[woes] WOES Charter Proposal

"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Tue, 14 June 2011 12:20 UTC

Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 26F8511E80A8 for <woes@ietfa.amsl.com>; Tue, 14 Jun 2011 05:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZszeslYR09JZ for <woes@ietfa.amsl.com>; Tue, 14 Jun 2011 05:20:16 -0700 (PDT)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net []) by ietfa.amsl.com (Postfix) with ESMTP id 711FF11E808A for <woes@ietf.org>; Tue, 14 Jun 2011 05:20:15 -0700 (PDT)
Received: from demuprx016.emea.nsn-intra.net ([]) by demumfd002.nsn-inter.net ( with ESMTP id p5ECKDOO027764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <woes@ietf.org>; Tue, 14 Jun 2011 14:20:14 +0200
Received: from demuexc024.nsn-intra.net (demuexc024.nsn-intra.net []) by demuprx016.emea.nsn-intra.net ( with ESMTP id p5ECKDa5028751 for <woes@ietf.org>; Tue, 14 Jun 2011 14:20:13 +0200
Received: from FIESEXC035.nsn-intra.net ([]) by demuexc024.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Tue, 14 Jun 2011 14:20:13 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CC2A8D.6921B153"
Date: Tue, 14 Jun 2011 15:24:53 +0300
Message-ID: <999913AB42CC9341B05A99BBF358718D41FA35@FIESEXC035.nsn-intra.net>
Thread-Topic: WOES Charter Proposal
Thread-Index: AcwqjhBHtkjJjf0ySWeO6EHazLfdBw==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: woes@ietf.org
X-OriginalArrivalTime: 14 Jun 2011 12:20:13.0507 (UTC) FILETIME=[69771930:01CC2A8D]
Subject: [woes] WOES Charter Proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 12:20:17 -0000

Web Object Encryption and Signing (woes)


JSON (an acronym for JavaScript Object Notation) is a text format for
the serialization of structured data. It is derived from the JavaScript
programming language for representing simple data structures and
associative arrays, called objects. Despite its relationship to
JavaScript, it is language-independent, with parsers available for
almost every programming

The JSON format is described in RFC 4627 and builds on two structures:
* A collection of name/value pairs. In various languages, this is
realized as an object, record, struct, dictionary, hash table, keyed
list, or associative array.
* An ordered list of values. In most languages, this is realized as an
array, vector, list, or sequence.

The JSON format is often used for serializing and transmitting
structured data over a network connection. It was initially used in the
Web environment to transmit data between a server and web application,
serving as an alternative to XML. Now, JSON is being used in various
other protocols as well.

With the increased usage of JSON in protocols there is now also the
desire to offer security services, such as encryption, and message
signing, for JSON encoded data. Different proposals for providing these
security services have been defined and implemented.  Examples are: JSON
Web Token [JWT], Simple Web Tokens [SWT], Magic Signatures
[MagicSignatures], JSON Simple Sign [JSS], JavaScript Message Security
Format [JSMS]. 

This working group aims to develop specifications to standardize these
security services for JSON encoded data to improve interoperability, and
to increase confidence in the offered security functionality based on
the expert review process utilized in the IETF. Future work in the group
may offer support for other security services. Re-chartering of the
group is, however, required.

This working group aims to re-use well-defined concepts from
Cryptographic Message Syntax
(CMS) [CMS], XML Digital Signature [XMLDSIG] and XML Encryption [XMLENC]
since the group aims to develop a JavaScript-developer-friendly
JSON-equivalent for CMS. 

Since this work is within the realm of the security domain respective
experts will be involved. 


[JWT] M. Jones, et al. "JSON Web Signature (JWS)",
draft-jones-json-web-signature-01 (work in progress), Mar. 2011.

[JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign",
September 2010.

[MagicSignatures] Panzer (editor), J., Laurie, B., and D. Balfanz,
"Magic Signatures", August 2010.

[SWT] Hardt, D. and Y. Goland, "Simple Web Token (SWT)", Version, November 2009.

XMLDIG] W3C, "XML Signature Syntax and Processing (Second Edition)",
available at
http://www.w3.org/TR/xmldsig-core/, Jun. 2008. 

[XMLENC] W3C, "XML Encryption Syntax and Processing", available at
http://www.w3.org/TR/xmlenc-core/, Dec. 2002.

[CMS]  R. Housley, "Cryptographic Message Syntax", RFC 3852, Jul. 2004. 

[JSMS] E. Rescorla, J. Hildebrand, "JavaScript Message Security Format",
draft-rescorla-jsms-00 (work in progress), Mar. 2011.


This group is chartered to work on two documents: 

1) A Standards Track document specifying how to apply a digital
signature and a keyed message digest to 
JSON encoded data.

2) A Standards Track document illustrating how to encrypt JSON encoded

Goals and Milestones

Aug 2011    Submit JSON object signing document as a WG item.

Aug 2011    Submit JSON object encryption document as a WG item.

Mar 2012    Start Working Group Last Call on JSON object signing

Mar 2012    Start Working Group Last Call on JSON object encryption

Apr 2012    Submit JSON object signing document to IESG for
consideration as
Standards Track document.

Apr 2012    Submit JSON object encryption document to IESG for
as Standards Track document.