[Openid-specs-ab] FW: JSON Web Token (JWT) Specification Draft -10

[Mike Jones]

From: Mike Jones
Sent: Saturday, May 12, 2012 5:19 PM
To: oauth at ietf.org
Subject: JSON Web Token (JWT) Specification Draft -10

Draft -10<http://self-issued.info/docs/draft-jones-json-web-token-10.html> of the JSON Web Token (JWT)<http://self-issued.info/docs/draft-jones-json-web-token.html> specification has been published.  It uses the -02 versions of the JOSE specifications and contains parallel editorial changes to those applied to the JOSE specs.  Changes were:

  *   Clarified the relationship between typ header parameter values, typ claim values, and MIME types.
  *   Clarified that JWTs with duplicate Header Parameter Names or Duplicate Claim names MUST be rejected.
  *   Required implementation of AES-128-KW and AES-256-KW when the implementation provides encryption capabilities.
  *   Registered "JWT" typ header parameter value.
  *   Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs) unless in a context specific to HMAC algorithms.
  *   Reformatted to give each claim definition and header parameter its own section heading.

The specification is available at:

*        http://tools.ietf.org/html/draft-jones-json-web-token-10

An HTML formatted version is available at:

*        http://self-issued.info/docs/draft-jones-json-web-token-10.html

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120513/0bc3d64f/attachment.html>