The “CBOR Web Token (CWT)” specification is now RFC 8392<https://www.rfc-editor.org/rfc/rfc8392.txt> - an IETF standard. The abstract for the specification is:
CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON. Special thanks to Erik Wahlström<https://twitter.com/erik_wahlstrom> for starting this work and to Samuel Erdtman<https://twitter.com/serdtman> for doing most of the heavy lifting involved in creating correct and useful CBOR<https://tools.ietf.org/html/rfc7049> and COSE<https://tools.ietf.org/html/rfc8152> examples. Next up – finishing “Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)<https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-02>”, which provides the CWT equivalent of “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)” [RFC 7800<https://tools.ietf.org/html/rfc7800>]. -- Mike P.S. This notice was also posted at http://self-issued.info/?p=1844 and as @selfissued<https://twitter.com/selfissued>.
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace