July 2011 – Mike Jones: self-issued

OAuth 2.0 Bearer Token Specification draft -08

By Mike Jones

On July 27, 2011

In OAuth, Specifications

OAuth logo I’ve published draft 08 of the OAuth Bearer Token Specification. It contains the following changes:

Updated references to oauth-v2 and httpbis drafts.
Added missing comma in error response example.

It contains no normative changes. This draft is the subject of working group last call.

The draft is available at these locations:

http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-08.pdf
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-08.txt
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-08.xml
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-08.html
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-08.pdf
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-08.txt
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-08.xml
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will point to new versions as they are posted)
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will point to new versions as they are posted)
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will point to new versions as they are posted)
https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will point to new versions as they are posted)
http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, pdf, txt, and html versions available)

JSON Web Key (JWK) draft -01

By Mike Jones

On July 25, 2011

In Cryptography, JSON, Specifications

I’ve published JSON Web Key (JWK) draft -01. It contains the following changes:

Changed “algorithm” member value for Elliptic Curve keys from “ECDSA” to “EC”, since Elliptic Curve keys can be used with more algorithms than just the Elliptic Curve Digital Signature Algorithm (ECDSA).
Added OPTIONAL “use” member to identify intended key usage, especially since the same Elliptic Curve key should not be used for both signing and encryption operations.

The specification is available at these locations:

http://www.ietf.org/internet-drafts/draft-jones-json-web-key-01.txt
http://www.ietf.org/internet-drafts/draft-jones-json-web-key-01.xml
https://self-issued.info/docs/draft-jones-json-web-key-01.html
https://self-issued.info/docs/draft-jones-json-web-key-01.txt
https://self-issued.info/docs/draft-jones-json-web-key-01.xml
https://self-issued.info/docs/draft-jones-json-web-key.html (will point to new versions as they are posted)
https://self-issued.info/docs/draft-jones-json-web-key.txt (will point to new versions as they are posted)
https://self-issued.info/docs/draft-jones-json-web-key.xml (will point to new versions as they are posted)
http://svn.openid.net/repos/specifications/json_web_key/1.0/ (Subversion repository, with html, txt, and html versions available)

JSON Web Token (JWT) Draft -05

By Mike Jones

On July 11, 2011

In Claims, JSON, Specifications

I posted JSON Web Token (JWT) draft -05 today, with the only change being to define an optional “nbf” (not before) claim that is distinct from the “iat” (issued at) claim. (This more closely parallels the capabilities of SAML tokens, where there are NotBefore, NotAfter, and IssueInstant values.) The “nbf” and “exp” claims should be used for bounding the token validity period, whereas “iat” should be used to determine token age.

The draft is available at these locations: