Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
Mike Jones <Michael.Jones@microsoft.com> Fri, 27 July 2012 17:58 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9F8E21F8566 for <oauth@ietfa.amsl.com>; Fri, 27 Jul 2012 10:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.782
X-Spam-Level:
X-Spam-Status: No, score=-3.782 tagged_above=-999 required=5 tests=[AWL=-0.184, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C1GyfrtW3XW0 for <oauth@ietfa.amsl.com>; Fri, 27 Jul 2012 10:58:20 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id 5F42E21F8565 for <oauth@ietf.org>; Fri, 27 Jul 2012 10:58:19 -0700 (PDT)
Received: from mail63-am1-R.bigfish.com (10.3.201.241) by AM1EHSOBE008.bigfish.com (10.3.204.28) with Microsoft SMTP Server id 14.1.225.23; Fri, 27 Jul 2012 17:58:18 +0000
Received: from mail63-am1 (localhost [127.0.0.1]) by mail63-am1-R.bigfish.com (Postfix) with ESMTP id 2D3952000E6; Fri, 27 Jul 2012 17:58:18 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -27
X-BigFish: VS-27(zzbb2dI98dI9371Ic89bhc857h1453Mzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail63-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail63-am1 (localhost.localdomain [127.0.0.1]) by mail63-am1 (MessageSwitch) id 1343411896513403_30239; Fri, 27 Jul 2012 17:58:16 +0000 (UTC)
Received: from AM1EHSMHS014.bigfish.com (unknown [10.3.201.248]) by mail63-am1.bigfish.com (Postfix) with ESMTP id 7AAF7420043; Fri, 27 Jul 2012 17:58:16 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS014.bigfish.com (10.3.207.152) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 27 Jul 2012 17:58:16 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Fri, 27 Jul 2012 17:58:12 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Anil Saldhana <Anil.Saldhana@redhat.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
Thread-Index: Ac1jvjT7zTFgSk+wSl6bNtMEpoNWqQITwjGAAAR7pTA=
Date: Fri, 27 Jul 2012 17:58:12 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366746735@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943667349BA@TK5EX14MBXC285.redmond.corp.microsoft.com> <5012B4E7.1090505@redhat.com>
In-Reply-To: <5012B4E7.1090505@redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366746735TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2012 17:58:22 -0000
I’d suggest representing that member with a struct/class member name like “integrity_value” then. Also, per an open issue in the JWE spec, there’s a possibility of this field changing, so stay tuned…
Are you doing a Java implementation of the JOSE specs? And JWT?
By the way, you should discuss JWE issues on the jose@ietf.org<mailto:jose@ietf.org> list, rather than the OAuth list.
Best wishes,
-- Mike
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Anil Saldhana
Sent: Friday, July 27, 2012 8:34 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
Mike,
I am wondering if it is possible to change Integrity Check from "int" to something else in JWE? int is a keyword in many programming languages and would not translate directly to classes in Java etc.
intc,intk?
Regards,
Anil
On 07/16/2012 08:48 PM, Mike Jones wrote:
I’ve made a minor release of the JSON WEB {Signature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT) working group specifications and the JWS and JWE JSON Serialization (JWS-JS, JWE-JS) individual submission specifications in preparation for IETF 84 in Vancouver, BC<http://www.ietf.org/meeting/84/index.html>. These versions incorporate feedback from working group members since the major release on July 6th<http://self-issued.info/?p=759>, and update the lists of open issues in preparation for discussions in Vancouver (and on the working group mailing lists).
One significant addition is that the JWT and JWE-JS specs both now contain complete, testable examples with encrypted results. No normative changes were made.
The working group specifications are available at:
 http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04
 http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04
 http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04
 http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04
 http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02
The individual submission specifications are available at:
 http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01
 http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01
The document history entries (also in the specifications) are as follows:
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04
 Completed JSON Security Considerations section, including considerations about rejecting input with duplicate member names.
 Completed security considerations on the use of a SHA-1 hash when computing x5t (x.509 certificate thumbprint) values.
 Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
 Normatively reference XML DSIG 2.0 [W3C.CR‑xmldsig‑core2‑20120124] for its security considerations.
 Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
 Reference draft-jones-jose-jws-json-serialization instead of draft-jones-json-web-signature-json-serialization.
 Described additional open issues.
 Applied editorial suggestions.
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04
 Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
 Normatively reference XML Encryption 1.1 [W3C.CR‑xmlenc‑core1‑20120313] for its security considerations.
 Reference draft-jones-jose-jwe-json-serialization instead of draft-jones-json-web-encryption-json-serialization.
 Described additional open issues.
 Applied editorial suggestions.
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04
 Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
 Normatively reference XML DSIG 2.0 [W3C.CR‑xmldsig‑core2‑20120124] for its security considerations.
 Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
 Described additional open issues.
 Applied editorial suggestions.
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04
 Added text requiring that any leading zero bytes be retained in base64url encoded key value representations for fixed-length values.
 Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
 Described additional open issues.
 Applied editorial suggestions.
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02
 Added an example of an encrypted JWT.
 Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
 Applied editorial suggestions.
http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01
 Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs).
http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01
 Added a complete JWE-JS example.
 Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs).
-- Mike
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and J… Anil Saldhana
- [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT s… Mike Jones
- Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and J… Mike Jones