[Openid-specs-ab] JSON Web Key (JWK) draft -01

Mike Jones Michael.Jones at microsoft.com
Tue Jul 26 14:47:20 UTC 2011

This is only scoped for representing public keys.  Per abstract, “A JSON Web Key (JWK) is a JSON data structure that represents a set of public keys.”  We could decide to change that, but that’s what the spec is for, at present.  We can have a discussion about which of the other attributes may be needed for what use cases.

                                                            -- Mike

From: Anthony Nadalin
Sent: Tuesday, July 26, 2011 6:45 AM
To: Mike Jones; openid-specs-ab at lists.openid.net
Cc: John Panzer; Brian Eaton; 蔡健
Subject: RE: JSON Web Key (JWK) draft -01

On ECDSA keys, there is a difference between the public and private keys, this should be noted in the structure as noted in [X9-63], [SP800-56A].

The RSA key structure seems to be only for public keys but does not actually say that and also not sure that we only need public keys, should be supportive of public and private

The key structure is also lacking as it should contain the following:
Key Format Type
Key compression type
Key Value
Crypto Alg
Crypto Length
Key Wrapping Data (if we want to support these methods)

The key format type should contain:
Key Material
Various Attributes

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Monday, July 25, 2011 9:09 PM
To: openid-specs-ab at lists.openid.net
Cc: John Panzer; Brian Eaton; 蔡健
Subject: [Openid-specs-ab] JSON Web Key (JWK) draft -01

I’ve published JSON Web Key (JWK)<http://self-issued.info/docs/draft-jones-json-web-key.html> draft -01<http://self-issued.info/docs/draft-jones-json-web-key-01.html>. It contains the following changes:

*        Changed “algorithm” member value for Elliptic Curve keys from “ECDSA” to “EC”, since Elliptic Curve keys can be used with more algorithms than just the Elliptic Curve Digital Signature Algorithm (ECDSA).

*        Added OPTIONAL “use” member to identify intended key usage, especially since the same Elliptic Curve key should not be used for both signing and encryption operations.

The specification is available at these locations:

*        http://www.ietf.org/internet-drafts/draft-jones-json-web-key-01.txt

*        http://www.ietf.org/internet-drafts/draft-jones-json-web-key-01.xml

*        http://self-issued.info/docs/draft-jones-json-web-key-01.html

*        http://self-issued.info/docs/draft-jones-json-web-key-01.txt

*        http://self-issued.info/docs/draft-jones-json-web-key-01.xml

*        http://self-issued.info/docs/draft-jones-json-web-key.html (will point to new versions as they are posted)

*        http://self-issued.info/docs/draft-jones-json-web-key.txt (will point to new versions as they are posted)

*        http://self-issued.info/docs/draft-jones-json-web-key.xml (will point to new versions as they are posted)

*        http://svn.openid.net/repos/specifications/json_web_key/1.0/ (Subversion repository, with html, txt, and html versions available)

The need for this change was identified while writing the JSON Web Encryption (JWE) draft.

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110726/b36d1f2d/attachment-0001.html>

More information about the Openid-specs-ab mailing list