Hi Dick and everybody, I am very supportive about this draft
It brings several basic rules and good practices I use in my work. Everybody know that all the indication provided within it comes from the experience I would like to have it definitively published to use it as stable reference Hope that this final review would end soon Thx Il lun 1 dic 2025, 17:11 Dick Hardt <[email protected]> ha scritto: > And as the third author, I also believe it is ready for publication. > > On Mon, Dec 1, 2025 at 3:52 PM Yaron Sheffer <[email protected]> > wrote: > >> Joining my co-author, I believe the draft is ready for publication. >> >> Thanks, >> Yaron >> >> On 01/12/2025, 17:35, "Michael Jones" <[email protected]> >> wrote: >> >> Unsurprisingly, as an author of the draft, having described all the new >> mitigations to issues that have come to light since the original JWT BCP >> was published as additional JWT best current practices, while retaining all >> of those already published in RFC 8725, I believe it is ready for >> publication. >> >> Thanks all, >> -- Mike >> >> -----Original Message----- >> From: Rifaat Shekh-Yusef via Datatracker <[email protected]> >> Sent: Monday, December 1, 2025 5:46 AM >> To: [email protected]; [email protected]; >> [email protected] >> Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15) >> >> >> Subject: WG Last Call: draft-ietf-oauth-rfc8725bis-02 (Ends 2025-12-15) >> >> This message starts a 2-week WG Last Call for this document. >> >> Abstract: >> JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security >> tokens that contain a set of claims that can be signed and/or >> encrypted. JWTs are being widely used and deployed as a simple >> security token format in numerous protocols and applications, both in >> the area of digital identity and in other application areas. This >> Best Current Practices (BCP) specification updates RFC 7519 to >> provide actionable guidance leading to secure implementation and >> deployment of JWTs. >> >> This BCP specification furthermore replaces the existing JWT BCP >> specification RFC 8725 to provide additional actionable guidance >> covering threats and attacks that have been discovered since RFC 8725 >> was published. >> >> File can be retrieved from: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/ >> >> Please review and indicate your support or objection to proceed with the >> publication of this document by replying to this email keeping >> [email protected] in copy. Objections should be motivated and suggestions >> to resolve them are highly appreciated. >> >> Authors, and WG participants in general, are reminded again of the >> Intellectual Property Rights (IPR) disclosure obligations described in BCP >> 79 [1]. Appropriate IPR disclosures required for full conformance with the >> provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of >> any. Sanctions available for application to violators of IETF IPR Policy >> can be found at [3]. >> >> Thank you. >> >> [1] https://datatracker.ietf.org/doc/bcp78/ >> [2] https://datatracker.ietf.org/doc/bcp79/ >> [3] https://datatracker.ietf.org/doc/rfc6701/ >> >> >> >> >> _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
