Makes sense to me. Helps out for the EAT claim named “profile” which gives information about the type of the token you might want before fully verifying it. Addresses an issue Anders brought up about the profile claim.
LL > On Mar 2, 2022, at 9:34 AM, Mike Jones > <[email protected]> wrote: > > The use case is the same as that which motivated Section 5.3 of JWT > “Replicating Claims as Header Parameters” > https://datatracker.ietf.org/doc/html/rfc7519#section-5.3 > <https://datatracker.ietf.org/doc/html/rfc7519#section-5.3> – encrypted CWTs > for which you’d like to have unencrypted instances of particular claims to > determine how to process the CWT prior to decrypting it. Note that > https://datatracker.ietf.org/doc/html/rfc7519#section-10.4 > <https://datatracker.ietf.org/doc/html/rfc7519#section-10.4> explicitly > registers the “iss”, “sub”, and “aud” claims as JWE header parameter values > exactly for this purpose. > > This draft defines a syntax for COSE to likewise enable the corresponding CWT > claims to be passed in the clear in the COSE header, just as JWT claims can > be replicated as JOSE header parameters when needed. > > > -- Mike > > From: Hannes Tschofenig <[email protected]> > Sent: Wednesday, March 2, 2022 12:21 AM > To: Tobias Looker <[email protected]>; [email protected] > Cc: Mike Jones <[email protected]> > Subject: RE: Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE > Headers > > Hi Tobias, > > Could you say something about the use cases or provide an example of what you > want to accomplish? > > Ciao > Hannes > > From: COSE <[email protected] <mailto:[email protected]>> On Behalf > Of Tobias Looker > Sent: Wednesday, March 2, 2022 5:32 AM > To: [email protected] <mailto:[email protected]> > Cc: [email protected] <mailto:[email protected]> > Subject: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE > Headers > > Hi All, > > This is an email to introduce the newly submitted draft titled "CBOR Web > Token (CWT) Claims in COSE Headers", the current abstract is as follows. > > "This document describes how to include CBOR Web Token (CWT) claims in the > header parameters of any COSE structure. This functionality helps to > facilitate applications that wish to make use of CBOR Web Token (CWT) claims > in encrypted COSE structures and/or COSE structures featuring detached > signatures, while having some of those claims be available before decryption > and/or without inspecting the detached payload." > > https://datatracker.ietf.org/doc/draft-looker-cose-cwt-claims-in-headers/ > <https://datatracker.ietf.org/doc/draft-looker-cose-cwt-claims-in-headers/> > > As covered in the introduction of this draft, a similar mechanism already > exists for JWT and we see value in providing a way to do the same with CWTs. > > Thanks, > > > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0> > > > > Tobias Looker > > MATTR > CTO > > +64 (0) 27 378 0461 > [email protected] <mailto:[email protected]> > > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0> > > > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0> > > > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0> > > > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0> > > This communication, including any attachments, is confidential. If you are > not the intended recipient, you should not read it - please contact me > immediately, destroy it, and do not copy or use any part of this > communication or disclose anything about it. Thank you. Please note that this > communication does not designate an information system for the purposes of > the Electronic Transactions Act 2002. > > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
