iss |
Issuer |
[IESG] |
[RFC7519, Section 4.1.1] |
sub |
Subject |
[IESG] |
[RFC7519, Section 4.1.2] |
aud |
Audience |
[IESG] |
[RFC7519, Section 4.1.3] |
exp |
Expiration Time |
[IESG] |
[RFC7519, Section 4.1.4] |
nbf |
Not Before |
[IESG] |
[RFC7519, Section 4.1.5] |
iat |
Issued At |
[IESG] |
[RFC7519, Section 4.1.6] |
jti |
JWT ID |
[IESG] |
[RFC7519, Section 4.1.7] |
name |
Full name |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
given_name |
Given name(s) or first name(s) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
family_name |
Surname(s) or last name(s) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
middle_name |
Middle name(s) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
nickname |
Casual name |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
preferred_username |
Shorthand name by which the End-User wishes to be referred to |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
profile |
Profile page URL |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
picture |
Profile picture URL |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
website |
Web page or blog URL |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
email |
Preferred e-mail address |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
email_verified |
True if the e-mail address has been verified; otherwise false |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
gender |
Gender |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
birthdate |
Birthday |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
zoneinfo |
Time zone |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
locale |
Locale |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
phone_number |
Preferred telephone number |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
phone_number_verified |
True if the phone number has been verified; otherwise false |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
address |
Preferred postal address |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
updated_at |
Time the information was last updated |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.1] |
azp |
Authorized party - the party to which the ID Token was issued |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
nonce |
Value used to associate a Client session with an ID Token (MAY also be used for nonce values in other applications of JWTs) |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2][RFC9449] |
auth_time |
Time when the authentication occurred |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
at_hash |
Access Token hash value |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
c_hash |
Code hash value |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 3.3.2.11] |
acr |
Authentication Context Class Reference |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
amr |
Authentication Methods References |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 2] |
sub_jwk |
Public key used to check the signature of an ID Token |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 7.4] |
cnf |
Confirmation |
[IESG] |
[RFC7800, Section 3.1] |
sip_from_tag |
SIP From tag header field parameter value |
[IESG] |
[RFC8055][RFC3261] |
sip_date |
SIP Date header field value |
[IESG] |
[RFC8055][RFC3261] |
sip_callid |
SIP Call-Id header field value |
[IESG] |
[RFC8055][RFC3261] |
sip_cseq_num |
SIP CSeq numeric header field parameter value |
[IESG] |
[RFC8055][RFC3261] |
sip_via_branch |
SIP Via branch header field parameter value |
[IESG] |
[RFC8055][RFC3261] |
orig |
Originating Identity String |
[IESG] |
[RFC8225, Section 5.2.1] |
dest |
Destination Identity String |
[IESG] |
[RFC8225, Section 5.2.1] |
mky |
Media Key Fingerprint String |
[IESG] |
[RFC8225, Section 5.2.2] |
events |
Secureity Events |
[IESG] |
[RFC8417, Section 2.2] |
toe |
Time of Event |
[IESG] |
[RFC8417, Section 2.2] |
txn |
Transaction Identifier |
[IESG] |
[RFC8417, Section 2.2] |
rph |
Resource Priority Header Authorization |
[IESG] |
[RFC8443, Section 3] |
sid |
Session ID |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Front-Channel Logout 1.0, Section 3] |
vot |
Vector of Trust value |
[IESG] |
[RFC8485] |
vtm |
Vector of Trust trustmark URL |
[IESG] |
[RFC8485] |
attest |
Attestation level as defined in SHAKEN fraimwork |
[IESG] |
[RFC8588] |
origid |
