Fraunhofer SIT Qualcomm Technologies Inc. Cisco Systems Universität Bremen TZI This document defines the Unprotected CWT Claims Set (UCCS), a data format for representing a CBOR Web Token (CWT) Claims Set without protecting it by a signature, message authentication code (MAC), or encryption. UCCS enables the use of CWT claims in environments where protection is provided by other means, such as secure communication channels or trusted execution environments. This specification defines a CBOR tag for UCCS and describes the UCCS format, its encoding, and processing considerations, and discusses security implications of using unprotected claims sets. // (This editors' note will be removed by the RFC editor:) The // present revision (–11) contains document changes based on feedback // from the IESG evaluation and has been submitted as input to IETF // 121. (Separate email to the IESG members will discuss the // feedback as needed.)