Skip to main content

EAT Media Types
draft-ietf-rats-eat-media-type-10

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Authors Laurence Lundblade , Henk Birkholz , Thomas Fossati
Last updated 2024-10-10 (Latest revision 2024-09-26)
RFC stream Internet Engineering Task Force (IETF)
Formats
Reviews
Additional resources Mailing list discussion
Stream WG state Submitted to IESG for Publication
Associated WG milestones
Feb 2024
Submit EAT Media types to WGLC
Jul 2024
Submit EAT Media types for publication
Document shepherd Kathleen Moriarty
Shepherd write-up Show Last changed 2024-05-07
IESG IESG state Waiting for AD Go-Ahead
Consensus boilerplate Yes
Telechat date (None)
Responsible AD Deb Cooley
Send notices to Kathleen.Moriarty.ietf@gmail.com
IANA IANA review state IANA - Not OK
IANA expert review state Reviews assigned
draft-ietf-rats-eat-media-type-10
Remote ATtestation ProcedureS                               L. Lundblade
Internet-Draft                                       Security Theory LLC
Intended status: Standards Track                             H. Birkholz
Expires: 30 March 2025                                    Fraunhofer SIT
                                                              T. Fossati
                                                                  Linaro
                                                       26 September 2024

                            EAT Media Types
                   draft-ietf-rats-eat-media-type-10

Abstract

   Payloads used in Remote Attestation Procedures may require an
   associated media type for their conveyance, for example when used in
   RESTful APIs.

   This memo defines media types to be used for Entity Attestation
   Tokens (EAT).

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Discussion of this document takes place on the Remote ATtestation
   ProcedureS Working Group mailing list (rats@ietf.org), which is
   archived at https://mailarchive.ietf.org/arch/browse/rats/.

   Source for this draft and an issue tracker can be found at
   https://github.com/thomas-fossati/draft-eat-mt.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 30 March 2025.

Lundblade, et al.         Expires 30 March 2025                 [Page 1]
Internet-Draft               EAT Media Types              September 2024

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  EAT Types . . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  A Media Type Parameter for EAT Profiles . . . . . . . . . . .   5
   4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  +cwt Structured Syntax Suffix . . . . . . . . . . . . . .   6
       6.1.1.  Registry Contents . . . . . . . . . . . . . . . . . .   7
     6.2.  Media Types . . . . . . . . . . . . . . . . . . . . . . .   7
     6.3.  application/eat+cwt Registration  . . . . . . . . . . . .   7
     6.4.  application/eat+jwt Registration  . . . . . . . . . . . .   8
     6.5.  application/eat-bun+cbor Registration . . . . . . . . . .   8
     6.6.  application/eat-bun+json Registration . . . . . . . . . .   9
     6.7.  application/eat-ucs+cbor Registration . . . . . . . . . .   9
     6.8.  application/eat-ucs+json Registration . . . . . . . . . .  10
     6.9.  CoAP Content-Format Registrations . . . . . . . . . . . .  11
   7.  Changelog . . . . . . . . . . . . . . . . . . . . . . . . . .  11
     7.1.   -04  . . . . . . . . . . . . . . . . . . . . . . . . . .  11
     7.2.   -03  . . . . . . . . . . . . . . . . . . . . . . . . . .  11
     7.3.   -02  . . . . . . . . . . . . . . . . . . . . . . . . . .  11
     7.4.   -01  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  12
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  14
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  14
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  14

Lundblade, et al.         Expires 30 March 2025                 [Page 2]
Internet-Draft               EAT Media Types              September 2024

1.  Introduction

   Payloads used in Remote Attestation Procedures [RATS-Arch] may
   require an associated media type for their conveyance, for example
   when used in RESTful APIs (Figure 1).

