<?xml version='1.0' encoding='utf-8'?><!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.20 (Ruby 3.3.3) --><rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" ipr="trust200902" docName="draft-ietf-rats-eat-media-type-12" number="9782" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true"version="3"> <!-- xml2rfc v2v3 conversion 3.24.0 -->xml:lang="en" updates="" obsoletes="" prepTime="2025-05-27T19:14:10" indexInclude="true" scripts="Common,Latin" tocDepth="3"> <link href="https://datatracker.ietf.org/doc/draft-ietf-rats-eat-media-type-12" rel="prev"/> <link href="https://dx.doi.org/10.17487/rfc9782" rel="alternate"/> <link href="urn:issn:2070-1721" rel="alternate"/> <front> <title abbrev="EAT MediaTypes">EATTypes">Entity Attestation Token (EAT) Media Types</title> <seriesInfoname="Internet-Draft" value="draft-ietf-rats-eat-media-type-12"/>name="RFC" value="9782" stream="IETF"/> <author initials="L." surname="Lundblade" fullname="Laurence Lundblade"><organization>Security<organization showOnFrontPage="true">Security Theory LLC</organization> <address> <email>lgl@securitytheory.com</email> </address> </author> <author initials="H." surname="Birkholz" fullname="Henk Birkholz"> <organization abbrev="FraunhoferSIT">FraunhoferSIT" showOnFrontPage="true">Fraunhofer Institute for Secure Information Technology</organization> <address> <postal> <street>Rheinstrasse 75</street> <city>Darmstadt</city> <code>64295</code> <country>Germany</country> </postal> <email>henk.birkholz@ietf.contact</email> </address> </author> <author initials="T." surname="Fossati" fullname="Thomas Fossati"><organization>Linaro</organization><organization showOnFrontPage="true">Linaro</organization> <address> <email>thomas.fossati@linaro.org</email> </address> </author> <dateyear="2024" month="November" day="03"/> <area>Security</area> <workgroup>Remote ATtestation ProcedureS</workgroup> <keyword>EAT, mediamonth="05" year="2025"/> <area>SEC</area> <workgroup>rats</workgroup> <keyword>EAT</keyword> <keyword>media type</keyword><abstract> <?line 56?> <t>Payloads<abstract pn="section-abstract"> <t indent="0" pn="section-abstract-1">The payloads used in RemoteAttestation ProceduresATtestation procedureS (RATS) may require an associated media type for their conveyance, forexampleexample, when the payloads are used in RESTful APIs.</t><t>This<t indent="0" pn="section-abstract-2">This memo defines media types to be used for Entity Attestation Tokens(EAT).</t>(EATs).</t> </abstract><note removeInRFC="true"> <name>Discussion Venues</name> <t>Discussion<boilerplate> <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.1"> <name slugifiedName="name-status-of-this-memo">Status ofthisThis Memo</name> <t indent="0" pn="section-boilerplate.1-1"> This is an Internet Standards Track document. </t> <t indent="0" pn="section-boilerplate.1-2"> This documenttakes place onis a product of theRemote ATtestation ProcedureS WorkingInternet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Groupmailing list (rats@ietf.org), which(IESG). Further information on Internet Standards isarchived at <eref target="https://mailarchive.ietf.org/arch/browse/rats/"/>.</t> <t>Source foravailable in Section 2 of RFC 7841. </t> <t indent="0" pn="section-boilerplate.1-3"> Information about the current status of thisdraftdocument, any errata, andan issue tracker canhow to provide feedback on it may befoundobtained at <ereftarget="https://github.com/thomas-fossati/draft-eat-mt"/>.</t> </note>target="https://www.rfc-editor.org/info/rfc9782" brackets="none"/>. </t> </section> <section anchor="copyright" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.2"> <name slugifiedName="name-copyright-notice">Copyright Notice</name> <t indent="0" pn="section-boilerplate.2-1"> Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. </t> <t indent="0" pn="section-boilerplate.2-2"> This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<eref target="https://trustee.ietf.org/license-info" brackets="none"/>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. </t> </section> </boilerplate> <toc> <section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" pn="section-toc.1"> <name slugifiedName="name-table-of-contents">Table of Contents</name> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1"> <li pn="section-toc.1-1.1"> <t indent="0" keepWithNext="true" pn="section-toc.1-1.1.1"><xref derivedContent="1" format="counter" sectionFormat="of" target="section-1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-introduction">Introduction</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.1.2"> <li pn="section-toc.1-1.1.2.1"> <t indent="0" keepWithNext="true" pn="section-toc.1-1.1.2.1.1"><xref derivedContent="1.1" format="counter" sectionFormat="of" target="section-1.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-terminology">Terminology</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.2"> <t indent="0" keepWithNext="true" pn="section-toc.1-1.2.1"><xref derivedContent="2" format="counter" sectionFormat="of" target="section-2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-eat-types">EAT Types</xref></t> </li> <li pn="section-toc.1-1.3"> <t indent="0" pn="section-toc.1-1.3.1"><xref derivedContent="3" format="counter" sectionFormat="of" target="section-3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-a-media-type-parameter-for-">A Media Type Parameter for EAT Profiles</xref></t> </li> <li pn="section-toc.1-1.4"> <t indent="0" pn="section-toc.1-1.4.1"><xref derivedContent="4" format="counter" sectionFormat="of" target="section-4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-examples">Examples</xref></t> </li> <li pn="section-toc.1-1.5"> <t indent="0" pn="section-toc.1-1.5.1"><xref derivedContent="5" format="counter" sectionFormat="of" target="section-5"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-security-considerations">Security Considerations</xref></t> </li> <li pn="section-toc.1-1.6"> <t indent="0" pn="section-toc.1-1.6.1"><xref derivedContent="6" format="counter" sectionFormat="of" target="section-6"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-iana-considerations">IANA Considerations</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.6.2"> <li pn="section-toc.1-1.6.2.1"> <t indent="0" pn="section-toc.1-1.6.2.1.1"><xref derivedContent="6.1" format="counter" sectionFormat="of" target="section-6.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-cwt-structured-syntax-suffi"><tt>+cwt</tt> Structured Syntax Suffix</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.6.2.1.2"> <li pn="section-toc.1-1.6.2.1.2.1"> <t indent="0" pn="section-toc.1-1.6.2.1.2.1.1"><xref derivedContent="6.1.1" format="counter" sectionFormat="of" target="section-6.1.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-registry-contents">Registry Contents</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.6.2.2"> <t indent="0" pn="section-toc.1-1.6.2.2.1"><xref derivedContent="6.2" format="counter" sectionFormat="of" target="section-6.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-media-types">Media Types</xref></t> </li> <li pn="section-toc.1-1.6.2.3"> <t indent="0" pn="section-toc.1-1.6.2.3.1"><xref derivedContent="6.3" format="counter" sectionFormat="of" target="section-6.3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-application-eatcwt-registra">application/eat+cwt Registration</xref></t> </li> <li pn="section-toc.1-1.6.2.4"> <t indent="0" pn="section-toc.1-1.6.2.4.1"><xref derivedContent="6.4" format="counter" sectionFormat="of" target="section-6.4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-application-eatjwt-registra">application/eat+jwt Registration</xref></t> </li> <li pn="section-toc.1-1.6.2.5"> <t indent="0" pn="section-toc.1-1.6.2.5.1"><xref derivedContent="6.5" format="counter" sectionFormat="of" target="section-6.5"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-application-eat-buncbor-reg">application/eat-bun+cbor Registration</xref></t> </li> <li pn="section-toc.1-1.6.2.6"> <t indent="0" pn="section-toc.1-1.6.2.6.1"><xref derivedContent="6.6" format="counter" sectionFormat="of" target="section-6.6"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-application-eat-bunjson-reg">application/eat-bun+json Registration</xref></t> </li> <li pn="section-toc.1-1.6.2.7"> <t indent="0" pn="section-toc.1-1.6.2.7.1"><xref derivedContent="6.7" format="counter" sectionFormat="of" target="section-6.7"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-application-eat-ucscbor-reg">application/eat-ucs+cbor Registration</xref></t> </li> <li pn="section-toc.1-1.6.2.8"> <t indent="0" pn="section-toc.1-1.6.2.8.1"><xref derivedContent="6.8" format="counter" sectionFormat="of" target="section-6.8"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-application-eat-ucsjson-reg">application/eat-ucs+json Registration</xref></t> </li> <li pn="section-toc.1-1.6.2.9"> <t indent="0" pn="section-toc.1-1.6.2.9.1"><xref derivedContent="6.9" format="counter" sectionFormat="of" target="section-6.9"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-coap-content-format-registr">CoAP Content-Format Registrations</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.7"> <t indent="0" pn="section-toc.1-1.7.1"><xref derivedContent="7" format="counter" sectionFormat="of" target="section-7"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-references">References</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.7.2"> <li pn="section-toc.1-1.7.2.1"> <t indent="0" pn="section-toc.1-1.7.2.1.1"><xref derivedContent="7.1" format="counter" sectionFormat="of" target="section-7.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-normative-references">Normative References</xref></t> </li> <li pn="section-toc.1-1.7.2.2"> <t indent="0" pn="section-toc.1-1.7.2.2.1"><xref derivedContent="7.2" format="counter" sectionFormat="of" target="section-7.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-informative-references">Informative References</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.8"> <t indent="0" pn="section-toc.1-1.8.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.a"/><xref derivedContent="" format="title" sectionFormat="of" target="name-acknowledgments">Acknowledgments</xref></t> </li> <li pn="section-toc.1-1.9"> <t indent="0" pn="section-toc.1-1.9.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.b"/><xref derivedContent="" format="title" sectionFormat="of" target="name-authors-addresses">Authors' Addresses</xref></t> </li> </ul> </section> </toc> </front> <middle><?line 63?><sectionanchor="introduction"> <name>Introduction</name> <t>Payloadsanchor="introduction" numbered="true" removeInRFC="false" toc="include" pn="section-1"> <name slugifiedName="name-introduction">Introduction</name> <t indent="0" pn="section-1-1">Payloads used in RemoteAttestation ProceduresATtestation procedureS (RATS) <xreftarget="RATS-Arch"/>target="RFC9334" format="default" sectionFormat="of" derivedContent="RATS-ARCH"/> may require an associated media type for their conveyance, forexampleexample, when used in RESTful APIs (<xreftarget="fig-api-sd"/>).</t>target="fig-api-sd" format="default" sectionFormat="of" derivedContent="Figure 1"/>).