IETF Logo Mail Archive

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Justin Richer <jricher@mit.edu> Thu, 12 November 2015 21:02 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630B01B2DAB; Thu, 12 Nov 2015 13:02:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aJhmDWatyTR7; Thu, 12 Nov 2015 13:02:12 -0800 (PST)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05B0E1B2CB2; Thu, 12 Nov 2015 13:02:10 -0800 (PST)
X-AuditID: 1209190f-f79d06d000004b20-b5-5644fe5131c3
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 07.69.19232.15EF4465; Thu, 12 Nov 2015 16:02:09 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id tACL28Ag017398; Thu, 12 Nov 2015 16:02:08 -0500
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tACL255e013631 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 12 Nov 2015 16:02:06 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_C6D98A78-6AB4-405D-80A6-BB4D661F8B40"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <53BB1987-979C-4945-9C7D-CDB6619AEFFC@nexusgroup.com>
Date: Thu, 12 Nov 2015 16:02:05 -0500
Message-Id: <519F98B0-E02B-4827-9862-8F7AAF87FEA2@mit.edu>
References: <53BB1987-979C-4945-9C7D-CDB6619AEFFC@nexusgroup.com>
To: Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com>
X-Mailer: Apple Mail (2.2104)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrDKsWRmVeSWpSXmKPExsUixCmqrRv4zyXM4N1uWYvv33qYLaZtncpq cWzXYjaLmzNOMVnsnfaJxeLk21dsDmwea+atYfRYsuQnk0frjr/sHlvv/2YMYInisklJzcks Sy3St0vgyvg0bQNzQbd2xcJVbWwNjHNVuxg5OCQETCQmbTPrYuQEMsUkLtxbzwZiCwksZpL4 8KC4i5ELyN7IKHHr6V9WCOchk8SFI+1MIFXMAgkSS/vmsoDYvAJ6Eq9uXWYFGSoMNPTX51yQ MJuAqsT0NS1g5ZwCThLXt60GW8ACFF9xYyk7xJjbjBKLOgUgxlhJvLw/lQniCEeJxmW3mEFs EQFPiZsn/7NAHCorsfv3I6YJjAKzkFwxC8kVEHFtiWULXzND2JoS+7uXs2CKa0h0fpvIuoCR bRWjbEpulW5uYmZOcWqybnFyYl5eapGuiV5uZoleakrpJkZwpEjy72D8dlDpEKMAB6MSD++O Fy5hQqyJZcWVuYcYJTmYlER5pd4AhfiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwLn4GlONNSays Si3Kh0lJc7AoifNu+sEXIiSQnliSmp2aWpBaBJOV4eBQkuDN/wvUKFiUmp5akZaZU4KQZuLg BBnOAzQ8CaSGt7ggMbc4Mx0if4pRUUqctwYkIQCSyCjNg+sFJbKEt4dNXzGKA70izBsBUsUD TIJw3a+ABjMBDf4i4QQyuCQRISXVwOjS/nK//sNG6VnZPxUrXx4znyHd/+jYC9mzfku+iz16 Yyo9xd726a2IrU88LgXJLmDoL7VvPLleWPOnJOutUmv7SwwlKabyK4Ua/tgFZFz6r3DswMmF h96f79meJbXbdtv+eZHf/ryfeYn1lfry8pnl3e8T/6+Pvqc9z3b/zaS2c75bwrsSrjIqsRRn JBpqMRcVJwIAxjqTyj8DAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/aMuyYHxD26ERhtssUWyHp5C-oCQ>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "cose@ietf.org" <cose@ietf.org>, "<oauth@ietf.org>" <oauth@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 21:02:14 -0000

Thanks very much, Eric.

As we promised in Yokohama, the chairs of the COSE working group are currently running a consensus call thread about this very topic, and I’d encourage others to join that discussion. The thread starts here:

http://www.ietf.org/mail-archive/web/cose/current/msg00747.html

 — Justin

> On Nov 12, 2015, at 2:10 PM, Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com> wrote:
> 
> Hi,
> 
> In the ACE WG a straw man proposal of a CBOR Web Token (CWT) was defined in the draft "Authorization for the Internet of Things using OAuth 2.0” [1]. We just broke out the CBOR Web Token into a separate draft and the new draft is submitted to the OAUTH WG. It can be found here: 
> 
> https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/ <https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/>
> 
> Abstract: 
> "CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties.  CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection.  A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value."
> 
> / Erik
> 
> 
> [1] https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00 <https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00>
> 
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email