Hi everyone, RFC 8725 is the JWT Best Practices document that was published 5 years ago. Since then, several new vulnerabilities and implementation issues were found, and this is a “bis” document to inform the community of these issues and recommend mitigations. This is a relatively small change to the existing BCP. We have (almost) exhausted the issues we are aware of and we’re requesting adoption by the working group. Once adopted, we believe we can quickly move to WGLC. Thanks, Yaron, Mike and Dick On 23/05/2025, 13:11, "[email protected]" <[email protected]> wrote: A new version of Internet-Draft draft-sheffer-oauth-rfc8725bis-01.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-sheffer-oauth-rfc8725bis Revision: 01 Title: JSON Web Token Best Current Practices Date: 2025-05-23 Group: Individual Submission Pages: 18 Abstract: JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs. The IETF Secretariat |
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
