| Internet-Draft | Registries for Credential Exchange | December 2025 |
| Hinton & Léveillé | Expires 25 June 2026 | [Page] |
This specification defines IANA registries for Fido Alliance Credential Exchange Format (CXF) credential types and extension identifiers.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://Credential-Provider-SIG.github.io/Credential-Exchange-IANA/draft-hinton-credential-exchange.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-hinton-credential-exchange/.¶
Source for this draft and an issue tracker can be found at https://github.com/Credential-Provider-SIG/Credential-Exchange-IANA.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 25 June 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The FIDO Alliance’s credential exchange specifications define a standard format for transferring all types of credentials in a credential manager including passwords, passkeys and more in a manner that is secure by default.¶
This specification establishes IANA registries for the Credential Exchange Format [CredentialExchangeFormat] credential types and extension identifiers. The initial values for these registries are in the IANA Considerations section of the [CredentialExchangeFormat] specification.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This specification establishes two registries:¶
The "Credential Exchange Credential Type Identifiers" registry (see Section 2.1)¶
The "Credential Exchange Extension Identifiers" registry (see Section 2.2)¶
Any additional processes established by the expert(s) after the publication of this document will be recorded on the registry web page at the discretion of the expert(s).¶
Credential Exchange Format credential type identifiers are JSON compatible strings defined in "Credential Types Registry". Credential type identifiers MUST be unique across all registered credential type identifiers.¶
Credential Exchange Format credential type identifiers are registered using the Specification Required policy (see Section 4.6 of [RFC8126]).¶
The "Credential Exchange Format Credential Type Identifiers" registry is located at https://www.iana.org/assignments/credential-exchange.¶
Registration requests consist of at least the following information:¶
An identifier meeting the requirements given in Section 2.1.¶
A short description of the credential type.¶
A "Y" or "N" value indicating whether the credential type requires an additional payload outside of the Credential Exchange Format JSON document.¶
Reference to the document or documents that specify the credential type.¶
Registrations MUST reference a freely available, stable specification, e.g., as described in Section 4.6 of [RFC8126]. This specification MUST include security and privacy considerations relevant to the credential type.¶
As noted in Section 2.1.1, Credential Exchange Format credential type identifiers are registered using the Specification Required policy.¶
The values listed in the "Credential Types Registry" section of the [CredentialExchangeFormat] specification will be used to populate the initial values in the registry. The Change Controller entry for each of those registrations is:¶
Fido Alliance Technical Working Group (todo: email)¶
Credential Exchange Format extension identifiers are JSON compatible strings defined in "Extension Registry". Extension identifiers MUST be unique across all registered extension identifiers.¶
Credential Exchange Format extension identifiers are registered using the Specification Required policy (see Section 4.6 of [RFC8126]).¶
The "Credential Exchange Format Extension Identifiers" registry is located at https://www.iana.org/assignments/credential-exchange.¶
Registration requests consist of at least the following information:¶
An identifier meeting the requirements given in Section 2.1.¶
A short description of the credential type.¶
A "Y" or "N" value indicating whether the credential type requires an additional payload outside of the Credential Exchange Format JSON document.¶
Reference to the document or documents that specify the credential type.¶
Registrations MUST reference a freely available, stable specification, e.g., as described in Section 4.6 of [RFC8126]. This specification MUST include security and privacy considerations relevant to the extension.¶
As noted in Section 2.2.1, Credential Exchange Format extension identifiers are registered using the Specification Required policy.¶
The values listed in the "Extension Registry" section of the [CredentialExchangeFormat] specification will be used to populate the initial values in the registry. The Change Controller entry for each of those registrations is:¶
Fido Alliance Technical Working Group (todo: email)¶
See [CredentialExchangeFormat] for relevant security considerations.¶