CBOR Web Token (CWT)
draft-ietf-ace-cbor-web-token-15
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2018-05-07
|
15 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2018-05-03
|
15 | (System) | RFC Editor state changed to AUTH48 from EDIT |
2018-04-02
|
15 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2018-03-30
|
15 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2018-03-26
|
15 | Gunter Van de Velde | Closed request for Telechat review by OPSDIR with state 'Team Will not Review Version' |
2018-03-22
|
15 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2018-03-22
|
15 | Sabrina Tanamal | IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK |
2018-03-19
|
15 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-15.txt |
2018-03-19
|
15 | (System) | New version approved |
2018-03-19
|
15 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2018-03-19
|
15 | Michael Jones | Uploaded new revision |
2018-03-16
|
14 | (System) | IANA Action state changed to In Progress |
2018-03-16
|
14 | (System) | RFC Editor state changed to EDIT |
2018-03-16
|
14 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2018-03-16
|
14 | (System) | Announcement was received by RFC Editor |
2018-03-16
|
14 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
2018-03-16
|
14 | Cindy Morgan | IESG has approved the document |
2018-03-16
|
14 | Cindy Morgan | Closed "Approve" ballot |
2018-03-16
|
14 | Cindy Morgan | Ballot approval text was generated |
2018-03-16
|
14 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2018-03-16
|
14 | Cindy Morgan | New version available: draft-ietf-ace-cbor-web-token-14.txt |
2018-03-16
|
14 | (System) | Secretariat manually posting. Approvals already received |
2018-03-16
|
14 | Cindy Morgan | Uploaded new revision |
2018-03-08
|
13 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from Waiting for AD Go-Ahead |
2018-03-08
|
13 | Tero Kivinen | Request for Telechat review by SECDIR Completed: Has Nits. Reviewer: Kyle Rose. |
2018-03-07
|
13 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2018-03-07
|
13 | Adam Roach | [Ballot comment] Thanks to the WG, chairs, and §3.1.1: > The "iss" (issuer) claim has the same meaning and processing rules as > the "iss" … [Ballot comment] Thanks to the WG, chairs, and §3.1.1: > The "iss" (issuer) claim has the same meaning and processing rules as > the "iss" claim defined in Section 4.1.1 of [RFC7519], except that > the value is of type StringOrURI. The Claim Key 1 is used to > identify this claim. 1) Given that RFC 7159 defines "iss" to contain a "StringOrURI" value, it's not clear what the "except" clause is attempting to convey. 2) Given the many uses of the word "type" in this context (including CBOR types and the JWT 'typ' field), and given that RFC 7519 never refers to "StringOrURI" as a "type," I think that the use of the word "type" here is likely to lead to reader confusion. This comment -- or a congruent form of it involving "NumericDate" rather than "StringOrURI" -- applies to §3.1.2 through §3.1.6. --------------------------------------------------------------------------- §9.1: > Criteria that should be applied by the Designated Experts includes > determining whether the proposed registration duplicates existing > functionality, whether it is likely to be of general applicability or > whether it is useful only for a single application, and whether the > registration description is clear. Registrations for the limited set > of values between -256 and 255 and strings of length 1 are to be > restricted to claims with general applicability. Use of the word "between" without qualifying it as inclusive or exclusive of the endpoints is ambiguous. Suggest either "values from -256 to 255" or "values between -256 and 255 inclusive". --------------------------------------------------------------------------- §9.1.1: > CBOR map key for the claim. Different ranges of values use > different registration policies [RFC8126]. Integer values between > -256 and 255 and strings of length 1 are designated as Standards > Action. Integer values from -65536 to 65535 and strings of length > 2 are designated as Specification Required Same comment as above. Also, please replace "from -65536 to 65535" with "from -65536 to -257 and from 256 to 65535". |
2018-03-07
|
13 | Adam Roach | [Ballot Position Update] New position, No Objection, has been recorded for Adam Roach |
2018-03-07
|