    .----.                    .----------.                .----------.
    | RP |                    | Attester |                | Verifier |
    '-+--'                    '----+-----'                '-----+----'
      |                            | POST /verify               |
      |                            | EAT(Evidence)              |
      |                            +--------------------------->|
      |                            |                     200 OK |
      |                            |   EAT(Attestation Results) |
      |                            |<---------------------------+
      |                 POST /auth |                            |
      |   EAT(Attestation Results) |                            |
      |<---------------------------+                            |
      | 201 Created                |                            |
      +--------------------------->|                            |
      |                            |                            |
      |                            |                            |

    Figure 1: Conveying RATS conceptual messages in REST APIs using EAT

   This memo defines media types to be used for Entity Attestation Token
   (EAT) [EAT] payloads independently of the RATS Conceptual Message in
   which they manifest themselves.  The objective is to give protocol,
   API and application designers a number of readily available and
   reusable media types for integrating EAT-based messages in their
   flows, for example when using HTTP [BUILD-W-HTTP] or CoAP [REST-IoT].

1.1.  Requirements Language

   This document uses the terms and concepts defined in [RATS-Arch].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

Lundblade, et al.         Expires 30 March 2025                 [Page 3]
Internet-Draft               EAT Media Types              September 2024

2.  EAT Types

   Figure 2 illustrates the six EAT wire formats and how they relate to
   each other.  [EAT] defines four of them (CWT, JWT and Detached EAT
   Bundle in its JSON and CBOR flavours), whilst [UCCS] defines UCCS,
   and we use the abbreviation "UJCS" to refer to unprotected JWT Claims
   Sets as defined in Section 2 of [JWT].

                    .-----.
              .----+ UJCS |<-------------------------.
             |     '-----'                            |
             |                                        |
             |      .-----.                           |
             +-----+ UCCS |<-----------------------.  |
             |     '-----'                          | |
             |                                      | |
             |      .------.                        | |
             +-----+  JWT  |<------.                | |
             |     '------'      .--+---.           | |
             |                  | Crypto |<------.  | |
             |      .------.     '--+---'         | | |
             +-----+  CWT  |<------'              | | |
             |     '------'                   .---+-+-+----.
             |                                | Claims-Set +--.
             |      .------.                  '---+---+----'   |
             +-----+ BUN-J |<------.              | ^ |        v
             |     '------'      .--+---.         | | |     .------.
             |                  | Bundle |<------'  | |    | Digest |
             |      .------.     '--+---'           | v     '--+---'
             +-----+ BUN-C |<------'  ^         .---+----.     |
             |     '------'           |         | submod |<---'
             |                        |         '--------'
             v                        |             ^
     .--------------.                 |             |
     | Nested-Token +-----------------+------------'
     '--------------'

                     .-------.     .---------.   .------.
          Legenda:  | Process |   | Wire Fmt |   | CDDL |
                     '-------'    '---------'    '------'

                            Figure 2: EAT Types

Lundblade, et al.         Expires 30 March 2025                 [Page 4]
Internet-Draft               EAT Media Types              September 2024

3.  A Media Type Parameter for EAT Profiles

   EAT is an open and flexible format.  To improve interoperability,
   Section 6 of [EAT] defines the concept of EAT profiles.  Profiles are
   used to constrain the parameters that producers and consumers of a
   specific EAT profile need to understand in order to interoperate.
   For example: the number and type of claims, which serialisation
   format, the supported signature schemes, etc.  EATs carry an in-band
   profile identifier using the eat_profile claim (see Section 4.3.2 of
   [EAT]).  The value of the eat_profile claim is either an OID or a
   URI.

   The media types defined in this document include an optional
   eat_profile parameter that can be used to mirror the eat_profile
   claim of the transported EAT.  Exposing the EAT profile at the API
   layer allows API routers to dispatch payloads directly to the
   profile-specific processor without having to snoop into the request
   bodies.  This design also provides a finer-grained and scalable type
   system that matches the inherent extensibility of EAT.  The
   expectation being that a certain EAT profile automatically obtains a
   media type derived from the base (e.g., application/eat+cwt) by
   populating the eat_profile parameter with the corresponding OID or
   URL.

   When the parameterised version of the EAT media type is used in HTTP
   (for example, with the "Content-Type" and "Accept" headers), and the
   value is an absolute URI (Section 4.3 of [URI]), the parameter-value
   (Appendix A of [HTTP]) MUST use the quoted-string encoding, e.g.:

      application/eat+jwt; eat_profile="tag:evidence.example,2022"

   Instead, when the EAT profile is an OID, the token encoding (i.e.,
   without quotes) can be used, e.g.:

      application/eat+cwt; eat_profile=2.999.1.

