Hi, We just submitted an updated version of the CBOR Web Token (CWT) to the ACE WG repository. The new version references the JWT claims. Name is also kept to CBOR Web Token to make it clear it’s derived from JWT and uses both claim names and formats.
https://tools.ietf.org/html/draft-wahlstroem-ace-cbor-web-token-00 / Erik, Mike and Hannes On 23 Nov 2015, at 02:43, Kathleen Moriarty <[email protected]<mailto:[email protected]>> wrote: Hello, Looking across the three WGs, there are good arguments for doing the work in each, but ACE would be the best WG for a few reasons. COSE is supposed to be short-lived, let's keep it that way. OAUTH has a full plate, although they tend to be very productive. ACE has just become more focused and I think this could fit well once the OAUTH solution work is underway. There's enough overlap for this to happen in any of the WGs. Thanks for the discussion, I was waiting to chime in until it was hashed out a bit to see if there was any overwhelming consensus without influencing the outcome. Now that it has quieted down, ACE is probably the best plan. Thanks, Kathleen Sent from my iPhone On Nov 22, 2015, at 4:25 PM, Erik Wahlström neXus <[email protected]<mailto:[email protected]>> wrote: Hi, Yes, we have a draft posted in the OAuth WG for a CBOR Web Token (CWT). https://tools.ietf.org/id/draft-wahlstroem-oauth-cbor-web-token-00.txt We want to keep it there and reference the JWT claims (also defined in OAuth WG) and later add attributes needed for authentication and authorization for IoT to JWT/CWT in ACE WG. Thanks Erik On 21 Nov 2015, at 18:39, Justin Richer <[email protected]<mailto:[email protected]>> wrote: Reading through the threads an opinions, there is no clear consensus as to where the work should be done. There is roughly equal support for doing this in any of the three offered working groups. There is clear consensus that it should be done and that, as much as possible, it should be a direct map of the existing JWT payload object and common claims. In this light, someone needs to just start the work as an individual draft and push forward, and whichever working group most wants to can pick it up and publish it. I have no qualms on accepting this work within the COSE working group and I believe there is enough support to warrant that placement if an author submits a draft here (and this remains my preference as an individual), but I will not object to another group picking it up. I believe, with all of the overlap between groups, that we will have no trouble getting the “right people” to look at it. Additionally, it is clear that it will be very beneficial to have formal reviews from all three groups once the draft has reached a mature status. Thankfully, Erik has already done this with his “COSE Web Token” draft. He’s initially targeted this at the OAuth working group, and the work started in ACE, so I call to the author to pick a location and run with it. — Justin, your COSE chair On Nov 7, 2015, at 3:01 AM, Justin Richer <[email protected]<mailto:[email protected]>> wrote: At the Yokohama meeting, the chairs agreed to do a consensus call regarding the adoption and placement of new work to define a COSE Token, analogous to the JWT from JOSE. In the room, there was a general sentiment of support for the work being done, with the wide adoption of JWT and its driving of JOSE being a common theme of precedent. What wasn’t clear is where the work should be done and to what end it should drive. The six positions we are asking the working group to consider and voice their support for are: A) Define the COSE Token within the COSE working group along side the COSE Messages (and potentially COSE Auxiliary Algorithms) draft. B) Define the COSE Token inside the OAuth working group. C) Define the COSE Token inside the ACE working group. D) Don’t define the COSE Token anywhere. E) You need more information to decide. F) You don’t give a flying rat about the COSE Token.* The consensus call will remain open for two weeks from today, closing on November 21, 2015; at which time, hopefully we will have a clear answer and direction to point this work. Thank you, — Justin & Kepeng, your COSE chairs * I promised those in the room at Yokohama to offer a flying rat option, for which I am deeply sorry. _______________________________________________ COSE mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/cose
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
