[OAUTH-WG] SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs updated

Mike Jones <Michael.Jones@microsoft.com> Wed, 14 December 2011 15:26 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id A9D8521F8B5A for <oauth@ietfa.amsl.com>; Wed, 14 Dec 2011 07:26:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.348
X-Spam-Status: No, score=-5.348 tagged_above=-999 required=5 tests=[AWL=1.250, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 96nLc8hNw6Ga for <oauth@ietfa.amsl.com>; Wed, 14 Dec 2011 07:26:17 -0800 (PST)
Received: from TX2EHSOBE009.bigfish.com (tx2ehsobe004.messaging.microsoft.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9D6DF21F8B58 for <oauth@ietf.org>; Wed, 14 Dec 2011 07:26:17 -0800 (PST)
Received: from mail147-tx2-R.bigfish.com ( by TX2EHSOBE009.bigfish.com ( with Microsoft SMTP Server id; Wed, 14 Dec 2011 15:26:19 +0000
Received: from mail147-tx2 (localhost []) by mail147-tx2-R.bigfish.com (Postfix) with ESMTP id 62BF52402DE for <oauth@ietf.org>; Wed, 14 Dec 2011 15:26:20 +0000 (UTC)
X-SpamScore: -19
X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839h61h)
X-Spam-TCS-SCL: 0:0
X-Forefront-Antispam-Report: CIP:; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail147-tx2: domain of microsoft.com designates as permitted sender) client-ip=; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail147-tx2 (localhost.localdomain []) by mail147-tx2 (MessageSwitch) id 1323876377963200_8839; Wed, 14 Dec 2011 15:26:17 +0000 (UTC)
Received: from TX2EHSMHS007.bigfish.com (unknown []) by mail147-tx2.bigfish.com (Postfix) with ESMTP id E34D520049 for <oauth@ietf.org>; Wed, 14 Dec 2011 15:26:17 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com ( by TX2EHSMHS007.bigfish.com ( with Microsoft SMTP Server (TLS) id; Wed, 14 Dec 2011 15:26:10 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([]) with mapi id 14.02.0247.005; Wed, 14 Dec 2011 07:26:00 -0800
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs updated
Thread-Index: Acy6dK45izXMgjgrRpWpMzeRb+EDoA==
Date: Wed, 14 Dec 2011 15:26:00 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435F7625B7@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739435F7625B7TK5EX14MBXC283r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs updated
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2011 15:26:19 -0000

New versions of the SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs have been posted.  They address a number of comments received on the JOSE list and at the JOSE WG meeting in Taipei and make a number of clarifications, corrections, and editorial improvements.

The only breaking change made was to use short names in the JWK spec, as suggested during the WG meeting in Taipei, since JWK Key Object values are used as JWE Ephemeral Public Keys, and so compactness matters.  This also required corresponding changes in the JWE spec.

This checkin moves the definitions of the "prn" (principal) and "jti" (JSON Token ID) claims from other specs into the JWT spec, as both of these claims enable general token functionality that is likely to be used in many contexts.

This checkin is intended to be the last set of individual submissions of the JWS, JWE, and JWK drafts before they are refactored and submitted to the JOSE WG as working group drafts.  The primary changes requested by the JOSE WG but not yet done are to break the algorithm profiles and identifiers out into a new spec and to rework the terminology in the signature spec to use different terms for digital signature and HMAC integrity operations.

See the Document History sections of each document for a detailed description of the changes made.  These documents are available at:

*        http://tools.ietf.org/html/draft-jones-simple-web-discovery-02

*        http://tools.ietf.org/html/draft-jones-json-web-token-07

*        http://tools.ietf.org/html/draft-jones-json-web-signature-04

*        http://tools.ietf.org/html/draft-jones-json-web-encryption-02

*        http://tools.ietf.org/html/draft-jones-json-web-key-03

*        http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-03
HTML-formatted versions are available at:

*        http://self-issued.info/docs/draft-jones-simple-web-discovery-02.html

*        http://self-issued.info/docs/draft-jones-json-web-token-07.html

*        http://self-issued.info/docs/draft-jones-json-web-signature-04.html

*        http://self-issued.info/docs/draft-jones-json-web-encryption-02.html

*        http://self-issued.info/docs/draft-jones-json-web-key-03.html

*        http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-03.html

Special thanks to Jim Schaad for his detailed comments on the JWS and JWE specs, many of which were incorporated into these drafts.

                                                            -- Mike