--- 1/draft-ietf-ace-cbor-web-token-06.txt 2017-07-02 15:13:08.958501080 -0700 +++ 2/draft-ietf-ace-cbor-web-token-07.txt 2017-07-02 15:13:09.002502140 -0700 @@ -3,21 +3,21 @@ Internet-Draft Microsoft Intended status: Standards Track E. Wahlstroem Expires: December 31, 2017 S. Erdtman Spotify AB H. Tschofenig ARM Ltd. June 29, 2017 CBOR Web Token (CWT) - draft-ietf-ace-cbor-web-token-06 + draft-ietf-ace-cbor-web-token-07 Abstract CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token @@ -95,21 +95,21 @@ A.2.1. 128-bit Symmetric Key as Hex Encoded String . . . . . 16 A.2.2. 256-bit Symmetric Key as Hex Encoded String . . . . . 16 A.2.3. ECDSA P-256 256-bit COSE Key . . . . . . . . . . . . 16 A.3. Example Signed CWT . . . . . . . . . . . . . . . . . . . 17 A.4. Example MACed CWT . . . . . . . . . . . . . . . . . . . . 18 A.5. Example Encrypted CWT . . . . . . . . . . . . . . . . . . 19 A.6. Example Nested CWT . . . . . . . . . . . . . . . . . . . 20 A.7. Example MACed CWT with a floating-point value . . . . . . 21 Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 22 Appendix C. Document History . . . . . . . . . . . . . . . . . . 22 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 1. Introduction The JSON Web Token (JWT) [RFC7519] is a standardized security token format that has found use in OAuth 2.0 and OpenID Connect deployments, among other applications. JWT uses JSON Web Signature (JWS) [RFC7515] and JSON Web Encryption (JWE) [RFC7516] to secure the contents of the JWT, which is a set of claims represented in JSON. The use of JSON for encoding information is popular for Web and native applications, but it is considered inefficient for some @@ -763,23 +763,23 @@ This section shows a signed CWT with a single recipient and a full CWT Claims Set. The signature is generated using the private key listed in Appendix A.2.3 and it can be validated using the public key from Appendix A.2.3. Line breaks are for display purposes only. d28443a10126a05850a70175636f61703a2f2f61732e6578616d706c652e636f6 d02656572696b77037818636f61703a2f2f6c696768742e6578616d706c652e63 - 6f6d041a5612aeb0051a5610d9f0061a5610d9f007420b715840b9b2821b6b2c2 - f9d1d984b11854dcfcee1f219746800ce76112c21f58c45dea1d7f01cec1ab394 - 0f75c459305365210a23a9ed463b4f6fc984c2f1c08e504d90 + 6f6d041a5612aeb0051a5610d9f0061a5610d9f007420b7158405427c1ff28d23 + fbad1f29c4c7c6a555e601d6fa29f9179bc3d7438bacaca5acd08c8d4d4f96131 + 680c429a01f85951ecee743a52b9b63632c57209120e1c9e30 Figure 7: Signed CWT as hex string 18( [ / protected / h'a10126' / { / alg / 1: -7 / ECDSA 256 / } / , / unprotected / {}, / payload / h'a70175636f61703a2f2f61732e6578616d706c652e63 @@ -787,24 +787,24 @@ 68742e6578616d706c652e636f6d041a5612aeb0051a 5610d9f0061a5610d9f007420b71' / { / iss / 1: "coap://as.example.com", / sub / 2: "erikw", / aud / 3: "coap://light.example.com", / exp / 4: 1444064944, / nbf / 5: 1443944944, / iat / 6: 1443944944, / cti / 7: h'0b71' } / , - / signature / h'b9b2821b6b2c2f9d1d984b11854dcfcee1f2197468 - 00ce76112c21f58c45dea1d7f01cec1ab3940f75c4 - 59305365210a23a9ed463b4f6fc984c2f1c08e504d - 90' + / signature / h'5427c1ff28d23fbad1f29c4c7c6a555e601d6fa29f + 9179bc3d7438bacaca5acd08c8d4d4f96131680c42 + 9a01f85951ecee743a52b9b63632c57209120e1c9e + 30' ] ) Figure 8: Signed CWT in CBOR diagnostic notation A.4. Example MACed CWT This section shows a MACed CWT with a single recipient, a full CWT Claims Set, and a CWT tag. @@ -847,40 +847,40 @@ A.5. Example Encrypted CWT This section shows an encrypted CWT with a single recipient and a full CWT Claims Set. The encryption is done with AES-CCM mode using the 128-bit symmetric key from Appendix A.2.1 with a 64-bit tag and 13-byte nonce, i.e., COSE AES-CCM-16-64-128. Line breaks are for display purposes only. - d08343a1010aa1054d3d9624bfb90a612bdcfc5077c45858e06d4b57cf3b3c9d - a3a16325dadcb9d2a0748f00ecd728f4b79030b56a292ee9cc8cc75349c120fc - 1ba5d67ee29affde28df75a20f344812453ff68270ad5f46295660558168e1d1 - 85cb308226cdad0a50417dcd4a8d4b47 + d08343a1010aa1054d99a0d7846e762c49ffe8a63e0b5858b918a11fd81e438b + 7f973d9e2e119bcb22424ba0f38a80f27562f400ee1d0d6c0fdb559c02421fd3 + 84fc2ebe22d7071378b0ea7428fff157444d45f7e6afcda1aae5f6495830c586 + 27087fc5b4974f319a8707a635dd643b Figure 11: Encrypted CWT as hex string 16( [ / protected / h'a1010a' / { / alg / 1: 10 / AES-CCM-16-64-128 / } /, / unprotected / { - / iv / 5: h'3d9624bfb90a612bdcfc5077c4' + / iv / 5: h'99a0d7846e762c49ffe8a63e0b' }, - / ciphertext / h'e06d4b57cf3b3c9da3a16325dadcb9d2a0748f00ecd - 728f4b79030b56a292ee9cc8cc75349c120fc1ba5d6 - 7ee29affde28df75a20f344812453ff68270ad5f462 - 95660558168e1d185cb308226cdad0a50417dcd4a8d - 4b47' + / ciphertext / h'b918a11fd81e438b7f973d9e2e119bcb22424ba0f38 + a80f27562f400ee1d0d6c0fdb559c02421fd384fc2e + be22d7071378b0ea7428fff157444d45f7e6afcda1a + ae5f6495830c58627087fc5b4974f319a8707a635dd + 643b' ] ) Figure 12: Encrypted CWT in CBOR diagnostic notation A.6. Example Nested CWT This section shows a Nested CWT, signed and then encrypted, with a single recipient and a full CWT Claims Set. @@ -889,45 +889,45 @@ from Appendix A.2.3. The encryption is done with AES-CCM mode using the 128-bit symmetric key from Appendix A.2.1 with a 64-bit tag and 13-byte nonce, i.e., COSE AES-CCM-16-64-128. The content type is set to CWT to indicate that there are multiple layers of COSE protection before finding the CWT Claims Set. The decrypted ciphertext will be a COSE_sign1 structure. In this example, it is the same one as in Appendix A.3, i.e., a Signed CWT Claims Set. Note that there is no limitation to the number of layers; this is an example with two layers. Line breaks are for display purposes only. - d08343a1010aa1054dd3bdeeb4daaa50625a5b576cc458a3318af5c80a11e081 - 91ca790b0793156451afc144e0f9f892679dff1d01cd52d7fe1e43ac8dabace0 - f74af095f918197da1550a76d59c2a89db6331e12451fc87fef56f2ff179fb33 - d6132ca34eb7fa8de0960d5f02a2b625792ccc8e5b3d59c0bede9d7438dc5c4f - e0c403c8fc32e874fbb7516c52edddfc09d4444a762dcd0cd486895131c343ae - 040620cdd4448c6ce0b7803022ff3d7877a83c345c05a57b36105a + d08343a1010aa1054d86bbd41cc32604396324b7f38058a372439fbff538aa7b + 601ebfb29454050a3c99fd13b27216d084556496c7355c4bb462510f8e0e8479 + dbe08722d620e96bcb7764d75140d96220f062679b46b897e7abe0c325dc2c96 + d8bb2c8334e3b92a42c0078983e753c054e647ad5387ed149f802f52b5a95ebf + 5f153c4fd64854ab7531e082b7f22721f939d257c94f8bc248e1d9cf04f9dd4e + 5de7ab62df37842fabec230a657d4abf7162bc786345ebb8eb3af0 Figure 13: Signed and Encrypted CWT as hex string 16( [ / protected / h'a203183d010a' / { / alg / 1: 10 / AES-CCM-16-64-128 / } / , / unprotected / { - / iv / 5: h'd3bdeeb4daaa50625a5b576cc4' + / iv / 5: h'86bbd41cc32604396324b7f380' }, - / ciphertext / h'318af5c80a11e08191ca790b0793156451afc144e0f - 9f892679dff1d01cd52d7fe1e43ac8dabace0f74af0 - 95f918197da1550a76d59c2a89db6331e12451fc87f - ef56f2ff179fb33d6132ca34eb7fa8de0960d5f02a2 - b625792ccc8e5b3d59c0bede9d7438dc5c4fe0c403c - 8fc32e874fbb7516c52edddfc09d4444a762dcd0cd4 - 86895131c343ae040620cdd4448c6ce0b7803022ff3 - d7877a83c345c05a57b36105a' + / ciphertext / h'72439fbff538aa7b601ebfb29454050a3c99fd13b27 + 216d084556496c7355c4bb462510f8e0e8479dbe087 + 22d620e96bcb7764d75140d96220f062679b46b897e + 7abe0c325dc2c96d8bb2c8334e3b92a42c0078983e7 + 53c054e647ad5387ed149f802f52b5a95ebf5f153c4 + fd64854ab7531e082b7f22721f939d257c94f8bc248 + e1d9cf04f9dd4e5de7ab62df37842fabec230a657d4 + abf7162bc786345ebb8eb3af0' ] ) Figure 14: Signed and Encrypted CWT in CBOR diagnostic notation A.7. Example MACed CWT with a floating-point value This section shows a MACed CWT with a single recipient and a simple CWT Claims Set. The CWT Claims Set with a floating-point 'iat' value. @@ -959,20 +959,25 @@ This specification is based on JSON Web Token (JWT) [RFC7519], the authors of which also include Nat Sakimura and John Bradley. It also incorporates suggestions made by many people, notably Carsten Bormann, Jim Schaad, Ludwig Seitz, and Goeran Selander. Appendix C. Document History [[ to be removed by the RFC Editor before publication as an RFC ]] + -07 + + o Updated examples for signing and encryption. Signatures are now + deterministic as recommended by COSE specification. + -06 o Addressed review comments by Carsten Bormann and Jim Schaad. All changes were editorial in nature. -05 o Addressed working group last call comments with the following changes: