RFC 9597

CBOR Web Token (CWT) Claims in COSE Headers, June 2024

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
T. Looker
M.B. Jones
cose (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9597

Discuss this RFC: Send questions or comments to the mailing list cose@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9597


This document describes how to include CBOR Web Token (CWT) claims in the header parameters of any CBOR Object Signing and Encryption (COSE) structure. This functionality helps to facilitate applications that wish to make use of CWT claims in encrypted COSE structures and/or COSE structures featuring detached signatures, while having some of those claims be available before decryption and/or without inspecting the detached payload. Another use case is using CWT claims with payloads that are not CWT Claims Sets, including payloads that are not CBOR at all.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search