<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:24.0pt;
mso-margin-bottom-alt:auto;
margin-left:24.0pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:700472546;
mso-list-type:hybrid;
mso-list-template-ids:333500208 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:718238760;
mso-list-template-ids:-1000957342;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I’ve posted updated versions of the <a href="http://self-issued.info/docs/draft-jones-json-web-token.html">
JSON Web Token (JWT)</a>, <a href="http://self-issued.info/docs/draft-jones-json-web-signature.html">
JSON Web Signature (JWS)</a>, <a href="http://self-issued.info/docs/draft-jones-json-web-encryption.html">
JSON Web Encryption (JWE)</a>, and <a href="http://self-issued.info/docs/draft-jones-json-web-key.html">
JSON Web Key (JWK)</a> specifications. <b><i>No changes should be required to any existing deployments as a result of these updates.</i></b><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The primary thrust of these changes was updating the JWT spec to describe how to create and process encrypted JWTs. (The previous JWT spec pre-dated publication of the JWE spec.) I also removed duplicate content from the JWT spec describing
the steps to sign JWTs and instead simply referenced it in the JWS spec. Numerous suggestions on improving the specifications from the WOES and JOSE lists were also incorporated. The changelog entries are as follows:<o:p></o:p></p>
<p><span lang="EN" style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:black"><a href="http://self-issued.info/docs/draft-jones-json-web-token-06.html">draft-jones-json-web-token-06</a>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Reference and use content from
<a href="http://self-issued.info/docs/draft-jones-json-web-token.html#JWS"><span style="text-decoration:none">[JWS]</span></a> and
<a href="http://self-issued.info/docs/draft-jones-json-web-token.html#JWE"><span style="text-decoration:none">[JWE]</span></a>, rather than repeating it here.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Simplified terminology to better match JWE, where the terms "JWT Header" and "Encoded JWT Header" are now used, for instance, rather than
the previous terms "Decoded JWT Header Segment" and "JWT Header Segment". Also changed to "Plaintext JWT" from "Unsigned JWT".
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Describe how to perform nested encryption and signing operations.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Changed "integer" to "number", since that is the correct JSON type.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Changed StringAndURI to StringOrURI.
<o:p></o:p></span></p>
<p><span lang="EN" style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:black"><a href="http://self-issued.info/docs/draft-jones-json-web-signature-03.html">draft-jones-json-web-signature-03</a>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Simplified terminology to better match JWE, where the terms "JWS Header" and "Encoded JWS Header", are now used, for instance, rather than
the previous terms "Decoded JWS Header Input" and "JWS Header Input". Likewise the terms "JWS Payload" and "JWS Signature" are now used, rather than "JWS Payload Input" and "JWS Crypto Output".
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">The jku and x5u URLs are now required to be absolute URLs.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Removed this unnecessary language from the kid description: "Omitting this parameter is equivalent to setting it to an empty string".
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Changed StringAndURI to StringOrURI.
<o:p></o:p></span></p>
<p><span lang="EN" style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:black"><a href="http://self-issued.info/docs/draft-jones-json-web-encryption-01.html">draft-jones-json-web-encryption-01</a>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Changed type of Ephemeral Public Key (epk) from string to JSON object, so that a JWK Key Object value can be used directly.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Specified that the Digest Method for ECDH-ES is SHA-256. (The specification was previously silent about the choice of digest method.)
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">The jku and x5u URLs are now required to be absolute URLs.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Removed this unnecessary language from the kid description: "Omitting this parameter is equivalent to setting it to an empty string".
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Use the same language as RFC 2616 does when describing GZIP message compression.
<o:p></o:p></span></p>
<p><span lang="EN" style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:black"><a href="http://self-issued.info/docs/draft-jones-json-web-key-02.html">draft-jones-json-web-key-02</a>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Editorial changes to have this spec better match the JWT, JWS, and JWE specs. No normative changes.
<o:p></o:p></span></p>
<p class="MsoNormal">The specs are available in the standard places. The HTML versions can be found at these locations:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-jones-json-web-token-06">http://tools.ietf.org/html/draft-jones-json-web-token-06</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-jones-json-web-signature-03">http://tools.ietf.org/html/draft-jones-json-web-signature-03</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-jones-json-web-encryption-01">http://tools.ietf.org/html/draft-jones-json-web-encryption-01</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-jones-json-web-key-02">http://tools.ietf.org/html/draft-jones-json-web-key-02</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://self-issued.info/docs/draft-jones-json-web-token-06.html">http://self-issued.info/docs/draft-jones-json-web-token-06.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://self-issued.info/docs/draft-jones-json-web-signature-03.html">http://self-issued.info/docs/draft-jones-json-web-signature-03.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://self-issued.info/docs/draft-jones-json-web-encryption-01.html">http://self-issued.info/docs/draft-jones-json-web-encryption-01.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://self-issued.info/docs/draft-jones-json-web-key-02.html">http://self-issued.info/docs/draft-jones-json-web-key-02.html</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Feedback welcome!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>