Thanks very much, Eric. As we promised in Yokohama, the chairs of the COSE working group are currently running a consensus call thread about this very topic, and I’d encourage others to join that discussion. The thread starts here:
http://www.ietf.org/mail-archive/web/cose/current/msg00747.html — Justin > On Nov 12, 2015, at 2:10 PM, Erik Wahlström neXus > <erik.wahlst...@nexusgroup.com> wrote: > > Hi, > > In the ACE WG a straw man proposal of a CBOR Web Token (CWT) was defined in > the draft "Authorization for the Internet of Things using OAuth 2.0” [1]. We > just broke out the CBOR Web Token into a separate draft and the new draft is > submitted to the OAUTH WG. It can be found here: > > https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/ > <https://datatracker.ietf.org/doc/draft-wahlstroem-oauth-cbor-web-token/> > > Abstract: > "CBOR Web Token (CWT) is a compact means of representing claims to be > transferred between two parties. CWT is a profile of the JSON Web Token > (JWT) that is optimized for constrained devices. The claims in a CWT are > encoded in the Concise Binary Object Representation (CBOR) and CBOR Object > Signing and Encryption (COSE) is used for added application layer security > protection. A claim is a piece of information asserted about a subject and > is represented as a name/value pair consisting of a claim name and a claim > value." > > / Erik > > > [1] https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00 > <https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00> > > > _______________________________________________ > COSE mailing list > c...@ietf.org > https://www.ietf.org/mailman/listinfo/cose
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
