@misc{rfc9118, series = {Request for Comments}, number = 9118, howpublished = {RFC 9118}, publisher = {RFC Editor}, doi = {10.17487/RFC9118}, url = {https://www.rfc-editor.org/info/rfc9118}, author = {Russ Housley}, title = {{Enhanced JSON Web Token (JWT) Claim Constraints for Secure Telephone Identity Revisited (STIR) Certificates}}, pagetotal = 12, year = 2021, month = aug, abstract = {RFC 8226 specifies the use of certificates for Secure Telephone Identity Credentials; these certificates are often called "Secure Telephone Identity Revisited (STIR) Certificates". RFC 8226 provides a certificate extension to constrain the JSON Web Token (JWT) claims that can be included in the Personal Assertion Token (PASSporT), as defined in RFC 8225. If the PASSporT signer includes a JWT claim outside the constraint boundaries, then the PASSporT recipient will reject the entire PASSporT. This document updates RFC 8226; it provides all of the capabilities available in the original certificate extension as well as an additional way to constrain the allowable JWT claims. The enhanced extension can also provide a list of claims that are not allowed to be included in the PASSporT.}, }