Technical Summary
JSON Web Token (JWT) is a compact URL-safe means of representing
claims to be transferred between two parties. The claims in a JWT
are encoded as a JavaScript Object Notation (JSON) object that is
used as the payload of a JSON Web Signature (JWS) structure or as the
plaintext of a JSON Web Encryption (JWE) structure, enabling the
claims to be digitally signed or MACed and/or encrypted.
Working Group Summary
This document was uncontroversial. It defines a JSON-based security
token format to increase interoperability both among OAuth deployments
and in other application contexts as well. (ID tokens are specified in
http://openid.net/specs/openid-connect-core-1_0.html#IDToken)
Document Quality
A substantial number of implementations exist, as documented at
http://openid.net/developers/libraries/#jwt
(scroll down to the 'JWT/JWS/JWE/JWK/JWA Implementations' section)
An Excel sheet providing additional details about implementations can be found here:
http://www.oauth-v2.org/wp-content/uploads/2014/04/JWT-Implementations.xlsx
In last call, the discussions on "duplicate member names" also applies to this draft
and is unresolved. This can get discussed generally as it applies to at least 3 of the
drafts in the set under IESG review.
Personnel
The document shepherd is Hannes Tschofenig and the responsible area director is Kathleen Moriarty.
IANA Note
'The registries use the 5226 'Specification Required'
registration policy.'
RFC Editor Note: This draft is part of a set of drafts that cross 2
working groups. I am working through the reviews (shepherd just
confirmed them for the OAuth ones) and would like them processed as a
set. The JOSE drafts will hopefully be ready shortly as well. The
set includes (in order):
1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer