Re: [jose] A modest proposal for JSON-izing JW*

Mike Jones <> Wed, 06 February 2013 19:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B409421F8809 for <>; Wed, 6 Feb 2013 11:51:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9TXB1DBh5TfU for <>; Wed, 6 Feb 2013 11:51:32 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 9681321F8A6B for <>; Wed, 6 Feb 2013 11:51:32 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.609.9; Wed, 6 Feb 2013 19:51:30 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.609.9 via Frontend Transport; Wed, 6 Feb 2013 19:51:29 +0000
Received: from ([]) by ([]) with mapi id 14.02.0318.003; Wed, 6 Feb 2013 19:49:47 +0000
From: Mike Jones <>
To: Richard Barnes <>, "" <>
Thread-Topic: [jose] A modest proposal for JSON-izing JW*
Thread-Index: AQHOBKBG4q7DN6ROrUmM6hkX64rTbZhtOw7A
Date: Wed, 06 Feb 2013 19:49:46 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436741806ETK5EX14MBXC284r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(189002)(199002)(164054002)(63696002)(47976001)(20776003)(59766001)(16406001)(31966008)(51856001)(65816001)(47446002)(16236675001)(44976002)(74502001)(74662001)(15202345001)(79102001)(50986001)(56776001)(49866001)(76482001)(512954001)(77982001)(55846006)(5343655001)(5343635001)(4396001)(47736001)(53806001)(54356001)(56816002)(46102001)(54316002)(33656001)(80022001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB006;; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Forefront-PRVS: 0749DC2CE6
Subject: Re: [jose] A modest proposal for JSON-izing JW*
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Feb 2013 19:51:36 -0000

I'll note that these are nearly identical to the JSON Serialization encodings already specified in and, other than you're precluding multiple recipients.  The syntax:

       {"header":"<header 1 contents>",
        "signature":"<signature 1 contents>"},
       {"header":"<header N contents>",
        "signature":"<signature N contents>"}],
      "payload":"<payload contents>"

really isn't far from what you're proposing below.  It just has an array of per-recipient header fields, since accommodating multiple recipients is also a working group goal.

Once the rechartering is done, we'll have working group JSON serialization specifications.  It's a separate question whether to combine the compact and JSON serializations into the same document or to leave them separate.  The revised charter will allow us to do either.

                                                            -- Mike

From: [] On Behalf Of Richard Barnes
Sent: Wednesday, February 06, 2013 11:29 AM
Subject: [jose] A modest proposal for JSON-izing JW*

Dear JOSE,

tl;dr: Let's please add a simple JSON encoding to the base JW* specs.

I've been complaining for a while that the JW* documents aren't JSON, and that the JSON serialization documents are too complex (because of the integrity check issues).  So I thought it was about time that I made an actual proposal for encoding the base JOSE object as JSON objects.  The approach would be essentially the same as in the JSON serialization documents, except with a focus on single objects.

JWE and JWS objects currently have the following form

jws =
jwe = header.key.iv.ciphertext.mac

The JSON encoding of a JWE/JWS would just take each of these Base64-encoded pieces and assign them a name in a JSON structure.

jws = {
    "header": header,
    "data": data,
    "signature": signature

jwe = {
    "header": header,
    "key": key,
    "iv": iv,
    "data": ciphertext,
    "mac": mac

It seems to me that these encodings are simple enough that they could be handled in a short section, in parallel to what I would call the "text serialization" in the current documents.  So I would like to propose that they be added to the base JWE and JWS documents.