The -27 drafts of the JOSE specs (JWS, JWE, JWK, & JWA) and the -21 draft of the JWT spec have been posted that incorporate feedback received from our security area director, Kathleen Moriarty. The one normative change was to add certificate thumbprint parameters using SHA-256 as the hash function. There were no breaking changes. A number of additional security considerations were added across the drafts. An example JWK was added early in the JWK draft (paralleling the early examples in the JWS, JWE, and JWT drafts). Several algorithm cross-reference entries were updated in the JWA draft. A number of other editorial improvements were also applied.
The specifications are available at:
- http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-27
- http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-27
- http://tools.ietf.org/html/draft-ietf-jose-json-web-key-27
- http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-27
- http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-21
HTML formatted versions are available at:
- https://self-issued.info/docs/draft-ietf-jose-json-web-signature-27.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-27.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-key-27.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-27.html
- https://self-issued.info/docs/draft-ietf-oauth-json-web-token-21.html
Thanks for the detailed feedback, Kathleen.
Leave a Reply
You must be logged in to post a comment.