Mike Jones
2016-04-07 02:14:55 UTC
The Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) specification is now RFC 7800<http://www.rfc-editor.org/info/rfc7800> - an IETF standard. The abstract describes the specification as:
This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of-possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.
Thanks to John Bradley<http://www.thread-safe.com/>, Hannes Tschofenig<https://twitter.com/shingou>, and the OAuth working group for their work on this specification.
-- Mike
P.S. This notice was also posted at http://self-issued.info/?p=1561 and as @selfissued<https://twitter.com/selfissued>.
This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of-possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.
Thanks to John Bradley<http://www.thread-safe.com/>, Hannes Tschofenig<https://twitter.com/shingou>, and the OAuth working group for their work on this specification.
-- Mike
P.S. This notice was also posted at http://self-issued.info/?p=1561 and as @selfissued<https://twitter.com/selfissued>.