[OAUTH-WG] BCP 225, RFC 8725 on JSON Web Token Best Current Practices

rfc-editor@rfc-editor.org Wed, 19 February 2020 22:57 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BBE120825; Wed, 19 Feb 2020 14:57:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fenaWSH7gKx; Wed, 19 Feb 2020 14:57:10 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E370120820; Wed, 19 Feb 2020 14:57:10 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id E7187F40713; Wed, 19 Feb 2020 14:57:05 -0800 (PST)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
X-PHP-Originating-Script: 1005:ams_util_lib.php
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, oauth@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20200219225705.E7187F40713@rfc-editor.org>
Date: Wed, 19 Feb 2020 14:57:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Kxz-bMSGzIRKfXAwkDT8xBQw-jA>
Subject: [OAUTH-WG] BCP 225, RFC 8725 on JSON Web Token Best Current Practices
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2020 22:57:13 -0000

A new Request for Comments is now available in online RFC libraries.

        BCP 225        
        RFC 8725

        Title:      JSON Web Token Best Current Practices 
        Author:     Y. Sheffer,
                    D. Hardt,
                    M. Jones
        Status:     Best Current Practice
        Stream:     IETF
        Date:       February 2020
        Mailbox:    yaronf.ietf@gmail.com, 
                    dick.hardt@gmail.com, 
                    mbj@microsoft.com
        Pages:      13
        Updates:    RFC 7519
        See Also:   BCP 225

        I-D Tag:    draft-ietf-oauth-jwt-bcp-07.txt

        URL:        https://www.rfc-editor.org/info/rfc8725

        DOI:        10.17487/RFC8725

JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
tokens that contain a set of claims that can be signed and/or
encrypted. JWTs are being widely used and deployed as a simple
security token format in numerous protocols and applications, both in
the area of digital identity and in other application areas.  This
Best Current Practices document updates RFC 7519 to provide
actionable guidance leading to secure implementation and deployment
of JWTs.

This document is a product of the Web Authorization Protocol Working Group of the IETF.


BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC