| iss |
Issuer |
[IESG] |
[RFC7519, Section 4.1.1] |
| sub |
Subject |
[IESG] |
[RFC7519, Section 4.1.2] |
| aud |
Audience |
[IESG] |
[RFC7519, Section 4.1.3] |
| exp |
Expiration Time |
[IESG] |
[RFC7519, Section 4.1.4] |
| nbf |
Not Before |
[IESG] |
[RFC7519, Section 4.1.5] |
| iat |
Issued At |
[IESG] |
[RFC7519, Section 4.1.6] |
| jti |
JWT ID |
[IESG] |
[RFC7519, Section 4.1.7] |
| name |
Full name |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| given_name |
Given name(s) or first name(s) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| family_name |
Surname(s) or last name(s) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| middle_name |
Middle name(s) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| nickname |
Casual name |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| preferred_username |
Shorthand name by which the End-User wishes to be referred to |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| profile |
Profile page URL |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| picture |
Profile picture URL |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| website |
Web page or blog URL |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| email |
Preferred e-mail address |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| email_verified |
True if the e-mail address has been verified; otherwise false |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| gender |
Gender |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| birthdate |
Birthday |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| zoneinfo |
Time zone |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| locale |
Locale |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| phone_number |
Preferred telephone number |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| phone_number_verified |
True if the phone number has been verified; otherwise false |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| address |
Preferred postal address |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| updated_at |
Time the information was last updated |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
| azp |
Authorized party - the party to which the ID Token was issued |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
| nonce |
Value used to associate a Client session with an ID Token (MAY also be used for nonce values in other applications of JWTs) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2][RFC9449] |
| auth_time |
Time when the authentication occurred |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
| at_hash |
Access Token hash value |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
| c_hash |
Code hash value |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 3.3.2.11] |
| acr |
Authentication Context Class Reference |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
| amr |
Authentication Methods References |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
| sub_jwk |
Public key used to check the signature of an ID Token |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 7.4] |
| cnf |
Confirmation |
[IESG] |
[RFC7800, Section 3.1] |
| sip_from_tag |
SIP From tag header field parameter value |
[IESG] |
[RFC8055][RFC3261] |
| sip_date |
SIP Date header field value |
[IESG] |
[RFC8055][RFC3261] |
| sip_callid |
SIP Call-Id header field value |
[IESG] |
[RFC8055][RFC3261] |
| sip_cseq_num |
SIP CSeq numeric header field parameter value |
[IESG] |
[RFC8055][RFC3261] |
| sip_via_branch |
SIP Via branch header field parameter value |
[IESG] |
[RFC8055][RFC3261] |
| orig |
Originating Identity String |
[IESG] |
[RFC8225, Section 5.2.1] |
| dest |
Destination Identity String |
[IESG] |
[RFC8225, Section 5.2.1] |
| mky |
Media Key Fingerprint String |
[IESG] |
[RFC8225, Section 5.2.2] |
| events |
Security Events |
[IESG] |
[RFC8417, Section 2.2] |
| toe |
Time of Event |
[IESG] |
[RFC8417, Section 2.2] |
| txn |
Transaction Identifier |
[IESG] |
[RFC8417, Section 2.2] |
| rph |
Resource Priority Header Authorization |
[IESG] |
[RFC8443, Section 3] |
| sid |
Session ID |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Front-Channel Logout 1.0, Section 3] |
| vot |
Vector of Trust value |
[IESG] |
[RFC8485] |
| vtm |
Vector of Trust trustmark URL |
[IESG] |
[RFC8485] |
| attest |
Attestation level as defined in SHAKEN framework |
[IESG] |
[RFC8588] |
| origid |
Originating Identifier as defined in SHAKEN framework |
