RFC 9597
CBOR Web Token (CWT) Claims in COSE Headers, June 2024
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- T. Looker
M.B. Jones - Stream:
- IETF
- Source:
- cose (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9597
Discuss this RFC: Send questions or comments to the mailing list cose@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9597
Abstract
This document describes how to include CBOR Web Token (CWT) claims in the header parameters of any CBOR Object Signing and Encryption (COSE) structure. This functionality helps to facilitate applications that wish to make use of CWT claims in encrypted COSE structures and/or COSE structures featuring detached signatures, while having some of those claims be available before decryption and/or without inspecting the detached payload. Another use case is using CWT claims with payloads that are not CWT Claims Sets, including payloads that are not CBOR at all.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.