The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'JSON Web Token Best Current Practices' <draft-ietf-oauth-jwt-bcp-04.txt> as Best Current Practice
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the i...@ietf.org mailing lists by 2019-04-08. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity, and in other application areas. The goal of this Best Current Practices document is to provide actionable guidance leading to secure implementation and deployment of JWTs. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE) (Proposed Standard - IETF stream) rfc6979: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) (Informational - Independent Submission Editor stream) rfc7516: JSON Web Encryption (JWE) (Proposed Standard - IETF stream) rfc7515: JSON Web Signature (JWS) (Proposed Standard - IETF stream) rfc7519: JSON Web Token (JWT) (Proposed Standard - IETF stream) rfc7518: JSON Web Algorithms (JWA) (Proposed Standard - IETF stream) _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth