draft-ietf-ace-cbor-web-token-14.txt		draft-ietf-ace-cbor-web-token-15.txt
	ACE Working Group M. Jones		ACE Working Group M. Jones
	Internet-Draft Microsoft		Internet-Draft Microsoft
	Intended status: Standards Track E. Wahlstroem		Intended status: Standards Track E. Wahlstroem
	Expires: September 16, 2018		Expires: September 20, 2018
	S. Erdtman		S. Erdtman
	Spotify AB		Spotify AB
	H. Tschofenig		H. Tschofenig
	ARM Ltd.		ARM Ltd.
	March 15, 2018		March 19, 2018
	CBOR Web Token (CWT)		CBOR Web Token (CWT)
	draft-ietf-ace-cbor-web-token-14		draft-ietf-ace-cbor-web-token-15
	Abstract		Abstract
	CBOR Web Token (CWT) is a compact means of representing claims to be		CBOR Web Token (CWT) is a compact means of representing claims to be
	transferred between two parties. The claims in a CWT are encoded in		transferred between two parties. The claims in a CWT are encoded in
	the Concise Binary Object Representation (CBOR) and CBOR Object		the Concise Binary Object Representation (CBOR) and CBOR Object
	Signing and Encryption (COSE) is used for added application layer		Signing and Encryption (COSE) is used for added application layer
	security protection. A claim is a piece of information asserted		security protection. A claim is a piece of information asserted
	about a subject and is represented as a name/value pair consisting of		about a subject and is represented as a name/value pair consisting of
	a claim name and a claim value. CWT is derived from JSON Web Token		a claim name and a claim value. CWT is derived from JSON Web Token
	skipping to change at page 1, line 42 ¶		skipping to change at page 1, line 42 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on September 16, 2018.		This Internet-Draft will expire on September 20, 2018.
	Copyright Notice		Copyright Notice
	Copyright (c) 2018 IETF Trust and the persons identified as the		Copyright (c) 2018 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of		(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 5, line 17 ¶		skipping to change at page 5, line 17 ¶
	None of the claims defined below are intended to be mandatory to use		None of the claims defined below are intended to be mandatory to use
	or implement. They rather provide a starting point for a set of		or implement. They rather provide a starting point for a set of
	useful, interoperable claims. Applications using CWTs should define		useful, interoperable claims. Applications using CWTs should define
	which specific claims they use and when they are required or		which specific claims they use and when they are required or
	optional.		optional.
	3.1.1. iss (Issuer) Claim		3.1.1. iss (Issuer) Claim
	The "iss" (issuer) claim has the same meaning and processing rules as		The "iss" (issuer) claim has the same meaning and processing rules as
	the "iss" claim defined in Section 4.1.1 of [RFC7519], except that		the "iss" claim defined in Section 4.1.1 of [RFC7519], except that
	the value is a StringOrURI. The Claim Key 1 is used to identify this		the value is a StringOrURI, as defined in Section 2 of this
	claim.		specification. The Claim Key 1 is used to identify this claim.
	3.1.2. sub (Subject) Claim		3.1.2. sub (Subject) Claim
	The "sub" (subject) claim has the same meaning and processing rules		The "sub" (subject) claim has the same meaning and processing rules
	as the "sub" claim defined in Section 4.1.2 of [RFC7519], except that		as the "sub" claim defined in Section 4.1.2 of [RFC7519], except that
	the value is a StringOrURI. The Claim Key 2 is used to identify this		the value is a StringOrURI, as defined in Section 2 of this
	claim.		specification. The Claim Key 2 is used to identify this claim.
	3.1.3. aud (Audience) Claim		3.1.3. aud (Audience) Claim
	The "aud" (audience) claim has the same meaning and processing rules		The "aud" (audience) claim has the same meaning and processing rules
	as the "aud" claim defined in Section 4.1.3 of [RFC7519], except that		as the "aud" claim defined in Section 4.1.3 of [RFC7519], except that
	the value of the audience claim is a StringOrURI when it is not an		the value of the audience claim is a StringOrURI when it is not an
	array or each of the audience array element values is a StringOrURI		array or each of the audience array element values is a StringOrURI
	when the audience claim value is an array. The Claim Key 3 is used		when the audience claim value is an array. (StringOrURI is defined
	to identify this claim.		in Section 2 of this specification.) The Claim Key 3 is used to
			identify this claim.
