Mike Jones: self-issued

Musings on Digital Identity

Category: Cryptography

JSON Web Token (JWT) Specification Draft

By

On September 30, 2010

In Claims, Cryptography, JSON, Specifications

Recognizing that there is substantial interest in representing sets of claims in JSON tokens, Yaron Goland and I have put together a draft JSON Web Token (JWT) specification for that purpose and published it to the OAuth list, where it is being discussed.

While this was produced independently of Dirk Balfanz’s JSON token proposal, both of us agree that we should come up with a unified spec. Consider this draft an additional point in the possible design space from which to start discussions and drive consensus. (If you read the two proposals, I think you’ll find that there’s already a lot in common, which is great.)

By the way, the draft suggests that the acronym JWT be pronounced like the English word “jot”.

I’d love to hear your feedback.

====

NOTE: This specification version has been superseded by draft-ietf-oauth-json-web-token. Do not use this version other than for historical reference purposes.

U-Prove Specifications Licensed and Sample Code Released

By

On March 2, 2010

In Claims, Cryptography, Documentation, Information Cards, Interoperability, Privacy, Software, Specifications, U-Prove, Windows CardSpace

U-Prove logoThis morning at the RSA conference, Scott Charney announced that Microsoft has licensed the U-Prove technology under the Open Specification Promise and released sample implementations in C# and Java under the BSD license. Implementers will be interested in two specifications: the “U-Prove Cryptographic Specification V1.0”, which documents U-Prove’s cryptographic operations, and “U-Prove Technology Integration into the Identity Metasystem V1.0”, which documents how to use U-Prove tokens with WS-Trust. These specifications are intended to enable interoperable implementations.

The U-Prove technologies enable two key properties: minimal disclosure and unlinkability. For more about U-Prove and today’s Community Technology Preview (CTP) release, see the Microsoft U-Prove site, the post announcing the release, and Vittorio’s post (with links to videos).

Welcoming Credentica’s People and Privacy Technology to Microsoft

By

On March 6, 2008

In Claims, Cryptography, People, Privacy, U-Prove, Windows CardSpace

Stefan BrandsI’m writing today to publicly welcome Stefan Brands, Christian Paquin, and Greg Thompson, of Credentica to Microsoft’s Identity and Access Group. I’m looking forward to working with them and to us adding their fantastic minimal disclosure technology to our identity products. Like Kim, I’m excited!

I urge people to check out Stefan’s announcement, Kim’s detailed write-up about the significance of this technology (I love the phrase “Need-to-Know Internet”), and Brendon Lynch’s post on Microsoft’s Data Privacy blog.

Welcome to Microsoft!

Page 12 of 12

Previous

Powered by WordPress & Theme by Anders Norén