4.  Examples

   The example in Figure 3 illustrates the usage of EAT media types for
   transporting attestation evidence as well as negotiating the
   acceptable format of the attestation result.

Lundblade, et al.         Expires 30 March 2025                 [Page 5]
Internet-Draft               EAT Media Types              September 2024

   # NOTE: '\' line wrapping per RFC 8792

   POST /challenge-response/v1/session/1234567890 HTTP/1.1
   Host: verifier.example
   Accept: application/eat+cwt; eat_profile="tag:ar4si.example,2021"
   Content-Type: application/eat+cwt; \
                 eat_profile="tag:evidence.example,2022"

   [ CBOR-encoded EAT w/ eat_profile="tag:evidence.example,2022" ]

             Figure 3: Example REST Verification API (request)

   The example in Figure 4 illustrates the usage of EAT media types for
   transporting attestation results.

   # NOTE: '\' line wrapping per RFC 8792

   HTTP/1.1 200 OK
   Content-Type: application/eat+cwt; \
                 eat_profile="tag:ar4si.example,2021"

   [ CBOR-encoded EAT w/ eat_profile="tag:ar4si.example,2021" ]

             Figure 4: Example REST Verification API (response)

   In both cases, a tag URI [TAG] identifying the profile is carried as
   an explicit parameter.

5.  Security Considerations

   The security consideration of [EAT] and [UCCS] apply in full.

6.  IANA Considerations

   // RFC Editor: please replace RFCthis with this RFC number and remove
   // this note.

6.1.  +cwt Structured Syntax Suffix

   IANA is requested to register the +cwt structured syntax suffix in
   the "Structured Syntax Suffixes" registry
   [IANA.media-type-structured-suffix] in the manner described in
   [MediaTypes], which can be used to indicate that the media type is
   encoded as a CWT.

Lundblade, et al.         Expires 30 March 2025                 [Page 6]
Internet-Draft               EAT Media Types              September 2024

6.1.1.  Registry Contents

   Name:  CBOR Web Token (CWT)
   +suffix:  +cwt
   References:  [CWT]
   Encoding Considerations:  binary
   Interoperability Considerations:  N/A
   Fragment Identifier Considerations:  The syntax and semantics of
      fragment identifiers specified for +cwt SHOULD be as specified for
      application/cwt.  (At publication of this document, there is no
      fragment identification syntax defined for application/cwt.)
   Security Considerations:  See Section 8 of [CWT]
   Contact:  RATS WG mailing list (rats@ietf.org), or IETF Security Area
      (saag@ietf.org)
   Author/Change Controller:  Remote ATtestation ProcedureS (RATS)
      Working Group.  The IETF has change control over this
      registration.

6.2.  Media Types

   IANA is requested to add the following media types to the "Media
   Types" registry [IANA.media-types].

   +==============+=====================+======================+
   | Name         | Template            | Reference            |
   +==============+=====================+======================+
   | EAT CWT      | application/eat+cwt | RFCthis, Section 6.3 |
   +--------------+---------------------+----------------------+
   | EAT JWT      | application/eat+jwt | RFCthis, Section 6.4 |
   +--------------+---------------------+----------------------+
   | Detached EAT | application/eat-    | RFCthis, Section 6.5 |
   | Bundle CBOR  | bun+cbor            |                      |
   +--------------+---------------------+----------------------+
   | Detached EAT | application/eat-    | RFCthis, Section 6.6 |
   | Bundle JSON  | bun+json            |                      |
   +--------------+---------------------+----------------------+
   | EAT UCCS     | application/eat-    | RFCthis, Section 6.7 |
   |              | ucs+cbor            |                      |
   +--------------+---------------------+----------------------+
   | EAT UJCS     | application/eat-    | RFCthis, Section 6.8 |
   |              | ucs+json            |                      |
   +--------------+---------------------+----------------------+

                      Table 1: New Media Types

6.3.  application/eat+cwt Registration

   Type name:  application

Lundblade, et al.         Expires 30 March 2025                 [Page 7]
Internet-Draft               EAT Media Types              September 2024

