{"draft":"draft-ietf-stir-enhance-rfc8226-05","doc_id":"RFC9118","title":"Enhanced JSON Web Token (JWT) Claim Constraints for Secure Telephone Identity Revisited (STIR) Certificates","authors":["R. Housley"],"format":["HTML","TEXT","PDF","XML"],"page_count":"12","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Secure Telephone Identity Revisited","abstract":"RFC 8226 specifies the use of certificates for Secure Telephone\r\nIdentity Credentials; these certificates are often called \"Secure\r\nTelephone Identity Revisited (STIR) Certificates\". RFC 8226 provides\r\na certificate extension to constrain the JSON Web Token (JWT) claims\r\nthat can be included in the Personal Assertion Token (PASSporT), as\r\ndefined in RFC 8225.  If the PASSporT signer includes a JWT claim\r\noutside the constraint boundaries, then the PASSporT recipient will\r\nreject the entire PASSporT. This document updates RFC 8226; it\r\nprovides all of the capabilities available in the original\r\ncertificate extension as well as an additional way to constrain the\r\nallowable JWT claims.  The enhanced extension can also provide a list\r\nof claims that are not allowed to be included in the PASSporT.","pub_date":"August 2021","keywords":["X.509 Certificate Extension"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC8226"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9118","errata_url":null}