<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head><title>JSON Web Signature JSON Serialization (JWS-JS)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="JSON Web Signature JSON Serialization (JWS-JS)">
<meta name="keywords" content="RFC, Request for Comments, I-D, Internet-Draft, JavaScript Object Notation, JSON, JSON Web Token, JWT, JSON Web Signature, JWS, JSON Web Encryption, JWE, JSON Web Key, JWK, JSON Web Algorithms, JWA">
<meta name="generator" content="xml2rfc v1.36 (http://xml.resource.org/)">
<style type='text/css'><!--
body {
font-family: verdana, charcoal, helvetica, arial, sans-serif;
font-size: small; color: #000; background-color: #FFF;
margin: 2em;
}
h1, h2, h3, h4, h5, h6 {
font-family: helvetica, monaco, "MS Sans Serif", arial, sans-serif;
font-weight: bold; font-style: normal;
}
h1 { color: #900; background-color: transparent; text-align: right; }
h3 { color: #333; background-color: transparent; }
td.RFCbug {
font-size: x-small; text-decoration: none;
width: 30px; height: 30px; padding-top: 2px;
text-align: justify; vertical-align: middle;
background-color: #000;
}
td.RFCbug span.RFC {
font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
font-weight: bold; color: #666;
}
td.RFCbug span.hotText {
font-family: charcoal, monaco, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
font-weight: normal; text-align: center; color: #FFF;
}
table.TOCbug { width: 30px; height: 15px; }
td.TOCbug {
text-align: center; width: 30px; height: 15px;
color: #FFF; background-color: #900;
}
td.TOCbug a {
font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, sans-serif;
font-weight: bold; font-size: x-small; text-decoration: none;
color: #FFF; background-color: transparent;
}
td.header {
font-family: arial, helvetica, sans-serif; font-size: x-small;
vertical-align: top; width: 33%;
color: #FFF; background-color: #666;
}
td.author { font-weight: bold; font-size: x-small; margin-left: 4em; }
td.author-text { font-size: x-small; }
/* info code from SantaKlauss at http://www.madaboutstyle.com/tooltip2.html */
a.info {
/* This is the key. */
position: relative;
z-index: 24;
text-decoration: none;
}
a.info:hover {
z-index: 25;
color: #FFF; background-color: #900;
}
a.info span { display: none; }
a.info:hover span.info {
/* The span will display just on :hover state. */
display: block;
position: absolute;
font-size: smaller;
top: 2em; left: -5em; width: 15em;
padding: 2px; border: 1px solid #333;
color: #900; background-color: #EEE;
text-align: left;
}
a { font-weight: bold; }
a:link { color: #900; background-color: transparent; }
a:visited { color: #633; background-color: transparent; }
a:active { color: #633; background-color: transparent; }
p { margin-left: 2em; margin-right: 2em; }
p.copyright { font-size: x-small; }
p.toc { font-size: small; font-weight: bold; margin-left: 3em; }
table.toc { margin: 0 0 0 3em; padding: 0; border: 0; vertical-align: text-top; }
td.toc { font-size: small; font-weight: bold; vertical-align: text-top; }
ol.text { margin-left: 2em; margin-right: 2em; }
ul.text { margin-left: 2em; margin-right: 2em; }
li { margin-left: 3em; }
/* RFC-2629 <spanx>s and <artwork>s. */
em { font-style: italic; }
strong { font-weight: bold; }
dfn { font-weight: bold; font-style: normal; }
cite { font-weight: normal; font-style: normal; }
tt { color: #036; }
tt, pre, pre dfn, pre em, pre cite, pre span {
font-family: "Courier New", Courier, monospace; font-size: small;
}
pre {
text-align: left; padding: 4px;
color: #000; background-color: #CCC;
}
pre dfn { color: #900; }
pre em { color: #66F; background-color: #FFC; font-weight: normal; }
pre .key { color: #33C; font-weight: bold; }
pre .id { color: #900; }
pre .str { color: #000; background-color: #CFF; }
pre .val { color: #066; }
pre .rep { color: #909; }
pre .oth { color: #000; background-color: #FCF; }
pre .err { background-color: #FCC; }
/* RFC-2629 <texttable>s. */
table.all, table.full, table.headers, table.none {
font-size: small; text-align: center; border-width: 2px;
vertical-align: top; border-collapse: collapse;
}
table.all, table.full { border-style: solid; border-color: black; }
table.headers, table.none { border-style: none; }
th {
font-weight: bold; border-color: black;
border-width: 2px 2px 3px 2px;
}
table.all th, table.full th { border-style: solid; }
table.headers th { border-style: none none solid none; }
table.none th { border-style: none; }
table.all td {
border-style: solid; border-color: #333;
border-width: 1px 2px;
}
table.full td, table.headers td, table.none td { border-style: none; }
hr { height: 1px; }
hr.insert {
width: 80%; border-style: none; border-width: 0;
color: #CCC; background-color: #CCC;
}
--></style>
</head>
<body>
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<table summary="layout" width="66%" border="0" cellpadding="0" cellspacing="0"><tr><td><table summary="layout" width="100%" border="0" cellpadding="2" cellspacing="1">
<tr><td class="header">JOSE Working Group</td><td class="header">M. Jones</td></tr>
<tr><td class="header">Internet-Draft</td><td class="header">Microsoft</td></tr>
<tr><td class="header">Intended status: Standards Track</td><td class="header">J. Bradley</td></tr>
<tr><td class="header">Expires: April 17, 2013</td><td class="header">independent</td></tr>
<tr><td class="header"> </td><td class="header">N. Sakimura</td></tr>
<tr><td class="header"> </td><td class="header">Nomura Research Institute</td></tr>
<tr><td class="header"> </td><td class="header">October 14, 2012</td></tr>
</table></td></tr></table>
<h1><br />JSON Web Signature JSON Serialization (JWS-JS)<br />draft-jones-jose-jws-json-serialization-02</h1>
<h3>Abstract</h3>
<p>
The JSON Web Signature JSON Serialization (JWS-JS) is a means of
representing content secured with digital signatures or
Message Authentication Codes (MACs)
using JavaScript Object Notation (JSON) data structures.
This specification describes a means of representing
secured content as a JSON data object
(as opposed to the JWS specification, which uses a
compact serialization with a URL-safe representation).
It enables multiple digital signatures and/or MACs to
be applied to the same content (unlike JWS).
Cryptographic algorithms and identifiers used with this
specification are described in the separate
JSON Web Algorithms (JWA) specification.
The JSON Serialization for
related encryption functionality is described in the separate
JSON Web Encryption JSON Serialization (JWE-JS) specification.
</p>
<h3>Status of this Memo</h3>
<p>
This Internet-Draft is submitted in full
conformance with the provisions of BCP 78 and BCP 79.</p>
<p>
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current
Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.</p>
<p>
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any time.
It is inappropriate to use Internet-Drafts as reference material or to cite
them other than as “work in progress.”</p>
<p>
This Internet-Draft will expire on April 17, 2013.</p>
<h3>Copyright Notice</h3>
<p>
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.</p>
<p>
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.</p>
<a name="toc"></a><br /><hr />
<h3>Table of Contents</h3>
<p class="toc">
<a href="#anchor1">1.</a>
Introduction<br />
<a href="#anchor2">1.1.</a>
Notational Conventions<br />
<a href="#anchor3">2.</a>
Terminology<br />
<a href="#anchor4">3.</a>
JSON Serialization<br />
<a href="#JSONSerializationExample">4.</a>
Example JWS-JS<br />
<a href="#IANA">5.</a>
IANA Considerations<br />
<a href="#Security">6.</a>
Security Considerations<br />
<a href="#rfc.references1">7.</a>
References<br />
<a href="#rfc.references1">7.1.</a>
Normative References<br />
<a href="#rfc.references2">7.2.</a>
Informative References<br />
<a href="#Acknowledgements">Appendix A.</a>
Acknowledgements<br />
<a href="#TBD">Appendix B.</a>
Open Issues<br />
<a href="#anchor7">Appendix C.</a>
Document History<br />
<a href="#rfc.authors">§</a>
Authors' Addresses<br />
</p>
<br clear="all" />
<a name="anchor1"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.1"></a><h3>1.