	3.1.4. exp (Expiration Time) Claim		3.1.4. exp (Expiration Time) Claim
	The "exp" (expiration time) claim has the same meaning and processing		The "exp" (expiration time) claim has the same meaning and processing
	rules as the "exp" claim defined in Section 4.1.4 of [RFC7519],		rules as the "exp" claim defined in Section 4.1.4 of [RFC7519],
	except that the value is a NumericDate. The Claim Key 4 is used to		except that the value is a NumericDate, as defined in Section 2 of
	identify this claim.		this specification. The Claim Key 4 is used to identify this claim.
	3.1.5. nbf (Not Before) Claim		3.1.5. nbf (Not Before) Claim
	The "nbf" (not before) claim has the same meaning and processing		The "nbf" (not before) claim has the same meaning and processing
	rules as the "nbf" claim defined in Section 4.1.5 of [RFC7519],		rules as the "nbf" claim defined in Section 4.1.5 of [RFC7519],
	except that the value is a NumericDate. The Claim Key 5 is used to		except that the value is a NumericDate, as defined in Section 2 of
	identify this claim.		this specification. The Claim Key 5 is used to identify this claim.
	3.1.6. iat (Issued At) Claim		3.1.6. iat (Issued At) Claim
	The "iat" (issued at) claim has the same meaning and processing rules		The "iat" (issued at) claim has the same meaning and processing rules
	as the "iat" claim defined in Section 4.1.6 of [RFC7519], except that		as the "iat" claim defined in Section 4.1.6 of [RFC7519], except that
	the value is a NumericDate. The Claim Key 6 is used to identify this		the value is a NumericDate, as defined in Section 2 of this
	claim.		specification. The Claim Key 6 is used to identify this claim.
	3.1.7. cti (CWT ID) Claim		3.1.7. cti (CWT ID) Claim
	The "cti" (CWT ID) claim has the same meaning and processing rules as		The "cti" (CWT ID) claim has the same meaning and processing rules as
	the "jti" claim defined in Section 4.1.7 of [RFC7519], except that		the "jti" claim defined in Section 4.1.7 of [RFC7519], except that
	the value is a byte string. The Claim Key 7 is used to identify this		the value is a byte string. The Claim Key 7 is used to identify this
	claim.		claim.
	4. Summary of the claim names, keys, and value types		4. Summary of the claim names, keys, and value types
	skipping to change at page 23, line 41 ¶		skipping to change at page 23, line 41 ¶
	Goeran Selander.		Goeran Selander.
	[[ RFC Editor: Is it possible to preserve the non-ASCII spellings of		[[ RFC Editor: Is it possible to preserve the non-ASCII spellings of
	the names Erik Wahlstroem and Goeran Selander in the final		the names Erik Wahlstroem and Goeran Selander in the final
	specification? ]]		specification? ]]
	Appendix C. Document History		Appendix C. Document History
	[[ to be removed by the RFC Editor before publication as an RFC ]]		[[ to be removed by the RFC Editor before publication as an RFC ]]
			-15
			o Added section references when the terms "NumericDate" and
			"StringOrURI" are used, as suggested by Adam Roach.
	-14		-14
	o Cleaned up the descriptions of the numeric ranges of claim keys		o Cleaned up the descriptions of the numeric ranges of claim keys
	being registered in the registration template for the "CBOR Web		being registered in the registration template for the "CBOR Web
	Token (CWT) Claims" registry, as suggested by Adam Roach.		Token (CWT) Claims" registry, as suggested by Adam Roach.
	o Clarified the relationships between the JWT and CWT "NumericDate"		o Clarified the relationships between the JWT and CWT "NumericDate"
	and "StringOrURI" terms, as suggested by Adam Roach.		and "StringOrURI" terms, as suggested by Adam Roach.
	o Eliminated unnecessary uses of the word "type", as suggested by		o Eliminated unnecessary uses of the word "type", as suggested by
End of changes. 11 change blocks.
	16 lines changed or deleted		22 lines changed or added
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/