   Subtype name:  eat+cwt
   Required parameters:  n/a
   Optional parameters:  "eat_profile" (EAT profile in string format.
      OIDs MUST use the dotted-decimal notation.  The parameter value is
      case-insensitive.)
   Encoding considerations:  binary
   Security considerations:  Section 9 of [EAT]
   Interoperability considerations:  n/a
   Published specification:  Section 6.2 of RFCthis
   Applications that use this media type:  Attesters, Verifiers,
      Endorsers and Reference-Value providers, Relying Parties that need
      to transfer EAT payloads over HTTP(S), CoAP(S), and other
      transports.
   Fragment identifier considerations:  n/a
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

6.4.  application/eat+jwt Registration

   Type name:  application
   Subtype name:  eat+jwt
   Required parameters:  n/a
   Optional parameters:  "eat_profile" (EAT profile in string format.
      OIDs MUST use the dotted-decimal notation.  The parameter value is
      case-insensitive.)
   Encoding considerations:  8bit
   Security considerations:  Section 9 of [EAT] and [BCP225]
   Interoperability considerations:  n/a
   Published specification:  Section 6.2 of RFCthis
   Applications that use this media type  Attesters, Verifiers,
      Endorsers and Reference-Value providers, Relying Parties that need
      to transfer EAT payloads over HTTP(S), CoAP(S), and other
      transports.
   Fragment identifier considerations:  n/a
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

6.5.  application/eat-bun+cbor Registration

   Type name:  application

Lundblade, et al.         Expires 30 March 2025                 [Page 8]
Internet-Draft               EAT Media Types              September 2024

   Subtype name:  eat-bun+cbor
   Required parameters:  n/a
   Optional parameters:  "eat_profile" (EAT profile in string format.
      OIDs MUST use the dotted-decimal notation.  The parameter value is
      case-insensitive.)
   Encoding considerations:  binary
   Security considerations:  Section 9 of [EAT]
   Interoperability considerations:  n/a
   Published specification:  Section 6.2 of RFCthis
   Applications that use this media type:  Attesters, Verifiers,
      Endorsers and Reference-Value providers, Relying Parties that need
      to transfer EAT payloads over HTTP(S), CoAP(S), and other
      transports.
   Fragment identifier considerations:  n/a
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

6.6.  application/eat-bun+json Registration

   Type name:  application
   Subtype name:  eat-bun+json
   Required parameters:  n/a
   Optional parameters:  "eat_profile" (EAT profile in string format.
      OIDs MUST use the dotted-decimal notation.  The parameter value is
      case-insensitive.)
   Encoding considerations:  Same as [RFC7159]
   Security considerations:  Section 9 of [EAT]
   Interoperability considerations:  n/a
   Published specification:  Section 6.2 of RFCthis
   Applications that use this media type  Attesters, Verifiers,
      Endorsers and Reference-Value providers, Relying Parties that need
      to transfer EAT payloads over HTTP(S), CoAP(S), and other
      transports.
   Fragment identifier considerations:  n/a
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

6.7.  application/eat-ucs+cbor Registration

   Type name:  application

Lundblade, et al.         Expires 30 March 2025                 [Page 9]
Internet-Draft               EAT Media Types              September 2024

   Subtype name:  eat-ucs+cbor
   Required parameters:  n/a
   Optional parameters:  "eat_profile" (EAT profile in string format.
      OIDs MUST use the dotted-decimal notation.  The parameter value is
      case-insensitive.)
   Encoding considerations:  binary
   Security considerations:  Section 7 of [UCCS]
   Interoperability considerations:  n/a
   Published specification:  Section 6.2 of RFCthis
   Applications that use this media type:  Attesters, Verifiers,
      Endorsers and Reference-Value providers, Relying Parties that need
      to transfer EAT payloads over HTTP(S), CoAP(S), and other
      transports.
   Fragment identifier considerations:  n/a
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

