[OAUTH-WG] FW: CBOR Web Token (CWT) spec for the ACE working group

Mike Jones <Michael.Jones@microsoft.com> Sat, 05 December 2015 03:49 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BB211B2F5C for <oauth@ietfa.amsl.com>; Fri, 4 Dec 2015 19:49:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id awPmGdd5qmd9 for <oauth@ietfa.amsl.com>; Fri, 4 Dec 2015 19:49:55 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0778.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::778]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562211B2F46 for <oauth@ietf.org>; Fri, 4 Dec 2015 19:49:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/ASGm6Gt7TE20FMic9DUbDtIRZZvsZFQHH8opuMvVks=; b=fuw2Ft437y0kkGmKuMYGlBAZ+zbE0vTx0bWOthiQpv74Pd2aD5JZi33lsGBlc1decbr3Ux2Seo+RXlyAb95SBJvIHA1+W5aNufA+PR+jZAjop7ZJNz0G51IBI02uIgTR1KM6IhRcv+xSEyOw3ikTos8bcwBNlBJM2mGaSQGuxD4=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.331.20; Sat, 5 Dec 2015 03:49:36 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0331.023; Sat, 5 Dec 2015 03:49:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: CBOR Web Token (CWT) spec for the ACE working group
Thread-Index: AdEvDD/qhV0xKgF3TQ+OV37TSTGCSwAA461w
Date: Sat, 5 Dec 2015 03:49:36 +0000
Message-ID: <BY2PR03MB4427B155928E73D1A68D933F50B0@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:2::650]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:aFLfHkVPSaJskPf8x9Yt1DN9lsdFO1dwPWNpsgelXU3VIMC0CESUGakWm/SVJX80b387wbBu1Ldwg8VyPAfTiEjlnXqN7aK7rys5dFq2JvlNaBjCMnxNSRA5oe2tbmMhUZTEEa/KNX/oiEfp98/qVQ==; 24:iOctoiJeEBws1tR+HmEM2kw8HZSTjGze3+6+AMDlCk2EiuFeTFTCG9rldsWtiskTMtPhb3IhLv1elcJ23yQPvLA1K+5i69D/tIxFeEimwBc=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB443AE689A34689137278829F50B0@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(520078)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 07817FCC2D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(199003)(377454003)(189002)(1220700001)(19617315012)(189998001)(5002640100001)(54356999)(19580405001)(19580395003)(40100003)(16236675004)(106356001)(5005710100001)(10090500001)(87936001)(2351001)(33656002)(122556002)(50986999)(2501003)(76576001)(5003600100002)(8990500004)(86612001)(110136002)(11100500001)(5001960100002)(19300405004)(1096002)(5008740100001)(15975445007)(10290500002)(97736004)(86362001)(5004730100002)(77096005)(10400500002)(81156007)(450100001)(102836003)(92566002)(99286002)(107886002)(105586002)(101416001)(74316001)(6116002)(19625215002)(586003)(790700001)(2900100001)(3826002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB4427B155928E73D1A68D933F50B0BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2015 03:49:36.8209 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/7jlit45XCkaC6tkg3nR09Sk36TE>
Subject: [OAUTH-WG] FW: CBOR Web Token (CWT) spec for the ACE working group
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2015 03:49:58 -0000

This specification replaces http://tools.ietf.org/html/draft-wahlstroem-oauth-cbor-web-token-00.

                                                                -- Mike

From: Mike Jones
Sent: Friday, December 4, 2015 7:47 PM
To: ace@ietf.org
Subject: CBOR Web Token (CWT) spec for the ACE working group

After input from many interested people, IETF Security Area Director Kathleen Moriarty decided<http://www.ietf.org/mail-archive/web/cose/current/msg00810.html> that the right place for the CBOR Web Token (CWT) work is the ACE working group<http://datatracker.ietf.org/wg/ace/charter/>r/>.  Today Erik Wahlström posted a new draft of the CBOR Web Token (CWT) specification that is intended for ACE.

This version of the spec references the JSON Web Token (JWT)<http://tools.ietf.org/html/rfc7519> claim definitions, rather than repeating them, and intentionally only includes equivalents of the claims defined by the JWT spec.  Other CWT claims, including those needed by ACE applications, will be defined by other specs and registered in the CWT claims registry.

The specification is available at:

·         http://tools.ietf.org/html/draft-wahlstroem-ace-cbor-web-token-00

An HTML-formatted version is also available at:

·         http://self-issued.info/docs/draft-wahlstroem-ace-cbor-web-token-00.html

                                                                -- Mike

P.S.  This note was also posted at http://self-issued.info/?p=1503 and as @selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c90a27b03c3c6448e4c3608d2aa6ea07c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s853DPkED04jn0TfPCt08beP%2fb%2fj7JFatTC5enN7rBU%3d>.