act
Registry Context
Identifies the current actor in a delegation and has the same semantics and format as the JWT claim of the same name.
Technical Summary
`act` is a JSON object containing claims that identify, and may provide additional information about, the actor. Nested `act` objects represent prior actors in the delegation history.
When Used
When a token introspection response reports the current actor in a delegation.
Normative Requirements
token consumer
RFC 8693 - Section 4.1
Consider only the token's top-level claims and the party identified as the current actor by `act` when applying access-control policy..
Condition: When applying access-control policy to a token containing an `act` claim.
The consumer of a token MUST only consider the token's top-level claims and the party identified as the current actor by the act claim.
Validation Guidance
Verify that `act` is a JSON object whose members are claims identifying or providing additional information about the actor.
Verify that access-control decisions consider only top-level token claims and the current actor identified by the outermost `act`; nested prior actors must not influence those decisions.
Do not interpret non-identity claims such as `exp`, `nbf`, or `aud` within `act` as affecting the validity of the containing token.
Security Notes
RFC 8693 - Section 4.1
Nested `act` claims identify prior actors and provide delegation history; they are informational only and are not considered in access-control decisions.
RFC 8693 - Section 4.1
Claims inside `act` pertain only to actor identity. Non-identity claims such as `exp`, `nbf`, and `aud` are not meaningful there and are not used.
Reference
Details
- Entry Id
act- Name
act- Description
Actor- Change Controller
IESG- Reference
RFC8693 - Section 4.1