[Ace] CBOR Web Token (CWT) specification addressing WGLC feedback

2017-06-05 Thread Mike Jones 
A new CBOR Web Token (CWT) draft has been published that addresses the Working 
Group Last Call (WGLC) feedback received.  Changes were:

* Say that CWT is derived from JWT, rather than CWT is a profile of JWT.

* Used CBOR type names in descriptions, rather than major/minor type 
numbers.

* Clarified the NumericDate and StringOrURI descriptions.

* Changed to allow CWT claim names to use values of any legal CBOR map 
key type.

* Changed to use the CWT tag to identify nested CWTs instead of the CWT 
content type.

* Added an example using a floating-point date value.

* Acknowledged reviewers.

Thanks to Samuel Erdtman for doing the majority of the editing for this draft.  
As always, people are highly encouraged to validate the examples.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-05

An HTML-formatted version is also available at:

* http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-05.html

   -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1695 and as 
@selfissued.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] I-D Action: draft-ietf-ace-cbor-web-token-05.txt

2017-06-05 Thread internet-drafts 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Authentication and Authorization for 
Constrained Environments of the IETF.

Title   : CBOR Web Token (CWT)
Authors : Michael B. Jones
  Erik Wahlström
  Samuel Erdtman
  Hannes Tschofenig
Filename: draft-ietf-ace-cbor-web-token-05.txt
Pages   : 23
Date: 2017-06-05

Abstract:
   CBOR Web Token (CWT) is a compact means of representing claims to be
   transferred between two parties.  The claims in a CWT are encoded in
   the Concise Binary Object Representation (CBOR) and CBOR Object
   Signing and Encryption (COSE) is used for added application layer
   security protection.  A claim is a piece of information asserted
   about a subject and is represented as a name/value pair consisting of
   a claim name and a claim value.  CWT is derived from JSON Web Token
   (JWT), but uses CBOR rather than JSON.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-05
https://datatracker.ietf.org/doc/html/draft-ietf-ace-cbor-web-token-05

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-cbor-web-token-05


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace