Technical Summary
This document describes how to include CBOR Web Token (CWT) claims in
the header parameters of any COSE structure. This functionality
helps to facilitate applications that wish to make use of CBOR Web
Token (CWT) claims in encrypted COSE structures and/or COSE
structures featuring detached signatures, while having some of those
claims be available before decryption and/or without inspecting the
detached payload.
Working Group Summary
The document received good feedback on the mailing list. It seems well
supported by the working group. There were no major controversies.
Document Quality
No known implementations of this specific document, but many
implementations of COSE headers exist, in particular:
- https://github.com/erdtman/cose-js
- https://github.com/veraison/go-cose (plans to implement)
- https://github.com/transmute-industries/cose (plans to implement)
This document is particularly relevant to RATS, SCITT and OAUTH at IETF
and VCWG at W3C. It’s clear from discussions on the list that reviews have
taken place from members who are active in these groups.
There is only a small fragment of CDDL and it is very similar to the examples
described in https://datatracker.ietf.org/doc/draft-ietf-rats-eat/ Document
Personnel
The Document Shepherd for this document is Orie Steele. The Responsible
Area Director is Paul Wouters.