[woes] WOES Charter Proposal
"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Tue, 14 June 2011 12:20 UTC
Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26F8511E80A8 for <woes@ietfa.amsl.com>; Tue, 14 Jun 2011 05:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZszeslYR09JZ for <woes@ietfa.amsl.com>; Tue, 14 Jun 2011 05:20:16 -0700 (PDT)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 711FF11E808A for <woes@ietf.org>; Tue, 14 Jun 2011 05:20:15 -0700 (PDT)
Received: from demuprx016.emea.nsn-intra.net ([10.150.129.55]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id p5ECKDOO027764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <woes@ietf.org>; Tue, 14 Jun 2011 14:20:14 +0200
Received: from demuexc024.nsn-intra.net (demuexc024.nsn-intra.net [10.159.32.11]) by demuprx016.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id p5ECKDa5028751 for <woes@ietf.org>; Tue, 14 Jun 2011 14:20:13 +0200
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by demuexc024.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Tue, 14 Jun 2011 14:20:13 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CC2A8D.6921B153"
Date: Tue, 14 Jun 2011 15:24:53 +0300
Message-ID: <999913AB42CC9341B05A99BBF358718D41FA35@FIESEXC035.nsn-intra.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: WOES Charter Proposal
Thread-Index: AcwqjhBHtkjJjf0ySWeO6EHazLfdBw==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: woes@ietf.org
X-OriginalArrivalTime: 14 Jun 2011 12:20:13.0507 (UTC) FILETIME=[69771930:01CC2A8D]
Subject: [woes] WOES Charter Proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 12:20:17 -0000
Web Object Encryption and Signing (woes) ======================================== Background ---------- JSON (an acronym for JavaScript Object Notation) is a text format for the serialization of structured data. It is derived from the JavaScript programming language for representing simple data structures and associative arrays, called objects. Despite its relationship to JavaScript, it is language-independent, with parsers available for almost every programming language. The JSON format is described in RFC 4627 and builds on two structures: * A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array. * An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence. The JSON format is often used for serializing and transmitting structured data over a network connection. It was initially used in the Web environment to transmit data between a server and web application, serving as an alternative to XML. Now, JSON is being used in various other protocols as well. With the increased usage of JSON in protocols there is now also the desire to offer security services, such as encryption, and message signing, for JSON encoded data. Different proposals for providing these security services have been defined and implemented. Examples are: JSON Web Token [JWT], Simple Web Tokens [SWT], Magic Signatures [MagicSignatures], JSON Simple Sign [JSS], JavaScript Message Security Format [JSMS]. This working group aims to develop specifications to standardize these security services for JSON encoded data to improve interoperability, and to increase confidence in the offered security functionality based on the expert review process utilized in the IETF. Future work in the group may offer support for other security services. Re-chartering of the group is, however, required. This working group aims to re-use well-defined concepts from Cryptographic Message Syntax (CMS) [CMS], XML Digital Signature [XMLDSIG] and XML Encryption [XMLENC] since the group aims to develop a JavaScript-developer-friendly JSON-equivalent for CMS. Since this work is within the realm of the security domain respective experts will be involved. References ---------- [JWT] M. Jones, et al. "JSON Web Signature (JWS)", draft-jones-json-web-signature-01 (work in progress), Mar. 2011. [JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign", September 2010. [MagicSignatures] Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic Signatures", August 2010. [SWT] Hardt, D. and Y. Goland, "Simple Web Token (SWT)", Version 0.9.5.1, November 2009. XMLDIG] W3C, "XML Signature Syntax and Processing (Second Edition)", available at http://www.w3.org/TR/xmldsig-core/, Jun. 2008. [XMLENC] W3C, "XML Encryption Syntax and Processing", available at http://www.w3.org/TR/xmlenc-core/, Dec. 2002. [CMS] R. Housley, "Cryptographic Message Syntax", RFC 3852, Jul. 2004. [JSMS] E. Rescorla, J. Hildebrand, "JavaScript Message Security Format", draft-rescorla-jsms-00 (work in progress), Mar. 2011. Deliverables ------------ This group is chartered to work on two documents: 1) A Standards Track document specifying how to apply a digital signature and a keyed message digest to JSON encoded data. 2) A Standards Track document illustrating how to encrypt JSON encoded data. Goals and Milestones -------------------- Aug 2011 Submit JSON object signing document as a WG item. Aug 2011 Submit JSON object encryption document as a WG item. Mar 2012 Start Working Group Last Call on JSON object signing document. Mar 2012 Start Working Group Last Call on JSON object encryption document. Apr 2012 Submit JSON object signing document to IESG for consideration as Standards Track document. Apr 2012 Submit JSON object encryption document to IESG for consideration as Standards Track document.
- [woes] WOES Charter Proposal Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [woes] WOES Charter Proposal Sean Turner
- Re: [woes] WOES Charter Proposal Hannes Tschofenig
- Re: [woes] WOES Charter Proposal Manger, James H
- Re: [woes] WOES Charter Proposal Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Joe Hildebrand
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Stephen Farrell
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Stephen Farrell
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Joe Hildebrand
- Re: [woes] WOES Charter Proposal Stephen Farrell
- Re: [woes] WOES Charter Proposal Joe Hildebrand
- Re: [woes] WOES Charter Proposal Peter Saint-Andre
- Re: [woes] WOES Charter Proposal Peter Saint-Andre