JSON Web Token Best Current Practices
draft-sheffer-oauth-jwt-bcp-01

Document Type Replaced Internet-Draft (individual)
Last updated 2017-07-03
Replaced by draft-ietf-oauth-jwt-bcp
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-oauth-jwt-bcp
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-sheffer-oauth-jwt-bcp-01.txt

Abstract

JSON Web Tokens, also known as JWTs [RFC7519], are URL-safe JSON- based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity, and in other application areas. The goal of this Best Current Practices document is to provide actionable guidance leading to secure implementation and deployment of JWTs.

Authors

Yaron Sheffer (yaronf.ietf@gmail.com)
Dick Hardt (dick@amazon.com)
Michael Jones (mbj@microsoft.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)