13 | Eric Rescorla | [Ballot comment] The claim values defined in this specification MUST NOT be prefixed with any CBOR tag. For instance, while CBOR tag 1 … [Ballot comment] The claim values defined in this specification MUST NOT be prefixed with any CBOR tag. For instance, while CBOR tag 1 (epoch-based date/ time) could logically be prefixed to values of the "exp", "nbf", and "iat" claims, this is unnecessary, since the representation of the claim values is already specified by the claim definitions. Tagging claim values would only take up extra space without adding information. However, this does not prohibit future claim definitions from requiring the use of CBOR tags for those specific claims. Why do you need a MUST NOT here? This seems like not really an interop requirement 4. Verify that the resulting COSE Header includes only parameters and values whose syntax and semantics are both understood and supported or that are specified as being ignored when not understood. I'm surprised to find that this is not a generic 8152 processing rule. Can you explain why this is necessary here? |
2018-03-07
|
13 | Eric Rescorla | [Ballot Position Update] New position, No Objection, has been recorded for Eric Rescorla |
2018-03-07
|
13 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2018-03-07
|
13 | Alissa Cooper | [Ballot comment] Thanks for engaging with the Gen-ART review. |
2018-03-07
|
13 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2018-03-06
|
13 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2018-03-06
|
13 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2018-03-06
|
13 | Warren Kumari | [Ballot comment] Tiny nit: Section 8, Security Considerations "While syntactically, the signing and encryption operations" -> "While syntactically the signing and encryption operations" (superfluous comma) … [Ballot comment] Tiny nit: Section 8, Security Considerations "While syntactically, the signing and encryption operations" -> "While syntactically the signing and encryption operations" (superfluous comma) Also, I second Carlos Martinez's comment - the examples are helpful for those not steeped in the art... |
2018-03-06
|
13 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2018-03-06
|
13 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2018-03-06
|
13 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2018-03-05
|
13 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2018-03-05
|
13 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-ace-cbor-web-token-12. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-ace-cbor-web-token-12. If any part of this review is inaccurate, please let us know. The IANA Services Operator understands that, upon approval of this document, there are four actions which we must complete. First, a new registry is to be created called the CBOR Web Token (CWT) Claims registry. IANA Question --> Where should this new registry be located? Should it be added to an existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols? The registration procedure for the new registry depends upon the CWT Claim Key and can be summarized as follows: Where the CWT Claim Key is an integer: CWT Claim Key Registration Procedure ---------------------+------------------------ < -65536 Private Use -65536 to 65535 Specification Required Hide quoted text > 65535 Expert Review Where the CWT Clain Key is a string: CWT Claim Key Registration Procedure ---------------------+------------------------ string, length =1 Standards Track Required string, length =2 Specification Required string, length >2 Expert Review Depending upon the values being requested, registration requests are evaluated on a Standards Track Required, Specification Required, Expert Review, or Private Use basis [see RFC 8126] after a three-week review period on the cwt-reg-review@ietf.org mailing list, on the advice of one or more Designated Experts. However, to allow for the allocation of values prior to publication, the Designated Experts may approve registration once they are satisfied that such a specification will be published. IANA Question --> Will requestors send templates to the list, or will requestors send templates to IANA to send to the list? The reference for the new registry is [ RFC-to-be ]. In the former case, we understand that experts would send approved requests directly to IANA. If the latter is true, would experts send approved requests to IANA, or would IANA need to check in after three weeks? Claim Claim JWT Claim Claim Reference Name Description Claim Name Key Type ----------+-------------------------+----------+------+-------+------------- (reserved) This reservation reserves N/A 0 N/A [ RFC-to-be ] the Key value 1 iss Issuer iss 1 text [ RFC-to-be ] string sub Subject sub 2 text [ RFC-to-be ] string aud Audience aud 3 text [ RFC-to-be ] string exp Expiration Time exp 4 integer [ RFC-to-be ] or floating point number nbf Not Before nbf 5 integer [ RFC-to-be ] or floating point number iat Issued At iat 6 integer [ RFC-to-be ] or floating point number cti CWT ID jti 7 byte [ RFC-to-be ] string In addition for the new registry, another column will be added titled: Change