Christian Nennemann
ea188f1c22
Companion I-D to draft-nennemann-wimse-execution-context defining ECT semantics mapped to CBOR encoding, COSE_Sign1 signing, and CWT claims for constrained devices and non-HTTP transports (CoAP, MQTT, raw binary). Aligned with JWT draft changes: jti/cti as unified token+task ID (no separate tid), pol/pol_decision optional but paired. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
64 lines
2.5 KiB
Markdown
64 lines
2.5 KiB
Markdown
# CBOR Serialization of Execution Context Tokens (ECT-CBOR)
|
|
|
|
**draft-nennemann-wimse-execution-context-cbor-00**
|
|
|
|
This Internet-Draft defines a CBOR/COSE/CWT serialization of Execution Context Tokens (ECTs) for the WIMSE working group.
|
|
|
|
## Relationship to the JWT Draft
|
|
|
|
This document is a **companion** to [draft-nennemann-wimse-execution-context](https://datatracker.ietf.org/doc/draft-nennemann-wimse-execution-context/), which defines the full ECT semantics using JSON/JOSE/JWT serialization.
|
|
|
|
- **JWT draft**: Normative semantic definition (claims, DAG validation, verification, operational modes, security model)
|
|
- **CBOR draft** (this document): CBOR/COSE/CWT serialization mapping, constrained-environment transports (CoAP, MQTT, raw binary)
|
|
|
|
The two drafts are designed for **independent adoption**: a deployment uses one or the other (or both in mixed-format mode), not both simultaneously for the same token.
|
|
|
|
## Files
|
|
|
|
| File | Description |
|
|
|------|-------------|
|
|
| `draft-nennemann-wimse-execution-context-cbor-00.md` | The complete Internet-Draft in kramdown-rfc format |
|
|
| `claim-mapping.md` | Standalone claim mapping reference table |
|
|
| `README.md` | This file |
|
|
|
|
## Building
|
|
|
|
### Prerequisites
|
|
|
|
- [kramdown-rfc](https://github.com/cabo/kramdown-rfc) (Ruby gem)
|
|
- [xml2rfc](https://xml2rfc.tools.ietf.org/) (Python package)
|
|
|
|
### Build Commands
|
|
|
|
```bash
|
|
# Install tools (if not already installed)
|
|
gem install kramdown-rfc
|
|
pip install xml2rfc
|
|
|
|
# Generate XML from kramdown
|
|
kramdown-rfc2629 draft-nennemann-wimse-execution-context-cbor-00.md > draft-nennemann-wimse-execution-context-cbor-00.xml
|
|
|
|
# Generate text output
|
|
xml2rfc draft-nennemann-wimse-execution-context-cbor-00.xml --text
|
|
|
|
# Generate HTML output
|
|
xml2rfc draft-nennemann-wimse-execution-context-cbor-00.xml --html
|
|
```
|
|
|
|
## Key Design Decisions
|
|
|
|
1. **UUIDs as 16-byte binary** instead of 36-byte hyphenated text (saves 20 bytes per UUID)
|
|
2. **`jti`/`cti` as unified token+task ID** — no separate `tid` claim (matching JWT draft)
|
|
3. **`pol`/`pol_decision` OPTIONAL** but must be paired (matching JWT draft)
|
|
4. **Integer claim keys** (300-316) instead of string claim names
|
|
5. **Structured hash arrays** `[alg_id, hash_bytes]` instead of `"algorithm:base64url"` strings
|
|
6. **Integer enumerations** for pol_decision (0/1/2) and regulated_domain (0/1/2)
|
|
7. **COSE_Sign1** (single signer) matching the JWT variant's JWS Compact Serialization model
|
|
8. **~2.8x size reduction** compared to JWT variant (~365 bytes vs ~1006 bytes for a typical ECT)
|
|
|
|
## Author
|
|
|
|
Christian Nennemann
|
|
Independent Researcher
|
|
ietf@nennemann.de
|