[Openid-specs-ab] FW: Pre-IETF 84 versions of JOSE and JWT specifications

Mike Jones Michael.Jones at microsoft.com
Tue Jul 17 01:49:26 UTC 2012 

Also blogged about this at http://self-issued.info/?p=791.

From: jose-bounces at ietf.org [mailto:jose-bounces at ietf.org] On Behalf Of Mike Jones
Sent: Monday, July 16, 2012 6:48 PM
To: jose at ietf.org
Subject: [jose] Pre-IETF 84 versions of JOSE and JWT specifications

I’ve made a minor release of the JSON WEB {Signature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT) working group specifications and the JWS and JWE JSON Serialization (JWS-JS, JWE-JS) individual submission specifications in preparation for IETF 84 in Vancouver, BC<http://www.ietf.org/meeting/84/index.html>.  These versions incorporate feedback from working group members since the major release on July 6th<http://self-issued.info/?p=759>, and update the lists of open issues in preparation for discussions in Vancouver (and on the working group mailing lists).

One significant addition is that the JWT and JWE-JS specs both now contain complete, testable examples with encrypted results.  No normative changes were made.

The working group specifications are available at:

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04

·        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

The individual submission specifications are available at:

·        http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01

·        http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01

The document history entries (also in the specifications) are as follows:

http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04

  *   Completed JSON Security Considerations section, including considerations about rejecting input with duplicate member names.
  *   Completed security considerations on the use of a SHA-1 hash when computing x5t (x.509 certificate thumbprint) values.
  *   Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
  *   Normatively reference XML DSIG 2.0 [W3C.CR‑xmldsig‑core2‑20120124] for its security considerations.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Reference draft-jones-jose-jws-json-serialization instead of draft-jones-json-web-signature-json-serialization.
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04

  *   Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
  *   Normatively reference XML Encryption 1.1 [W3C.CR‑xmlenc‑core1‑20120313] for its security considerations.
  *   Reference draft-jones-jose-jwe-json-serialization instead of draft-jones-json-web-encryption-json-serialization.
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04

  *   Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
  *   Normatively reference XML DSIG 2.0 [W3C.CR‑xmldsig‑core2‑20120124] for its security considerations.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04

  *   Added text requiring that any leading zero bytes be retained in base64url encoded key value representations for fixed-length values.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

  *   Added an example of an encrypted JWT.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01

  *   Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs).

http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01

  *   Added a complete JWE-JS example.
  *   Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs).

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120717/b65cc75f/attachment.html>

More information about the Openid-specs-ab mailing list