# CBOR Serialization of Execution Context Tokens (ECT-CBOR)

**draft-nennemann-wimse-execution-context-cbor-00**

This Internet-Draft defines a CBOR/COSE/CWT serialization of Execution Context Tokens (ECTs) for the WIMSE working group.

## Relationship to the JWT Draft

This document is a **companion** to [draft-nennemann-wimse-execution-context](https://datatracker.ietf.org/doc/draft-nennemann-wimse-execution-context/), which defines the full ECT semantics using JSON/JOSE/JWT serialization.

- **JWT draft**: Normative semantic definition (claims, DAG validation, verification, operational modes, security model)
- **CBOR draft** (this document): CBOR/COSE/CWT serialization mapping, constrained-environment transports (CoAP, MQTT, raw binary)

The two drafts are designed for **independent adoption**: a deployment uses one or the other (or both in mixed-format mode), not both simultaneously for the same token.

## Files

| File | Description |
|------|-------------|
| `draft-nennemann-wimse-execution-context-cbor-00.md` | The complete Internet-Draft in kramdown-rfc format |
| `claim-mapping.md` | Standalone claim mapping reference table |
| `README.md` | This file |

## Building

### Prerequisites

- [kramdown-rfc](https://github.com/cabo/kramdown-rfc) (Ruby gem)
- [xml2rfc](https://xml2rfc.tools.ietf.org/) (Python package)

### Build Commands

```bash
# Install tools (if not already installed)
gem install kramdown-rfc
pip install xml2rfc

# Generate XML from kramdown
kramdown-rfc2629 draft-nennemann-wimse-execution-context-cbor-00.md > draft-nennemann-wimse-execution-context-cbor-00.xml

# Generate text output
xml2rfc draft-nennemann-wimse-execution-context-cbor-00.xml --text

# Generate HTML output
xml2rfc draft-nennemann-wimse-execution-context-cbor-00.xml --html
```

## Key Design Decisions

1. **UUIDs as 16-byte binary** instead of 36-byte hyphenated text (saves 20 bytes per UUID)
2. **`jti`/`cti` as unified token+task ID** — no separate `tid` claim (matching JWT draft)
3. **`pol`/`pol_decision` OPTIONAL** but must be paired (matching JWT draft)
4. **Integer claim keys** (300-316) instead of string claim names
5. **Structured hash arrays** `[alg_id, hash_bytes]` instead of `"algorithm:base64url"` strings
6. **Integer enumerations** for pol_decision (0/1/2) and regulated_domain (0/1/2)
7. **COSE_Sign1** (single signer) matching the JWT variant's JWS Compact Serialization model
8. **~2.8x size reduction** compared to JWT variant (~365 bytes vs ~1006 bytes for a typical ECT)

## Author

Christian Nennemann
Independent Researcher
ietf@nennemann.de