RFC 8747

Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs), March 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Authors:
M. Jones
L. Seitz
G. Selander
S. Erdtman
H. Tschofenig
Stream:
IETF
Source:
ace (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8747

Discuss this RFC: Send questions or comments to ace@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader