IETF Logo Mail Archive

[OAUTH-WG] A draft on CBOR Web Tokens (CWT)

Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com> Thu, 12 November 2015 19:26 UTC

Return-Path: <erik.wahlstrom@nexusgroup.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5C971B3228 for <oauth@ietfa.amsl.com>; Thu, 12 Nov 2015 11:26:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level:
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-EoNFyMSkYR for <oauth@ietfa.amsl.com>; Thu, 12 Nov 2015 11:26:23 -0800 (PST)
Received: from smtp.nexusgroup.com (smtp.nexusgroup.com [83.241.133.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DCCE1B3229 for <oauth@ietf.org>; Thu, 12 Nov 2015 11:26:20 -0800 (PST)
Received: from NG-EX01.ad.nexusgroup.com (10.75.28.40) by NG-EX01.ad.nexusgroup.com (10.75.28.40) with Microsoft SMTP Server (TLS) id 15.0.995.29; Thu, 12 Nov 2015 20:26:17 +0100
Received: from NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab]) by NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab%12]) with mapi id 15.00.0995.032; Thu, 12 Nov 2015 20:26:17 +0100
From: Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com>
To: "<oauth@ietf.org>" <oauth@ietf.org>
Thread-Topic: A draft on CBOR Web Tokens (CWT)
Thread-Index: AQHRHX3EcFviJsoC2k6K5CeJemK0Aw==
Date: Thu, 12 Nov 2015 19:26:17 +0000
Message-ID: <EEA8113B-E287-4B25-9301-0B50BCD22D7B@nexusgroup.com>
References: <53BB1987-979C-4945-9C7D-CDB6619AEFFC@nexusgroup.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.2104)
x-originating-ip: [37.247.26.197]
Content-Type: text/plain; charset="utf-8"
Content-ID: <1F86ECED8E58D84E981C5ECAD8D770DB@nexusgroup.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/v7xQfRW4wG4eXKBEoHr25Lc7xkA>
Subject: [OAUTH-WG] A draft on CBOR Web Tokens (CWT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 19:26:25 -0000

Hi,

In the ACE WG a straw man proposal of a CBOR Web Token (CWT) was defined in the draft "Authorization for the Internet of Things using OAuth 2.0” [1]. We just broke out the CBOR Web Token into a separate draft and the new draft is submitted to the OAUTH WG. It can be found here: 

https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/

Abstract: 
"CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties.  CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection.  A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value."

/ Erik


[1] https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00

v2.23.0 | Report a Bug | By Email