6.8.  application/eat-ucs+json Registration

   Type name:  application
   Subtype name:  eat-ucs+json
   Required parameters:  n/a
   Optional parameters:  "eat_profile" (EAT profile in string format.
      OIDs MUST use the dotted-decimal notation.  The parameter value is
      case-insensitive.)
   Encoding considerations:  Same as [RFC7159]
   Security considerations:  Section 7 of [UCCS]
   Interoperability considerations:  n/a
   Published specification:  Section 6.2 of RFCthis
   Applications that use this media type  Attesters, Verifiers,
      Endorsers and Reference-Value providers, Relying Parties that need
      to transfer EAT payloads over HTTP(S), CoAP(S), and other
      transports.
   Fragment identifier considerations:  n/a
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

Lundblade, et al.         Expires 30 March 2025                [Page 10]
Internet-Draft               EAT Media Types              September 2024

6.9.  CoAP Content-Format Registrations

   IANA is requested to register the following Content-Format numbers in
   the "CoAP Content-Formats" sub-registry, within the "Constrained
   RESTful Environments (CoRE) Parameters" Registry
   [IANA.core-parameters]:

   +==========================+================+======+===========+
   | Content-Type             | Content Coding | ID   | Reference |
   +==========================+================+======+===========+
   | application/eat+cwt      | -              | TBD1 | RFCthis   |
   +--------------------------+----------------+------+-----------+
   | application/eat+jwt      | -              | TBD2 | RFCthis   |
   +--------------------------+----------------+------+-----------+
   | application/eat-bun+cbor | -              | TBD3 | RFCthis   |
   +--------------------------+----------------+------+-----------+
   | application/eat-bun+json | -              | TBD4 | RFCthis   |
   +--------------------------+----------------+------+-----------+
   | application/eat-ucs+cbor | -              | TBD5 | RFCthis   |
   +--------------------------+----------------+------+-----------+
   | application/eat-ucs+json | -              | TBD6 | RFCthis   |
   +--------------------------+----------------+------+-----------+

                     Table 2: New Content-Formats

   TBD1..6 are to be assigned from the space 256..999.

7.  Changelog

   // RFC editor: please remove this section

7.1.   -04

   *  Early IANA review

7.2.   -03

   *  Update references

7.3.   -02

   *  Update references

   *  Register +cwt SSS (Issue#14 (https://github.com/ietf-rats-wg/
      draft-eat-mt/issues/14))

Lundblade, et al.         Expires 30 March 2025                [Page 11]
Internet-Draft               EAT Media Types              September 2024

   *  Move from eat-jwt to eat+jwt (Issue#14 (https://github.com/ietf-
      rats-wg/draft-eat-mt/issues/14))

   *  Move from eat-cwt to eat+cwt (Issue#14 (https://github.com/ietf-
      rats-wg/draft-eat-mt/issues/14))

7.4.   -01

   *  Rename profile to eat_profile for consistency with EAT (Issue#4
      (https://github.com/ietf-rats-wg/draft-eat-mt/issues/4))

   *  The DEB acronym is gone: shorthand is now "bun" from bundle
      (Issue#8 (https://github.com/ietf-rats-wg/draft-eat-mt/issues/8))

   *  Incorporate editorial suggestions from Carl and Dave (Issue#7
      (https://github.com/ietf-rats-wg/draft-eat-mt/issues/7), Issue#9
      (https://github.com/ietf-rats-wg/draft-eat-mt/issues/9))

8.  References

8.1.  Normative References

   [BCP225]   Best Current Practice 225,
              <https://www.rfc-editor.org/info/bcp225>.
              At the time of writing, this BCP comprises the following:

              Sheffer, Y., Hardt, D., and M. Jones, "JSON Web Token Best
              Current Practices", BCP 225, RFC 8725,
              DOI 10.17487/RFC8725, February 2020,
              <https://www.rfc-editor.org/info/rfc8725>.

   [CoAP]     Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
              Application Protocol (CoAP)", RFC 7252,
              DOI 10.17487/RFC7252, June 2014,
              <https://www.rfc-editor.org/rfc/rfc7252>.

   [CWT]      Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
              "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
              May 2018, <https://www.rfc-editor.org/rfc/rfc8392>.