</t> <figureanchor="fig-api-sd"> <name>Conveyinganchor="fig-api-sd" align="left" suppress-title="false" pn="figure-1"> <name slugifiedName="name-conveying-rats-conceptual-m">Conveying RATSconceptual messagesConceptual Messages in REST APIsusing EAT</name> <artset>Using EATs</name> <artset pn="section-1-2.1"> <artwork type="svg"align="center"><svgalign="center" pn="section-1-2.1.1"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="288" width="512" viewBox="0 0 512 288" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,32 L 8,64" fill="none" stroke="black"/> <path d="M 24,64 L 24,272" fill="none" stroke="black"/> <path d="M 136,32 L 136,64" fill="none" stroke="black"/> <path d="M 216,32 L 216,64" fill="none" stroke="black"/> <path d="M 256,64 L 256,272" fill="none" stroke="black"/> <path d="M 304,32 L 304,64" fill="none" stroke="black"/> <path d="M 416,32 L 416,64" fill="none" stroke="black"/> <path d="M 488,64 L 488,272" fill="none" stroke="black"/> <path d="M 504,32 L 504,64" fill="none" stroke="black"/> <path d="M 8,32 L 136,32" fill="none" stroke="black"/> <path d="M 216,32 L 304,32" fill="none" stroke="black"/> <path d="M 416,32 L 504,32" fill="none" stroke="black"/> <path d="M 8,64 L 136,64" fill="none" stroke="black"/> <path d="M 216,64 L 304,64" fill="none" stroke="black"/> <path d="M 416,64 L 504,64" fill="none" stroke="black"/> <path d="M 256,112 L 480,112" fill="none" stroke="black"/> <path d="M 264,160 L 488,160" fill="none" stroke="black"/> <path d="M 32,208 L 256,208" fill="none" stroke="black"/> <path d="M 24,240 L 248,240" fill="none" stroke="black"/> <polygon class="arrowhead" points="488,112 476,106.4 476,117.6" fill="black" transform="rotate(0,480,112)"/> <polygon class="arrowhead" points="272,160 260,154.4 260,165.6" fill="black" transform="rotate(180,264,160)"/> <polygon class="arrowhead" points="256,240 244,234.4 244,245.6" fill="black" transform="rotate(0,248,240)"/> <polygon class="arrowhead" points="40,208 28,202.4 28,213.6" fill="black" transform="rotate(180,32,208)"/> <g class="text"> <text x="48" y="52">Relying</text> <text x="104" y="52">Party</text> <text x="260" y="52">Attester</text> <text x="460" y="52">Verifier</text> <text x="284" y="84">POST</text> <text x="336" y="84">/verify</text> <text x="320" y="100">EAT(Evidence)</text> <text x="440" y="132">200</text> <text x="468" y="132">OK</text> <text x="344" y="148">EAT(Attestation</text> <text x="444" y="148">Results)</text> <text x="180" y="180">POST</text> <text x="224" y="180">/auth</text> <text x="112" y="196">EAT(Attestation</text> <text x="212" y="196">Results)</text> <text x="48" y="228">201</text> <text x="96" y="228">Created</text> </g> </svg> </artwork> <artwork type="ascii-art"align="center"><![CDATA[align="center" pn="section-1-2.1.2"> .---------------. .----------. .----------. | Relying Party | | Attester | | Verifier | '-+-------------' '----+-----' '--------+-' | | POST /verify | | | EAT(Evidence) | |+--------------------------->|+--------------------------->| | | 200 OK | | | EAT(Attestation Results) | ||<---------------------------+|<---------------------------+ | POST /auth | | | EAT(Attestation Results) | ||<---------------------------+|<---------------------------+ | | 201 Created | |+--------------------------->|+--------------------------->| | | | | | | |]]></artwork></artwork> </artset> </figure><t>This<t indent="0" pn="section-1-3">This memo defines media types to be used forEntity Attestation Token (EAT) <xref target="EAT"/>EAT payloads <xref target="RFC9711" format="default" sectionFormat="of" derivedContent="EAT"/> independently of the RATS Conceptual Message in which they manifest themselves. The objective is to give protocol,APIAPI, and application designers a number of readily available and reusable media types for integrating EAT-based messages in their flows,for examplee.g., when using HTTP <xreftarget="BUILD-W-HTTP"/>target="BCP56" format="default" sectionFormat="of" derivedContent="BUILD-W-HTTP"/> orCoAPthe Constrained Application Protocol (CoAP) <xreftarget="REST-IoT"/>.</t>target="I-D.irtf-t2trg-rest-iot" format="default" sectionFormat="of" derivedContent="REST-IoT"/>.</t> <sectionanchor="requirements-language"> <name>Requirements Language</name> <t>Thisanchor="terminology" numbered="true" removeInRFC="false" toc="include" pn="section-1.1"> <name slugifiedName="name-terminology">Terminology</name> <t indent="0" pn="section-1.1-1">This document uses the terms and concepts defined in <xreftarget="RATS-Arch"/>.</t>target="RFC9334" format="default" sectionFormat="of" derivedContent="RATS-ARCH"/>.</t> </section> </section> <sectionanchor="eat-types"> <name>EATanchor="eat-types" numbered="true" removeInRFC="false" toc="include" pn="section-2"> <name slugifiedName="name-eat-types">EAT Types</name><t><xref target="fig-eat-types"/><t indent="0" pn="section-2-1"><xref target="fig-eat-types" format="default" sectionFormat="of" derivedContent="Figure 2"/> illustrates the six EAT wire formats and how they relate to each other. <xreftarget="EAT"/>target="RFC9711" format="default" sectionFormat="of" derivedContent="EAT"/> defines four of them(CWT, JWT(CBOR Web Token (CWT), JSON Web Token (JWT), andDetachedthe detached EATBundlebundle in its JSON and CBOR flavours),whilstwhile <xreftarget="UCCS"/>target="RFC9781" format="default" sectionFormat="of" derivedContent="UCCS"/> definesUCCSthe Unprotected CWT Claims Set (UCCS) andUJCS.</t>Unprotected JWT Claims Sets (UJCS).</t> <figureanchor="fig-eat-types"> <name>EATanchor="fig-eat-types" align="left" suppress-title="false" pn="figure-2"> <name slugifiedName="name-eat-types-2">EAT Types</name><artset><artset pn="section-2-2.1"> <artwork type="svg"align="center"><svgalign="center" pn="section-2-2.1.1"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="544" width="520" viewBox="0 0 520 544" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,432 L 8,464" fill="none" stroke="black"/> <path d="M 72,64 L 72,424" fill="none" stroke="black"/> <path d="M 120,48 L 120,64" fill="none" stroke="black"/> <path d="M 120,112 L 120,128" fill="none" stroke="black"/> <path d="M 120,176 L 120,192" fill="none" stroke="black"/> <path d="M 120,240 L 120,256" fill="none" stroke="black"/> <path d="M 120,304 L 120,320" fill="none" stroke="black"/> <path d="M 120,368 L 120,384" fill="none" stroke="black"/> <path d="M 128,432 L 128,464" fill="none" stroke="black"/> <path d="M 176,32 L 176,48" fill="none" stroke="black"/> <path d="M 176,96 L 176,112" fill="none" stroke="black"/> <path d="M 184,160 L 184,176" fill="none" stroke="black"/> <path d="M 184,224 L 184,240" fill="none" stroke="black"/> <path d="M 184,288 L 184,304" fill="none" stroke="black"/> <path d="M 184,352 L 184,368" fill="none" stroke="black"/> <path d="M 240,512 L 240,528" fill="none" stroke="black"/> <path d="M 272,360 L 272,448" fill="none" stroke="black"/> <path d="M 328,496 L 328,512" fill="none" stroke="black"/> <path d="M 336,256 L 336,288" fill="none" stroke="black"/> <path d="M 352,368 L 352,400" fill="none" stroke="black"/> <path d="M 360,496 L 360,528" fill="none" stroke="black"/> <path d="M 368,224 L 368,256" fill="none" stroke="black"/> <path d="M 368,288 L 368,320" fill="none" stroke="black"/> <path d="M 384,128 L 384,256" fill="none" stroke="black"/> <path d="M 384,296 L 384,368" fill="none" stroke="black"/> <path d="M 384,408 L 384,432" fill="none" stroke="black"/> <path d="M 400,64 L 400,256" fill="none" stroke="black"/> <path d="M 400,288 L 400,360" fill="none" stroke="black"/> <path d="M 416,496 L 416,528" fill="none" stroke="black"/> <path d="M 424,368 L 424,400" fill="none" stroke="black"/> <path d="M 440,256 L 440,288" fill="none" stroke="black"/> <path d="M 472,288 L 472,312" fill="none" stroke="black"/> <path d="M 472,352 L 472,368" fill="none" stroke="black"/> <path d="M 136,32 L 176,32" fill="none" stroke="black"/> <path d="M 88,48 L 120,48" fill="none" stroke="black"/> <path d="M 184,48 L 384,48" fill="none" stroke="black"/> <path d="M 120,64 L 160,64" fill="none" stroke="black"/> <path d="M 136,96 L 176,96" fill="none" stroke="black"/> <path d="M 72,112 L 120,112" fill="none" stroke="black"/> <path d="M 184,112 L 368,112" fill="none" stroke="black"/> <path d="M 120,128 L 160,128" fill="none" stroke="black"/> <path d="M 136,160 L 184,160" fill="none" stroke="black"/> <path d="M 72,176 L 120,176" fill="none" stroke="black"/> <path d="M 192,176 L 240,176" fill="none" stroke="black"/> <path d="M 120,192 L 168,192" fill="none" stroke="black"/> <path d="M 240,192 L 280,192" fill="none" stroke="black"/> <path d="M 304,208 L 352,208" fill="none" stroke="black"/> <path d="M 136,224 L 184,224" fill="none" stroke="black"/> <path d="M 240,224 L 280,224" fill="none" stroke="black"/> <path d="M 72,240 L 120,240" fill="none" stroke="black"/> <path d="M 192,240 L 240,240" fill="none" stroke="black"/> <path d="M 120,256 L 168,256" fill="none" stroke="black"/> <path d="M 336,256 L 440,256" fill="none" stroke="black"/> <path d="M 440,272 L 456,272" fill="none" stroke="black"/> <path d="M 136,288 L 184,288" fill="none" stroke="black"/> <path d="M 336,288 L 440,288" fill="none" stroke="black"/> <path d="M 72,304 L 120,304" fill="none" stroke="black"/> <path d="M 192,304 L 240,304" fill="none" stroke="black"/> <path d="M 120,320 L 168,320" fill="none" stroke="black"/> <path d="M 240,320 L 280,320" fill="none" stroke="black"/> <path d="M 456,320 L 496,320" fill="none" stroke="black"/> <path d="M 304,336 L 352,336" fill="none" stroke="black"/> <path d="M 136,352 L 184,352" fill="none" stroke="black"/> <path d="M 240,352 L 280,352" fill="none" stroke="black"/> <path d="M 456,352 L 496,352" fill="none" stroke="black"/> <path d="M 72,368 L 120,368" fill="none" stroke="black"/> <path d="M 192,368 L 240,368" fill="none" stroke="black"/> <path d="M 352,368 L 424,368" fill="none" stroke="black"/> <path d="M 120,384 L 168,384" fill="none" stroke="black"/> <path d="M 432,384 L 456,384" fill="none" stroke="black"/> <path d="M 352,400 L 424,400" fill="none" stroke="black"/> <path d="M 8,432 L 128,432" fill="none" stroke="black"/> <path d="M 128,448 L 368,448" fill="none" stroke="black"/> <path d="M 8,464 L 128,464" fill="none" stroke="black"/> <path d="M 144,496 L 192,496" fill="none" stroke="black"/> <path d="M 256,496 L 328,496" fill="none" stroke="black"/> <path d="M 360,496 L 416,496" fill="none" stroke="black"/> <path d="M 144,528 L 192,528" fill="none" stroke="black"/> <path d="M 240,528 L 312,528" fill="none" stroke="black"/> <path d="M 360,528 L 416,528" fill="none" stroke="black"/> <path d="M 136,32 C 127.16936,32 120,39.16936 120,48" fill="none" stroke="black"/> <path d="M 88,48 C 79.16936,48 72,55.16936 72,64" fill="none" stroke="black"/> <path d="M 384,48 C 392.83064,48 400,55.16936 400,64" fill="none" stroke="black"/> <path d="M 160,64 C 168.83064,64 176,56.83064 176,48" fill="none" stroke="black"/> <path d="M 136,96 C 127.16936,96 120,103.16936 120,112" fill="none" stroke="black"/> <path d="M 368,112 C 376.83064,112 384,119.16936 384,128" fill="none" stroke="black"/> <path d="M 160,128 C 168.83064,128 176,120.83064 176,112" fill="none" stroke="black"/> <path d="M 136,160 C 127.16936,160 120,167.16936 120,176" fill="none" stroke="black"/> <path d="M 240,176 C 248.83064,176 256,183.16936 256,192" fill="none" stroke="black"/> <path d="M 168,192 C 176.83064,192 184,184.83064 184,176" fill="none" stroke="black"/> <path d="M 240,192 C 231.16936,192 224,199.16936 224,208" fill="none" stroke="black"/> <path d="M 280,192 C 288.83064,192 296,199.16936 296,208" fill="none" stroke="black"/> <path d="M 352,208 C 360.83064,208 368,215.16936 368,224" fill="none" stroke="black"/> <path d="M 136,224 C 127.16936,224 120,231.16936 120,240" fill="none" stroke="black"/> <path d="M 240,224 C 231.16936,224 224,216.83064 224,208" fill="none" stroke="black"/> <path d="M 280,224 C 288.83064,224 296,216.83064 296,208" fill="none" stroke="black"/> <path d="M 240,240 C 248.83064,240 256,232.83064 256,224" fill="none" stroke="black"/> <path d="M 168,256 C 176.83064,256 184,248.83064 184,240" fill="none" stroke="black"/> <path d="M 456,272 C 464.83064,272 472,279.16936 472,288" fill="none" stroke="black"/> <path d="M 136,288 C 127.16936,288 120,295.16936 120,304" fill="none" stroke="black"/> <path d="M 240,304 C 248.83064,304 256,311.16936 256,320" fill="none" stroke="black"/> <path d="M 168,320 C 176.83064,320 184,312.83064 184,304" fill="none" stroke="black"/> <path d="M 240,320 C 231.16936,320 224,327.16936 224,336" fill="none" stroke="black"/> <path d="M 280,320 C 288.83064,320 296,327.16936 296,336" fill="none" stroke="black"/> <path d="M 456,320 C 447.16936,320 440,327.16936 440,336" fill="none" stroke="black"/> <path d="M 496,320 C 504.83064,320 512,327.16936 