[OAUTH-WG] Protocol Action: 'Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)' to Proposed Standard (draft-ietf-oauth-proof-of-possession-11.txt)

The IESG <iesg-secretary@ietf.org> Mon, 28 December 2015 14:40 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BB5F21A00E1; Mon, 28 Dec 2015 06:40:28 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20151228144028.6639.51315.idtracker@ietfa.amsl.com>
Date: Mon, 28 Dec 2015 06:40:28 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/vkbJ_N453J7tzTWHvVekGlPEuSg>
Cc: draft-ietf-oauth-proof-of-possession@ietf.org, oauth-chairs@ietf.org, The IESG <iesg@ietf.org>, oauth@ietf.org, rfc-editor@rfc-editor.org
Subject: [OAUTH-WG] Protocol Action: 'Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)' to Proposed Standard (draft-ietf-oauth-proof-of-possession-11.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 14:40:28 -0000

The IESG has approved the following document:
- 'Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)'
  (draft-ietf-oauth-proof-of-possession-11.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

   This specification defines how to express a declaration in a JSON Web
   Token (JWT) that the presenter of the JWT possesses a particular key
   and that the recipient can cryptographically confirm proof-of-
   possession of the key by the presenter.  This property is also
   sometimes described as the presenter being a holder-of-key.

Working Group Summary

The document was developed by the working group based on the
requirements and architecture described in
There is strong consensus behind this work.

Document Quality

There is at least one implementation of this draft
confirmed on the OAuth mailing list.


    Kepeng Li is the document shepherd and
    Kathleen Moriarty is the responsible AD.


     This specification establishes the IANA "JWT Confirmation Methods"
     registry for JWT "cnf" member values with Specification Required [RFC5226]
     and designated expert review on the oauth-pop-reg-review@ietf.org
     mailing list. 

     CNF value is also added to the registry established in RFC7519