Introduction</h3>
<p>
The JSON Web Signature JSON Serialization (JWS-JS) is a format for
representing content secured with digital signatures or
Message Authentication Codes (MACs) as a
JavaScript Object Notation (JSON) <a class='info' href='#RFC4627'>[RFC4627]<span> (</span><span class='info'>Crockford, D., “The application/json Media Type for JavaScript Object Notation (JSON),” July 2006.</span><span>)</span></a> object.
It enables multiple digital signatures and/or MACs to
be applied to the same content (unlike JWS <a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Bradley, J., and N. Sakimura, “JSON Web Signature (JWS),” October 2012.</span><span>)</span></a>).
The digital signature and MAC mechanisms used are independent of
the type of content being secured, allowing arbitrary content
to be secured.
Cryptographic algorithms and identifiers used with this
specification are described in the separate
JSON Web Algorithms (JWA) <a class='info' href='#JWA'>[JWA]<span> (</span><span class='info'>Jones, M., “JSON Web Algorithms (JWA),” October 2012.</span><span>)</span></a> specification.
The JSON Serialization for
related encryption functionality is described in the separate
JSON Web Encryption JSON Serialization (JWE-JS) <a class='info' href='#JWE-JS'>[JWE‑JS]<span> (</span><span class='info'>Jones, M., “JSON Web Encryption JSON Serialization (JWE-JS),” October 2012.</span><span>)</span></a>
specification.
</p>
<a name="anchor2"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.1.1"></a><h3>1.1.
Notational Conventions</h3>
<p>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels <a class='info' href='#RFC2119'>[RFC2119]<span> (</span><span class='info'>Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.</span><span>)</span></a>.
</p>
<a name="anchor3"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.2"></a><h3>2.
Terminology</h3>
<p>
This specification uses the same terminology as the
JSON Web Signature (JWS) <a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Bradley, J., and N. Sakimura, “JSON Web Signature (JWS),” October 2012.</span><span>)</span></a>
specification.
</p>
<a name="anchor4"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.3"></a><h3>3.
JSON Serialization</h3>
<p>
The JSON Serialization represents secured content as a JSON object with
a <tt>recipients</tt> member
containing an array of per-recipient information
and a <tt>payload</tt> member
containing a shared Encoded JWS Payload value.
Each member of the <tt>recipients</tt> array is a JSON object with
a <tt>header</tt> member
containing an Encoded JWS Header value
and a <tt>signature</tt> member
containing an Encoded JWS Signature value.
</p>
<p>
Unlike the compact serialization used by JWSs, content using
the JSON Serialization MAY be secured with more than one
digital signature and/or MAC value. Each is represented as
an Encoded JWS Signature value in the <tt>signature</tt> member
of an object in the <tt>recipients</tt> array.
For each, there is an Encoded JWS Encoded Header value in the
corresponding <tt>header</tt> member
of an object in the <tt>recipients</tt> array.
This specifies the
digital signature or MAC applied to the Encoded JWS Header
value and the shared Encoded JWS Payload value to create the JWS
Signature value. Therefore, the syntax is:
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
{"recipients":[
{"header":"<header 1 contents>",
"signature":"<signature 1 contents>"},
...
{"header":"<header N contents>",
"signature":"<signature N contents>"}],
"payload":"<payload contents>"
}
</pre></div>
<p>
The contents of the Encoded JWS Header, Encoded JWS Payload,
and Encoded JWS Signature values are exactly as specified in
JSON Web Signature (JWS) <a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Bradley, J., and N. Sakimura, “JSON Web Signature (JWS),” October 2012.</span><span>)</span></a>. They are
interpreted and validated in the same manner, with each
corresponding <tt>header</tt> and <tt>signature</tt> value being created and
validated together.
</p>
<p>
Each JWS Signature value is computed on the JWS Secured
Input corresponding to the concatenation of the Encoded
JWS Header, a period ('.') character, and the Encoded JWS
Payload in the same manner described in the JWS specification.
This has the desirable result that each Encoded JWS signature
value in the <tt>signatures</tt> array is
identical to the value that would be used for the same header
and payload in a JWS.
</p>
<a name="JSONSerializationExample"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.4"></a><h3>4.
Example JWS-JS</h3>
<p>
This section contains an example using the JWS JSON
Serialization. This example demonstrates the capability for
conveying multiple digital signatures and/or MACs for the
same payload.
</p>
<p>
The Encoded JWS Payload used in this example is the same as
used in the examples in Appendix A of JWS
(with line breaks for display purposes only):
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ
</pre></div>
<p>
Two digital signatures are used in this example: an RSA SHA-256
signature, for which the header and signature values are
the same as in Appendix A.2 of JWS, and an
ECDSA P-256 SHA-256 signature, for which the header and
signature values are the same as in Appendix A.3 of JWS.
The two Decoded JWS Header Segments used are:
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
{"alg":"RS256"}
</pre></div>
<p>
and:
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
{"alg":"ES256"}
</pre></div>
<p>
Since the computations of the JWS Header and JWS Signature
values are the same as in Appendix A.2 and Appendix A.3 of
JWS, they are not repeated here.
</p>
<p>
The complete JSON Web Signature JSON Serialization (JWS-JS)
for these values is as follows
(with line breaks for display purposes only):
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
{"recipients":[
{"header":"eyJhbGciOiJSUzI1NiJ9",
"signature":
"cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ
mh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjb
KBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHl
b1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZES
c6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AX
LIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"},
{"header":"eyJhbGciOiJFUzI1NiJ9",
"signature":
"DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS
lSApmWQxfKTUJqPP3-Kg6NU1Q"}],
"payload":
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGF
tcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
}
</pre></div>
<a name="IANA"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.5"></a><h3>5.
IANA Considerations</h3>
<p>
This specification makes no requests of IANA.
</p>
<a name="Security"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.6"></a><h3>6.
Security Considerations</h3>
<p>
The security considerations for this specification are the
same as those for the JSON Web Signature (JWS) <a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Bradley, J., and N. Sakimura, “JSON Web Signature (JWS),” October 2012.</span><span>)</span></a> specification.
</p>
<a name="rfc.references"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.7"></a><h3>7.
References</h3>
<a name="rfc.references1"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<h3>7.1. Normative References</h3>
<table width="99%" border="0">
<tr><td class="author-text" valign="top"><a name="JWA">[JWA]</a></td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms">JSON Web Algorithms (JWA)</a>,” October 2012.</td></tr>
<tr><td class="author-text" valign="top"><a name="JWS">[JWS]</a></td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, <a href="mailto:ve7jtb@ve7jtb.com">Bradley, J.</a>, and <a href="mailto:n-sakimura@nri.co.jp">N. Sakimura</a>, “<a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature">JSON Web Signature (JWS)</a>,” October 2012.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC2119">[RFC2119]</a></td>
<td class="author-text"><a href="mailto:sob@harvard.edu">Bradner, S.</a>, “<a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>,” BCP 14, RFC 2119, March 1997 (<a href="http://www.rfc-editor.org/rfc/rfc2119.txt">TXT</a>, <a href="http://xml.resource.org/public/rfc/html/rfc2119.html">HTML</a>, <a href="http://xml.resource.org/public/rfc/xml/rfc2119.xml">XML</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC4627">[RFC4627]</a></td>
<td class="author-text">Crockford, D., “<a href="http://tools.ietf.org/html/rfc4627">The application/json Media Type for JavaScript Object Notation (JSON)</a>,” RFC 4627, July 2006 (<a href="http://www.rfc-editor.org/rfc/rfc4627.txt">TXT</a>).</td></tr>
</table>
<a name="rfc.references2"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<h3>7.2. Informative References</h3>
<table width="99%" border="0">
<tr><td class="author-text" valign="top"><a name="JSS">[JSS]</a></td>
<td class="author-text">Bradley, J. and N. Sakimura (editor), “<a href="http://jsonenc.info/jss/1.0/">JSON Simple Sign</a>,” September 2010.</td></tr>
<tr><td class="author-text" valign="top"><a name="JWE-JS">[JWE-JS]</a></td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, “<a href="http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization">JSON Web Encryption JSON Serialization (JWE-JS)</a>,” October 2012.</td></tr>
<tr><td class="author-text" valign="top"><a name="MagicSignatures">[MagicSignatures]</a></td>
<td class="author-text">Panzer (editor), J., Laurie, B., and D. Balfanz, “<a href="http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html">Magic Signatures</a>,” January 2011.</td></tr>
</table>
<a name="Acknowledgements"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.A"></a><h3>Appendix A.