[IESG] |
[RFC8588] |
| act |
Actor |
[IESG] |
[RFC8693, Section 4.1] |
| scope |
Scope Values |
[IESG] |
[RFC8693, Section 4.2] |
| client_id |
Client Identifier |
[IESG] |
[RFC8693, Section 4.3] |
| may_act |
Authorized Actor - the party that is authorized
to become the actor |
[IESG] |
[RFC8693, Section 4.4] |
| jcard |
jCard data |
[IESG] |
[RFC8688][RFC7095] |
| at_use_nbr |
Number of API requests for which the access token can be used |
[ETSI] |
[ETSI GS NFV-SEC 022 V2.7.1] |
| div |
Diverted Target of a Call |
[IESG] |
[RFC8946] |
| opt |
Original PASSporT (in Full Form) |
[IESG] |
[RFC8946] |
| vc |
Verifiable Credential as specified in the W3C Recommendation |
[IESG] |
[W3C Recommendation
Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web (19 November 2019), Section 6.3.1] |
| vp |
Verifiable Presentation as specified in the W3C Recommendation |
[IESG] |
[W3C Recommendation
Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web (19 November 2019), Section 6.3.1] |
| sph |
SIP Priority header field |
[IESG] |
[RFC9027] |
| ace_profile |
The ACE profile a token is supposed to be used
with. |
[IETF] |
[RFC9200, Section 5.10] |
| cnonce |
"client-nonce". A nonce previously provided to
the AS by the RS via the client. Used to verify token freshness
when the RS cannot synchronize its clock with the AS. |
[IETF] |
[RFC9200, Section 5.10] |
| exi |
"Expires in". Lifetime of the token in seconds
from the time the RS first sees it. Used to implement a weaker
from of token expiration for devices that cannot synchronize their
internal clocks. |
[IETF] |
[RFC9200, Section 5.10.3] |
| roles |
Roles |
[IETF] |
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1] |
| groups |
Groups |
[IETF] |
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1] |
| entitlements |
Entitlements |
[IETF] |
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1] |
| token_introspection |
Token introspection response |
[IETF] |
[RFC-ietf-oauth-jwt-introspection-response-12, Section 5] |
| eat_nonce |
Nonce |
[IETF] |
[RFC-ietf-rats-eat-25] |
| ueid |
The Universal Entity ID |
[IETF] |
[RFC-ietf-rats-eat-25] |
| sueids |
Semi-permanent UEIDs |
[IETF] |
[RFC-ietf-rats-eat-25] |
| oemid |
Hardware OEM ID |
[IETF] |
[RFC-ietf-rats-eat-25] |
| hwmodel |
Model identifier for hardware |
[IETF] |
[RFC-ietf-rats-eat-25] |
| hwversion |
Hardware Version Identifier |
[IETF] |
[RFC-ietf-rats-eat-25] |
| oemboot |
Indicates whether the software booted was OEM authorized |
[IETF] |
[RFC-ietf-rats-eat-25] |
| dbgstat |
Indicates status of debug facilities |
[IETF] |
[RFC-ietf-rats-eat-25] |
| location |
The geographic location |
[IETF] |
[RFC-ietf-rats-eat-25] |
| eat_profile |
Indicates the EAT profile followed |
[IETF] |
[RFC-ietf-rats-eat-25] |
| submods |
The section containing submodules |
[IETF] |
[RFC-ietf-rats-eat-25] |
| uptime |
Uptime |
[IETF] |
[RFC-ietf-rats-eat-25] |
| bootcount |
The number times the entity or submodule has been booted |
[IETF] |
[RFC-ietf-rats-eat-25] |
| bootseed |
Identifies a boot cycle |
[IETF] |
[RFC-ietf-rats-eat-25] |
| dloas |
Certifications received as Digital Letters of Approval |
[IETF] |
[RFC-ietf-rats-eat-25] |
| swname |
The name of the software running in the entity |
[IETF] |
[RFC-ietf-rats-eat-25] |
| swversion |
The version of software running in the entity |
[IETF] |
[RFC-ietf-rats-eat-25] |
| manifests |
Manifests describing the software installed on the entity |
[IETF] |
[RFC-ietf-rats-eat-25] |
| measurements |
Measurements of the software, memory configuration and such on the entity |
[IETF] |
[RFC-ietf-rats-eat-25] |
| measres |
The results of comparing software measurements to reference values |
[IETF] |
[RFC-ietf-rats-eat-25] |
| intuse |
Indicates intended use of the EAT |
[IETF] |
[RFC-ietf-rats-eat-25] |
| cdniv |
CDNI Claim Set Version |
[IETF] |
[RFC9246, Section 2.1.8] |
| cdnicrit |
CDNI Critical Claims Set |
[IETF] |
[RFC9246, Section 2.1.9] |
| cdniip |
CDNI IP Address |
[IETF] |
[RFC9246, Section 2.1.10] |
| cdniuc |
CDNI URI Container |
[IETF] |
[RFC9246, Section 2.1.11] |
| cdniets |
CDNI Expiration Time Setting for Signed Token Renewal |
[IETF] |
[RFC9246, Section 2.1.12] |
| cdnistt |
CDNI Signed Token Transport Method for Signed Token Renewal |
[IETF] |
[RFC9246, Section 2.1.13] |
| cdnistd |
CDNI Signed Token Depth |
[IETF] |
[RFC9246, Section 2.1.14] |
| sig_val_claims |
Signature Validation Token |
[IETF] |
[RFC9321, Section 3.2.3] |
