It took a long time.[1]JSON Web Signature (JWS) and JSON Web Token (JWT) are finally on the Standards Track[2]It became.RFC7515]and[RFC7519]is.
For those who don't know, JWS is a standard for digitally signing JSON. It's the JSON version of XML signatures. There are two types: JSON serialization and Compact serialization. There is Compact serialization.
JWT introduces some useful parameter names to this compact serialization JWS, making it possible to transmit login information and access permission information. It is mainly intended for use in RESTful systems, but of course it can be used in other cases as well. Both Google and Microsoft have already implemented it on a large scale. You are probably using it without even knowing it. However, they introduced it on a large scale before it became an RFC...and in the case of Google, it was included in Android, so if there were any changes, it would be a lot of work to update it...I admire their courage.
So, now that it has officially become an RFC, please feel free to use it.
[1] JSON Simple Sign was introduced in 2010, so it took five years... The IETF JOSE WG was established in November 5, so it's been a long time.
[2] There are three tracks for RFCs: Informational, Experimental, and Standard. Only the Standard Track is considered a "standard." Many of the most commonly cited RFCs are Informational, so be careful.
[RFC7515] http://www.rfc-editor.org/info/rfc7515
[RFC7519] http://www.rfc-editor.org/info/rfc7519