Acknowledgements</h3>
<p>
JSON serializations for secured content were previously explored by
<a class='info' href='#MagicSignatures'>Magic Signatures<span> (</span><span class='info'>Panzer (editor), J., Laurie, B., and D. Balfanz, “Magic Signatures,” January 2011.</span><span>)</span></a> [MagicSignatures] and <a class='info' href='#JSS'>JSON Simple Sign<span> (</span><span class='info'>Bradley, J. and N. Sakimura (editor), “JSON Simple Sign,” September 2010.</span><span>)</span></a> [JSS].
</p>
<a name="TBD"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.B"></a><h3>Appendix B.
Open Issues</h3>
<p>
[[ to be removed by the RFC editor before publication as an RFC ]]
</p>
<p>
The following items remain to be considered or done in this draft:
</p>
<ul class="text">
<li>
Track changes that occur in the JWS spec.
</li>
</ul><p>
</p>
<a name="anchor7"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<a name="rfc.section.C"></a><h3>Appendix C.
Document History</h3>
<p>
[[ to be removed by the RFC editor before publication as an RFC ]]
</p>
<p>
-02
</p>
<ul class="text">
<li>
Changed to use an array of structures for per-recepient values,
rather than a set of parallel arrays.
</li>
</ul><p>
</p>
<p>
-01
</p>
<ul class="text">
<li>
Generalized language to refer to Message Authentication Codes (MACs)
rather than Hash-based Message Authentication Codes (HMACs).
</li>
</ul><p>
</p>
<p>
-00
</p>
<ul class="text">
<li>
Renamed draft-jones-json-web-signature-json-serialization
to draft-jones-jose-jws-json-serialization to have "jose"
be in the document name so it can be included in the
Related Documents list at http://datatracker.ietf.org/wg/jose/.
No normative changes.
</li>
</ul><p>
</p>
<p>
draft-jones-json-web-signature-json-serialization-02
</p>
<ul class="text">
<li>
Tracked editorial changes made to the JWS spec.
</li>
</ul><p>
</p>
<p>
draft-jones-json-web-signature-json-serialization-01
</p>
<ul class="text">
<li>
Corrected the Magic Signatures reference.
</li>
</ul><p>
</p>
<p>
draft-jones-json-web-signature-json-serialization-00
</p>
<ul class="text">
<li>
Created the initial version incorporating JOSE working
group input and drawing from the JSON Serialization
previously proposed in draft-jones-json-web-token-01.
</li>
</ul><p>
</p>
<a name="rfc.authors"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></table>
<h3>Authors' Addresses</h3>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="author-text"> </td>
<td class="author-text">Michael B. Jones</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Microsoft</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a></td></tr>
<tr><td class="author" align="right">URI: </td>
<td class="author-text"><a href="http://self-issued.info/">http://self-issued.info/</a></td></tr>
<tr cellpadding="3"><td> </td><td> </td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">John Bradley</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">independent</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a></td></tr>
<tr cellpadding="3"><td> </td><td> </td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Nat Sakimura</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Nomura Research Institute</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a></td></tr>
</table>
</body></html>