Hello everyone! Mike Jones and I have updated the JSON Web Proof specifications in preparation/anticipation of IETF 121.
This revision focuses on updating the JWP and JPA documents to describe “native” CBOR usage, e.g. a CBOR serialization using CBOR protected headers. We would appreciate feedback from implementers of JWP, as well as parties interested in the CBOR representation or any parties with other COSE experience. JSON Proof Tokens has not been updated to describe a CBOR encoding, although it is currently envisioned as a CBOR serialization of JWP defined around CWT claims as payloads. JPT was delayed due to JWT and CWT being more divergent than one would first suspect, and that the JWP effort has not taken on a task to try to produce a shared data model (such as through a new JWP claims registry). In particular, draft-ietf-rats-eat-30 is the only document I know of in existence which attempts to define both JWT and CWT definitions/usages of common claims - and still does so with data model incompatibilities (such as defining a CWT `nonce` that is not representable in a JWT `nonce`). Quite a few documents also appear to describe CWT claims with JWT claim names, but with no corresponding registry entry and without text defining usage within a JWT. This leaves the question of what commonalities “JPT” and “CPT” have, and whether they should instead be independent profiles defined in separate documents - referencing the respective JWT/CWT claims registries. I would prefer we come up with an approach with greater commonality, but would appreciate feedback on what others think or if they have particular approaches they think would be appropriate. -DW _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
