I did OPS-DIR review for this document.
I think that from an OPS point of view the document is ready for publication.
I do not see any concerns for operations and/or network management.

I cannot say that I can follow all the example encodings
specifically the cpmpact ones.
I would probably have to study some of the referenced RFCS
in more detail before I can make sense out of them.

While I was at it, I found someNits and/or typos:

The abstract states:


                            The PASSporT token is cryptographically
   signed to protect the integrity of the identity the originator and to
   verify the assertion of the identity information at the destination.

s/the identity the originator/the identity of the originator/
Or so I think.

section 5.1.1 states:


                   As defined the "iat" should be set to the date and
   time of issuance of the JWT and MUST the origination of the personal
   communications.  The time value should be of the format defined in
   [RFC7519] Section 2 NumericDate.

Is that a correct sentence? or is the a verb missing around
   "the JWT and MUST the origination" ???

Section 5.2.2



5.2.2. "mky" - Media Key claim Why such a cryptic "mky". Why not "mkey" ?? I can live with it. I just wonder why we make it more 


cryptic than needed. Section 10.2 2nd bullet        In many applications, the end user represented by the asserted



      identity represents and signer may not be one in the same


I do/did not know the term "one in the same". I do know "one and the same". I guess other people may have the same knowledge as I do 


(as non native English speaker) Bert