Protocol Action: 'JSON Web Algorithms (JWA)' to Proposed Standard (draft-ietf-jose-json-web-algorithms-40.txt)

The IESG <> Thu, 15 January 2015 18:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E431A1B2E67; Thu, 15 Jan 2015 10:30:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id K8qOWEtthjKl; Thu, 15 Jan 2015 10:30:57 -0800 (PST)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 955291B301D; Thu, 15 Jan 2015 10:30:10 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'JSON Web Algorithms (JWA)' to Proposed Standard (draft-ietf-jose-json-web-algorithms-40.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Thu, 15 Jan 2015 10:30:10 -0800
Archived-At: <>
Cc: jose chair <>, jose mailing list <>, RFC Editor <>
X-Mailman-Version: 2.1.15
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 15 Jan 2015 18:30:59 -0000

The IESG has approved the following document:
- 'JSON Web Algorithms (JWA)'
  (draft-ietf-jose-json-web-algorithms-40.txt) as Proposed Standard

This document is the product of the Javascript Object Signing and
Encryption Working Group.

The IESG contact persons are Kathleen Moriarty and Stephen Farrell.

A URL of this Internet Draft is:

Technical Summary

This document, the JSON Web Algorithms (JWA) specification, registers 
cryptographic algorithms and identifiers to be used with the JSON Web 
Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) 
specifications.  It establishes several IANA registries for these identifiers.

Working Group Summary

The document has clear working group consensus for publication, and has 
been reviewed by several WG participants since its initial adoption as a 
working group item. The question of what cryptographic algorithms should be 
included was somewhat difficult as it is for any process trying to determine 
which algorithms should be included. The considerations included what is 
implemented, available, broadly used, and adequate from a security 
perspective. The issue of algorithms that are potentially less desirable but 
more broadly implemented was considered.

The IETF last call revisited a couple of sticky points across the set of drafts
for JOSE in review.  For this draft, JWA, a few additional changes were made 
to improve terminology for the most part with working group agreement.

Document Quality

This document has been reviewed and revised many times. There are multiple 
implementations of this document. Some of these are listed at: (see the JWT/JWS/JWE/JWK/JWA 
Implementations section).

Contributors are acknowledged in the Acknowledgment section as well as in the 
detailed change log.


Karen O'Donoghue is acting as the Document Shepherd.  Kathleen Moriarty is 
the Responsible Area Director. 

   If the document requires IANA
   experts(s), insert 'The registries use the 5226 'Specification Required'
   registration policy."

RFC Editor Note

This draft is part of a set of drafts that cross 2 working groups. I am 
working through the reviews (shepherd just confirmed them for the OAuth 
ones) and would like them processed as a set. The JOSE drafts will 
hopefully be ready shortly as well. The set includes (in order):

1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer