Re: [jose] HTTP content type of JWS/JWE compact serializations

Brian Campbell <bcampbell@pingidentity.com> Wed, 10 September 2014 12:05 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFA401A6FC4 for <jose@ietfa.amsl.com>; Wed, 10 Sep 2014 05:05:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tISMcIE_EKKt for <jose@ietfa.amsl.com>; Wed, 10 Sep 2014 05:05:31 -0700 (PDT)
Received: from na3sys009aog115.obsmtp.com (na3sys009aog115.obsmtp.com [74.125.149.238]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53B5B1A001C for <jose@ietf.org>; Wed, 10 Sep 2014 05:05:31 -0700 (PDT)
Received: from mail-ig0-f172.google.com ([209.85.213.172]) (using TLSv1) by na3sys009aob115.postini.com ([74.125.148.12]) with SMTP ID DSNKVBA+ij2L6l+6ijwr/GTofYljJCyC80VU@postini.com; Wed, 10 Sep 2014 05:05:31 PDT
Received: by mail-ig0-f172.google.com with SMTP id h15so6333252igd.5 for <jose@ietf.org>; Wed, 10 Sep 2014 05:05:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=IwXq3ARJO9uUU4XOjGbp+JtZqKTDUGG71tzKRXTvIis=; b=aGOVf/5Do2OiN1MfScMGuh3KdTmG8EhP/eYKkinAhizRnz0aP+hd83hLwASD028+zu XWe3RLJeRQLfvjrpjwBj9reEttJShPey7GODtHxy41NZi61DP0Z17NxMOZ4F94FQ1XE/ jIr3twkcC7+xpE09m+oI7uIpkmjbOLuhlSaAtUMpf3c5eFNpjwyuSXYELGHboQtX+knm ptTh0hQsolmJQQqUr8X86qxQDBM2bzKDCdZ2XGY/7weEfsVsCskWIkn4zwIhPet/XUwe iCwKiZOLDrFkJ1AA+h++6Oknfg0tRw1f/crATtSLIrZ33r08PX8ID1OBAszmXexb8F1p KwMg==
X-Gm-Message-State: ALoCoQmHE49R5cxGif7Ny3S/SNwAuzW+SAzdP+zYLsyjXZYE8kFH/Emb32k7dk1LmIWkoSGcqLKXhxIyj1pKqBOKkA1d51K8PzZrg8uVVIqixITi+kY25TmC3lDvcCd4dr2/ZoFKbHuI
X-Received: by 10.51.17.66 with SMTP id gc2mr15909831igd.40.1410350730534; Wed, 10 Sep 2014 05:05:30 -0700 (PDT)
X-Received: by 10.51.17.66 with SMTP id gc2mr15909816igd.40.1410350730418; Wed, 10 Sep 2014 05:05:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.12.137 with HTTP; Wed, 10 Sep 2014 05:05:00 -0700 (PDT)
In-Reply-To: <541037F8.6070408@gmail.com>
References: <COL401-EAS1838D8ED8A7323D3422439EDFD80@phx.gbl> <4E1F6AAD24975D4BA5B16804296739439AE76076@TK5EX14MBXC294.redmond.corp.microsoft.com> <541037F8.6070408@gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 10 Sep 2014 06:05:00 -0600
Message-ID: <CA+k3eCRTEpzgNCgEkXZqjqE+vVdmca2Me9qk_O7W3ByBU+JoBg@mail.gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
Content-Type: multipart/alternative; boundary="001a1135f3a44bb87a0502b4de98"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/OL8IxdPO__iXfrMgKX0ogwlMOIQ
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] HTTP content type of JWS/JWE compact serializations
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Sep 2014 12:05:34 -0000

I believe it'd be application/jose per
https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-9.2.1
and
https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-4.1.9
and one could further distinguish between JWS/JWE using the alg header or
the number of periods in the compact serialization.



On Wed, Sep 10, 2014 at 5:37 AM, Sergey Beryozkin <sberyozkin@gmail.com>
wrote:

> Hi All,
>
> What would be the right HTTP Content-Type value to identify a given
> compact JWE or JWS serialization payload transmitted as an HTTP message
> payload (as opposed to as a header or query value).
> I see both JWE and JWS compact serializations can use a 'cty' header
> property to identify the encrypted or signed content but it is not clear
> how the actual JWE/JWS compact serializations are identified.
>
> Something like
>
> application/jose+jws;format=compact
> application/jose+jwe;format=compact
>
> with a format parameter being optional,
>
> or somehow else ?
>
> Sorry if I missed something,
>
> Thanks, Sergey
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>