use the 5226 'Specification Required' registration policy.' RFC Editor Note: This draft is part of a set of drafts that cross 2 working groups. I am working through the reviews (shepherd just confirmed them for the OAuth ones) and would like them processed as a set. The JOSE drafts will hopefully be ready shortly as well. The set includes (in order): 1 draft-ietf-jose-json-web-signature 2 draft-ietf-jose-json-web-encryption 3 draft-ietf-jose-json-web-key 4 draft-ietf-jose-json-web-algorithms 5 draft-ietf-oauth-json-web-token 6 draft-ietf-jose-cookbook 7 draft-ietf-oauth-assertions 8 draft-ietf-oauth-saml2-bearer 9 draft-ietf-oauth-jwt-bearer