...
the tokens are generated using
PS256- a secure assymetric algorithm that does not rely on shared secretsAdditiona Additional infrastructure setup is not required
The keys utilise standard JWS and JWKS which is widely supported in many programming languages
In the CBUAE context, the signing keys that are used are generated and managed by the OFTF
Key rotation is managed by the sending party. The receiving party uses a JWKS for verifying the JWS. The sender can rotate keys as often as they please!
The sender can decide on the validity period of the token based on their security posture
The standard specifies claims that bind the token to certificates with a specific
OUandDNin the underlying mutual TLS layer.
...