[OAUTH-WG] Last Call: (JSON Web Token Best Current Practices) to Best Current Practice

Mon, 25 Mar 2019 08:31:31 -0700 


The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document: - 'JSON Web Token Best Current
Practices'
  <draft-ietf-oauth-jwt-bcp-04.txt> as Best Current Practice

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
i...@ietf.org mailing lists by 2019-04-08. Exceptionally, comments may be
sent to i...@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


   JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
   tokens that contain a set of claims that can be signed and/or
   encrypted.  JWTs are being widely used and deployed as a simple
   security token format in numerous protocols and applications, both in
   the area of digital identity, and in other application areas.  The
   goal of this Best Current Practices document is to provide actionable
   guidance leading to secure implementation and deployment of JWTs.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ballot/


No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information: 
    rfc8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON 
Object Signing and Encryption (JOSE) (Proposed Standard - IETF stream)
    rfc6979: Deterministic Usage of the Digital Signature Algorithm (DSA) and 
Elliptic Curve Digital Signature Algorithm (ECDSA) (Informational - Independent 
Submission Editor stream)
    rfc7516: JSON Web Encryption (JWE) (Proposed Standard - IETF stream)
    rfc7515: JSON Web Signature (JWS) (Proposed Standard - IETF stream)
    rfc7519: JSON Web Token (JWT) (Proposed Standard - IETF stream)
    rfc7518: JSON Web Algorithms (JWA) (Proposed Standard - IETF stream)



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to