512,336" fill="none" stroke="black"/> <path d="M 352,336 C 360.83064,336 368,328.83064 368,320" fill="none" stroke="black"/> <path d="M 136,352 C 127.16936,352 120,359.16936 120,368" fill="none" stroke="black"/> <path d="M 240,352 C 231.16936,352 224,344.83064 224,336" fill="none" stroke="black"/> <path d="M 280,352 C 288.83064,352 296,344.83064 296,336" fill="none" stroke="black"/> <path d="M 456,352 C 447.16936,352 440,344.83064 440,336" fill="none" stroke="black"/> <path d="M 496,352 C 504.83064,352 512,344.83064 512,336" fill="none" stroke="black"/> <path d="M 240,368 C 248.83064,368 256,360.83064 256,352" fill="none" stroke="black"/> <path d="M 168,384 C 176.83064,384 184,376.83064 184,368" fill="none" stroke="black"/> <path d="M 456,384 C 464.83064,384 472,376.83064 472,368" fill="none" stroke="black"/> <path d="M 368,448 C 376.83064,448 384,440.83064 384,432" fill="none" stroke="black"/> <path d="M 144,496 C 135.16936,496 128,503.16936 128,512" fill="none" stroke="black"/> <path d="M 192,496 C 200.83064,496 208,503.16936 208,512" fill="none" stroke="black"/> <path d="M 256,496 C 247.16936,496 240,503.16936 240,512" fill="none" stroke="black"/> <path d="M 144,528 C 135.16936,528 128,520.83064 128,512" fill="none" stroke="black"/> <path d="M 192,528 C 200.83064,528 208,520.83064 208,512" fill="none" stroke="black"/> <path d="M 312,528 C 320.83064,528 328,520.83064 328,512" fill="none" stroke="black"/> <polygon class="arrowhead" points="480,312 468,306.4 468,317.6" fill="black" transform="rotate(90,472,312)"/> <polygon class="arrowhead" points="440,384 428,378.4 428,389.6" fill="black" transform="rotate(180,432,384)"/> <polygon class="arrowhead" points="408,360 396,354.4 396,365.6" fill="black" transform="rotate(90,400,360)"/> <polygon class="arrowhead" points="392,408 380,402.4 380,413.6" fill="black" transform="rotate(270,384,408)"/> <polygon class="arrowhead" points="392,296 380,290.4 380,301.6" fill="black" transform="rotate(270,384,296)"/> <polygon class="arrowhead" points="312,336 300,330.4 300,341.6" fill="black" transform="rotate(180,304,336)"/> <polygon class="arrowhead" points="312,208 300,202.4 300,213.6" fill="black" transform="rotate(180,304,208)"/> <polygon class="arrowhead" points="280,360 268,354.4 268,365.6" fill="black" transform="rotate(270,272,360)"/> <polygon class="arrowhead" points="200,368 188,362.4 188,373.6" fill="black" transform="rotate(180,192,368)"/> <polygon class="arrowhead" points="200,304 188,298.4 188,309.6" fill="black" transform="rotate(180,192,304)"/> <polygon class="arrowhead" points="200,240 188,234.4 188,245.6" fill="black" transform="rotate(180,192,240)"/> <polygon class="arrowhead" points="200,176 188,170.4 188,181.6" fill="black" transform="rotate(180,192,176)"/> <polygon class="arrowhead" points="192,112 180,106.4 180,117.6" fill="black" transform="rotate(180,184,112)"/> <polygon class="arrowhead" points="192,48 180,42.4 180,53.6" fill="black" transform="rotate(180,184,48)"/> <polygon class="arrowhead" points="80,424 68,418.4 68,429.6" fill="black" transform="rotate(90,72,424)"/> <g class="text"> <text x="148" y="52">UJCS</text> <text x="148" y="116">UCCS</text> <text x="152" y="180">JWT</text> <text x="260" y="212">Crypto</text> <text x="152" y="244">CWT</text> <text x="388" y="276">Claims-Set</text> <text x="152" y="308">BUN-J</text> <text x="260" y="340">Bundle</text> <text x="476" y="340">Digest</text> <text x="152" y="372">BUN-C</text> <text x="388" y="388">submod</text> <text x="68" y="452">Nested-Token</text> <text x="76"y="516">Legenda:</text>y="516">Legend:</text> <text x="168" y="516">Process</text> <text x="268" y="516">Wire</text> <text x="304" y="516">Fmt</text> <text x="388" y="516">CDDL</text> </g> </svg> </artwork> <artwork type="ascii-art"align="center"><![CDATA[align="center" pn="section-2-2.1.2"> .-----. .----+ UJCS|<-------------------------.|<-------------------------. | '-----' | | | | .-----. | +-----+ UCCS|<-----------------------.|<-----------------------. | | '-----' | | | | | | .------. | | +-----+ JWT|<------.|<------. | | | '------' .--+---. | | | | Crypto|<------.|<------. | | | .------. '--+---' | | | +-----+ CWT|<------'|<------' | | | | '------' .---+-+-+----. | | Claims-Set +--. | .------. '---+---+----' | +-----+ BUN-J|<------.|<------. | ^ | v | '------' .--+---. | | | .------. | | Bundle|<------'|<------' | | | Digest | | .------. '--+---' | v '--+---' +-----+ BUN-C|<------'|<------' ^ .---+----. | | '------' | | submod|<---'|<---' | | '--------' v | ^ .--------------. | | | Nested-Token +-----------------+------------' '--------------' .-------. .---------. .------.Legenda:Legend: | Process | | Wire Fmt | | CDDL | '-------' '---------' '------']]></artwork></artwork> </artset> </figure> </section> <sectionanchor="a-media-type-parameter-for-eat-profiles"> <name>Aanchor="a-media-type-parameter-for-eat-profiles" numbered="true" removeInRFC="false" toc="include" pn="section-3"> <name slugifiedName="name-a-media-type-parameter-for-">A Media Type Parameter for EAT Profiles</name><t>EAT<t indent="0" pn="section-3-1">EAT is an open and flexible format. To improve interoperability, <xref section="6" sectionFormat="of"target="EAT"/>target="RFC9711" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9711#section-6" derivedContent="EAT"/> defines the concept of EAT profiles. Profiles are used to constrain the parameters that producers and consumers of a specific EAT profile need to understand in order tointeroperate. For example:interoperate, e.g., the number and type of claims, which serialisation format, the supported signature schemes, etc. EATs carry an in-band profile identifier using the<tt>eat_profile</tt>"eat_profile" claim (see <xref section="4.3.2" sectionFormat="of"target="EAT"/>).target="RFC9711" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9711#section-4.3.2" derivedContent="EAT"/>). The value of the<tt>eat_profile</tt>"eat_profile" claim is either an OID or a URI.</t><t>The<t indent="0" pn="section-3-2">The media types defined in this document include an optional<tt>eat_profile</tt>"eat_profile" parameter that can be used to mirror the<tt>eat_profile</tt>"eat_profile" claim of the transported EAT. Exposing the EAT profile at the API layer allows API routers to dispatch payloads directly to the profile-specific processor without having to snoop into the request bodies. This design also provides a finer-grained and scalable type system that matches the inherent extensibility of EAT. The expectation being that a certain EAT profile automatically obtains a media type derived from the base (e.g.,<tt>application/eat+cwt)</tt><tt>application/eat+cwt</tt>) by populating the<tt>eat_profile</tt>"eat_profile" parameter with the corresponding OID or URL.</t><t>When<t indent="0" pn="section-3-3">When the parameterised version of the EAT media type is used in HTTP (for example, with the "Content-Type" and "Accept"headers),headers) and the value is an absolute URI (<xref section="4.3" sectionFormat="of"target="URI"/>),target="RFC3986" format="default" derivedLink="https://rfc-editor.org/rfc/rfc3986#section-4.3" derivedContent="URI"/>), the <tt>parameter-value</tt> (<xref section="A" sectionFormat="of"target="HTTP"/>)target="RFC9110" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9110#appendix-A" derivedContent="HTTP"/>) uses the <tt>quoted-string</tt> encoding,e.g.:</t> <ul empty="true"> <li> <t><tt>application/eat+jwt;for example:</t> <t indent="5" pn="section-3-4"><tt>application/eat+jwt; eat_profile="tag:evidence.example,2022"</tt></t></li> </ul> <t>Instead,<t indent="0" pn="section-3-5">Instead, when the EAT profile is an OID, the <tt>token</tt> encoding (i.e., without quotes) can beused, e.g.:</t> <ul empty="true"> <li> <t><tt>application/eat+cwt;used. For example:</t> <t indent="5" pn="section-3-6"><tt>application/eat+cwt; eat_profile=2.999.1</tt>.</t></li> </ul></section> <sectionanchor="examples"> <name>Examples</name> <t>Theanchor="examples" numbered="true" removeInRFC="false" toc="include" pn="section-4"> <name slugifiedName="name-examples">Examples</name> <t indent="0" pn="section-4-1">The example in <xreftarget="fig-rest-req"/>target="fig-rest-req" format="default" sectionFormat="of" derivedContent="Figure 3"/> illustrates the usage of EAT media types for transporting attestation evidence as well as negotiating the acceptable format of the attestation result.</t> <figureanchor="fig-rest-req"> <name>Exampleanchor="fig-rest-req" align="left" suppress-title="false" pn="figure-3"> <name slugifiedName="name-example-rest-verification-a">Example REST Verification API (request)</name> <sourcecodetype="http-message"><![CDATA[ #type="http-message" markers="false" pn="section-4-2.1"> NOTE: '\' line wrapping per RFC 8792 POST /challenge-response/v1/session/1234567890 HTTP/1.1 Host: verifier.example Accept: application/eat+cwt; eat_profile="tag:ar4si.example,2021" Content-Type: application/eat+cwt; \ eat_profile="tag:evidence.example,2022" [ CBOR-encoded EAT w/ eat_profile="tag:evidence.example,2022" ]]]></sourcecode></sourcecode> </figure><t>The<t indent="0" pn="section-4-3">The example in <xreftarget="fig-rest-rsp"/>target="fig-rest-rsp" format="default" sectionFormat="of" derivedContent="Figure 4"/> illustrates the usage of EAT media types for transporting attestation results.</t> <figureanchor="fig-rest-rsp"> <name>Exampleanchor="fig-rest-rsp" align="left" suppress-title="false" pn="figure-4"> <name slugifiedName="name-example-rest-verification-ap">Example REST Verification API (response)</name> <sourcecodetype="http-message"><![CDATA[ #type="http-message" markers="false" pn="section-4-4.1"> NOTE: '\' line wrapping per RFC 8792 HTTP/1.1 200 OK Content-Type: application/eat+cwt; \ eat_profile="tag:ar4si.example,2021" [ CBOR-encoded EAT w/ eat_profile="tag:ar4si.example,2021" ]]]></sourcecode></sourcecode> </figure><t>In<t indent="0" pn="section-4-5">In both cases, a tag URI <xreftarget="TAG"/>target="RFC4151" format="default" sectionFormat="of" derivedContent="TAG"/> identifying the profile is carried as an explicit parameter.</t> </section> <sectionanchor="seccons"> <name>Securityanchor="seccons" numbered="true" removeInRFC="false" toc="include" pn="section-5"> <name slugifiedName="name-security-considerations">Security Considerations</name><t>Media<t indent="0" pn="section-5-1">Media types only provide clues to the processing application. The application must verify that the received data matches the expected format, regardless of the advertised media type, and stop further processing on failure. Failing to do so could expose the user to security risks, such as privilege escalation and cross-protocol attacks.</t><t>The<t indent="0" pn="section-5-2">The securityconsiderationconsiderations of <xreftarget="EAT"/>target="RFC9711" format="default" sectionFormat="of" derivedContent="EAT"/> and <xreftarget="UCCS"/>target="RFC9781" format="default" sectionFormat="of" derivedContent="UCCS"/> apply in full.</t><t>In particular, when<t indent="0" pn="section-5-3">When using <tt>application/eat-ucs+json</tt> and <tt>application/eat-ucs+cbor</tt> in particular, the reader should review <xref section="3" sectionFormat="of"target="UCCS"/>,target="RFC9781" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9781#section-3" derivedContent="UCCS"/>, which contains a detailed discussion about the characteristics of a "Secure Channel" for conveyance of such messages.</t> </section> <sectionanchor="iana-considerations"> <name>IANAanchor="iana-considerations" numbered="true" removeInRFC="false" toc="include" pn="section-6"> <name slugifiedName="name-iana-considerations">IANA Considerations</name><t><cref anchor="to-be-removed">RFC Editor: please replace RFCthis with this RFC number and remove this note.