I'll add to this that if the FIDO 2.0 Client to Authenticator Protocol (CTAP) spec uses this PoP key representation, one of the callers of this will be implementations of the W3C WebAuthn specification.
-----Original Message----- From: Ace [mailto:[email protected]] On Behalf Of Anthony Nadalin Sent: Monday, June 12, 2017 2:04 PM To: Hannes Tschofenig <[email protected]>; [email protected] Cc: Hannes Tschofenig <[email protected]>; Kepeng Li <[email protected]> Subject: Re: [Ace] Potential uses of PoP keys in CBOR Web Tokens (CWTs) So I believe that there are other uses for this technology, for instance here at Microsoft we have "compact tokens" and looking forward to using CWT and POP as a standard instead of what we have created. FIDO also has a use case for CWT and POP for the Client to Authenticator Protocol, which uses CBOR and CWT today. I think it makes sense to define POP for CWT in it's own specification as there will be many stand-alone usages for POP for CWT. -----Original Message----- From: Ace [mailto:[email protected]] On Behalf Of Hannes Tschofenig Sent: Monday, June 12, 2017 11:19 AM To: [email protected] Cc: Hannes Tschofenig <[email protected]>; Kepeng Li <[email protected]> Subject: [Ace] Potential uses of PoP keys in CBOR Web Tokens (CWTs) Hi all, RFC 7800 defines how to communicate Proof of Possession (PoP) keys for JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT) draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of the JSON/JOSE JWT spec. The ACE working group is planning to also define a CBOR/COSE equivalent of RFC 7800 and is interested in knowing how you might use CBOR proof-of-possession keys for CWTs. Please drop us a message if you are using CBOR PoP keys for CWTs. We would like to learn more about your usage. Ciao Hannes & Kepeng _______________________________________________ Ace mailing list [email protected] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Face&data=02%7C01%7Ctonynad%40microsoft.com%7C0f499d2726c74f8c11ab08d4b1bf922f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636328883729061751&sdata=hxYGYRTqzC1qIEo4efvJdc%2B99GRldim68GwELwGIc8M%3D&reserved=0 _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
