The following is the shepherd write-up for
draft-ietf-ace-cwt-proof-of-possession-06.
1. Summary
The document shepherd is Roman Danyliw. The responsible Area Director is
Benjamin Kaduk.
This document specifies describes how to declare in a CBOR Web Token (CWT) that
the presenter of the CWT possesses a particular proof-of-possession key. It is
a functional equivalent to the proof of possession key semantics in JSON Web
Tokens (JWTs) (RFC 7800) using CBOR/CWT.
The WG has reached consensus to publish this protocol specification as a
Proposed Standard so that it tracks the equivalent work with JWTs (RFC 7800).
It has been subjected to review from the community of interest and the details
have been testing through various CWT implementations.
2. Review and Consensus
=====================
This draft tracked the JSON Web Token (JWT) specification. The WG adopted this
draft in September 2017 (-00) from an individual submission which was first
published in April 2017. WG convened WGLC on -02 of the draft in May 2018
(https://www.ietf.org/mail-archive/web/ace/current/msg02744.html). Several
months of discussion ensued to resolve the identified issues reflected in -03,
-04 and -05. Final nits were addressed in -06.
This draft builds upon the CWT specification (RFC8392) which has seen a variety
of implementations: ** ACE-Java (Java) -- https://bitbucket.org/lseitz/ace-java
** CWT-JS (Javascript) -- https://github.com/erdtman/cwt-js **
node-cborwebtoken (Javascript) -- https://github.com/netnexus/node-cborwebtoken
** CWT (C#) -- https://github.com/Com-AugustCellars/CWT ** ChariWTs (Ruby) --
https://github.com/AnimaGUS-minerva/ChariWTs ** ARM Secure Device Access (SDA)
-- https://cloud.mbed.com/docs/v1.2/device-management/secure-device-access.html
3. Intellectual Property
===================
Each author has confirmed conformance with BCPs 78 and 79 on the ACE mailing
list:
** Michael Jones --
https://www.ietf.org/mail-archive/web/ace/current/msg03126.html ** Ludwig Seitz
-- https://www.ietf.org/mail-archive/web/ace/current/msg03120.html ** Göran
Selander -- https://www.ietf.org/mail-archive/web/ace/current/msg03125.html **
Sam Erdtman -- https://www.ietf.org/mail-archive/web/ace/current/msg03119.html
** Hannes Tschofenig --
https://www.ietf.org/mail-archive/web/ace/current/msg03121.html
There are no IPR disclosures on the document.
4. Other Points
============
Idnits reports the no issues that require action.
There are no yang modules present in this document requiring validation.
All examples (Section 3.2, 3.3 and 3.4) were validated with http://cbor.me/.
There are two actions for IANA:
(1) Registration of a new URI,
urn:ietf:params:xml:ns:yang:ietf-dots-data-channel, in the “IETF XML Registry";
and (2) Registration of new YANG module, ietf-dots-data-channel, in the “YANG
Module Names” registry
No early expert review has been requested for the above IANA allocation.