Controller. For all the initial entries in the new registry, the change controller will be the IESG. Second, in the application space of the Media Types registry located at: https://www.iana.org/assignments/media-types/ a new media type will be registered as follows: Name: cwt Template: [ TBD-at-Registration ] Reference: [ RFC-to-be ] Third, in the CoAP Content-Formats regsitry on the Constrained RESTful Environments (CoRE) Parameters regsitry page located at: https://www.iana.org/assignments/core-parameters/ a new registration will be made as follows: Media Type: application/cwt Encoding: ID [ TBD-at-Registration ] Reference: [ RFC-to-be ] IANA notes that the authors have suggested a value of 61 for this registration. As this document requests registrations in an Expert Review (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC. Fourth, in the CBOR Tags registry on the Concise Binary Object Representation (CBOR) Tags registry page located at: https://www.iana.org/assignments/cbor-tags/ the existing registration for the following CBOR Tag CBOR Web Token (CWT) will be updated to have its reference changed to [ RFC-to-be ]. The IANA Services Operator understands that these are the only actions required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2018-03-05
|
13 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2018-03-05
|
13 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-13.txt |
2018-03-05
|
13 | (System) | New version approved |
2018-03-05
|
13 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2018-03-05
|
13 | Michael Jones | Uploaded new revision |
2018-03-05
|
12 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2018-03-05
|
12 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2018-03-04
|
12 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2018-03-04
|
12 | Alexey Melnikov | [Ballot comment] Just to double check: a CWT claim registration from a Proposed Standard still needs to be submitted to the review mailing list, but … [Ballot comment] Just to double check: a CWT claim registration from a Proposed Standard still needs to be submitted to the review mailing list, but it is not really subject to Expert Review, correct? You might want to make it clearer. |
2018-03-04
|
12 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2018-03-02
|
12 | Carlos Martínez | Request for Telechat review by OPSDIR Completed: Ready. Reviewer: Carlos Martinez. Sent review to list. |
2018-03-02
|
12 | Kathleen Moriarty | Ballot has been issued |
2018-03-02
|
12 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2018-03-02
|
12 | Kathleen Moriarty | Created "Approve" ballot |
2018-03-02
|
12 | Kathleen Moriarty | Ballot writeup was changed |
2018-03-01
|
12 | Kathleen Moriarty | Ballot writeup was changed |
2018-02-26
|
12 | Dan Romascanu | Request for Telechat review by GENART Completed: Almost Ready. Reviewer: Dan Romascanu. Sent review to list. |
2018-02-22
|
12 | Jean Mahoney | Request for Telechat review by GENART is assigned to Dan Romascanu |
2018-02-22
|
12 | Jean Mahoney | Request for Telechat review by GENART is assigned to Dan Romascanu |
2018-02-20
|
12 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2018-02-20
|
12 | Amy Vezza | The following Last Call announcement was sent out (ends 2018-03-06): From: The IESG To: IETF-Announce CC: Kathleen.Moriarty.ietf@gmail.com, ace-chairs@ietf.org, kaduk@mit.edu, draft-ietf-ace-cbor-web-token@ietf.org, ace@ietf.org … The following Last Call announcement was sent out (ends 2018-03-06): From: The IESG To: IETF-Announce CC: Kathleen.Moriarty.ietf@gmail.com, ace-chairs@ietf.org, kaduk@mit.edu, draft-ietf-ace-cbor-web-token@ietf.org, ace@ietf.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (CBOR Web Token (CWT)) to Proposed Standard The IESG has received a request from the Authentication and Authorization for Constrained Environments WG (ace) to consider the following document: - 'CBOR Web Token (CWT)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2018-03-06. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/ballot/ No IPR declarations have been submitted directly on this I-D. |
2018-02-20
|
12 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2018-02-20
|
12 | Amy Vezza | Last call announcement was changed |
2018-02-16
|
12 | Kathleen Moriarty | Last call was requested |
2018-02-16
|
12 | Kathleen Moriarty | Ballot approval text was generated |
2018-02-16
|
12 | Kathleen Moriarty | Ballot writeup was generated |
2018-02-16
|
12 | Kathleen Moriarty | IESG state changed to Last Call Requested from Publication Requested |
2018-02-16
|
12 | Kathleen Moriarty | Last call announcement was generated |
2018-02-16
|
12 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Zitao Wang |
2018-02-16
|
12 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Carlos Martinez |