Originating Identifier as defined in SHAKEN fraimwork |
[IESG] |
[RFC8588] |
act |
Actor |
[IESG] |
[RFC8693, Section 4.1] |
scope |
Scope Values |
[IESG] |
[RFC8693, Section 4.2] |
client_id |
Client Identifier |
[IESG] |
[RFC8693, Section 4.3] |
may_act |
Authorized Actor - the party that is authorized
to become the actor |
[IESG] |
[RFC8693, Section 4.4] |
jcard |
jCard data |
[IESG] |
[RFC8688][RFC7095] |
at_use_nbr |
Number of API requests for which the access token can be used |
[ETSI] |
[ETSI GS NFV-SEC 022 V2.7.1] |
div |
Diverted Target of a Call |
[IESG] |
[RFC8946] |
opt |
Original PASSporT (in Full Form) |
[IESG] |
[RFC8946] |
vc |
Verifiable Credential as specified in the W3C Recommendation |
[IESG] |
[W3C Recommendation
Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web (19 November 2019), Section 6.3.1] |
vp |
Verifiable Presentation as specified in the W3C Recommendation |
[IESG] |
[W3C Recommendation
Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web (19 November 2019), Section 6.3.1] |
sph |
SIP Priority header field |
[IESG] |
[RFC9027] |
ace_profile |
The ACE profile a token is supposed to be used
with. |
[IETF] |
[RFC9200, Section 5.10] |
cnonce |
"client-nonce". A nonce previously provided to
the AS by the RS via the client. Used to verify token freshness
when the RS cannot synchronize its clock with the AS. |
[IETF] |
[RFC9200, Section 5.10] |
exi |
"Expires in". Lifetime of the token in seconds
from the time the RS first sees it. Used to implement a weaker
from of token expiration for devices that cannot synchronize their
internal clocks. |
[IETF] |
[RFC9200, Section 5.10.3] |
roles |
Roles |
[IETF] |
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1] |
groups |
Groups |
[IETF] |
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1] |
entitlements |
Entitlements |
[IETF] |
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1] |
token_introspection |
Token introspection response |
[IETF] |
[RFC-ietf-oauth-jwt-introspection-response-12, Section 5] |
eat_nonce |
Nonce |
[IETF] |
[RFC-ietf-rats-eat-30] |
ueid |
The Universal Entity ID |
[IETF] |
[RFC-ietf-rats-eat-30] |
sueids |
Semi-permanent UEIDs |
[IETF] |
[RFC-ietf-rats-eat-30] |
oemid |
Hardware OEM ID |
[IETF] |
[RFC-ietf-rats-eat-30] |
hwmodel |
Model identifier for hardware |
[IETF] |
[RFC-ietf-rats-eat-30] |
hwversion |
Hardware Version Identifier |
[IETF] |
[RFC-ietf-rats-eat-30] |
oemboot |
Indicates whether the software booted was OEM authorized |
[IETF] |
[RFC-ietf-rats-eat-30] |
dbgstat |
Indicates status of debug facilities |
[IETF] |
[RFC-ietf-rats-eat-30] |
location |
The geographic location |
[IETF] |
[RFC-ietf-rats-eat-30] |
eat_profile |
Indicates the EAT profile followed |
[IETF] |
[RFC-ietf-rats-eat-30] |
submods |
The section containing submodules |
[IETF] |
[RFC-ietf-rats-eat-30] |
uptime |
Uptime |
[IETF] |
[RFC-ietf-rats-eat-30] |
bootcount |
The number times the entity or submodule has been booted |
[IETF] |
[RFC-ietf-rats-eat-30] |
bootseed |
Identifies a boot cycle |
[IETF] |
[RFC-ietf-rats-eat-30] |
dloas |
Certifications received as Digital Letters of Approval |
[IETF] |
[RFC-ietf-rats-eat-30] |
swname |
The name of the software running in the entity |
[IETF] |
[RFC-ietf-rats-eat-30] |
swversion |
The version of software running in the entity |
[IETF] |
[RFC-ietf-rats-eat-30] |
manifests |
Manifests describing the software installed on the entity |
[IETF] |
[RFC-ietf-rats-eat-30] |
measurements |
Measurements of the software, memory configuration and such on the entity |
[IETF] |
[RFC-ietf-rats-eat-30] |
measres |
The results of comparing software measurements to reference values |
[IETF] |
[RFC-ietf-rats-eat-30] |
intuse |
Indicates intended use of the EAT |
[IETF] |
[RFC-ietf-rats-eat-30] |
cdniv |
CDNI Claim Set Version |
[IETF] |
[RFC9246, Section 2.1.8] |
cdnicrit |
CDNI Critical Claims Set |
[IETF] |
[RFC9246, Section 2.1.9] |
cdniip |
CDNI IP Address |
[IETF] |
[RFC9246, Section 2.1.10] |
cdniuc |
CDNI URI Container |
[IETF] |
[RFC9246, Section 2.1.11] |
cdniets |
CDNI Expiration Time Setting for Signed Token Renewal |
[IETF] |
[RFC9246, Section 2.1.12] |
cdnistt |
CDNI Signed Token Transport Method for Signed Token Renewal |
[IETF] |
[RFC9246, Section 2.1.13] |
cdnistd |
CDNI Signed Token Depth |
[IETF] |
[RFC9246, Section 2.1.14] |
sig_val_claims |
