CBOR Web Token Claims in COSE Headers
RFC 9597, “CBOR Web Token Claims in COSE Headers”, is a Proposed Standard document published in June 2024 by T. Looker, M.B. Jones. The canonical text is published by the RFC Editor.
Abstract
This document describes how to include CBOR Web Token (CWT) claims in the header parameters of any CBOR Object Signing and Encryption (COSE) structure. This functionality helps to facilitate applications that wish to make use of CWT claims in encrypted COSE structures and/or COSE structures featuring detached signatures, while having some of those claims be available before decryption and/or without inspecting the detached payload. Another use case is using CWT claims with payloads that are not CWT Claims Sets, including payloads that are not CBOR at all.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9597 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9596 CBOR Object Signing and Encryption "typ" Header Parameter
- RFC 9598 Internationalized Email Addresses in X.509 Certificates
- RFC 9595 YANG Schema Item iDentifier
- RFC 9599 Guidelines for Adding Congestion Notification to Protocols that Encapsulate IP
- RFC 9594 Key Provisioning for Group Communication Using Authentication and Authorization for Constrained Environments
- RFC 9600 TRansparent Interconnection of Lots of Links : Explicit Congestion Notification Support
- RFC 9593 Announcing Supported Authentication Methods in the Internet Key Exchange Protocol Version 2
- RFC 9601 Propagating Explicit Congestion Notification across IP Tunnel Headers Separated by a Shim