CBOR Web Token (CWT) Claims in COSE Headers
draft-ietf-cose-cwt-claims-in-headers-10

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-cwt-claims-in-headers@ietf.org, mprorock@mesur.io, orie@transmute.industries, paul.wouters@aiven.io, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'CBOR Web Token (CWT) Claims in COSE Headers' to Proposed Standard (draft-ietf-cose-cwt-claims-in-headers-10.txt)

The IESG has approved the following document:
- 'CBOR Web Token (CWT) Claims in COSE Headers'
  (draft-ietf-cose-cwt-claims-in-headers-10.txt) as Proposed Standard

This document is the product of the CBOR Object Signing and Encryption
Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/

Ballot Text

Technical Summary

   This document describes how to include CBOR Web Token (CWT) claims in
   the header parameters of any COSE structure.  This functionality
   helps to facilitate applications that wish to make use of CBOR Web
   Token (CWT) claims in encrypted COSE structures and/or COSE
   structures featuring detached signatures, while having some of those
   claims be available before decryption and/or without inspecting the
   detached payload.

Working Group Summary

The document received good feedback on the mailing list. It seems well
supported by the working group. There were no major controversies.

Document Quality

No known implementations of this specific document, but many
implementations of COSE headers exist, in particular:

- https://github.com/erdtman/cose-js
- https://github.com/veraison/go-cose  (plans to implement)
- https://github.com/transmute-industries/cose  (plans to implement)

This document is particularly relevant to RATS, SCITT and OAUTH at IETF
and VCWG at W3C. It’s clear from discussions on the list that reviews have
taken place from members who are active in these groups.

There is only a small fragment of CDDL and it is very similar to the examples
described in https://datatracker.ietf.org/doc/draft-ietf-rats-eat/ Document

Personnel

   The Document Shepherd for this document is Orie Steele. The Responsible
   Area Director is Paul Wouters.

RFC Editor Note