UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7800

Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 April 2016
Status: active
Page Count: 15
scope:

This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-ofpossession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.

Document History

IETF RFC 7800
April 1, 2016
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-ofpossession key and how the recipient can cryptographically confirm...

References

This document references:
IETF RFC 3629 - UTF-8, a transformation format of ISO 10646
Published by IETF on November 1, 2003
A description is not available for this item.
This document references:
IETF RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)
Published by IETF on March 1, 2011
Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer...
This document is referenced by:
IETF RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
Published by IETF on February 1, 2020
Abstract This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth...
This document is referenced by:
IETF RFC 8747 - Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)
Published by IETF on March 1, 2020
Abstract This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able...
This document is referenced by:
TS 133 203 - Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Access security for IP-based services
Published by ETSI on May 1, 2022
The scope for this technical specification is to specify the security features and mechanisms for secure access to the IM subsystem (IMS) for the 3G mobile telecommunication system. Since the scope...
This document is referenced by:
RFC 9201 - Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)
Published by IETF on August 1, 2022
This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained...
This document is referenced by:
RFC 9203 - The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework
Published by IETF on August 1, 2022
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to...
View Less
View All
Advertisement