Hi folks, Sorry for the large cross-post, but wanted to be sure everyone is a little aware of this.
The latest EAT draft <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11> efines CDDL for a Claims-Set, the main collection of label-value pairs that is central to CWT and JWT. It is intended to work for both CBOR and JSON (and maybe other encodings). When you want to define a new claim for a CWT or JWT you can write it in CDDL and both the CBOR protocol implementer and JSON protocol implementer know what to do. Should even work with the CDDL validation tools. See here <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-8.4>. There’s a few other things in this EAT draft: The Claims-Set CDDL applies to UCCS It defines UJCS (which is a one-liner in CDDL) in case you don’t want to use JWT NULL algorithm for something like EAT Attestation Results It defines a way to put a CWT inside a JWT and vice versa since EAT needs nested tokens A common format for signed/encrypted/unsecured collections of CBOR/JSON label-value pairs seems generally useful for more than just EAT. The common format could give some code re use too. I’m not sure that this belongs in the EAT draft. I put it in EAT to get it published in a coherent way for the basis of discussion. I’m expecting discussion of this in the RATS sessions at IETF 112 (Chairs / ADs, maybe you have an opinion on where further discussion can happen). LL P.S. This turned up some issues around how CDDL for CBOR+JSON works and how to validate with the cddl validation tool: Integer vs text labels How to represent byte strings so they get b64 encoded and validate An alternative to CBOR tags for JSON
_______________________________________________ COSE mailing list COSE@ietf.org https://www.ietf.org/mailman/listinfo/cose