Skip to main content

PASETO: Platform-Agnostic SEcurity TOkens

The information below is for an old version of the document.
Document Type This is an older version of an Internet-Draft whose latest revision is Expired
Authors Scott Arciszewski , Steven Haussmann
Last updated 2018-10-21 (Latest revision 2018-04-19)
Stream (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Platform-Agnostic SEcurity TOkens (PASETOs) provide a cryptographically secure, compact, and URL-safe representation of claims that may be transferred between two parties. The claims are encoded in JavaScript Object Notation (JSON), version-tagged, and either encrypted using shared-key cryptography or signed using public-key cryptography.


Scott Arciszewski
Steven Haussmann

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)