The use case is the same as that which motivated Section 5.3 of JWT
"Replicating Claims as Header Parameters"
https://datatracker.ietf.org/doc/html/rfc7519#section-5.3 - encrypted CWTs for
which you'd like to have unencrypted instances of particular claims to
determine how to process the CWT prior to decrypting it. Note that
https://datatracker.ietf.org/doc/html/rfc7519#section-10.4 explicitly registers
the "iss", "sub", and "aud" claims as JWE header parameter values exactly for
this purpose.
This draft defines a syntax for COSE to likewise enable the corresponding CWT
claims to be passed in the clear in the COSE header, just as JWT claims can be
replicated as JOSE header parameters when needed.
-- Mike
From: Hannes Tschofenig <[email protected]>
Sent: Wednesday, March 2, 2022 12:21 AM
To: Tobias Looker <[email protected]>; [email protected]
Cc: Mike Jones <[email protected]>
Subject: RE: Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
Hi Tobias,
Could you say something about the use cases or provide an example of what you
want to accomplish?
Ciao
Hannes
From: COSE <[email protected]<mailto:[email protected]>> On Behalf Of
Tobias Looker
Sent: Wednesday, March 2, 2022 5:32 AM
To: [email protected]<mailto:[email protected]>
Cc: [email protected]<mailto:[email protected]>
Subject: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE
Headers
Hi All,
This is an email to introduce the newly submitted draft titled "CBOR Web Token
(CWT) Claims in COSE Headers", the current abstract is as follows.
"This document describes how to include CBOR Web Token (CWT) claims in the
header parameters of any COSE structure. This functionality helps to facilitate
applications that wish to make use of CBOR Web Token (CWT) claims in encrypted
COSE structures and/or COSE structures featuring detached signatures, while
having some of those claims be available before decryption and/or without
inspecting the detached payload."
https://datatracker.ietf.org/doc/draft-looker-cose-cwt-claims-in-headers/
As covered in the introduction of this draft, a similar mechanism already
exists for JWT and we see value in providing a way to do the same with CWTs.
Thanks,
[Mattr
website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
Tobias Looker
MATTR
CTO
+64 (0) 27 378 0461
[email protected]<mailto:[email protected]>
[Mattr
website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
[Mattr on
LinkedIn]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>
[Mattr on
Twitter]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>
[Mattr on
Github]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>
This communication, including any attachments, is confidential. If you are not
the intended recipient, you should not read it - please contact me immediately,
destroy it, and do not copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this communication does not
designate an information system for the purposes of the Electronic Transactions
Act 2002.
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