2018-02-16
|
12 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Carlos Martinez |
2018-02-16
|
12 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Zitao Wang |
2018-02-16
|
12 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Kyle Rose |
2018-02-16
|
12 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Kyle Rose |
2018-02-15
|
12 | Kathleen Moriarty | Placed on agenda for telechat - 2018-03-08 |
2018-02-05
|
12 | Benjamin Kaduk | Responsible AD changed to Kathleen Moriarty |
2018-02-05
|
12 | Benjamin Kaduk | IESG process started in state Publication Requested |
2018-02-05
|
12 | (System) | Earlier history may be found in the Comment Log for /doc/draft-wahlstroem-ace-cbor-web-token/ |
2018-02-05
|
12 | Benjamin Kaduk | Working group state set to Submitted to IESG for Publication |
2018-02-05
|
12 | Benjamin Kaduk | Changed consensus to Yes from Unknown |
2018-02-05
|
12 | Benjamin Kaduk | Intended Status changed to Proposed Standard from None |
2018-02-05
|
12 | Benjamin Kaduk | Changed document writeup |
2018-02-05
|
12 | Benjamin Kaduk | Notification list changed to Benjamin Kaduk <kaduk@mit.edu> |
2018-02-05
|
12 | Benjamin Kaduk | Document shepherd changed to Benjamin Kaduk |
2018-02-02
|
12 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-12.txt |
2018-02-02
|
12 | (System) | New version approved |
2018-02-02
|
12 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2018-02-02
|
12 | Michael Jones | Uploaded new revision |
2018-01-21
|
11 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-11.txt |
2018-01-21
|
11 | (System) | New version approved |
2018-01-21
|
11 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2018-01-21
|
11 | Michael Jones | Uploaded new revision |
2017-12-17
|
10 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-10.txt |
2017-12-17
|
10 | (System) | New version approved |
2017-12-17
|
10 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-12-17
|
10 | Michael Jones | Uploaded new revision |
2017-11-08
|
09 | Jim Schaad | Added -09 to session: IETF-100: ace Tue-0930 |
2017-10-26
|
09 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-09.txt |
2017-10-26
|
09 | (System) | New version approved |
2017-10-26
|
09 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-10-26
|
09 | Michael Jones | Uploaded new revision |
2017-08-16
|
08 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-08.txt |
2017-08-16
|
08 | (System) | New version approved |
2017-08-16
|
08 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-08-16
|
08 | Michael Jones | Uploaded new revision |
2017-07-16
|
07 | Kepeng Li | Added to session: IETF-99: ace Mon-0930 |
2017-07-02
|
07 | Samuel Erdtman | New version available: draft-ietf-ace-cbor-web-token-07.txt |
2017-07-02
|
07 | (System) | New version approved |
2017-07-02
|
07 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-07-02
|
07 | Samuel Erdtman | Uploaded new revision |
2017-06-29
|
06 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-06.txt |
2017-06-29
|
06 | (System) | New version approved |
2017-06-29
|
06 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-06-29
|
06 | Michael Jones | Uploaded new revision |
2017-06-05
|
05 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-05.txt |
2017-06-05
|
05 | (System) | New version approved |
2017-06-05
|
05 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-06-05
|
05 | Michael Jones | Uploaded new revision |
2017-04-13
|
04 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-04.txt |
2017-04-13
|
04 | (System) | New version approved |
2017-04-13
|
04 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-04-13
|
04 | Michael Jones | Uploaded new revision |
2017-03-02
|
03 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-03.txt |
2017-03-02
|
03 | (System) | New version approved |
2017-03-02
|
03 | (System) | Request for posting confirmation emailed to previous authors: Hannes Tschofenig , ace-chairs@ietf.org, Samuel Erdtman , Michael Jones , Erik Wahlstroem |
2017-03-02
|
03 | Michael Jones | Uploaded new revision |
2017-01-13
|
02 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-02.txt |
2017-01-13
|
02 | (System) | New version approved |
2017-01-13
|
02 | (System) | Request for posting confirmation emailed to previous authors: "Michael Jones" , "Erik Wahlstroem" , ace-chairs@ietf.org, "Hannes Tschofenig" , "Samuel Erdtman" |
2017-01-13
|
02 | Michael Jones | Uploaded new revision |
2017-01-08
|
01 | (System) | Document has expired |
2016-07-07
|
01 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-01.txt |
2016-05-20
|
00 | Hannes Tschofenig | This document now replaces draft-wahlstroem-ace-cbor-web-token instead of None |
2016-05-20
|
00 | Michael Jones | New version available: draft-ietf-ace-cbor-web-token-00.txt |