Re: [jose] JWT JSON representation
John Bradley <ve7jtb@ve7jtb.com> Mon, 10 November 2014 18:39 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 125601A6FC5 for <jose@ietfa.amsl.com>; Mon, 10 Nov 2014 10:39:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ep5Ta-SJuR3C for <jose@ietfa.amsl.com>; Mon, 10 Nov 2014 10:39:56 -0800 (PST)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 372AC1A6F9F for <jose@ietf.org>; Mon, 10 Nov 2014 10:39:56 -0800 (PST)
Received: by mail-wg0-f50.google.com with SMTP id z12so9516804wgg.23 for <jose@ietf.org>; Mon, 10 Nov 2014 10:39:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=7HTeO5XPPrQSOPxMXsHqbTCmSXq6tlkb7GZCxB3Ji+o=; b=R8+qrS9prTb1rGxF0FdY3irQhRSCCYixV38xGpTCcnWmbyd5mv+8VMjHrb1hrFRtPj DCFXsPbwDbgsKBEYIQdOK+hU0Wm2xCtlkkRi0Bzd8yG4WGz2bC5D4rvG8iz1Dh1S2KbY Jum+MYM8Lpo9T+E90OMPW33+0YYkK+NdJ2sH86EX0Nfznu9PDr5NxeXP1hTECsjywR5+ JviRF21Q0pRNFTWutzwPdTOyfCsJN0uMhyG5NZu+YdbDtzEXB8CKLGzqmHlKjImIP4Gx mwxg5oIW6JxUi++QMaL6RMeyX3W5O45Mdb7xU8dk92PMQPk0X6HuhozUuz3RAxaHg+uc GtDw==
X-Gm-Message-State: ALoCoQlfrhIbOb9H/35AvmTapNC9lu2ctpK+uU2Bi4ua6W53dDh7i6zSitoQWEFvMwq14L5lPNsZ
X-Received: by 10.194.76.202 with SMTP id m10mr46145117wjw.42.1415644794729; Mon, 10 Nov 2014 10:39:54 -0800 (PST)
Received: from t2001067c037001440d9d303c3785de96.hotel-wired.v6.meeting.ietf.org (t2001067c037001440d9d303c3785de96.hotel-wired.v6.meeting.ietf.org. [2001:67c:370:144:d9d:303c:3785:de96]) by mx.google.com with ESMTPSA id wx3sm24197138wjc.19.2014.11.10.10.39.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Nov 2014 10:39:54 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <54610366.6010400@gmail.com>
Date: Mon, 10 Nov 2014 08:39:48 -1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2D6E747-65C8-4BB7-9B14-EF5370620782@ve7jtb.com>
References: <5458E645.9020904@mit.edu> <CAL02cgTVHkGmB2+L90EaqpBT26+FqsNsvkvsV0Tig45tDJLjaw@mail.gmail.com> <5458E955.3090700@mit.edu> <CAL02cgSf_MeLys1D+bJcSsfPz9e5TLt5wT4G9szhD-=2OVFAnA@mail.gmail.com> <54610366.6010400@gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/IldtnCay1sgctHUfeCqrQ2yshtk
Cc: jose@ietf.org
Subject: Re: [jose] JWT JSON representation
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 18:39:58 -0000
JWT is a OAuth spec for historic reasons, so it might be best to discuss this on that list. Are you talking about a unsigned JWT? JWT currently only supports the compact form. For access tokens that allows them to be passed in headers without additional escaping. I would need to see a use case before adding the JSON encoding to JWT. Nothing stops someone from using a JSON encoded JWS with a set of claims in the body, but that is not by definition a JWT on the wire. They can be converted between the two forms programatically. John B. On Nov 10, 2014, at 8:26 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote: > Hi All, > > Would it make sense to have a JWT spec talk about its JSON representation, example: > { > "headers": {...} > "claims": {...} > } > > IMHO it might be interesting in cases where JWT is an access token passed over the secure channel or simply used as a standard data/token container > > Sergey > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- Re: [jose] JWK Generator Service Justin Richer
- [jose] JWK Generator Service Justin Richer
- Re: [jose] JWK Generator Service Antonio Sanso
- Re: [jose] JWK Generator Service Richard Barnes
- Re: [jose] JWK Generator Service Richard Barnes
- [jose] WebCrypto incompatible? Re: JWK Generator … Anders Rundgren
- [jose] JWT JSON representation Sergey Beryozkin
- Re: [jose] JWT JSON representation John Bradley