The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'JSON Web Token Best Current Practices' <draft-ietf-oauth-rfc8725bis-06.txt> as Best Current Practice
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2026-07-06. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices (BCP) specification updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs. This BCP specification furthermore obsoletes the existing JWT BCP specification RFC 8725 to provide additional actionable guidance covering threats and attacks that have been discovered since RFC 8725 was published. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc8018: PKCS #5: Password-Based Cryptography Specification Version 2.1 (Informational - Internet Engineering Task Force (IETF) stream) _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
