UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8747

Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 March 2020
Status: active
Page Count: 14
scope:

Abstract

This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).

Document History

IETF RFC 8747
March 1, 2020
Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)
Abstract This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able...

References

This document references:
IETF RFC 7049 - Concise Binary Object Representation (CBOR)
Published by IETF on October 1, 2013
The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need...
This document references:
IETF RFC 7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
Published by IETF on April 1, 2016
This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-ofpossession key and how the recipient can cryptographically confirm...
This document references:
IETF RFC 8152 - CBOR Object Signing and Encryption (COSE)
Published by IETF on July 1, 2017
Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data...
This document references:
IETF RFC 8392 - CBOR Web Token (CWT)
Published by IETF on May 1, 2018
CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR...
This document references:
IETF RFC 8610 - Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures
Published by IETF on June 1, 2019
This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express...
This document is referenced by:
TS 133 434 - LTE; 5G; Security aspects of Service Enabler Architecture Layer (SEAL) for verticals
Published by ETSI on September 1, 2022
The present document specifies the security features and mechanisms to support the Service Enabler Architecture Layer (SEAL) in 5G. Specifically security architecture, functional model(s), security...
This document is referenced by:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
This document is referenced by:
RFC 9201 - Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)
Published by IETF on August 1, 2022
This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained...
This document is referenced by:
RFC 9202 - Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)
Published by IETF on August 1, 2022
This specification defines a profile of the Authentication and Authorization for Constrained Environments (ACE) framework that allows constrained servers to delegate client authentication and...
This document is referenced by:
RFC 9203 - The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework
Published by IETF on August 1, 2022
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to...
View Less
View All
Advertisement