draft-ietf-ace-cbor-web-token-14.txt   draft-ietf-ace-cbor-web-token-15.txt 
ACE Working Group M. Jones ACE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track E. Wahlstroem Intended status: Standards Track E. Wahlstroem
Expires: September 16, 2018 Expires: September 20, 2018
S. Erdtman S. Erdtman
Spotify AB Spotify AB
H. Tschofenig H. Tschofenig
ARM Ltd. ARM Ltd.
March 15, 2018 March 19, 2018
CBOR Web Token (CWT) CBOR Web Token (CWT)
draft-ietf-ace-cbor-web-token-14 draft-ietf-ace-cbor-web-token-15
Abstract Abstract
CBOR Web Token (CWT) is a compact means of representing claims to be CBOR Web Token (CWT) is a compact means of representing claims to be
transferred between two parties. The claims in a CWT are encoded in transferred between two parties. The claims in a CWT are encoded in
the Concise Binary Object Representation (CBOR) and CBOR Object the Concise Binary Object Representation (CBOR) and CBOR Object
Signing and Encryption (COSE) is used for added application layer Signing and Encryption (COSE) is used for added application layer
security protection. A claim is a piece of information asserted security protection. A claim is a piece of information asserted
about a subject and is represented as a name/value pair consisting of about a subject and is represented as a name/value pair consisting of
a claim name and a claim value. CWT is derived from JSON Web Token a claim name and a claim value. CWT is derived from JSON Web Token
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 16, 2018. This Internet-Draft will expire on September 20, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 17 skipping to change at page 5, line 17
None of the claims defined below are intended to be mandatory to use None of the claims defined below are intended to be mandatory to use
or implement. They rather provide a starting point for a set of or implement. They rather provide a starting point for a set of
useful, interoperable claims. Applications using CWTs should define useful, interoperable claims. Applications using CWTs should define
which specific claims they use and when they are required or which specific claims they use and when they are required or
optional. optional.
3.1.1. iss (Issuer) Claim 3.1.1. iss (Issuer) Claim
The "iss" (issuer) claim has the same meaning and processing rules as The "iss" (issuer) claim has the same meaning and processing rules as
the "iss" claim defined in Section 4.1.1 of [RFC7519], except that the "iss" claim defined in Section 4.1.1 of [RFC7519], except that
the value is a StringOrURI. The Claim Key 1 is used to identify this the value is a StringOrURI, as defined in Section 2 of this
claim. specification. The Claim Key 1 is used to identify this claim.
3.1.2. sub (Subject) Claim 3.1.2. sub (Subject) Claim
The "sub" (subject) claim has the same meaning and processing rules The "sub" (subject) claim has the same meaning and processing rules
as the "sub" claim defined in Section 4.1.2 of [RFC7519], except that as the "sub" claim defined in Section 4.1.2 of [RFC7519], except that
the value is a StringOrURI. The Claim Key 2 is used to identify this the value is a StringOrURI, as defined in Section 2 of this
claim. specification. The Claim Key 2 is used to identify this claim.
3.1.3. aud (Audience) Claim 3.1.3. aud (Audience) Claim
The "aud" (audience) claim has the same meaning and processing rules The "aud" (audience) claim has the same meaning and processing rules
as the "aud" claim defined in Section 4.1.3 of [RFC7519], except that as the "aud" claim defined in Section 4.1.3 of [RFC7519], except that
the value of the audience claim is a StringOrURI when it is not an the value of the audience claim is a StringOrURI when it is not an
array or each of the audience array element values is a StringOrURI array or each of the audience array element values is a StringOrURI
when the audience claim value is an array. The Claim Key 3 is used when the audience claim value is an array. (StringOrURI is defined
to identify this claim. in Section 2 of this specification.) The Claim Key 3 is used to
identify this claim.
3.1.4. exp (Expiration Time) Claim 3.1.4. exp (Expiration Time) Claim
The "exp" (expiration time) claim has the same meaning and processing The "exp" (expiration time) claim has the same meaning and processing
rules as the "exp" claim defined in Section 4.1.4 of [RFC7519], rules as the "exp" claim defined in Section 4.1.4 of [RFC7519],
except that the value is a NumericDate. The Claim Key 4 is used to except that the value is a NumericDate, as defined in Section 2 of
identify this claim. this specification. The Claim Key 4 is used to identify this claim.
3.1.5. nbf (Not Before) Claim 3.1.5. nbf (Not Before) Claim
The "nbf" (not before) claim has the same meaning and processing The "nbf" (not before) claim has the same meaning and processing
rules as the "nbf" claim defined in Section 4.1.5 of [RFC7519], rules as the "nbf" claim defined in Section 4.1.5 of [RFC7519],
except that the value is a NumericDate. The Claim Key 5 is used to except that the value is a NumericDate, as defined in Section 2 of
identify this claim. this specification. The Claim Key 5 is used to identify this claim.
3.1.6. iat (Issued At) Claim 3.1.6. iat (Issued At) Claim
The "iat" (issued at) claim has the same meaning and processing rules The "iat" (issued at) claim has the same meaning and processing rules
as the "iat" claim defined in Section 4.1.6 of [RFC7519], except that as the "iat" claim defined in Section 4.1.6 of [RFC7519], except that
the value is a NumericDate. The Claim Key 6 is used to identify this the value is a NumericDate, as defined in Section 2 of this
claim. specification. The Claim Key 6 is used to identify this claim.
3.1.7. cti (CWT ID) Claim 3.1.7. cti (CWT ID) Claim
The "cti" (CWT ID) claim has the same meaning and processing rules as The "cti" (CWT ID) claim has the same meaning and processing rules as
the "jti" claim defined in Section 4.1.7 of [RFC7519], except that the "jti" claim defined in Section 4.1.7 of [RFC7519], except that
the value is a byte string. The Claim Key 7 is used to identify this the value is a byte string. The Claim Key 7 is used to identify this
claim. claim.
4. Summary of the claim names, keys, and value types 4. Summary of the claim names, keys, and value types
skipping to change at page 23, line 41 skipping to change at page 23, line 41
Goeran Selander. Goeran Selander.
[[ RFC Editor: Is it possible to preserve the non-ASCII spellings of [[ RFC Editor: Is it possible to preserve the non-ASCII spellings of
the names Erik Wahlstroem and Goeran Selander in the final the names Erik Wahlstroem and Goeran Selander in the final
specification? ]] specification? ]]
Appendix C. Document History Appendix C. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-15
o Added section references when the terms "NumericDate" and
"StringOrURI" are used, as suggested by Adam Roach.
-14 -14
o Cleaned up the descriptions of the numeric ranges of claim keys o Cleaned up the descriptions of the numeric ranges of claim keys
being registered in the registration template for the "CBOR Web being registered in the registration template for the "CBOR Web
Token (CWT) Claims" registry, as suggested by Adam Roach. Token (CWT) Claims" registry, as suggested by Adam Roach.
o Clarified the relationships between the JWT and CWT "NumericDate" o Clarified the relationships between the JWT and CWT "NumericDate"
and "StringOrURI" terms, as suggested by Adam Roach. and "StringOrURI" terms, as suggested by Adam Roach.
o Eliminated unnecessary uses of the word "type", as suggested by o Eliminated unnecessary uses of the word "type", as suggested by
 End of changes. 11 change blocks. 
16 lines changed or deleted 22 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/