[OAUTH-WG] Re: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15)

Mon, 01 Dec 2025 07:35:31 -0800 

Unsurprisingly, as an author of the draft, having described all the new 
mitigations to issues that have come to light since the original JWT BCP was 
published as additional JWT best current practices, while retaining all of 
those already published in RFC 8725, I believe it is ready for publication.

                                Thanks all,
                                -- Mike

-----Original Message-----
From: Rifaat Shekh-Yusef via Datatracker <[email protected]>
Sent: Monday, December 1, 2025 5:46 AM
To: [email protected]; [email protected]; [email protected]
Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15)


Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15)

This message starts a 2-week WG Last Call for this document.

Abstract:
   JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
   tokens that contain a set of claims that can be signed and/or
   encrypted.  JWTs are being widely used and deployed as a simple
   security token format in numerous protocols and applications, both in
   the area of digital identity and in other application areas.  This
   Best Current Practices (BCP) specification updates RFC 7519 to
   provide actionable guidance leading to secure implementation and
   deployment of JWTs.

   This BCP specification furthermore replaces the existing JWT BCP
   specification RFC 8725 to provide additional actionable guidance
   covering threats and attacks that have been discovered since RFC 8725
   was published.

File can be retrieved from:
https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/

Please review and indicate your support or objection to proceed with the 
publication of this document by replying to this email keeping [email protected] 
in copy. Objections should be motivated and suggestions to resolve them are 
highly appreciated.

Authors, and WG participants in general, are reminded again of the Intellectual 
Property Rights (IPR) disclosure obligations described in BCP 79 [1]. 
Appropriate IPR disclosures required for full conformance with the provisions 
of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. Sanctions 
available for application to violators of IETF IPR Policy can be found at [3].

Thank you.

[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/



_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to