</cref></t><sectionanchor="cwt-structured-syntax-suffix"> <name><tt>+cwt</tt>anchor="cwt-structured-syntax-suffix" numbered="true" removeInRFC="false" toc="include" pn="section-6.1"> <name slugifiedName="name-cwt-structured-syntax-suffi"><tt>+cwt</tt> Structured Syntax Suffix</name><t>IANA is requested to register the<t indent="0" pn="section-6.1-1">IANA has registered <tt>+cwt</tt>structured syntax suffixin the "Structured Syntax Suffixes" registry <xreftarget="IANA.media-type-structured-suffix"/>target="STRUCT-SYNTAX" format="default" sectionFormat="of" derivedContent="STRUCT-SYNTAX"/> in the manner described in <xreftarget="MediaTypes"/>, whichtarget="RFC6838" format="default" sectionFormat="of" derivedContent="MEDIATYPES"/>. <tt>+cwt</tt> can be used to indicate that the media type is encoded as a CWT.</t> <sectionanchor="registry-contents"> <name>Registryanchor="registry-contents" numbered="true" removeInRFC="false" toc="include" pn="section-6.1.1"> <name slugifiedName="name-registry-contents">Registry Contents</name> <dlspacing="compact"> <dt>Name:</dt> <dd> <t>CBORspacing="normal" newline="false" indent="3" pn="section-6.1.1-1"> <dt pn="section-6.1.1-1.1">Name:</dt> <dd pn="section-6.1.1-1.2"> <t indent="0" pn="section-6.1.1-1.2.1">CBOR Web Token (CWT)</t> </dd><dt>+suffix:</dt> <dd> <t>+cwt</t> </dd> <dt>References:</dt> <dd> <t><xref target="CWT"/></t><dt pn="section-6.1.1-1.3">+suffix:</dt> <dd pn="section-6.1.1-1.4"> <t indent="0" pn="section-6.1.1-1.4.1"><tt>+cwt</tt></t> </dd> <dt pn="section-6.1.1-1.5">References:</dt> <dd pn="section-6.1.1-1.6"> <t indent="0" pn="section-6.1.1-1.6.1"><xref target="RFC8392" format="default" sectionFormat="of" derivedContent="CWT"/></t> </dd><dt>Encoding<dt pn="section-6.1.1-1.7">Encoding Considerations:</dt><dd> <t>binary</t><dd pn="section-6.1.1-1.8"> <t indent="0" pn="section-6.1.1-1.8.1">binary</t> </dd><dt>Interoperability<dt pn="section-6.1.1-1.9">Interoperability Considerations:</dt><dd> <t>N/A</t><dd pn="section-6.1.1-1.10"> <t indent="0" pn="section-6.1.1-1.10.1">N/A</t> </dd><dt>Fragment<dt pn="section-6.1.1-1.11">Fragment Identifier Considerations:</dt><dd> <t>The<dd pn="section-6.1.1-1.12"> <t indent="0" pn="section-6.1.1-1.12.1">The syntax and semantics of fragment identifiers specified for+cwt<tt>+cwt</tt> SHOULD be as specified for <tt>application/cwt</tt>. (Atpublicationthe time ofthis document,publication, there is no fragment identification syntax defined for <tt>application/cwt</tt>.)</t> </dd><dt>Security<dt pn="section-6.1.1-1.13">Security Considerations:</dt><dd> <t>See<dd pn="section-6.1.1-1.14"> <t indent="0" pn="section-6.1.1-1.14.1">See <xref section="8" sectionFormat="of"target="CWT"/></t> </dd> <dt>Contact:</dt> <dd> <t>RATStarget="RFC8392" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8392#section-8" derivedContent="CWT"/></t> </dd> <dt pn="section-6.1.1-1.15">Contact:</dt> <dd pn="section-6.1.1-1.16"> <t indent="0" pn="section-6.1.1-1.16.1">RATS WG mailing list (rats@ietf.org), or IETF Security Area (saag@ietf.org)</t> </dd><dt>Author/Change<dt pn="section-6.1.1-1.17">Author/Change Controller:</dt><dd> <t>Remote<dd pn="section-6.1.1-1.18"> <t indent="0" pn="section-6.1.1-1.18.1">Remote ATtestation ProcedureS (RATS) Working Group. The IETF has change control over this registration.</t> </dd> </dl> </section> </section> <sectionanchor="media-type"> <name>Mediaanchor="media-type" numbered="true" removeInRFC="false" toc="include" pn="section-6.2"> <name slugifiedName="name-media-types">Media Types</name><t>IANA is requested to add<t indent="0" pn="section-6.2-1">IANA has registered the following media typestoin the "Media Types" registry <xreftarget="IANA.media-types"/>.</t>target="MEDIA-TYPES" format="default" sectionFormat="of" derivedContent="MEDIA-TYPES"/>.</t> <tablealign="left" anchor="new-media-type"> <name>Newalign="center" anchor="new-media-type" pn="table-1"> <name slugifiedName="name-new-media-types">New Media Types</name> <thead> <tr> <thalign="left">Name</th>align="left" colspan="1" rowspan="1">Name</th> <thalign="left">Template</th>align="left" colspan="1" rowspan="1">Template</th> <thalign="left">Reference</th>align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <tdalign="left">EATalign="left" colspan="1" rowspan="1">EAT CWT</td> <tdalign="left">application/eat+cwt</td>align="left" colspan="1" rowspan="1">application/eat+cwt</td> <tdalign="left">RFCthis,align="left" colspan="1" rowspan="1">RFC 9782, <xreftarget="media-type-eat-cwt"/></td>target="media-type-eat-cwt" format="default" sectionFormat="of" derivedContent="Section 6.3"/></td> </tr> <tr> <tdalign="left">EATalign="left" colspan="1" rowspan="1">EAT JWT</td> <tdalign="left">application/eat+jwt</td>align="left" colspan="1" rowspan="1">application/eat+jwt</td> <tdalign="left">RFCthis,align="left" colspan="1" rowspan="1">RFC 9782, <xreftarget="media-type-eat-jwt"/></td>target="media-type-eat-jwt" format="default" sectionFormat="of" derivedContent="Section 6.4"/></td> </tr> <tr> <tdalign="left">Detachedalign="left" colspan="1" rowspan="1">Detached EAT Bundle CBOR</td> <tdalign="left">application/eat-bun+cbor</td>align="left" colspan="1" rowspan="1">application/eat-bun+cbor</td> <tdalign="left">RFCthis,align="left" colspan="1" rowspan="1">RFC 9782, <xreftarget="media-type-deb-cbor"/></td>target="media-type-deb-cbor" format="default" sectionFormat="of" derivedContent="Section 6.5"/></td> </tr> <tr> <tdalign="left">Detachedalign="left" colspan="1" rowspan="1">Detached EAT Bundle JSON</td> <tdalign="left">application/eat-bun+json</td>align="left" colspan="1" rowspan="1">application/eat-bun+json</td> <tdalign="left">RFCthis,align="left" colspan="1" rowspan="1">RFC 9782, <xreftarget="media-type-deb-json"/></td>target="media-type-deb-json" format="default" sectionFormat="of" derivedContent="Section 6.6"/></td> </tr> <tr> <tdalign="left">EATalign="left" colspan="1" rowspan="1">EAT UCCS</td> <tdalign="left">application/eat-ucs+cbor</td>align="left" colspan="1" rowspan="1">application/eat-ucs+cbor</td> <tdalign="left">RFCthis,align="left" colspan="1" rowspan="1">RFC 9782, <xreftarget="media-type-ucs-cbor"/></td>target="media-type-ucs-cbor" format="default" sectionFormat="of" derivedContent="Section 6.7"/></td> </tr> <tr> <tdalign="left">EATalign="left" colspan="1" rowspan="1">EAT UJCS</td> <tdalign="left">application/eat-ucs+json</td>align="left" colspan="1" rowspan="1">application/eat-ucs+json</td> <tdalign="left">RFCthis,align="left" colspan="1" rowspan="1">RFC 9782, <xreftarget="media-type-ucs-json"/></td>target="media-type-ucs-json" format="default" sectionFormat="of" derivedContent="Section 6.8"/></td> </tr> </tbody> </table> </section> <sectionanchor="media-type-eat-cwt"> <name>application/eat+cwtanchor="media-type-eat-cwt" numbered="true" removeInRFC="false" toc="include" pn="section-6.3"> <name slugifiedName="name-application-eatcwt-registra">application/eat+cwt Registration</name> <dlspacing="compact"> <dt>Typespacing="normal" newline="false" indent="3" pn="section-6.3-1"> <dt pn="section-6.3-1.1">Type name:</dt><dd> <t>application</t><dd pn="section-6.3-1.2"> <t indent="0" pn="section-6.3-1.2.1">application</t> </dd><dt>Subtype<dt pn="section-6.3-1.3">Subtype name:</dt><dd> <t>eat+cwt</t><dd pn="section-6.3-1.4"> <t indent="0" pn="section-6.3-1.4.1">eat+cwt</t> </dd><dt>Required<dt pn="section-6.3-1.5">Required parameters:</dt><dd> <t>n/a</t><dd pn="section-6.3-1.6"> <t indent="0" pn="section-6.3-1.6.1">N/A</t> </dd><dt>Optional<dt pn="section-6.3-1.7">Optional parameters:</dt><dd> <t>"eat_profile"<dd pn="section-6.3-1.8"> <t indent="0" pn="section-6.3-1.8.1">"eat_profile" (EAT profile in string format. OIDs must use the dotted-decimal notation. The parameter value iscase-insensitive.)</t>case insensitive.)</t> </dd><dt>Encoding<dt pn="section-6.3-1.9">Encoding considerations:</dt><dd> <t>binary</t><dd pn="section-6.3-1.10"> <t indent="0" pn="section-6.3-1.10.1">binary</t> </dd><dt>Security<dt pn="section-6.3-1.11">Security considerations:</dt><dd> <t><xref<dd pn="section-6.3-1.12"> <t indent="0" pn="section-6.3-1.12.1"><xref section="9" sectionFormat="of"target="EAT"/></t>target="RFC9711" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9711#section-9" derivedContent="EAT"/></t> </dd><dt>Interoperability<dt pn="section-6.3-1.13">Interoperability considerations:</dt><dd> <t>n/a</t><dd pn="section-6.3-1.14"> <t indent="0" pn="section-6.3-1.14.1">N/A</t> </dd><dt>Published<dt pn="section-6.3-1.15">Published specification:</dt><dd> <t>RFCthis</t><dd pn="section-6.3-1.16"> <t indent="0" pn="section-6.3-1.16.1">RFC 9782</t> </dd><dt>Applications<dt pn="section-6.3-1.17">Applications that use this media type:</dt><dd> <t>Attesters,<dd pn="section-6.3-1.18"> <t indent="0" pn="section-6.3-1.18.1">Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer EAT payloads over HTTP(S), CoAP(S), and other transports.</t> </dd><dt>Fragment<dt pn="section-6.3-1.19">Fragment identifier considerations:</dt><dd> <t>n/a</t><dd pn="section-6.3-1.20"> <t indent="0" pn="section-6.3-1.20.1">N/A</t> </dd><dt>Person<dt pn="section-6.3-1.21">Person & email address to contact for further information:</dt><dd> <t>RATS<dd pn="section-6.3-1.22"> <t indent="0" pn="section-6.3-1.22.1">RATS WG mailing list (rats@ietf.org)</t> </dd><dt>Intended<dt pn="section-6.3-1.23">Intended usage:</dt><dd> <t>COMMON</t><dd pn="section-6.3-1.24"> <t indent="0" pn="section-6.3-1.24.1">COMMON</t> </dd><dt>Restrictions<dt pn="section-6.3-1.25">Restrictions on usage:</dt><dd> <t>none</t><dd pn="section-6.3-1.26"> <t indent="0" pn="section-6.3-1.26.1">none</t> </dd><dt>Author/Change<dt pn="section-6.3-1.27">Author/Change controller:</dt><dd> <t>IETF</t><dd pn="section-6.3-1.28"> <t indent="0" pn="section-6.3-1.28.1">IETF</t> </dd><dt>Provisional<dt pn="section-6.3-1.29">Provisional registration:</dt><dd> <t>no</t><dd pn="section-6.3-1.30"> <t indent="0" pn="section-6.3-1.30.1">no</t> </dd> </dl> </section> <sectionanchor="media-type-eat-jwt"> <name>application/eat+jwtanchor="media-type-eat-jwt" numbered="true" removeInRFC="false" toc="include" pn="section-6.4"> <name slugifiedName="name-application-eatjwt-registra">application/eat+jwt Registration</name> <dlspacing="compact"> <dt>Typespacing="normal" newline="false" indent="3" pn="section-6.4-1"> <dt pn="section-6.4-1.1">Type name:</dt><dd> <t>application</t><dd pn="section-6.4-1.2"> <t indent="0" pn="section-6.4-1.2.1">application</t> </dd><dt>Subtype<dt pn="section-6.4-1.3">Subtype name:</dt><dd> <t>eat+jwt</t><dd pn="section-6.4-1.4"> <t indent="0" pn="section-6.4-1.4.1">eat+jwt</t> </dd><dt>Required<dt pn="section-6.4-1.5">Required parameters:</dt><dd> <t>n/a</t><dd pn="section-6.4-1.6"> <t indent="0" pn="section-6.4-1.6.1">N/A</t> </dd><dt>Optional<dt pn="section-6.4-1.7">Optional parameters:</dt><dd> <t>"eat_profile"<dd pn="section-6.4-1.8"> <t indent="0" pn="section-6.4-1.8.1">"eat_profile" (EAT profile in string format. OIDs must use the dotted-decimal notation. The parameter value iscase-insensitive.)</t>case insensitive.)</t> </dd><dt>Encoding<dt pn="section-6.4-1.9">Encoding considerations:</dt><dd> <t>8bit</t><dd pn="section-6.4-1.10"> <t indent="0" pn="section-6.4-1.10.1">8bit</t> </dd><dt>Security<dt pn="section-6.4-1.11">Security considerations:</dt><dd> <t><xref<dd pn="section-6.4-1.12"> <t indent="0" pn="section-6.4-1.12.1"><xref section="9" sectionFormat="of"target="EAT"/>target="RFC9711" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9711#section-9" derivedContent="EAT"/> and <xreftarget="BCP225"/></t>target="BCP225" format="default" sectionFormat="of" derivedContent="BCP225"/></t> </dd><dt>Interoperability<dt pn="section-6.4-1.13">Interoperability considerations:</dt><dd> <t>n/a</t><dd pn="section-6.4-1.14"> <t indent="0" pn="section-6.4-1.14.1">N/A</t> </dd><dt>Published<dt pn="section-6.4-1.15">Published specification:</dt><dd> <t>RFCthis</t><dd pn="section-6.4-1.16"> <t indent="0" pn="section-6.4-1.16.1">RFC 9782</t> </dd><dt>Applications<dt pn="section-6.4-1.17">Applications that use this mediatype</dt> <dd> <t>Attesters,type:</dt> <dd pn="section-6.4-1.18"> <t indent="0" pn="section-6.4-1.18.1">Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer EAT payloads over HTTP(S), CoAP(S), and other transports.