Hi, In the ACE WG a straw man proposal of a CBOR Web Token (CWT) was defined in the draft "Authorization for the Internet of Things using OAuth 2.0” [1]. We just broke out the CBOR Web Token into a separate draft and the new draft is submitted to the OAUTH WG. It can be found here:
https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/ Abstract: "CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value." / Erik [1] https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
