0010235: Clarifications for JWT Issued User Identity Tokens

ID	Project	Category	View Status	Date Submitted	Last Update

0010235	10000-006: Mappings	Spec	public	2025-03-14 21:28	2025-03-15 15:57

Reporter	Matthias Damm	Assigned To	Randy Armstrong
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	assigned	Resolution	open
Product Version	1.05.04
Target Version	1.05.06 RC1

Summary	0010235: Clarifications for JWT Issued User Identity Tokens
Description	There are different issues reference of wrong RFCs JWT Access Token Claims are in the wrong chapter (OAuth2 and not in JWT) Mandatory claims for OPC UA must be defined / marked as mandatory - not used claims must be removed
Steps To Reproduce	The document with the comments and proposed changes can be found in Meetings > 2025 > 2025-03-11 F2F Foxboro > JWT_IssuedToken_Issues OPC 10000-6 - UA Specification Part 6 - Mappings 1.05.04_JWT_Issues.docx https://opcfoundation.sharepoint.com/:w:/r/sites/wg.UA/Shared%20Documents/sg.Core/Meetings/2025/2025-03-11%20F2F%20Foxboro/JWT_IssuedToken_Issues/OPC%2010000-6%20-%20UA%20Specification%20Part%206%20-%20Mappings%201.05.04_JWT_Issues.docx?d=wa7c5e95015e4478984034d3f789537c7&csf=1&web=1&e=5B1hvO
Tags	No tags attached.

Commit Version	1.05.06 RC1
Fix Due Date	2025-05-01

Date Modified	Username	Field	Change
2025-03-14 21:28	Matthias Damm	New Issue
2025-03-14 21:28	Matthias Damm	Status	new => assigned
2025-03-14 21:28	Matthias Damm	Assigned To	=> Randy Armstrong
2025-03-14 21:29	Matthias Damm	Relationship added	related to 0010234
2025-03-14 21:35	Matthias Damm	Relationship added	related to 0010236
2025-03-14 21:42	Matthias Damm	Relationship added	related to 0010237
2025-03-15 15:56	Jim Luth	Fix Due Date	=> 2025-05-01
2025-03-15 15:57	Jim Luth	Commit Version	=> 1.05.06 RC1

related to	0010234	assigned	Jeff Harding	10000-005: Information Model	ClientUserId creation rules for JWT tokens
related to	0010236	assigned	Matthias Damm	10000-018: Role-Based Security	Clarifications for JWT Issued User Identity Tokens
related to	0010237	assigned	Matthias Damm	10000-018: Role-Based Security	JWT 'sub' cannot be mapped to a Role