</t> </dd><dt>Fragment<dt pn="section-6.4-1.19">Fragment identifier considerations:</dt><dd> <t>n/a</t><dd pn="section-6.4-1.20"> <t indent="0" pn="section-6.4-1.20.1">N/A</t> </dd><dt>Person<dt pn="section-6.4-1.21">Person & email address to contact for further information:</dt><dd> <t>RATS<dd pn="section-6.4-1.22"> <t indent="0" pn="section-6.4-1.22.1">RATS WG mailing list (rats@ietf.org)</t> </dd><dt>Intended<dt pn="section-6.4-1.23">Intended usage:</dt><dd> <t>COMMON</t><dd pn="section-6.4-1.24"> <t indent="0" pn="section-6.4-1.24.1">COMMON</t> </dd><dt>Restrictions<dt pn="section-6.4-1.25">Restrictions on usage:</dt><dd> <t>none</t><dd pn="section-6.4-1.26"> <t indent="0" pn="section-6.4-1.26.1">none</t> </dd><dt>Author/Change<dt pn="section-6.4-1.27">Author/Change controller:</dt><dd> <t>IETF</t><dd pn="section-6.4-1.28"> <t indent="0" pn="section-6.4-1.28.1">IETF</t> </dd><dt>Provisional<dt pn="section-6.4-1.29">Provisional registration:</dt><dd> <t>no</t><dd pn="section-6.4-1.30"> <t indent="0" pn="section-6.4-1.30.1">no</t> </dd> </dl> </section> <sectionanchor="media-type-deb-cbor"> <name>application/eat-bun+cboranchor="media-type-deb-cbor" numbered="true" removeInRFC="false" toc="include" pn="section-6.5"> <name slugifiedName="name-application-eat-buncbor-reg">application/eat-bun+cbor Registration</name> <dlspacing="compact"> <dt>Typespacing="normal" newline="false" indent="3" pn="section-6.5-1"> <dt pn="section-6.5-1.1">Type name:</dt><dd> <t>application</t><dd pn="section-6.5-1.2"> <t indent="0" pn="section-6.5-1.2.1">application</t> </dd><dt>Subtype<dt pn="section-6.5-1.3">Subtype name:</dt><dd> <t>eat-bun+cbor</t><dd pn="section-6.5-1.4"> <t indent="0" pn="section-6.5-1.4.1">eat-bun+cbor</t> </dd><dt>Required<dt pn="section-6.5-1.5">Required parameters:</dt><dd> <t>n/a</t><dd pn="section-6.5-1.6"> <t indent="0" pn="section-6.5-1.6.1">N/A</t> </dd><dt>Optional<dt pn="section-6.5-1.7">Optional parameters:</dt><dd> <t>"eat_profile"<dd pn="section-6.5-1.8"> <t indent="0" pn="section-6.5-1.8.1">"eat_profile" (EAT profile in string format. OIDs must use the dotted-decimal notation. The parameter value iscase-insensitive.)</t>case insensitive.)</t> </dd><dt>Encoding<dt pn="section-6.5-1.9">Encoding considerations:</dt><dd> <t>binary</t><dd pn="section-6.5-1.10"> <t indent="0" pn="section-6.5-1.10.1">binary</t> </dd><dt>Security<dt pn="section-6.5-1.11">Security considerations:</dt><dd> <t><xref<dd pn="section-6.5-1.12"> <t indent="0" pn="section-6.5-1.12.1"><xref section="9" sectionFormat="of"target="EAT"/></t>target="RFC9711" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9711#section-9" derivedContent="EAT"/></t> </dd><dt>Interoperability<dt pn="section-6.5-1.13">Interoperability considerations:</dt><dd> <t>n/a</t><dd pn="section-6.5-1.14"> <t indent="0" pn="section-6.5-1.14.1">N/A</t> </dd><dt>Published<dt pn="section-6.5-1.15">Published specification:</dt><dd> <t>RFCthis</t><dd pn="section-6.5-1.16"> <t indent="0" pn="section-6.5-1.16.1">RFC 9782</t> </dd><dt>Applications<dt pn="section-6.5-1.17">Applications that use this media type:</dt><dd> <t>Attesters,<dd pn="section-6.5-1.18"> <t indent="0" pn="section-6.5-1.18.1">Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer EAT payloads over HTTP(S), CoAP(S), and other transports.</t> </dd><dt>Fragment<dt pn="section-6.5-1.19">Fragment identifier considerations:</dt><dd> <t>n/a</t><dd pn="section-6.5-1.20"> <t indent="0" pn="section-6.5-1.20.1">N/A</t> </dd><dt>Person<dt pn="section-6.5-1.21">Person & email address to contact for further information:</dt><dd> <t>RATS<dd pn="section-6.5-1.22"> <t indent="0" pn="section-6.5-1.22.1">RATS WG mailing list (rats@ietf.org)</t> </dd><dt>Intended<dt pn="section-6.5-1.23">Intended usage:</dt><dd> <t>COMMON</t><dd pn="section-6.5-1.24"> <t indent="0" pn="section-6.5-1.24.1">COMMON</t> </dd><dt>Restrictions<dt pn="section-6.5-1.25">Restrictions on usage:</dt><dd> <t>none</t><dd pn="section-6.5-1.26"> <t indent="0" pn="section-6.5-1.26.1">none</t> </dd><dt>Author/Change<dt pn="section-6.5-1.27">Author/Change controller:</dt><dd> <t>IETF</t><dd pn="section-6.5-1.28"> <t indent="0" pn="section-6.5-1.28.1">IETF</t> </dd><dt>Provisional<dt pn="section-6.5-1.29">Provisional registration:</dt><dd> <t>no</t><dd pn="section-6.5-1.30"> <t indent="0" pn="section-6.5-1.30.1">no</t> </dd> </dl> </section> <sectionanchor="media-type-deb-json"> <name>application/eat-bun+jsonanchor="media-type-deb-json" numbered="true" removeInRFC="false" toc="include" pn="section-6.6"> <name slugifiedName="name-application-eat-bunjson-reg">application/eat-bun+json Registration</name> <dlspacing="compact"> <dt>Typespacing="normal" newline="false" indent="3" pn="section-6.6-1"> <dt pn="section-6.6-1.1">Type name:</dt><dd> <t>application</t><dd pn="section-6.6-1.2"> <t indent="0" pn="section-6.6-1.2.1">application</t> </dd><dt>Subtype<dt pn="section-6.6-1.3">Subtype name:</dt><dd> <t>eat-bun+json</t><dd pn="section-6.6-1.4"> <t indent="0" pn="section-6.6-1.4.1">eat-bun+json</t> </dd><dt>Required<dt pn="section-6.6-1.5">Required parameters:</dt><dd> <t>n/a</t><dd pn="section-6.6-1.6"> <t indent="0" pn="section-6.6-1.6.1">N/A</t> </dd><dt>Optional<dt pn="section-6.6-1.7">Optional parameters:</dt><dd> <t>"eat_profile"<dd pn="section-6.6-1.8"> <t indent="0" pn="section-6.6-1.8.1">"eat_profile" (EAT profile in string format. OIDs must use the dotted-decimal notation. The parameter value iscase-insensitive.)</t>case insensitive.)</t> </dd><dt>Encoding<dt pn="section-6.6-1.9">Encoding considerations:</dt><dd> <t>Same<dd pn="section-6.6-1.10"> <t indent="0" pn="section-6.6-1.10.1">Same as <xreftarget="JSON"/></t>target="RFC8259" format="default" sectionFormat="of" derivedContent="JSON"/></t> </dd><dt>Security<dt pn="section-6.6-1.11">Security considerations:</dt><dd> <t><xref<dd pn="section-6.6-1.12"> <t indent="0" pn="section-6.6-1.12.1"><xref section="9" sectionFormat="of"target="EAT"/></t>target="RFC9711" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9711#section-9" derivedContent="EAT"/></t> </dd><dt>Interoperability<dt pn="section-6.6-1.13">Interoperability considerations:</dt><dd> <t>n/a</t><dd pn="section-6.6-1.14"> <t indent="0" pn="section-6.6-1.14.1">N/A</t> </dd><dt>Published<dt pn="section-6.6-1.15">Published specification:</dt><dd> <t>RFCthis</t><dd pn="section-6.6-1.16"> <t indent="0" pn="section-6.6-1.16.1">RFC 9782</t> </dd><dt>Applications<dt pn="section-6.6-1.17">Applications that use this mediatype</dt> <dd> <t>Attesters,type:</dt> <dd pn="section-6.6-1.18"> <t indent="0" pn="section-6.6-1.18.1">Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer EAT payloads over HTTP(S), CoAP(S), and other transports.</t> </dd><dt>Fragment<dt pn="section-6.6-1.19">Fragment identifier considerations:</dt><dd> <t>n/a</t><dd pn="section-6.6-1.20"> <t indent="0" pn="section-6.6-1.20.1">N/A</t> </dd><dt>Person<dt pn="section-6.6-1.21">Person & email address to contact for further information:</dt><dd> <t>RATS<dd pn="section-6.6-1.22"> <t indent="0" pn="section-6.6-1.22.1">RATS WG mailing list (rats@ietf.org)</t> </dd><dt>Intended<dt pn="section-6.6-1.23">Intended usage:</dt><dd> <t>COMMON</t><dd pn="section-6.6-1.24"> <t indent="0" pn="section-6.6-1.24.1">COMMON</t> </dd><dt>Restrictions<dt pn="section-6.6-1.25">Restrictions on usage:</dt><dd> <t>none</t><dd pn="section-6.6-1.26"> <t indent="0" pn="section-6.6-1.26.1">none</t> </dd><dt>Author/Change<dt pn="section-6.6-1.27">Author/Change controller:</dt><dd> <t>IETF</t><dd pn="section-6.6-1.28"> <t indent="0" pn="section-6.6-1.28.1">IETF</t> </dd><dt>Provisional<dt pn="section-6.6-1.29">Provisional registration:</dt><dd> <t>no</t><dd pn="section-6.6-1.30"> <t indent="0" pn="section-6.6-1.30.1">no</t> </dd> </dl> </section> <sectionanchor="media-type-ucs-cbor"> <name>application/eat-ucs+cboranchor="media-type-ucs-cbor" numbered="true" removeInRFC="false" toc="include" pn="section-6.7"> <name slugifiedName="name-application-eat-ucscbor-reg">application/eat-ucs+cbor Registration</name> <dlspacing="compact"> <dt>Typespacing="normal" newline="false" indent="3" pn="section-6.7-1"> <dt pn="section-6.7-1.1">Type name:</dt><dd> <t>application</t><dd pn="section-6.7-1.2"> <t indent="0" pn="section-6.7-1.2.1">application</t> </dd><dt>Subtype<dt pn="section-6.7-1.3">Subtype name:</dt><dd> <t>eat-ucs+cbor</t><dd pn="section-6.7-1.4"> <t indent="0" pn="section-6.7-1.4.1">eat-ucs+cbor</t> </dd><dt>Required<dt pn="section-6.7-1.5">Required parameters:</dt><dd> <t>n/a</t><dd pn="section-6.7-1.6"> <t indent="0" pn="section-6.7-1.6.1">N/A</t> </dd><dt>Optional<dt pn="section-6.7-1.7">Optional parameters:</dt><dd> <t>"eat_profile"<dd pn="section-6.7-1.8"> <t indent="0" pn="section-6.7-1.8.1">"eat_profile" (EAT profile in string format. OIDs must use the dotted-decimal notation. The parameter value iscase-insensitive.)</t>case insensitive.)</t> </dd><dt>Encoding<dt pn="section-6.7-1.9">Encoding considerations:</dt><dd> <t>binary</t><dd pn="section-6.7-1.10"> <t indent="0" pn="section-6.7-1.10.1">binary</t> </dd><dt>Security<dt pn="section-6.7-1.11">Security considerations:</dt><dd> <t>Sections<dd pn="section-6.7-1.12"> <t indent="0" pn="section-6.7-1.12.1">Sections <xreftarget="UCCS"target="RFC9781" section="3"sectionFormat="bare"/>sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9781#section-3" derivedContent="UCCS"/> and <xreftarget="UCCS"target="RFC9781" section="7"sectionFormat="bare"/>sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9781#section-7" derivedContent="UCCS"/> of <xreftarget="UCCS"/></t>target="RFC9781" format="default" sectionFormat="of" derivedContent="UCCS"/></t> </dd><dt>Interoperability<dt pn="section-6.7-1.13">Interoperability considerations:</dt><dd> <t>n/a</t><dd pn="section-6.7-1.14"> <t indent="0" pn="section-6.7-1.14.1">N/A</t> </dd><dt>Published<dt pn="section-6.7-1.15">Published specification:</dt><dd> <t>RFCthis</t><dd pn="section-6.7-1.16"> <t indent="0" pn="section-6.7-1.16.1">RFC 9782</t> </dd><dt>Applications<dt pn="section-6.7-1.17">Applications that use this media type:</dt><dd> <t>Attesters,<dd pn="section-6.7-1.18"> <t indent="0" pn="section-6.7-1.18.1">Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer EAT payloads over HTTP(S), CoAP(S), and other transports.</t> </dd><dt>Fragment<dt pn="section-6.7-1.19">Fragment identifier considerations:</dt><dd> <t>n/a</t><dd pn="section-6.7-1.20"> <t indent="0" pn="section-6.7-1.20.1">N/A</t> </dd><dt>Person<dt pn="section-6.7-1.21">Person & email address to contact for further information:</dt><dd> <t>RATS<dd pn="section-6.7-1.22"> <t indent="0" pn="section-6.7-1.22.1">RATS WG mailing list (rats@ietf.org)</t> </dd><dt>Intended<dt pn="section-6.7-1.23">Intended usage:</dt><dd> <t>COMMON</t><dd pn="section-6.7-1.24"> <t indent="0" pn="section-6.7-1.24.1">COMMON</t> </dd><dt>Restrictions<dt pn="section-6.7-1.25">Restrictions on usage:</dt><dd> <t>none</t><dd pn="section-6.7-1.26"> <t indent="0" pn="section-6.7-1.26.1">none</t> </dd><dt>Author/Change<dt pn="section-6.7-1.27">Author/Change controller:</dt><dd> <t>IETF</t><dd pn="section-6.7-1.28"> <t indent="0" pn="section-6.7-1.28.1">IETF</t> </dd><dt>Provisional<dt pn="section-6.7-1.29">Provisional registration:</dt><dd> <t>no</t><dd pn="section-6.7-1.30"> <t indent="0" pn="section-6.7-1.30.1">no</t> </dd> </dl> </section> <sectionanchor="media-type-ucs-json"> <name>application/eat-ucs+jsonanchor="media-type-ucs-json" numbered="true" removeInRFC="false" toc="include" pn="section-6.8"> <name slugifiedName="name-application-eat-ucsjson-reg">application/eat-ucs+json Registration</name> <dlspacing="compact"> <dt>Typespacing="normal" newline="false" indent="3" pn="section-6.8-1"> <dt pn="section-6.8-1.1">Type name:</dt><dd> <t>application</t><dd pn="section-6.8-1.2"> <t indent="0" pn="section-6.8-1.2.1">application</t> </dd><dt>Subtype<dt pn="section-6.8-1.3">Subtype name:</dt><dd> <t>eat-ucs+json</t><dd pn="section-6.8-1.4"> <t indent="0" pn="section-6.8-1.4.1">eat-ucs+json</t> </dd><dt>Required<dt pn="section-6.8-1.5">Required parameters:</dt><dd> <t>n/a</t><dd pn="section-6.8-1.6"> <t indent="0" pn="section-6.8-1.6.1">N/A</t> </dd><dt>Optional<dt pn="section-6.8-1.7">Optional parameters:</dt><dd> <t>"eat_profile"<dd pn="section-6.8-1.8"> <t indent="0" pn="section-6.8-1.8.1">"eat_profile" (EAT profile in string format. OIDs must use the dotted-decimal notation. The parameter value iscase-insensitive.)