Skip to main content

Proof of Issuer Key Authority (PIKA)
draft-barnes-oauth-pika-01

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Richard Barnes , Sharon Goldberg
Last updated 2025-01-09 (Latest revision 2024-07-08)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

A relying party verifying a JSON Web Token (JWT) needs to verify that the public key used to verify the signature legitimately represents the issuer represented in the "iss" claim of the JWT. Today, relying parties commonly use the "iss" claim to fetch a set of authorized signing keys over HTTPS, relying on the security of HTTPS to establish the authority of the downloaded keys for that issuer. The ephemerality of this proof of authority makes it unsuitable for use cases where a JWT might need to be verified for some time. In this document, we define a format for Proofs of Issuer Key Authority, which establish the authority of a key using a signed object instead of an HTTPS connection.

Authors

Richard Barnes
Sharon Goldberg

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)