   [EAT]      Lundblade, L., Mandyam, G., O'Donoghue, J., and C.
              Wallace, "The Entity Attestation Token (EAT)", Work in
              Progress, Internet-Draft, draft-ietf-rats-eat-31, 6
              September 2024, <https://datatracker.ietf.org/doc/html/
              draft-ietf-rats-eat-31>.

Lundblade, et al.         Expires 30 March 2025                [Page 12]
Internet-Draft               EAT Media Types              September 2024

   [HTTP]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "HTTP Semantics", STD 97, RFC 9110,
              DOI 10.17487/RFC9110, June 2022,
              <https://www.rfc-editor.org/rfc/rfc9110>.

   [IANA.core-parameters]
              IANA, "Constrained RESTful Environments (CoRE)
              Parameters",
              <https://www.iana.org/assignments/core-parameters>.

   [IANA.media-type-structured-suffix]
              IANA, "Structured Syntax Suffixes",
              <https://www.iana.org/assignments/media-type-structured-
              suffix>.

   [IANA.media-types]
              IANA, "Media Types",
              <https://www.iana.org/assignments/media-types>.

   [JWT]      Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
              (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
              <https://www.rfc-editor.org/rfc/rfc7519>.

   [MediaTypes]
              Freed, N., Klensin, J., and T. Hansen, "Media Type
              Specifications and Registration Procedures", BCP 13,
              RFC 6838, DOI 10.17487/RFC6838, January 2013,
              <https://www.rfc-editor.org/rfc/rfc6838>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC7159]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <https://www.rfc-editor.org/rfc/rfc7159>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [UCCS]     Birkholz, H., O'Donoghue, J., Cam-Winget, N., and C.
              Bormann, "A CBOR Tag for Unprotected CWT Claims Sets",
              Work in Progress, Internet-Draft, draft-ietf-rats-uccs-10,
              4 July 2024, <https://datatracker.ietf.org/doc/html/draft-
              ietf-rats-uccs-10>.

Lundblade, et al.         Expires 30 March 2025                [Page 13]
Internet-Draft               EAT Media Types              September 2024

   [URI]      Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, DOI 10.17487/RFC3986, January 2005,
              <https://www.rfc-editor.org/rfc/rfc3986>.

8.2.  Informative References

   [BUILD-W-HTTP]
              Best Current Practice 56,
              <https://www.rfc-editor.org/info/bcp56>.
              At the time of writing, this BCP comprises the following:

              Nottingham, M., "Building Protocols with HTTP", BCP 56,
              RFC 9205, DOI 10.17487/RFC9205, June 2022,
              <https://www.rfc-editor.org/info/rfc9205>.

   [RATS-Arch]
              Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
              W. Pan, "Remote ATtestation procedureS (RATS)
              Architecture", RFC 9334, DOI 10.17487/RFC9334, January
              2023, <https://www.rfc-editor.org/rfc/rfc9334>.

   [REST-IoT] Keränen, A., Kovatsch, M., and K. Hartke, "Guidance on
              RESTful Design for Internet of Things Systems", Work in
              Progress, Internet-Draft, draft-irtf-t2trg-rest-iot-14, 27
              July 2024, <https://datatracker.ietf.org/doc/html/draft-
              irtf-t2trg-rest-iot-14>.

   [TAG]      Kindberg, T. and S. Hawke, "The 'tag' URI Scheme",
              RFC 4151, DOI 10.17487/RFC4151, October 2005,
              <https://www.rfc-editor.org/rfc/rfc4151>.

Acknowledgments

   Thank you Carl Wallace, Carsten Bormann, Dave Thaler, Deb Cooley,
   Kathleen Moriarty, Michael Richardson, and Paul Howard for your
   comments and suggestions.

Authors' Addresses

   Laurence Lundblade
   Security Theory LLC
   Email: lgl@securitytheory.com

Lundblade, et al.         Expires 30 March 2025                [Page 14]
Internet-Draft               EAT Media Types              September 2024

   Henk Birkholz
   Fraunhofer Institute for Secure Information Technology
   Rheinstrasse 75
   64295 Darmstadt
   Germany
   Email: henk.birkholz@sit.fraunhofer.de

   Thomas Fossati
   Linaro
   Email: thomas.fossati@linaro.org

Lundblade, et al.         Expires 30 March 2025                [Page 15]