</t>case insensitive.)</t> </dd><dt>Encoding<dt pn="section-6.8-1.9">Encoding considerations:</dt><dd> <t>Same<dd pn="section-6.8-1.10"> <t indent="0" pn="section-6.8-1.10.1">Same as <xreftarget="JSON"/></t>target="RFC8259" format="default" sectionFormat="of" derivedContent="JSON"/></t> </dd><dt>Security<dt pn="section-6.8-1.11">Security considerations:</dt><dd> <t>Sections<dd pn="section-6.8-1.12"> <t indent="0" pn="section-6.8-1.12.1">Sections <xreftarget="UCCS"target="RFC9781" section="3"sectionFormat="bare"/>sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9781#section-3" derivedContent="UCCS"/> and <xreftarget="UCCS"target="RFC9781" section="7"sectionFormat="bare"/>sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9781#section-7" derivedContent="UCCS"/> of <xreftarget="UCCS"/></t>target="RFC9781" format="default" sectionFormat="of" derivedContent="UCCS"/></t> </dd><dt>Interoperability<dt pn="section-6.8-1.13">Interoperability considerations:</dt><dd> <t>n/a</t><dd pn="section-6.8-1.14"> <t indent="0" pn="section-6.8-1.14.1">N/A</t> </dd><dt>Published<dt pn="section-6.8-1.15">Published specification:</dt><dd> <t>RFCthis</t><dd pn="section-6.8-1.16"> <t indent="0" pn="section-6.8-1.16.1">RFC 9782</t> </dd><dt>Applications<dt pn="section-6.8-1.17">Applications that use this mediatype</dt> <dd> <t>Attesters,type:</dt> <dd pn="section-6.8-1.18"> <t indent="0" pn="section-6.8-1.18.1">Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer EAT payloads over HTTP(S), CoAP(S), and other transports.</t> </dd><dt>Fragment<dt pn="section-6.8-1.19">Fragment identifier considerations:</dt><dd> <t>n/a</t><dd pn="section-6.8-1.20"> <t indent="0" pn="section-6.8-1.20.1">N/A</t> </dd><dt>Person<dt pn="section-6.8-1.21">Person & email address to contact for further information:</dt><dd> <t>RATS<dd pn="section-6.8-1.22"> <t indent="0" pn="section-6.8-1.22.1">RATS WG mailing list (rats@ietf.org)</t> </dd><dt>Intended<dt pn="section-6.8-1.23">Intended usage:</dt><dd> <t>COMMON</t><dd pn="section-6.8-1.24"> <t indent="0" pn="section-6.8-1.24.1">COMMON</t> </dd><dt>Restrictions<dt pn="section-6.8-1.25">Restrictions on usage:</dt><dd> <t>none</t><dd pn="section-6.8-1.26"> <t indent="0" pn="section-6.8-1.26.1">none</t> </dd><dt>Author/Change<dt pn="section-6.8-1.27">Author/Change controller:</dt><dd> <t>IETF</t><dd pn="section-6.8-1.28"> <t indent="0" pn="section-6.8-1.28.1">IETF</t> </dd><dt>Provisional<dt pn="section-6.8-1.29">Provisional registration:</dt><dd> <t>no</t><dd pn="section-6.8-1.30"> <t indent="0" pn="section-6.8-1.30.1">no</t> </dd> </dl> </section> <sectionanchor="coap-content-format-registrations"> <name>CoAPanchor="coap-content-format-registrations" numbered="true" removeInRFC="false" toc="include" pn="section-6.9"> <name slugifiedName="name-coap-content-format-registr">CoAP Content-Format Registrations</name><t>IANA is requested to register<t indent="0" pn="section-6.9-1">IANA has registered the following Content-Format numbers in the "CoAP Content-Formats"sub-registry,registry, within the "Constrained RESTful Environments (CoRE) Parameters"Registryregistry group <xreftarget="IANA.core-parameters"/>:</t>target="CORE-PARAMS" format="default" sectionFormat="of" derivedContent="CORE-PARAMS"/>:</t> <tablealign="left"> <name>Newalign="center" pn="table-2"> <name slugifiedName="name-new-content-formats">New Content-Formats</name> <thead> <tr> <thalign="left">Content-Type</th>align="left" colspan="1" rowspan="1">Content Type</th> <thalign="left">Contentalign="left" colspan="1" rowspan="1">Content Coding</th> <thalign="left">ID</th>align="left" colspan="1" rowspan="1">ID</th> <thalign="left">Reference</th>align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <tdalign="left">application/eat+cwt</td>align="left" colspan="1" rowspan="1">application/eat+cwt</td> <tdalign="left">-</td>align="left" colspan="1" rowspan="1">-</td> <tdalign="left">TBD1</td>align="left" colspan="1" rowspan="1">263</td> <tdalign="left">RFCthis</td>align="left" colspan="1" rowspan="1">RFC 9782</td> </tr> <tr> <tdalign="left">application/eat+jwt</td>align="left" colspan="1" rowspan="1">application/eat+jwt</td> <tdalign="left">-</td>align="left" colspan="1" rowspan="1">-</td> <tdalign="left">TBD2</td>align="left" colspan="1" rowspan="1">264</td> <tdalign="left">RFCthis</td>align="left" colspan="1" rowspan="1">RFC 9782</td> </tr> <tr> <tdalign="left">application/eat-bun+cbor</td>align="left" colspan="1" rowspan="1">application/eat-bun+cbor</td> <tdalign="left">-</td>align="left" colspan="1" rowspan="1">-</td> <tdalign="left">TBD3</td>align="left" colspan="1" rowspan="1">265</td> <tdalign="left">RFCthis</td>align="left" colspan="1" rowspan="1">RFC 9782</td> </tr> <tr> <tdalign="left">application/eat-bun+json</td>align="left" colspan="1" rowspan="1">application/eat-bun+json</td> <tdalign="left">-</td>align="left" colspan="1" rowspan="1">-</td> <tdalign="left">TBD4</td>align="left" colspan="1" rowspan="1">266</td> <tdalign="left">RFCthis</td>align="left" colspan="1" rowspan="1">RFC 9782</td> </tr> <tr> <tdalign="left">application/eat-ucs+cbor</td>align="left" colspan="1" rowspan="1">application/eat-ucs+cbor</td> <tdalign="left">-</td>align="left" colspan="1" rowspan="1">-</td> <tdalign="left">TBD5</td>align="left" colspan="1" rowspan="1">267</td> <tdalign="left">RFCthis</td>align="left" colspan="1" rowspan="1">RFC 9781</td> </tr> <tr> <tdalign="left">application/eat-ucs+json</td>align="left" colspan="1" rowspan="1">application/eat-ucs+json</td> <tdalign="left">-</td>align="left" colspan="1" rowspan="1">-</td> <tdalign="left">TBD6</td>align="left" colspan="1" rowspan="1">268</td> <tdalign="left">RFCthis</td>align="left" colspan="1" rowspan="1">RFC 9782</td> </tr> </tbody> </table><t>TBD1..6 are to be assigned from the space 256..9999.</t> </section> </section> <section anchor="changelog"> <name>Changelog</name> <t><cref anchor="remove-sec">RFC editor: please remove this section</cref></t> <section anchor="cl-04"> <name> -04</name> <ul spacing="normal"> <li> <t>Early IANA review</t> </li> </ul> </section> <section anchor="cl-03"> <name> -03</name> <ul spacing="normal"> <li> <t>Update references</t> </li> </ul> </section> <section anchor="cl-02"> <name> -02</name> <ul spacing="normal"> <li> <t>Update references</t> </li> <li> <t>Register +cwt SSS (<eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/14">Issue#14</eref>)</t> </li> <li> <t>Move from eat-jwt to eat+jwt (<eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/14">Issue#14</eref>)</t> </li> <li> <t>Move from eat-cwt to eat+cwt (<eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/14">Issue#14</eref>)</t> </li> </ul> </section> <section anchor="cl-01"> <name> -01</name> <ul spacing="normal"> <li> <t>Rename <tt>profile</tt> to <tt>eat_profile</tt> for consistency with EAT (<eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/4">Issue#4</eref>)</t> </li> <li> <t>The DEB acronym is gone: shorthand is now "bun" from bundle (<eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/8">Issue#8</eref>)</t> </li> <li> <t>Incorporate editorial suggestions from Carl and Dave (<eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/7">Issue#7</eref>, <eref target="https://github.com/ietf-rats-wg/draft-eat-mt/issues/9">Issue#9</eref>)</t> </li> </ul></section> </section> </middle> <back> <displayreference target="RFC9711" to="EAT"/> <displayreference target="RFC9781" to="UCCS"/> <displayreference target="I-D.irtf-t2trg-rest-iot" to="REST-IoT"/> <displayreference target="RFC3986" to="URI"/> <displayreference target="RFC4151" to="TAG"/> <displayreference target="RFC6838" to="MEDIATYPES"/> <displayreference target="RFC8259" to="JSON"/> <displayreference target="RFC8392" to="CWT"/> <displayreference target="RFC9110" to="HTTP"/> <displayreference target="RFC9334" to="RATS-ARCH"/> <displayreference target="BCP56" to="BUILD-W-HTTP"/> <referencesanchor="sec-combined-references"> <name>References</name>anchor="sec-combined-references" pn="section-7"> <name slugifiedName="name-references">References</name> <referencesanchor="sec-normative-references"> <name>Normativeanchor="sec-normative-references" pn="section-7.1"> <name slugifiedName="name-normative-references">Normative References</name> <referencegroup anchor="BCP225" target="https://www.rfc-editor.org/info/bcp225" derivedAnchor="BCP225"> <referenceanchor="EAT"> <front> <title>The Entity Attestation Token (EAT)</title> <author fullname="Laurence Lundblade" initials="L." surname="Lundblade"> <organization>Security Theory LLC</organization> </author> <author fullname="Giridhar Mandyam" initials="G." surname="Mandyam"> <organization>Mediatek USA</organization> </author> <author fullname="Jeremy O'Donoghue" initials="J." surname="O'Donoghue"> <organization>Qualcomm Technologies Inc.</organization> </author> <author fullname="Carl Wallace" initials="C." surname="Wallace"> <organization>Red Hound Software, Inc.</organization> </author> <date day="6" month="September" year="2024"/> <abstract> <t> An Entity Attestation Token (EAT) provides an attested claims set that describes state and characteristics of an entity, a device like a smartphone, IoT device, network equipment or such. This claims set is used by a relying party, server or service to determine the type and degree of trust placed in the entity. An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with attestation-oriented claims. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-rats-eat-31"/> </reference> <reference anchor="JWT">anchor="RFC8725" target="https://www.rfc-editor.org/info/rfc8725" quoteTitle="true"> <front> <title>JSON Web Token(JWT)</title>Best Current Practices</title> <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/> <author fullname="D. Hardt" initials="D." surname="Hardt"/> <author fullname="M. Jones" initials="M." surname="Jones"/><author fullname="J. Bradley" initials="J." surname="Bradley"/> <author fullname="N. Sakimura" initials="N." surname="Sakimura"/><datemonth="May" year="2015"/>month="February" year="2020"/> <abstract><t>JSON<t indent="0">JSON WebToken (JWT) is a compact,Tokens, also known as JWTs, are URL-safemeansJSON-based security tokens that contain a set ofrepresentingclaimstothat can betransferred between two parties. The claims in a JWTsigned and/or encrypted. JWTs areencoded as a JSON object that isbeing widely used and deployed asthe payload ofaJSON Web Signature (JWS) structure or assimple security token format in numerous protocols and applications, both in theplaintextarea ofa JSON Web Encryption (JWE) structure, enabling the claimsdigital identity and in other application areas. This Best Current Practices document updates RFC 7519 tobe digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>provide actionable guidance leading to secure implementation and deployment of JWTs.