IETF Logo Mail Archive

[OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications

Mike Jones <Michael.Jones@microsoft.com> Tue, 17 July 2012 01:47 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67B0621F8685 for <oauth@ietfa.amsl.com>; Mon, 16 Jul 2012 18:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.787
X-Spam-Level:
X-Spam-Status: No, score=-3.787 tagged_above=-999 required=5 tests=[AWL=-0.189, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWx9-ggYmY2e for <oauth@ietfa.amsl.com>; Mon, 16 Jul 2012 18:47:50 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe004.messaging.microsoft.com [213.199.154.142]) by ietfa.amsl.com (Postfix) with ESMTP id 2E68921F867F for <oauth@ietf.org>; Mon, 16 Jul 2012 18:47:49 -0700 (PDT)
Received: from mail98-db3-R.bigfish.com (10.3.81.241) by DB3EHSOBE006.bigfish.com (10.3.84.26) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 01:48:34 +0000
Received: from mail98-db3 (localhost [127.0.0.1]) by mail98-db3-R.bigfish.com (Postfix) with ESMTP id 4B27A480273 for <oauth@ietf.org>; Tue, 17 Jul 2012 01:48:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc89bhc857hzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail98-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail98-db3 (localhost.localdomain [127.0.0.1]) by mail98-db3 (MessageSwitch) id 1342489711554932_5149; Tue, 17 Jul 2012 01:48:31 +0000 (UTC)
Received: from DB3EHSMHS009.bigfish.com (unknown [10.3.81.254]) by mail98-db3.bigfish.com (Postfix) with ESMTP id 81564600B0 for <oauth@ietf.org>; Tue, 17 Jul 2012 01:48:31 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS009.bigfish.com (10.3.87.109) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 01:48:31 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Tue, 17 Jul 2012 01:48:06 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Pre-IETF 84 versions of JOSE and JWT specifications
Thread-Index: Ac1jvjT7zTFgSk+wSl6bNtMEpoNWqQ==
Date: Tue, 17 Jul 2012 01:48:05 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943667349BA@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.74]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943667349BATK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 01:47:51 -0000

I’ve made a minor release of the JSON WEB {Signature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT) working group specifications and the JWS and JWE JSON Serialization (JWS-JS, JWE-JS) individual submission specifications in preparation for IETF 84 in Vancouver, BC<http://www.ietf.org/meeting/84/index.html>.  These versions incorporate feedback from working group members since the major release on July 6th<http://self-issued.info/?p=759>, and update the lists of open issues in preparation for discussions in Vancouver (and on the working group mailing lists).

One significant addition is that the JWT and JWE-JS specs both now contain complete, testable examples with encrypted results.  No normative changes were made.

The working group specifications are available at:

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04

·        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04

·        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

The individual submission specifications are available at:

·        http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01

·        http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01

The document history entries (also in the specifications) are as follows:

http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04

  *   Completed JSON Security Considerations section, including considerations about rejecting input with duplicate member names.
  *   Completed security considerations on the use of a SHA-1 hash when computing x5t (x.509 certificate thumbprint) values.
  *   Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
  *   Normatively reference XML DSIG 2.0 [W3C.CR‑xmldsig‑core2‑20120124] for its security considerations.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Reference draft-jones-jose-jws-json-serialization instead of draft-jones-json-web-signature-json-serialization.
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04

  *   Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
  *   Normatively reference XML Encryption 1.1 [W3C.CR‑xmlenc‑core1‑20120313] for its security considerations.
  *   Reference draft-jones-jose-jwe-json-serialization instead of draft-jones-json-web-encryption-json-serialization.
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04

  *   Refer to the registries as the primary sources of defined values and then secondarily reference the sections defining the initial contents of the registries.
  *   Normatively reference XML DSIG 2.0 [W3C.CR‑xmldsig‑core2‑20120124] for its security considerations.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04

  *   Added text requiring that any leading zero bytes be retained in base64url encoded key value representations for fixed-length values.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Described additional open issues.
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

  *   Added an example of an encrypted JWT.
  *   Added this language to Registration Templates: "This name is case sensitive. Names that match other registered names in a case insensitive manner SHOULD NOT be accepted."
  *   Applied editorial suggestions.

http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01

  *   Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs).

http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01

  *   Added a complete JWE-JS example.
  *   Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs).

                                                            -- Mike

v2.23.0 | Report a Bug | By Email