IETF Logo Mail Archive

[secdir] [new-work] WG Review: Javascript Object Signing and Encryption (jose)

IESG Secretary <iesg-secretary@ietf.org> Tue, 16 April 2013 16:14 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FFEE21F9786; Tue, 16 Apr 2013 09:14:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1366128868; bh=X9p5lOZG2X1AhcUQ78MPU9X/idbfbkgyRyNVbaq+gNo=; h=MIME-Version:From:To:Message-ID:Date:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=sV6e2jZTt7y1nD/kLAswLoELX6GBU8w/wNavUeNpp5HV+HXpsGZhc5mk1X9TB0GeJ 0DMo2uAlM4+jBh4/RHUTUm5/flKb80UBloxtp39UBGjsQibL9hjlBDvDOJyzcLgEP+ a7f0fxMC/5rUOX2oxn3zMxs9XQdipNKQfWxOCR5U=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C478D21F9786; Tue, 16 Apr 2013 09:14:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.488
X-Spam-Level:
X-Spam-Status: No, score=-102.488 tagged_above=-999 required=5 tests=[AWL=0.112, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u8QZI6hrjGCC; Tue, 16 Apr 2013 09:14:26 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 979C621F9784; Tue, 16 Apr 2013 09:14:26 -0700 (PDT)
MIME-Version: 1.0
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.43.p4
Message-ID: <20130416161425.20599.63753.idtracker@ietfa.amsl.com>
Date: Tue, 16 Apr 2013 09:14:25 -0700
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Tue, 16 Apr 2013 09:15:43 -0700
Subject: [secdir] [new-work] WG Review: Javascript Object Signing and Encryption (jose)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2013 16:14:28 -0000

The Javascript Object Signing and Encryption (jose) working group in the
Security Area of the IETF is undergoing rechartering. The IESG has not
made any determination yet. The following draft charter was submitted,
and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg at ietf.org) by 2013-04-23.

Javascript Object Signing and Encryption (jose)
------------------------------------------------
Current Status: Active Working Group

Chairs:
  Karen O'Donoghue <odonoghue@isoc.org>
  Jim Schaad <ietf@augustcellars.com>

Assigned Area Director:
  Sean Turner <turners@ieca.com>

Mailing list
  Address: jose@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/jose
  Archive: http://www.ietf.org/mail-archive/web/jose/

Charter of Working Group:

JavaScript Object Notation (JSON) is a text format for the serialization
of structured data described in RFC 4627.  The JSON format is often used
for serializing and transmitting structured data over a network
connection. With the increased usage of JSON in protocols in the IETF
and elsewhere, there is now a desire to offer security services for JSON
with encryption, digital signatures, and message authentication codes
(MACs).

Different proposals for providing such security services have already
been defined and implemented.  This Working Group will standardize the
mechanism for integrity protection (signature and MAC) and encryption as
well as the format for keys and algorithm identifiers to support
interoperability of security services for protocols that use JSON. The
Working Group will base its work on well-known message security
primitives (e.g., CMS), and will solicit input from the rest of the IETF
Security Area to be sure that the security functionality in the JSON
format is sound.  The WG will strive to gather use cases to ensure the
broadest possible applicability of the mechanism.

As JSON adoption expands, the different applications utilizing JSON
security services will grow and this leads to the need to support
different requirements. The WG will develop a generic syntax that can be
used by applications to secure JSON-data, but it will be up to the
application to fully specify the use of the WG's documents much the same
way S/MIME is the application of CMS to MIME-based media types.

This group is chartered to work on the following deliverables:

(1) A Standards Track document or documents representing
integrity-protected data using JSON-based data structures, including
(but not limited to) JSON data structures. "Integrity protection"
includes public-key digital signatures as well as symmetric-key MACs.

(2) A Standards Track document or documents representing encrypted data
using JSON-based data structures, including (but not limited to) JSON
data structures.

(3) A Standards Track document specifying how to encode public keys as
JSON- structured objects.

(4) A Standards Track document specifying algorithms and algorithm
identifiers for the previous three documents.

(5) A Standards Track document specifying how to encode private and
symmetric keys as JSON-structured objects.  This document will build
upon the concepts and structures in (3).

(6) A Standards Track document specifying a means of protecting private
and symmetric keys via encryption.  This document will build upon the
concepts and structures in (2) and (5).  This document may register
additional algorithms in registries defined by (4).

(7) An Informational document detailing Use Cases and Requirements for
JSON Object Signing and Encryption (JOSE).

(8) An Informational document that tells an application what needs to be
specified in order to implement JOSE.

One or more of these goals may be combined into a single document, in
which case the concrete milestones for these goals will be satisfied by
the consolidated document(s).

Milestones:
  Jan 2012 - Submit JSON object integrity document as a WG item.
  Jan 2012 - Submit JSON object encryption document as a WG item.
  Jan 2012 - Submit JSON key format document as a WG item.
  Jan 2012 - Submit JSON algorithm document as a WG item.
  Jun 2012 - Start Working Group Last Call on JSON object integrity
document.
  Jun 2012 - Start Working Group Last Call on JSON object encryption
document.
  Jun 2012 - Start Working Group Last Call on JSON key format document.
  Jun 2012 - Start Working Group Last Call on JSON algorithm document.
  Jul 2012 - Submit JSON object integrity document to IESG for
consideration as Standards Track document.
  Jul 2012 - Submit JSON object encryption document to IESG for
consideration as Standards Track document.
  Jul 2012 - Submit JSON key format document to IESG for consideration as
Standards Track document.
  Jul 2012 - Submit JSON algorithm document to IESG for consideration as
Standards Track document.


_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work

v2.23.0 | Report a Bug | By Email