%% You should probably cite rfc9118 instead of this I-D. @techreport{ietf-stir-enhance-rfc8226-04, number = {draft-ietf-stir-enhance-rfc8226-04}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-stir-enhance-rfc8226/04/}, author = {Russ Housley}, title = {{Enhanced JWT Claim Constraints for STIR Certificates}}, pagetotal = 11, year = 2021, month = jun, day = 30, abstract = {RFC 8226 specifies the use of certificates for Secure Telephone Identity Credentials, and these certificates are often called "STIR Certificates". RFC 8226 provides a certificate extension to constrain the JSON Web Token (JWT) claims that can be included in the Personal Assertion Token (PASSporT) as defined in RFC 8225. If the PASSporT signer includes a JWT claim outside the constraint boundaries, then the PASSporT recipient will reject the entire PASSporT. This document updates RFC 8226; it provides all of the capabilities available in the original certificate extension as well as an additional way to constrain the allowable JWT claims. The enhanced extension can also provide a list of claims that are not allowed to be included in the PASSporT.}, }