Skip to content

Commit

Permalink
Merge pull request #43 from vcstuff/reorder
Browse files Browse the repository at this point in the history
reorder sections on Referenced Token and Status List Token
  • Loading branch information
tplooker authored Jul 17, 2023
2 parents 4210fba + 910a9a8 commit 70e860b
Showing 1 changed file with 36 additions and 36 deletions.
72 changes: 36 additions & 36 deletions draft-looker-oauth-jwt-cwt-status-list.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,42 +78,6 @@ Referenced Token:

# JSON Web Token Representation

## Referenced Token Format and Processing Requirements {#jwt-referenced-token}

The following rules apply to validating a Referenced Token in JWT representation, which references a Status List Token. Application of additional restrictions and policy are at the discretion of the verifying party.

1. The JWT MUST contain an "iss" (issuer) claim that contains a unique string identifier for the entity that issued the JWT. In the absence of an application profile specifying otherwise, compliant applications MUST compare issuer values using the Simple String Comparison method defined in Section 6.2.1 of {{RFC3986}}. The value MUST be equal to that of the "iss" claim contained within the referenced Status List Token.

2. The JWT MUST contain an "status" (status) claim conforming to the rules outlined in [](#jwt-referenced-token-status)

The following example is the decoded header and payload of a JWT meeting the processing rules as defined above.

~~~ ascii-art

{
"alg": "ES256",
"kid": "11"
}
.
{
"iss": "https://example.com",
"status": {
"idx": 0,
"uri": "https://example.com/statuslists/1"
}
}
~~~

### Status Claim Format {#jwt-referenced-token-status}

The following rules apply to validating the "status" (status) claim

1. The claim value MUST be a valid JSON object.

2. The claim value object MUST contain an "idx" (index) member with a numeric value that represents the index to check for status information in the Status List for the current JWT. The value of this member MUST be a non-negative number, containing a value of zero or greater.

3. The claim value object MUST contain a "uri" member with a string value that identifies the Status List containing the status information for the JWT. The value of this member MUST be a uri conforming to {{RFC3986}}.

## Status List JWT Format and Processing Requirements {#jwt-status-list-format-and-processing}

The following rules apply to validating a JWT-based Status List Token. Application of additional restrictions and policy are at the discretion of the verifying party.
Expand Down Expand Up @@ -174,6 +138,42 @@ Each status of a Referenced Token MUST be represented with a bit size of 1,2,4,

3. The result of the gZIP compression is then base64url-encoded, as defined in Section 2 of {{RFC7515}}.

## Referenced Token Format and Processing Requirements {#jwt-referenced-token}

The following rules apply to validating a Referenced Token in JWT representation, which references a Status List Token. Application of additional restrictions and policy are at the discretion of the verifying party.

1. The JWT MUST contain an "iss" (issuer) claim that contains a unique string identifier for the entity that issued the JWT. In the absence of an application profile specifying otherwise, compliant applications MUST compare issuer values using the Simple String Comparison method defined in Section 6.2.1 of {{RFC3986}}. The value MUST be equal to that of the "iss" claim contained within the referenced Status List Token.

2. The JWT MUST contain an "status" (status) claim conforming to the rules outlined in [](#jwt-referenced-token-status)

The following example is the decoded header and payload of a JWT meeting the processing rules as defined above.

~~~ ascii-art

{
"alg": "ES256",
"kid": "11"
}
.
{
"iss": "https://example.com",
"status": {
"idx": 0,
"uri": "https://example.com/statuslists/1"
}
}
~~~

### Status Claim Format {#jwt-referenced-token-status}

The following rules apply to validating the "status" (status) claim

1. The claim value MUST be a valid JSON object.

2. The claim value object MUST contain an "idx" (index) member with a numeric value that represents the index to check for status information in the Status List for the current JWT. The value of this member MUST be a non-negative number, containing a value of zero or greater.

3. The claim value object MUST contain a "uri" member with a string value that identifies the Status List containing the status information for the JWT. The value of this member MUST be a uri conforming to {{RFC3986}}.

# Status Types {#status-types}

This document defines potential statuses of Referenced Tokens as Status Type values. If the Status List contains more than one bit per token (as defined by "bits" in the Status List), then the whole value of bits MUST describe one value. A Status List can not represent multiple statuses per Referenced Token.
Expand Down

0 comments on commit 70e860b

Please sign in to comment.