</t> </abstract> </front> <seriesInfo name="BCP" value="225"/> <seriesInfo name="RFC"value="7519"/>value="8725"/> <seriesInfo name="DOI"value="10.17487/RFC7519"/>value="10.17487/RFC8725"/> </reference> </referencegroup> <referenceanchor="CWT">anchor="CORE-PARAMS" target="https://www.iana.org/assignments/core-parameters" quoteTitle="true" derivedAnchor="CORE-PARAMS"> <front> <title>CoAP Content-Formats</title> <author> <organization showOnFrontPage="true">IANA</organization> </author> </front> </reference> <reference anchor="RFC8392" target="https://www.rfc-editor.org/info/rfc8392" quoteTitle="true" derivedAnchor="CWT"> <front> <title>CBOR Web Token (CWT)</title> <author fullname="M. Jones" initials="M." surname="Jones"/> <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/> <author fullname="S. Erdtman" initials="S." surname="Erdtman"/> <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/> <date month="May" year="2018"/> <abstract><t>CBOR<t indent="0">CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t> </abstract> </front> <seriesInfo name="RFC" value="8392"/> <seriesInfo name="DOI" value="10.17487/RFC8392"/> </reference> <referenceanchor="UCCS">anchor="RFC9711" target="https://www.rfc-editor.org/info/rfc9711" quoteTitle="true" derivedAnchor="EAT"> <front><title>A CBOR Tag for Unprotected CWT Claims Sets</title><title>The Entity Attestation Token (EAT)</title> <authorfullname="Henk Birkholz" initials="H." surname="Birkholz"> <organization>Fraunhofer SIT</organization>fullname="Laurence Lundblade" initials="L." surname="Lundblade"> <organization showOnFrontPage="true">Security Theory LLC</organization> </author> <author fullname="Giridhar Mandyam" initials="G." surname="Mandyam"> <organization showOnFrontPage="true">Mediatek USA</organization> </author> <author fullname="Jeremy O'Donoghue" initials="J." surname="O'Donoghue"><organization>Qualcomm Technologies Inc.</organization> </author> <author fullname="Nancy Cam-Winget" initials="N." surname="Cam-Winget"> <organization>Cisco Systems</organization></author> <authorfullname="Carsten Bormann"fullname="Carl Wallace" initials="C."surname="Bormann"> <organization>Universität Bremen TZI</organization>surname="Wallace"> <organization showOnFrontPage="true">Red Hound Software, Inc.</organization> </author> <dateday="3" month="November" year="2024"/>month="April" year="2025"/> </front> <seriesInfo name="RFC" value="9711"/> <seriesInfo name="DOI" value="10.17487/RFC9711"/> </reference> <reference anchor="RFC9110" target="https://www.rfc-editor.org/info/rfc9110" quoteTitle="true" derivedAnchor="HTTP"> <front> <title>HTTP Semantics</title> <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/> <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/> <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/> <date month="June" year="2022"/> <abstract><t><t indent="0">The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of theUnprotected CWT Claims Set (UCCS), a data format for representing a CBOR Web Token (CWT) Claims Set without protecting itprotocol that are shared bya signature, message authentication code (MAC), or encryption. UCCS enablesall versions. In this definition are core protocol elements, extensibility mechanisms, and theuse"http" and "https" Uniform Resource Identifier (URI) schemes.</t> <t indent="0">This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions ofCWT claims in environments where protection7230.</t> </abstract> </front> <seriesInfo name="STD" value="97"/> <seriesInfo name="RFC" value="9110"/> <seriesInfo name="DOI" value="10.17487/RFC9110"/> </reference> <reference anchor="RFC8259" target="https://www.rfc-editor.org/info/rfc8259" quoteTitle="true" derivedAnchor="JSON"> <front> <title>The JavaScript Object Notation (JSON) Data Interchange Format</title> <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/> <date month="December" year="2017"/> <abstract> <t indent="0">JavaScript Object Notation (JSON) isprovided by other means, such as secure communication channels or trusted execution environments. This specificationa lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines aCBOR tagsmall set of formatting rules forUCCS and describestheUCCS format, its encoding, and processing considerations, and discusses security implicationsportable representation ofusing unprotected claims sets. // (This editors' note will be removed by the RFC editor:) The // present revision (–12) contains remainingstructured data.</t> <t indent="0">This documentchanges based // on feedback from the IESG evaluationremoves inconsistencies with other specifications of JSON, repairs specification errors, andhas been submitted as // input to IETF 121. </t>offers experience-based interoperability guidance.</t> </abstract> </front> <seriesInfoname="Internet-Draft" value="draft-ietf-rats-uccs-12"/>name="STD" value="90"/> <seriesInfo name="RFC" value="8259"/> <seriesInfo name="DOI" value="10.17487/RFC8259"/> </reference> <reference anchor="MEDIA-TYPES" target="https://www.iana.org/assignments/media-types" quoteTitle="true" derivedAnchor="MEDIA-TYPES"> <front> <title>Media Types</title> <author> <organization showOnFrontPage="true">IANA</organization> </author> </front> </reference> <referenceanchor="MediaTypes">anchor="RFC6838" target="https://www.rfc-editor.org/info/rfc6838" quoteTitle="true" derivedAnchor="MEDIATYPES"> <front> <title>Media Type Specifications and Registration Procedures</title> <author fullname="N. Freed" initials="N." surname="Freed"/> <author fullname="J. Klensin" initials="J." surname="Klensin"/> <author fullname="T. Hansen" initials="T." surname="Hansen"/> <date month="January" year="2013"/> <abstract><t>This<t indent="0">This document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice.</t> </abstract> </front> <seriesInfo name="BCP" value="13"/> <seriesInfo name="RFC" value="6838"/> <seriesInfo name="DOI" value="10.17487/RFC6838"/> </reference> <referenceanchor="URI">anchor="STRUCT-SYNTAX" target="https://www.iana.org/assignments/media-type-structured-suffix" quoteTitle="true" derivedAnchor="STRUCT-SYNTAX"> <front> <title>Structured Syntax Suffixes</title> <author> <organization showOnFrontPage="true">IANA</organization> </author> </front> </reference> <reference anchor="RFC9781" target="https://www.rfc-editor.org/info/rfc9781" quoteTitle="true" derivedAnchor="UCCS"> <front> <title>A Concise Binary Object Representation (CBOR) Tag for Unprotected CBOR Web Token Claims Sets (UCCS)</title> <author fullname="Henk Birkholz" initials="H." surname="Birkholz"> <organization showOnFrontPage="true">Fraunhofer SIT</organization> </author> <author fullname="Jeremy O'Donoghue" initials="J." surname="O'Donoghue"> <organization showOnFrontPage="true">Qualcomm Technologies Inc.</organization> </author> <author fullname="Nancy Cam-Winget" initials="N." surname="Cam-Winget"> <organization showOnFrontPage="true">Cisco Systems</organization> </author> <author fullname="Carsten Bormann" initials="C." surname="Bormann"> <organization showOnFrontPage="true">Universität Bremen TZI</organization> </author> <date month="April" year="2025"/> </front> <seriesInfo name="RFC" value="9781"/> <seriesInfo name="DOI" value="10.17487/RFC9781"/> </reference> <reference anchor="RFC3986" target="https://www.rfc-editor.org/info/rfc3986" quoteTitle="true" derivedAnchor="URI"> <front> <title>Uniform Resource Identifier (URI): Generic Syntax</title> <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/> <author fullname="R. Fielding" initials="R." surname="Fielding"/> <author fullname="L. Masinter" initials="L." surname="Masinter"/> <date month="January" year="2005"/> <abstract><t>A<t indent="0">A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="STD" value="66"/> <seriesInfo name="RFC" value="3986"/> <seriesInfo name="DOI" value="10.17487/RFC3986"/> </reference> </references> <references anchor="sec-informative-references" pn="section-7.2"> <name slugifiedName="name-informative-references">Informative References</name> <referencegroup anchor="BCP56" target="https://www.rfc-editor.org/info/bcp56" derivedAnchor="BUILD-W-HTTP"> <referenceanchor="HTTP">anchor="RFC9205" target="https://www.rfc-editor.org/info/rfc9205" quoteTitle="true"> <front><title>HTTP Semantics</title> <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/><title>Building Protocols with HTTP</title> <author fullname="M. Nottingham" initials="M."role="editor"surname="Nottingham"/><author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/><date month="June" year="2022"/> <abstract><t>The Hypertext Transfer Protocol (HTTP) is<t indent="0">Applications often use HTTP as astateless application-level protocol for distributed, collaborative, hypertext information systems.substrate to create HTTP-based APIs. This documentdescribes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t> <t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t> </abstract> </front> <seriesInfo name="STD" value="97"/> <seriesInfo name="RFC" value="9110"/> <seriesInfo name="DOI" value="10.17487/RFC9110"/> </reference> <reference anchor="JSON"> <front> <title>The JavaScript Object Notation (JSON) Data Interchange Format</title> <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/> <date month="December" year="2017"/> <abstract> <t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rulesspecifies best practices forthe portable representation of structured data.</t> <t>This document removes inconsistencies with otherwriting specificationsof JSON, repairs specification errors, and offers experience-based interoperability guidance.</t> </abstract> </front> <seriesInfo name="STD" value="90"/> <seriesInfo name="RFC" value="8259"/> <seriesInfo name="DOI" value="10.17487/RFC8259"/> </reference> <reference anchor="IANA.media-type-structured-suffix" target="https://www.iana.org/assignments/media-type-structured-suffix"> <front> <title>Structured Syntax Suffixes</title> <author> <organization>IANA</organization> </author> </front> </reference> <reference anchor="IANA.media-types" target="https://www.iana.org/assignments/media-types"> <front> <title>Media Types</title> <author> <organization>IANA</organization> </author> </front> </reference> <referencegroup anchor="BCP225" target="https://www.rfc-editor.org/info/bcp225"> <reference anchor="RFC8725" target="https://www.rfc-editor.org/info/rfc8725"> <front> <title>JSON Web Token Best Current Practices</title> <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/> <author fullname="D. Hardt" initials="D." surname="Hardt"/> <author fullname="M. Jones" initials="M." surname="Jones"/> <date month="February" year="2020"/> <abstract> <t>JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokensthatcontain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numeroususe HTTP to define new application protocols. It is written primarily to guide IETF efforts to define application protocolsand applications, both inusing HTTP for deployment on thearea of digital identity andInternet but might be applicable in otherapplication areas. This Best Current Practicessituations.</t> <t indent="0">This documentupdatesobsoletes RFC7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.</t>3205.</t> </abstract> </front> <seriesInfo name="BCP"value="225"/>value="56"/> <seriesInfo name="RFC"value="8725"/>value="9205"/> <seriesInfo name="DOI"value="10.17487/RFC8725"/>value="10.17487/RFC9205"/> </reference> </referencegroup> <referenceanchor="IANA.core-parameters" target="https://www.iana.org/assignments/core-parameters"> <front> <title>Constrained RESTful Environments (CoRE) Parameters</title> <author> <organization>IANA</organization> </author> </front> </reference> </references> <references anchor="sec-informative-references"> <name>Informative References</name> <reference anchor="RATS-Arch">anchor="RFC9334" target="https://www.rfc-editor.org/info/rfc9334" quoteTitle="true" derivedAnchor="RATS-ARCH"> <front> <title>Remote ATtestation procedureS (RATS) Architecture</title> <author fullname="H. Birkholz" initials="H." surname="Birkholz"/> <author fullname="D. Thaler" initials="D." surname="Thaler"/> <author fullname="M. Richardson" initials="M." surname="Richardson"/> <author fullname="N. Smith" initials="N." surname="Smith"/> <author fullname="W. Pan" initials="W." surname="Pan"/> <date month="January" year="2023"/> <abstract><t>In<t indent="0">In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t> </abstract> </front> <seriesInfo name="RFC" value="9334"/> <seriesInfo name="DOI" value="10.17487/RFC9334"/> </reference><referencegroup anchor="BUILD-W-HTTP" target="https://www.rfc-editor.org/info/bcp56"><referenceanchor="RFC9205" target="https://www.rfc-editor.org/info/rfc9205"> <front> <title>Building Protocols with HTTP</title> <author fullname="M. Nottingham" initials="M." surname="Nottingham"/> <date month="June" year="2022"/> <abstract> <t>Applications often use HTTP as a substrate to create HTTP-based APIs. This document specifies best practices for writing specifications that use HTTP to define new application protocols. It is written primarily to guide IETF efforts to define application protocols using HTTP for deployment on the Internet but might be applicable in other situations.