@misc{rfc9118,
    series =    {Request for Comments},
    number =    9118,
    howpublished =  {RFC 9118},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC9118},
    url =       {https://www.rfc-editor.org/info/rfc9118},
    author =    {Russ Housley},
    title =     {{Enhanced JSON Web Token (JWT) Claim Constraints for Secure Telephone Identity Revisited (STIR) Certificates}},
    pagetotal = 12,
    year =      2021,
    month =     aug,
    abstract =  {RFC 8226 specifies the use of certificates for Secure Telephone Identity Credentials; these certificates are often called "Secure Telephone Identity Revisited (STIR) Certificates". RFC 8226 provides a certificate extension to constrain the JSON Web Token (JWT) claims that can be included in the Personal Assertion Token (PASSporT), as defined in RFC 8225. If the PASSporT signer includes a JWT claim outside the constraint boundaries, then the PASSporT recipient will reject the entire PASSporT. This document updates RFC 8226; it provides all of the capabilities available in the original certificate extension as well as an additional way to constrain the allowable JWT claims. The enhanced extension can also provide a list of claims that are not allowed to be included in the PASSporT.},
}