[Openid-specs-ab] SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs updated

Mike Jones Michael.Jones at microsoft.com
Wed Dec 14 15:33:45 UTC 2011


These changes produced versions of these specs that Connect depends upon that addressed all known issues that didn't require significant new functionality.  (For instance, they didn't add encryption-with-integrity operations to JWE.)  These versions should more than meet the needs of our Implementer's Drafts.

I'll update the references in the Connect specs to reference these spec versions after I get a bit of sleep now. :)

Talk to you in 5 hours...

                                                            -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Wednesday, December 14, 2011 7:26 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs updated

New versions of the SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs have been posted.  They address a number of comments received on the JOSE list and at the JOSE WG meeting in Taipei and make a number of clarifications, corrections, and editorial improvements.

The only breaking change made was to use short names in the JWK spec, as suggested during the WG meeting in Taipei, since JWK Key Object values are used as JWE Ephemeral Public Keys, and so compactness matters.  This also required corresponding changes in the JWE spec.

This checkin moves the definitions of the "prn" (principal) and "jti" (JSON Token ID) claims from other specs into the JWT spec, as both of these claims enable general token functionality that is likely to be used in many contexts.

This checkin is intended to be the last set of individual submissions of the JWS, JWE, and JWK drafts before they are refactored and submitted to the JOSE WG as working group drafts.  The primary changes requested by the JOSE WG but not yet done are to break the algorithm profiles and identifiers out into a new spec and to rework the terminology in the signature spec to use different terms for digital signature and HMAC integrity operations.

See the Document History sections of each document for a detailed description of the changes made.  These documents are available at:

*        http://tools.ietf.org/html/draft-jones-simple-web-discovery-02

*        http://tools.ietf.org/html/draft-jones-json-web-token-07

*        http://tools.ietf.org/html/draft-jones-json-web-signature-04

*        http://tools.ietf.org/html/draft-jones-json-web-encryption-02

*        http://tools.ietf.org/html/draft-jones-json-web-key-03

*        http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-03
HTML-formatted versions are available at:

*        http://self-issued.info/docs/draft-jones-simple-web-discovery-02.html

*        http://self-issued.info/docs/draft-jones-json-web-token-07.html

*        http://self-issued.info/docs/draft-jones-json-web-signature-04.html

*        http://self-issued.info/docs/draft-jones-json-web-encryption-02.html

*        http://self-issued.info/docs/draft-jones-json-web-key-03.html

*        http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-03.html

Special thanks to Jim Schaad for his detailed comments on the JWS and JWE specs, many of which were incorporated into these drafts.

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111214/9bb2ae3d/attachment-0001.html>


More information about the Openid-specs-ab mailing list