</t> <t>This document obsoletes RFC 3205.</t> </abstract> </front> <seriesInfo name="BCP" value="56"/> <seriesInfo name="RFC" value="9205"/> <seriesInfo name="DOI" value="10.17487/RFC9205"/> </reference> </referencegroup> <reference anchor="REST-IoT">anchor="I-D.irtf-t2trg-rest-iot" target="https://datatracker.ietf.org/doc/html/draft-irtf-t2trg-rest-iot-16" quoteTitle="true" derivedAnchor="REST-IoT"> <front> <title>Guidance on RESTful Design for Internet of Things Systems</title> <author fullname="Ari Keränen" initials="A." surname="Keränen"><organization>Ericsson</organization><organization showOnFrontPage="true">Ericsson</organization> </author> <author fullname="Matthias Kovatsch" initials="M." surname="Kovatsch"><organization>Siemens</organization><organization showOnFrontPage="true">Siemens</organization> </author> <author fullname="Klaus Hartke" initials="K."surname="Hartke"> </author>surname="Hartke"/> <dateday="21" month="October" year="2024"/>day="23" month="April" year="2025"/> <abstract><t> This<t indent="0">This document gives guidance for designing Internet of Things (IoT) systems that follow the principles of the Representational State Transfer (REST) architectural style. This document is a product of the IRTF Thing-to-Thing Research Group(T2TRG). </t>(T2TRG).</t> </abstract> </front> <seriesInfo name="Internet-Draft"value="draft-irtf-t2trg-rest-iot-15"/>value="draft-irtf-t2trg-rest-iot-16"/> <refcontent>Work in Progress</refcontent> </reference> <referenceanchor="TAG">anchor="RFC4151" target="https://www.rfc-editor.org/info/rfc4151" quoteTitle="true" derivedAnchor="TAG"> <front> <title>The 'tag' URI Scheme</title> <author fullname="T. Kindberg" initials="T." surname="Kindberg"/> <author fullname="S. Hawke" initials="S." surname="Hawke"/> <date month="October" year="2005"/> <abstract><t>This<t indent="0">This document describes the "tag" Uniform Resource Identifier (URI) scheme. Tag URIs (also known as "tags") are designed to be unique across space and time while being tractable to humans. They are distinct from most other URIs in that they have no authoritative resolution mechanism. A tag may be used purely as an entity identifier. Furthermore, using tags has some advantages over the common practice of using "http" URIs as identifiers for non-HTTP-accessible resources. This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="4151"/> <seriesInfo name="DOI" value="10.17487/RFC4151"/> </reference> </references> </references><?line 646?><section numbered="false"anchor="acknowledgments"> <name>Acknowledgments</name> <t>Thankanchor="acknowledgments" removeInRFC="false" toc="include" pn="section-appendix.a"> <name slugifiedName="name-acknowledgments">Acknowledgments</name> <t indent="0" pn="section-appendix.a-1">Thank youCarl Wallace, Carsten Bormann, Dave Thaler, Deb Cooley, Éric Vyncke, Francesca Palombini, Jouni Korhonen, Kathleen Moriarty, Michael Richardson, Murray Kucherawy, Orie Steele, Paul Howard, Roman Danyliw and Tim Hollebeek<contact fullname="Carl Wallace"/>, <contact fullname="Carsten Bormann"/>, <contact fullname="Dave Thaler"/>, <contact fullname="Deb Cooley"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Francesca Palombini"/>, <contact fullname="Jouni Korhonen"/>, <contact fullname="Kathleen Moriarty"/>, <contact fullname="Michael Richardson"/>, <contact fullname="Murray Kucherawy"/>, <contact fullname="Orie Steele"/>, <contact fullname="Paul Howard"/>, <contact fullname="Roman Danyliw"/>, and <contact fullname="Tim Hollebeek"/> for your comments and suggestions.</t> </section> <section anchor="authors-addresses" numbered="false" removeInRFC="false" toc="include" pn="section-appendix.b"> <name slugifiedName="name-authors-addresses">Authors' Addresses</name> <author initials="L." surname="Lundblade" fullname="Laurence Lundblade"> <organization showOnFrontPage="true">Security Theory LLC</organization> <address> <email>lgl@securitytheory.com</email> </address> </author> <author initials="H." surname="Birkholz" fullname="Henk Birkholz"> <organization abbrev="Fraunhofer SIT" showOnFrontPage="true">Fraunhofer Institute for Secure Information Technology</organization> <address> <postal> <street>Rheinstrasse 75</street> <city>Darmstadt</city> <code>64295</code> <country>Germany</country> </postal> <email>henk.birkholz@ietf.contact</email> </address> </author> <author initials="T." surname="Fossati" fullname="Thomas Fossati"> <organization showOnFrontPage="true">Linaro</organization> <address> <email>thomas.fossati@linaro.org</email> </address> </author> </section> </back><!-- ##markdown-source: H4sIAAAAAAAAA+1c63IbN5b+j6fA0FUjKWJTluSbuJupyLrEcmRLJdLxj0wy ArtBsq1mgwN0S+ZIyv99i32WmRfb7wDoG0VdbGd2NykrVZGaDRwcnOt3DkAH QcDOu3yTsSzOEtnle9t9/kZGseD92VQaJgYDLc9vfh6pMBUTTIi0GGZBLLNh oEVmAimyYEIDgwwDg/UNZvLBJDYmVilN7fKDvf4+C0UmR0rPutxkEWPxVHd5 pnOTbTx+vPV4gwktRZe3ejLMdZzNWuxC6bORVvkUn57Iicok3+5n0mQiA2V+ rFUoo1zLXoudyRlGR5bpNrfMcGKGMYxOo7+JRKXgY4ZtTOMu/ylTYZsbpTMt hwZ/zSb0x8+MiTwbK91lPOBxarr8sMMP8zQaJCKSjHPuJHAosGwayuY7pUci jf9huevyYh+8P5bYNT883KFBciLipMuTUfKd8SMyO6ATqkm57KsOfxnrs7FK /lGt+kqmZ42PsWCX72uRp2M1lJofpAY6zSGnodKOAYkP8TBxIuvLcJyqRI1m NL1QdI1C76BfY3KMBTsDv+B3pHAwmWYizGiQgfBk1uUnYwmeMy2Mkfz5U3oV qgj8Lj17srH1dMl+gG12+a7QE+gjytyYPM3IGr6XYC+dlXvvd/i+MgYcV1vv j9VEmPrnTWEfxqnQqsZ6Zid0hm7Cd4l938EkxlInjnMJLZO9wDyD3U7DnPHi 9Xu8ONnfef50fQuPO/7xxebWBh7f7ez05uflYWjwyrqM9Rg74dmLzRc04eTA Pm5uvXiGx1f9/rF93lpff0yr9Y7eOvobT7fgG4XOHJMn2/1esK3DsZuyufkE H758d3C4G7wPHKmXO8dPifDJXq8fHKhiUxrMZRuZHgUafhPEirbW3/7eEnqy /nSdMZlmpBx83ts73CdX29/JxrFpMRYEAYyEVAuNs2MxS5SIDM+NjKAqXvhk tsAnDZ+IGdfy73kMGxQph3WoMEYIiJx7MnJPa6cw/1jDHNJzORNwqrb9VH4U k2ki+QWMsFoRuxvmCd8+PjAdxvpgE9QmikdyGKe0aOn5hmeKD6SbSgT37D4b 3PbVmUwNX4YRrHTcdidxFCUIG4/gN5lWUR7SyE/e/OVlqbPr6zlRsHlR8C8Q BSNR8OXLy2E8CsQ0Dkx0fU2b+fXXX7kQ5nzEOkHzp8OLn86iD+dfsCvsNZnF 6YgfCw0JXpXDrvz2ETiuGvOv+I9Sx8OYXrClYLWx/lI5bIkeV+c+LF+4lxQ+ msTnfq748VGvz9fOacXZ/Mv7Z0P5y3vncUTxfOUTZzc31vz5ywPWXvSDbMiP fngI5zZ6Ldct8ESaPMnMygNm/+cdrK8unO3ETAnyHtLsPubunX0nc/evvfF4 ne8ATZCHzQ+4b/bdKn3Ivm8f8O+cDX9nl13+qIoDHN5KECoQSTxKv22FiPRS tyhJWuT3bWvHBhrybIpWFHdCOc1ykSAuIW+OEMh8pLERF7GHxkKvrevfKPi6 2MsuL/ELgXJaRNk4jeRU4n9plsy4GlJkdEzuVEy+cUwSjxfjOBzToBkDloiH WIWeJkYm59IguAGEcTX4IEPKqTy2DI7oz6lWAIMqadMWEZ0htuk0iUPLJIuk geykNlzwNJ8MENDADEwrisGXOAfWEINE2nla5sY+1OWAzSObA/gCInjhBQNh bOivROzi/jBRF2ZhyKeZlOchqHrah8QwdkdtH1PC8Zn/+hrR/9EjuJtNOBOI 0ACwpqMcq3m1Acrn9IIUZKxsYRkTY7fhrcB4tdpk00hnRN4WB64sYC73UBFg twym4iTJCTVknriJP9oJF5QAHbJxa43VhVUaZJdgNJTCpIAiFT7U0FphF4WF DVWuvTVM+DIwWZtwmiW1K4FLx2CXFnoJWJ6QYbAYKxG4smN2Xh6dQMriHGTM SpusJoGhXF4SnKstQ492wrvXO71GLp1zu45Pkc0PVu28u6JYNcN5tct3S/yO n6u5KQ/4uTHFs/ugKas+2FpZ3LqVzs1V7t3L1afvZcGUTnD3Zq4W7MUaS7mZ G1NvruJxyFK55OrcvHv2coU0NJsi1NTWvG8vS26VpRqRhXvZqe9lTtxX9+6l 8UPrr9r/FtjmHT/YXiLiiQl6MiPGbky9XUlLgdvmasHTzR2+fPc2eH2btq74 LxV/55+mNiudBn9369BHk5qs/fwrvhuPKNV8okZp2Hnj1cLN79SX/KWc2ynE 5qg/QM91xE6tGRU5ykv3q7p6UWLyatb5/bPo55f5EuSmPcyVD6g53lJdEQUO JdwEZY1PlthS8+0Sm4/UZUnTaTy556YZHMoRkIfo2tKCSjpjLH9X/D3lr/1J 5h93dncPa+KfF9RSQ2qNx6UGXCtT5/2IrUy7hMAe8e1ag46qMzGRVIxZxIWR 4H4YJ5Sj6SmmnMsVYJXNbcNEfowJrriETBhJ8XgCPEQAiRbGUC0GcQLk1kaS 7ElbC/NnDBm4mZcpyXvcwN1LwlV2bdAt2MD2PCRERMRwgghI0TR5WvBOtERG s1F6W9zlIIkBXsETiAtupjJEcRnW1+GptHQZfBUDqelHwEVpPNFy1YYyCZb2 K4zVtdx7cEfTbDWuhiy0sa3tsaVBeQm1GAdenczaDt3k06nSVGsQVhQZNd0M oAgAXpvLLOzYUsiwUGg9IxXEKSAgFipYp9ozc9Wyg3pE9RRW8Tc/4pRbXviy kZJVinjS2exs8EIZKx7lnosklwVkXkQFdiBjAljUizg62CUMKahBZTsqTfha w4BZAzjGaZjkkXQWRdwAjzcWY6VKnUZDjBxU6p/EWruGx0IePfswkNQ44ZIJ kyQ/TlUpo7r+hQX8FsQnYkabSwhO2w+0yp1poVaJzVRk4ZiVpUYEpw6pysBb a4qOYFBa2dTFAHB7AbGBFB+Lc8uC4iZVakoA382lJg/lg4GKYl92kNBsEQGG jCJi1GugeoIkq4MR+QBkAoNgJhSunLAmaGaIgBMnvQnx7B0tTqE70oH8mMnU xM5DvR04I2DyI7j3hdZAOnmBjODwqQwLNkWXZ4qajVidiq0BDSAGa210eBGK JQQNrSaWCaph+LLsjDptflqrmNagzNXwIls55YMZn6ppnrjCB5NYU9OVgZBc fQzRWkLhaURTvG2+OzmEZb6nSqgRKmIypXPolTbpDYa2VeupxVW/juolvkzl mPf7drUsFcIQZRZQHG3ZINDaDimatfgYtZ601YKNDaWD2WjKxMCohBrucB/q wtVck1jCp3BMFyZOS8YDS+GUxm9PqcpFebRNEcfVdCtVVXb691xRFkSkhEBO uUxDRaJBXIHku4z95abwP1xk/8Frgv62lYlRV/oOV6fY/cbjjY3WKWN0ZoAt tl2pOe9VLmdAEX4PGaXjig++HHdkp104BrPsmpW6s9/FajjP6kZna2urs37q SkzHqXFRqaiIbTVKWdM2tOFwC+rN3LYFfCKar8bLmEL8i1pDohARF4ZfyCSh 36kcqSwuLZgLaxWiSpvMG16dkLaNLl83jrNsGvhaH5t6e9Tf6/Klvy7xBG7P LzRkQsSRmaglz18839pgzLXawjEcUqYjGTinMHLtfH0NtkEWv7a+sfnk6bPn L7YeW9teW++ss1fKZF1+7nuvha6Zs+Uuv1f+1lSEfmLiup2st1jdQW6h89c5 IPRAE2TsJ1uXB9amfP1+sfbQ6fznBpQqjKLES95qbA/L9aQd3zYvLPt4veL6 WbcamZn+ZkbmbMN8iXEU2vad4t9EN4t0/lDFLJi7UCtm+mCtOGu3ajlAJFGI 0yESDvAUhCxGNtpeXva3vye9OPQ0K1y0FroIccWUW22sRk6EZOKsyiA2zJTn tJCjATFtOTH88pGRISFPMPGmpl6VIkn6NA60krtmp1+ZgIJVeaWFjkVl9abi BHbE/XGFTcsOOoTSpthIZKKR710ud41UCzq1HAmNitQQHrbwWUQgl8WmcaLk MpbJ1JQPc20BX41DArEiTgBWO3wffzhAwyJgGgLneRLRwgpZ3hm7g9HFkTVH 9j2jg/Mc0BjinQIeQOhwCGlBjN2nhe5aGRMUTVZyBRGeGY80S2phXfTkU0Xj j0iU7TmS4Yx8c5gnSceaBlQJ3AKModv1Xul8pgny0Kx+MAqpiygufB0OlD71 qqCUz83YSkEj8MiLWv3jMrtlqSgO7Km4A02RxF8J6TE2YW5DNRcDQo0W4IwF HaYSeAHfvp5p+ZP6nbFIU5m0bP1WHQLSICvnomNszfZg++32nMnCY3/JVDCg fDFBFRf9fPMTe/DL96I4U7rL4YSE47ScJgILXV7+mc6AIWoPjeBDNLxWHDk6 7lWKZO96zacUZk55L9N5SPVPxHszSOQj7+XDYfwRqiJuMcUHXFcDwI5j4woE WZAwFQnjSBhLwnfJWeu2NVASe4Iosi4v/0Qrdmq3UirCgaNIocMVnxMSuyaY Hup4UHS8q3P8mp6bRUwM6BbavrX3YtbEnkXkpPhD/TorLOrMezZ95KYeejdU kyks45q9pQsPrOua1e/loDgowfwVxlYd8zSABMbYiRxKexfF0GeXlxh2jYi1 VyC0ponQmAHdhZiR+zRr/AVD365tM7avxcjWfAdVnXpzqPVnpxAbdiSkWpj4 sKBQVbqmqOL9ARFthvdeHb073IWEka7E/IiG05KtoNRZ3kY0zwfFx64KqJWp FrVqImfN9SYjfp5nvKh2Fy8H6d+SK2j/PSlrMeIFseJVseOuzNAge4L1/ns+ 8QE3gR0g34nMuNs1So9QLWB1ujBVZaZtRCQU/0KMqmGMbdurSmsUNRB3aRWt gBe1Xeiu61J8mfhY4e+VPiMuvqc7VtT8Ih3alceQfujoho4uh9drJ1zvZS65 Wfev3RJD2qyc7voWxxeRq6SGimp0YmHu6NB6eo3qna5t7JHUFSfH4Ve8L4Et yCnp3oL3DdtRJPxCTfOrRRgJn5bRj5pdtchBCQIjEC8KKq8XUvlwL5UPJZVF p1XW4W+QDQZ5anPTHbQjOQhoyB3E7RnYYuKUF+8hTkNq+3dnQjeIFVn0DmIY UufUEnt9K7F7OCNiJWeENVN5UbuIyH0XNZFD1PEeer5FKq8b1rU14EUGcVIz 84ZVlwbRCNu2BZv62F1He6yXD7L6S78AhW57QhvVup/0Pl0TjB0VTbXmu1YN fbfs4XmFd1Pu2gRVQxd1u+EWbeYOx8HHI5VRRyFCaJ2APHK4R6nW+6ueTNnl IOAdANtQq4kOzykOltklvDW79BZiO5+kijC5VXYvF6SjmxOtZI4p3hsy76JD 5+4AWsLeUBAcKw34lrITQVy/pkBzihtMALPFnSX8uZdGSpui/1zGkeBHKxWP /mmgvxoFwdLlqFj6xXw32jUw6WKl1VTRcrSxlMq45R7CPZ3f2z9oKXvyDWpl AUlob/9m/rxVOuAKgv2zuwdJkVZTneAa7pSGbHIr6oG4uhv60PTkFJUSrLEV sIUqR2/eHL0lgyYLDJ3QVVoNSFUq5xNW2EhY9oYwOybBGmf49TTjaCx01Q/3 uuqHL3PVD39YV30xiLNPdlRfkv3p5c7xxsbT/yPH/eq3v3e/rWDN7c5bwprP 995ymT+oC3/Ntl+99n/bay0qv9trLSr/Qq8lGn9Qr+1RpSroWwJUlpED/R78 96v7/u7dt6zQb3ffskL/AvctlvmDuu+nJF3DN62pPq8ODb4m36/e+9nee0/y LVtiX+i9X5Pv/1M//urGvzs3tt/PKS5p7FvuGx5sHnI8Wh2VzFFyZ7PFt4jo Ktv2MWuOMS269R0URyjuulY13t/DxaLF12v30vNYq9R+dYgt76iTvZXqdjGo ncwfxoRKy6AKBNfXXTqQqV9M4eUjflvPvOIHuzfOaBafzAR0rPNyd71+FrBw +If68I37htePVvyczQfN8ecSfs6Te+fUDkb8nKcPmtNc59ncnMvurScc8/qn 602QX6fzzN7Bdl/OE8Z+t612qdNM6RbAxtNnHbqHt2XvGTjbT9SI7hK40//A yPDnuUd3r0DO3yuoLgsY6b9J/ejRP/87ePwEeStM8BusfcP3hE5m7kqDu25R DNv0wzbtsHfTiA72dHnkXQzb8MM2bhn2jTdZWRw093qIWMs/HRiTy0frT35e pptYpru2NoJr5AP6txjWqm/2X4zW3L95Yf+li2wtpmlmbf3JygpIv6E9Whn6 bjPJt+gc/5tWCatVwt9uFS/NdS/NdSvNE0nggJ+W93axbvMir7+uYkjAaThz l0eQPmpsfSZXlqlvbOLf3XvJRYioNLM32Ef23/MwiM7IXnTXn873L3gL7tly YhrYg88aDy8+j4cXjocDIAqN9EaW5cw8Rsg3+Yi+AGTTh111B5bsvo8ozuuL P/+8xZ+vtEHE09j6PBpbtIEgCPhAhGf2WyPhGWSVyGjkIvxlN09dGpGRvQgp 0jM+Uzmzm3kvEroc1KYnUjB/SUElTduMtgjdCCREPMgBwo5K5KzN/vVfyKn8 x1kanmEesAA5YSiQQxI1QfUUt9lrlacx/0HpMRQJWj+IbJxIUH9DgtUZqLyJ w7GQCT+h3zpCLMRnudZixn/IQ4ABcYFRRzqWvJdJmWCpY4Hs9UpdYHibnSiw CT2ksyS+oMtorB9P8BYJfCDlGSOzndEXSiFF9y1Ze3Gl0ijiH/sf4IUahS5H AAA= --></rfc>