Proof-of-Possession Key Semantics for CBOR Web Tokens
RFC 8747, “Proof-of-Possession Key Semantics for CBOR Web Tokens”, is a Proposed Standard document published in March 2020 by M. Jones, L. Seitz, G. Selander, S. Erdtman, H. Tschofenig. The canonical text is published by the RFC Editor.
Abstract
This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8747 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 8746 Concise Binary Object Representation Tags for Typed Arrays
- RFC 8748 Registry Fee Extension for the Extensible Provisioning Protocol
- RFC 8745 Path Computation Element Communication Protocol Extensions for Associating Working and Protection Label Switched Paths with Stateful PCE
- RFC 8749 Moving DNSSEC Lookaside Validation to Historic Status
- RFC 8744 Issues and Requirements for Server Name Identification Encryption in TLS
- RFC 8750 Implicit Initialization Vector for Counter-Based Ciphers in Encapsulating Security Payload
- RFC 8743 Multiple Access Management Services Multi-Access Management Services
- RFC 8751 Hierarchical Stateful Path Computation Element