So I believe that there are other uses for this technology, for instance here at Microsoft we have "compact tokens" and looking forward to using CWT and POP as a standard instead of what we have created. FIDO also has a use case for CWT and POP for the Client to Authenticator Protocol, which uses CBOR and CWT today. I think it makes sense to define POP for CWT in it's own specification as there will be many stand-alone usages for POP for CWT.
-----Original Message----- From: Ace [mailto:[email protected]] On Behalf Of Hannes Tschofenig Sent: Monday, June 12, 2017 11:19 AM To: [email protected] Cc: Hannes Tschofenig <[email protected]>; Kepeng Li <[email protected]> Subject: [Ace] Potential uses of PoP keys in CBOR Web Tokens (CWTs) Hi all, RFC 7800 defines how to communicate Proof of Possession (PoP) keys for JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT) draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of the JSON/JOSE JWT spec. The ACE working group is planning to also define a CBOR/COSE equivalent of RFC 7800 and is interested in knowing how you might use CBOR proof-of-possession keys for CWTs. Please drop us a message if you are using CBOR PoP keys for CWTs. We would like to learn more about your usage. Ciao Hannes & Kepeng _______________________________________________ Ace mailing list [email protected] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Face&data=02%7C01%7Ctonynad%40microsoft.com%7C0f499d2726c74f8c11ab08d4b1bf922f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636328883729061751&sdata=hxYGYRTqzC1qIEo4efvJdc%2B99GRldim68GwELwGIc8M%3D&reserved=0 _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
