Internet Assigned Numbers Authority

CBOR Web Token (CWT) Claims

Created
2018-03-22
Last Updated
2024-12-20
Available Formats

XML

HTML

Plain text

Registries included below

CBOR Web Token (CWT) Claims

Expert(s)
Mike Jones, Hannes Tschofenig, Ludwig Seitz
Reference
[RFC8392]
Note
Registration requests should be sent to the [mailing list] described in 
[RFC8392]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact iana@iana.org. IANA does not 
monitor the list.
    
Available Formats

CSV
Range Registration Procedures
Integer values from -256 to 255 Standards Action
Integer values from -65536 to -257 Specification Required
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Claim Name Claim Description JWT Claim Name Claim Key Claim Value Type Change Controller Reference
Reserved for Private Use less than -65536 [RFC8392]
Unassigned -65536 to -262
globalplatform_component This claim holds an array of CBOR maps in which each array entry holds a map containing claims about a GlobalPlatform component that is within the boundary of the enclosing Entity Attestation Token. N/A -261 map [GlobalPlatform_Inc.] [GlobalPlatform Entity Attestation Protocol Specification, GPP_SPE_001, Section 6.5.]
hcert Health Certificate hcert -260 map [European_eHealth_Network] [Electronic Health Certificate Specification]
EUPHNonce Challenge Nonce EUPHNonce -259 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EATMAROEPrefix Signing prefix for multi-app restricted operating environments EATMAROEPrefix -258 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EAT-FDO EAT-FDO may contain related to FIDO Device Onboarding EAT-FDO -257 array [FIDO_Alliance] [FIDO Device Onboard Specification]
Unassigned -256 to -1
Reserved This registration reserves the key value 0 0 [IESG] [RFC8392]
iss Issuer iss 1 text string [IESG] [RFC8392]
sub Subject sub 2 text string [IESG] [RFC8392]
aud Audience aud 3 text string [IESG] [RFC8392]
exp Expiration Time exp 4 integer or floating-point number [IESG] [RFC8392]
nbf Not Before nbf 5 integer or floating-point number [IESG] [RFC8392]
iat Issued At iat 6 integer or floating-point number [IESG] [RFC8392]
cti CWT ID jti 7 byte string [IESG] [RFC8392]
cnf Confirmation cnf 8 map [IESG] [RFC8747]
scope The scope of an access token, as defined in [RFC6749]. scope 9 byte string or text string [IESG] [RFC8693, Section 4.2]
Nonce Nonce eat_nonce 10 bstr or array [IETF] [OpenID Connect Core 1.0][RFC-ietf-rats-eat-30]
Unassigned 11 to 37
ace_profile The ACE profile a token is supposed to be used with. ace_profile 38 integer [IETF] [RFC9200, Section 5.10]
cnonce The client-nonce sent to the AS by the RS via the client. cnonce 39 byte string [IETF] [RFC9200, Section 5.10]
exi The expiration time of a token measured from when it was received at the RS in seconds. exi 40 unsigned integer [IETF] [RFC9200, Section 5.10.3]
Unassigned 41 to 168
identity-data Registering the claim for storing identity data of a person, which could be personally identifiable data (PII) mostly used in Foundational/National ID for cross-border interoperability. identity-data 169 map [MOSIP] [CBOR Identity Data in QR Code, Section 3][CBOR Identity Data in QR Code, Section 4]
Unassigned 170 to 255
UEID The Universal Entity ID ueid 256 bstr [IETF] [RFC-ietf-rats-eat-30]
SUEIDs Semi-permanent UEIDs sueids 257 map [IETF] [RFC-ietf-rats-eat-30]
Hardware OEM ID Hardware OEM ID oemid 258 bstr or int [IETF] [RFC-ietf-rats-eat-30]
Hardware Model Model identifier for hardware hwmodel 259 bstr [IETF] [RFC-ietf-rats-eat-30]
Hardware Version Hardware Version Identifier hwversion 260 array [IETF] [RFC-ietf-rats-eat-30]
Uptime Uptime uptime 261 uint [IETF] [RFC-ietf-rats-eat-30]
OEM Authorized Boot Indicates whether the software booted was OEM authorized oemboot 262 bool [IETF] [RFC-ietf-rats-eat-30]
Debug Status Indicates status of debug facilities dbgstat 263 uint [IETF] [RFC-ietf-rats-eat-30]
Location The geographic location location 264 map [IETF] [RFC-ietf-rats-eat-30]
EAT Profile Indicates the EAT profile followed eat_profile 265 uri or oid [IETF] [RFC-ietf-rats-eat-30]
Submodules Section The section containing submodules submods 266 map [IETF] [RFC-ietf-rats-eat-30]
Boot Count The number times the entity or submodule has been booted bootcount 267 uint [IETF] [RFC-ietf-rats-eat-30]
Boot Seed Identifies a boot cycle bootseed 268 bstr [IETF] [RFC-ietf-rats-eat-30]
DLOAs Certifications received as Digital Letters of Approval dloas 269 array [IETF] [RFC-ietf-rats-eat-30]
Software Name The name of the software running in the entity swname 270 tstr [IETF] [RFC-ietf-rats-eat-30]
Software Version The version of software running in the entity swversion 271 array [IETF] [RFC-ietf-rats-eat-30]
Software Manifests Manifests describing the software installed on the entity manifests 272 array [IETF] [RFC-ietf-rats-eat-30]
Measurements Measurements of the software, memory configuration and such on the entity measurements 273 array [IETF] [RFC-ietf-rats-eat-30]
Software Measurement Results The results of comparing software measurements to reference values measres 274 array [IETF] [RFC-ietf-rats-eat-30]
Intended Use Indicates intended use of the EAT intuse 275 uint [IETF] [RFC-ietf-rats-eat-30]
Unassigned 276 to 281
geohash Geohash String geohash 282 text string or array [Consumer_Technology_Association] [Fast and Readable Geographical Hashing (CTA-5009)]
Unassigned 283 to 299
wmver The version of the WM Token wmver 300 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmvnd The WM technology vendor wmvnd 301 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmpatlen The length in bits of the WM pattern wmpatlen 302 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmsegduration The nominal duration of a segment wmsegduration 303 map [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmpattern The WM pattern wmpattern 304 COSE_Encrypt0 or COSE_Encrypt or byte string [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmid Used as input to derive the WM pattern for indirect mode wmid 305 text string [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmopid Used as additional input to derive the WM pattern for indirect mode wmopid 306 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmkeyver The key to use for derivation of the WM pattern in indirect mode wmkeyver 307 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
Unassigned 308 to 2393
psa-client-id PSA Client ID N/A 2394 signed integer [Hannes_Tschofenig] [RFC-tschofenig-rats-psa-token-24, Section 4.1.2]
psa-security-lifecycle PSA Security Lifecycle N/A 2395 unsigned integer [Hannes_Tschofenig] [RFC-tschofenig-rats-psa-token-24, Section 4.3.1]
psa-implementation-id PSA Implementation ID N/A 2396 byte string [Hannes_Tschofenig] [RFC-tschofenig-rats-psa-token-24, Section 4.2.2]
Unassigned 2397
psa-certification-reference PSA Certification Reference N/A 2398 text string [Hannes_Tschofenig] [RFC-tschofenig-rats-psa-token-24, Section 4.2.3]
psa-software-components PSA Software Components N/A 2399 array [Hannes_Tschofenig] [RFC-tschofenig-rats-psa-token-24, Section 4.4.1]
psa-verification-service-indicator PSA Verification Service Indicator N/A 2400 text string [Hannes_Tschofenig] [RFC-tschofenig-rats-psa-token-24, Section 4.5.1]
Unassigned 2401 to 65535

