Enhanced JSON Web Token Claim Constraints for Secure Telephone Identity Revisited Certificates
RFC 9118, “Enhanced JSON Web Token Claim Constraints for Secure Telephone Identity Revisited Certificates”, is a Proposed Standard document published in August 2021 by R. Housley. It updates RFC 8226. The canonical text is published by the RFC Editor.
Abstract
RFC 8226 specifies the use of certificates for Secure Telephone Identity Credentials; these certificates are often called "Secure Telephone Identity Revisited (STIR) Certificates". RFC 8226 provides a certificate extension to constrain the JSON Web Token (JWT) claims that can be included in the Personal Assertion Token (PASSporT), as defined in RFC 8225. If the PASSporT signer includes a JWT claim outside the constraint boundaries, then the PASSporT recipient will reject the entire PASSporT. This document updates RFC 8226; it provides all of the capabilities available in the original certificate extension as well as an additional way to constrain the allowable JWT claims. The enhanced extension can also provide a list of claims that are not allowed to be included in the PASSporT.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9118 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9117 Revised Validation Procedure for BGP Flow Specifications
- RFC 9119 Multicast Considerations over IEEE 802 Wireless Media
- RFC 9120 Nameservers for the Address and Routing Parameter Area Domain
- RFC 9115 An Automatic Certificate Management Environment Profile for Generating Delegated Certificates
- RFC 9125 Gateway Auto-Discovery and Route Advertisement for Site Interconnection Using Segment Routing
- RFC 9126 OAuth 2.0 Pushed Authorization Requests
- RFC 9109 Network Time Protocol Version 4: Port Randomization
- RFC 9127 YANG Data Model for Bidirectional Forwarding Detection