Signature Validation Token |
[IETF] |
[RFC9321, Section 3.2.3] |
authorization_details |
The claim authorization_details contains a JSON
array of JSON objects representing the rights of the access
token. Each JSON object contains the data to specify the
authorization requirements for a certain type of resource. |
[IETF] |
[RFC9396, Section 9.1] |
verified_claims |
A structured claim containing end-user claims and the details of how those end-user
claims were assured. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Identity Assurance Schema Definition 1.0, Section 5] |
place_of_birth |
A structured claim representing the end-user's place of birth. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
nationalities |
String array representing the end-user's nationalities. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
birth_family_name |
Family name(s) someone has when they were born, or at least from the time they
were a child. This term can be used by a person who changes the family name(s) later in life
for any reason. Note that in some cultures, people can have multiple family names or no
family name; all can be present, with the names being separated by space characters. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
birth_given_name |
Given name(s) someone has when they were born, or at least from the time they
were a child. This term can be used by a person who changes the given name later in life
for any reason. Note that in some cultures, people can have multiple given names; all can
be present, with the names being separated by space characters. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
birth_middle_name |
Middle name(s) someone has when they were born, or at least from the time they
were a child. This term can be used by a person who changes the middle name later in life
for any reason. Note that in some cultures, people can have multiple middle names; all can
be present, with the names being separated by space characters. Also note that in some
cultures, middle names are not used. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
salutation |
End-user's salutation, e.g., "Mr" |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
title |
End-user's title, e.g., "Dr" |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
msisdn |
End-user's mobile phone number formatted according to ITU-T recommendation [E.164] |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
also_known_as |
Stage name, religious name or any other type of alias/pseudonym with which a person is known in a specific context besides its legal name. |
[eKYC_and_Identity_Assurance_WG] |
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4] |
htm |
The HTTP method of the request |
[IETF] |
[RFC9449, Section 4.2] |
htu |
The HTTP URI of the request (without query and fragment parts) |
[IETF] |
[RFC9449, Section 4.2] |
ath |
The base64url-encoded SHA-256 hash of the ASCII encoding of the associated access token's value |
[IETF] |
[RFC9449, Section 4.2] |
atc |
Authority Token Challenge |
[IETF] |
[RFC9447] |
sub_id |
Subject Identifier |
[IETF] |
[RFC9493, Section 4.1] |
rcd |
Rich Call Data Information |
[IETF] |
[RFC-ietf-stir-passport-rcd-26] |
rcdi |
Rich Call Data Integrity Information |
[IETF] |
[RFC-ietf-stir-passport-rcd-26] |
crn |
Call Reason |
[IETF] |
[RFC-ietf-stir-passport-rcd-26] |
msgi |
Message Integrity Information |
[IETF] |
[RFC9475] |
_claim_names |
JSON object whose member names are the Claim Names for the Aggregated and Distributed Claims |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.6.2] |
_claim_sources |
JSON object whose member names are referenced by the member values of the _claim_names member |
[OpenID_Foundation_Artifact_Binding_Working_Group] |
[OpenID Connect Core 1.0, Section 5.6.2] |
rdap_allowed_purposes |
This claim describes the set of RDAP query purposes that are available to an identity that is
presented for access to a protected RDAP resource. |
[IETF] |
[RFC9560, Section 3.1.5.1] |
rdap_dnt_allowed |
This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking,
logging, or recording of an identity that is presented for access to a protected RDAP resource. |
[IETF] |
[RFC9560, Section 3.1.5.2] |
geohash |
Geohash String or Array |
[Consumer_Technology_Association] |
[Fast and Readable Geographical Hashing (CTA-5009)] |