CWT Confirmation Methods

Registration Procedure(s)
Specification Required
Expert(s)
Ludwig Seitz, Mike Jones
Reference
[RFC8747]
Note
Registration requests should be sent to the [mailing list] described in 
[RFC8747]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact iana@iana.org. IANA does not 
monitor the list.
    
Available Formats

CSV
Confirmation Method Name Confirmation Method Description JWT Confirmation Method Name Confirmation Key Confirmation Value Type Change Controller Reference
COSE_Key COSE_Key Representing Public Key jwk 1 COSE_Key structure [IESG] [RFC8747, Section 3.2]
Encrypted_COSE_Key Encrypted COSE_Key jwe 2 COSE_Encrypt or COSE_Encrypt0 structure (with an optional corresponding COSE_Encrypt or COSE_Encrypt0 tag) [IESG] [RFC8747, Section 3.3]
kid Key Identifier kid 3 binary string [IESG] [RFC8747, Section 3.4]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation osc 4 map [IETF] [RFC9203, Section 3.2.1]
ckt COSE Key SHA-256 Thumbprint (none) 5 binary string [IETF] [RFC9679]

Contact Information

ID Name Contact URI Last Updated
[Consumer_Technology_Association] Consumer Technology Association mailto:standards&cta.tech 2024-02-21
[DASH-IF] DASH Industry Forum https://dashif.org 2023-03-01
[European_eHealth_Network] European eHealth Network mailto:jakob&kirei.se 2021-04-15
[FIDO_Alliance] FIDO Alliance mailto:iana-request&fidoalliance.org 2021-03-05
[GlobalPlatform_Inc.] GlobalPlatform Inc. mailto:secretariat&globalplatform.org 2024-08-14
[Hannes_Tschofenig] Hannes Tschofenig mailto:hannes.tschofenig&arm.com 2022-07-27
[IESG] IESG mailto:iesg&ietf.org
[IETF] IETF mailto:iesg&ietf.org
[MOSIP] MOSIP mailto:resham&mosip.io 2024-05-15