And as the third author, I also believe it is ready for publication. On Mon, Dec 1, 2025 at 3:52 PM Yaron Sheffer <[email protected]> wrote:
> Joining my co-author, I believe the draft is ready for publication. > > Thanks, > Yaron > > On 01/12/2025, 17:35, "Michael Jones" <[email protected]> wrote: > > Unsurprisingly, as an author of the draft, having described all the new > mitigations to issues that have come to light since the original JWT BCP > was published as additional JWT best current practices, while retaining all > of those already published in RFC 8725, I believe it is ready for > publication. > > Thanks all, > -- Mike > > -----Original Message----- > From: Rifaat Shekh-Yusef via Datatracker <[email protected]> > Sent: Monday, December 1, 2025 5:46 AM > To: [email protected]; [email protected]; > [email protected] > Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15) > > > Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15) > > This message starts a 2-week WG Last Call for this document. > > Abstract: > JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security > tokens that contain a set of claims that can be signed and/or > encrypted. JWTs are being widely used and deployed as a simple > security token format in numerous protocols and applications, both in > the area of digital identity and in other application areas. This > Best Current Practices (BCP) specification updates RFC 7519 to > provide actionable guidance leading to secure implementation and > deployment of JWTs. > > This BCP specification furthermore replaces the existing JWT BCP > specification RFC 8725 to provide additional actionable guidance > covering threats and attacks that have been discovered since RFC 8725 > was published. > > File can be retrieved from: > https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/ > > Please review and indicate your support or objection to proceed with the > publication of this document by replying to this email keeping > [email protected] in copy. Objections should be motivated and suggestions to > resolve them are highly appreciated. > > Authors, and WG participants in general, are reminded again of the > Intellectual Property Rights (IPR) disclosure obligations described in BCP > 79 [1]. Appropriate IPR disclosures required for full conformance with the > provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of > any. Sanctions available for application to violators of IETF IPR Policy > can be found at [3]. > > Thank you. > > [1] https://datatracker.ietf.org/doc/bcp78/ > [2] https://datatracker.ietf.org/doc/bcp79/ > [3] https://datatracker.ietf.org/doc/rfc6701/ > > > > >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