| authorization_details |
The claim authorization_details contains a JSON
array of JSON objects representing the rights of the access
token. Each JSON object contains the data to specify the
authorization requirements for a certain type of resource. |
[IETF] |
[RFC9396, Section 9.1] |
| verified_claims |
This container Claim is composed of the verification evidence related to a
certain verification process and the corresponding Claims about the End-User which were
verified in this process. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 5] |
| place_of_birth |
A structured Claim representing the End-User's place of birth. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| nationalities |
String array representing the End-User's nationalities. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| birth_family_name |
Family name(s) someone has when they were born, or at least from the time they
were a child. This term can be used by a person who changes the family name(s) later in life
for any reason. Note that in some cultures, people can have multiple family names or no
family name; all can be present, with the names being separated by space characters. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| birth_given_name |
Given name(s) someone has when they were born, or at least from the time they
were a child. This term can be used by a person who changes the given name later in life
for any reason. Note that in some cultures, people can have multiple given names; all can
be present, with the names being separated by space characters. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| birth_middle_name |
Middle name(s) someone has when they were born, or at least from the time they
were a child. This term can be used by a person who changes the middle name later in life
for any reason. Note that in some cultures, people can have multiple middle names; all can
be present, with the names being separated by space characters. Also note that in some
cultures, middle names are not used. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| salutation |
End-User's salutation, e.g., "Mr." |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| title |
End-User's title, e.g., "Dr." |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| msisdn |
End-User's mobile phone number formatted according to ITU-T recommendation [E.164] |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| also_known_as |
Stage name, religious name or any other type of alias/pseudonym with which a
person is known in a specific context besides its legal name. This must be part of the
applicable legislation and thus the trust framework (e.g., be an attribute on the
identity card). |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance 1.0, Section 4] |
| htm |
The HTTP method of the request |
[IETF] |
[RFC9449, Section 4.2] |
| htu |
The HTTP URI of the request (without query and fragment parts) |
[IETF] |
[RFC9449, Section 4.2] |
| ath |
The base64url-encoded SHA-256 hash of the ASCII encoding of the associated access token's value |
[IETF] |
[RFC9449, Section 4.2] |
| atc |
Authority Token Challenge |
[IETF] |
[RFC9447] |
| sub_id |
Subject Identifier |
[IETF] |
[RFC9493, Section 4.1] |
| rcd |
Rich Call Data Information |
[IETF] |
[RFC-ietf-stir-passport-rcd-26] |
| rcdi |
Rich Call Data Integrity Information |
[IETF] |
[RFC-ietf-stir-passport-rcd-26] |
| crn |
Call Reason |
[IETF] |
[RFC-ietf-stir-passport-rcd-26] |
| msgi |
Message Integrity Information |
[IETF] |
[RFC9475] |
| _claim_names |
JSON object whose member names are the Claim Names for the Aggregated and Distributed Claims |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.6.2] |
| _claim_sources |
JSON object whose member names are referenced by the member values of the _claim_names member |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.6.2] |
| rdap_allowed_purposes |
This claim describes the set of RDAP query purposes that are available to an identity that is
presented for access to a protected RDAP resource. |
[IETF] |
[RFC-ietf-regext-rdap-openid-27, Section 3.1.5.1] |
| rdap_dnt_allowed |
This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking,
logging, or recording of an identity that is presented for access to a protected RDAP resource. |
[IETF] |
[RFC-ietf-regext-rdap-openid-27, Section 3.1.5.2] |
| geohash |
Geohash String or Array |
[Consumer_Technology_Association] |
[Fast and Readable Geographical Hashing (CTA-5009)] |
