FYI, Yaron created GitHub issues at
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues for each of
Brian's sets of comments and replies were made there.
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/pull/32 was created an
incorporated, which adds additional context on the use of explicit typing to
the specification. You can see that text in context in the editor's draft at
https://drafts.oauth.net/draft-ietf-oauth-rfc8725bis/draft-ietf-oauth-rfc8725bis.html#name-use-explicit-typing.
-- Mike
-----Original Message-----
From: Rifaat Shekh-Yusef via Datatracker <[email protected]>
Sent: Monday, December 1, 2025 5:46 AM
To: [email protected]; [email protected]; [email protected]
Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15)
Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15)
This message starts a 2-week WG Last Call for this document.
Abstract:
JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
tokens that contain a set of claims that can be signed and/or
encrypted. JWTs are being widely used and deployed as a simple
security token format in numerous protocols and applications, both in
the area of digital identity and in other application areas. This
Best Current Practices (BCP) specification updates RFC 7519 to
provide actionable guidance leading to secure implementation and
deployment of JWTs.
This BCP specification furthermore replaces the existing JWT BCP
specification RFC 8725 to provide additional actionable guidance
covering threats and attacks that have been discovered since RFC 8725
was published.
File can be retrieved from:
https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/
Please review and indicate your support or objection to proceed with the
publication of this document by replying to this email keeping [email protected]
in copy. Objections should be motivated and suggestions to resolve them are
highly appreciated.
Authors, and WG participants in general, are reminded again of the Intellectual
Property Rights (IPR) disclosure obligations described in BCP 79 [1].
Appropriate IPR disclosures required for full conformance with the provisions
of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. Sanctions
available for application to violators of IETF IPR Policy can be found at [3].
Thank you.
[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
