c/ietf-wimse-ect-cbor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CBOR/COSE/CWT serialization of WIMSE Execution Context Tokens

Browse Source 
Companion I-D to draft-nennemann-wimse-execution-context defining
ECT semantics mapped to CBOR encoding, COSE_Sign1 signing, and CWT
claims for constrained devices and non-HTTP transports (CoAP, MQTT,
raw binary). Aligned with JWT draft changes: jti/cti as unified
token+task ID (no separate tid), pol/pol_decision optional but paired.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christian Nennemann
2026-02-24 22:51:22 +01:00
commit ea188f1c22
4 changed files with 1867 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
cbor-variant/README.md Normal file
View File

@@ -0,0 +1,63 @@
# CBOR Serialization of Execution Context Tokens (ECT-CBOR)
**draft-nennemann-wimse-execution-context-cbor-00**
This Internet-Draft defines a CBOR/COSE/CWT serialization of Execution Context Tokens (ECTs) for the WIMSE working group.
## Relationship to the JWT Draft
This document is a **companion** to [draft-nennemann-wimse-execution-context](https://datatracker.ietf.org/doc/draft-nennemann-wimse-execution-context/), which defines the full ECT semantics using JSON/JOSE/JWT serialization.
- **JWT draft**: Normative semantic definition (claims, DAG validation, verification, operational modes, security model)
- **CBOR draft** (this document): CBOR/COSE/CWT serialization mapping, constrained-environment transports (CoAP, MQTT, raw binary)
The two drafts are designed for **independent adoption**: a deployment uses one or the other (or both in mixed-format mode), not both simultaneously for the same token.
## Files
| File | Description |
|------|-------------|
| `draft-nennemann-wimse-execution-context-cbor-00.md` | The complete Internet-Draft in kramdown-rfc format |
| `claim-mapping.md` | Standalone claim mapping reference table |
| `README.md` | This file |
## Building
### Prerequisites
- [kramdown-rfc](https://github.com/cabo/kramdown-rfc) (Ruby gem)
- [xml2rfc](https://xml2rfc.tools.ietf.org/) (Python package)
### Build Commands
```bash
# Install tools (if not already installed)
gem install kramdown-rfc
pip install xml2rfc
# Generate XML from kramdown
kramdown-rfc2629 draft-nennemann-wimse-execution-context-cbor-00.md > draft-nennemann-wimse-execution-context-cbor-00.xml
# Generate text output
xml2rfc draft-nennemann-wimse-execution-context-cbor-00.xml --text
# Generate HTML output
xml2rfc draft-nennemann-wimse-execution-context-cbor-00.xml --html
```
## Key Design Decisions
1. **UUIDs as 16-byte binary** instead of 36-byte hyphenated text (saves 20 bytes per UUID)
2. **`jti`/`cti` as unified token+task ID** — no separate `tid` claim (matching JWT draft)
3. **`pol`/`pol_decision` OPTIONAL** but must be paired (matching JWT draft)
4. **Integer claim keys** (300-316) instead of string claim names
5. **Structured hash arrays** `[alg_id, hash_bytes]` instead of `"algorithm:base64url"` strings
6. **Integer enumerations** for pol_decision (0/1/2) and regulated_domain (0/1/2)
7. **COSE_Sign1** (single signer) matching the JWT variant's JWS Compact Serialization model
8. **~2.8x size reduction** compared to JWT variant (~365 bytes vs ~1006 bytes for a typical ECT)
## Author
Christian Nennemann
Independent Researcher
ietf@nennemann.de