March 25, 2011
JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs

As promised, I have split the contents of the JWT spec draft-jones-json-web-token-01 into two simpler specs:

These should have introduced no semantic changes from the previous spec.

I then applied the feedback that I received since JWT -01 and created revised versions of the split specs:

The only breaking change introduced was that x5t (X.509 Certificate Thumbprint) is now a SHA-1 hash of the DER-encoded certificate, rather than a SHA-256 has, as SHA-1 is the prevailing existing practice for certificate thumbprint calculations. See the Document History sections for details on each change made.

.txt and .xml versions are also available. I plan to publish these as IETF drafts once the submission window re-opens on Monday. Feedback welcome!

P.S. Yes, work on the companion encryption spec is now under way…

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.