Musings on Digital Identity

Month: July 2011

OAuth 2.0 Bearer Token Specification draft -08

OAuth logoI’ve published draft 08 of the OAuth Bearer Token Specification. It contains the following changes:

  • Updated references to oauth-v2 and httpbis drafts.
  • Added missing comma in error response example.

It contains no normative changes. This draft is the subject of working group last call.

The draft is available at these locations:

JSON Web Key (JWK) draft -01

I’ve published JSON Web Key (JWK) draft -01. It contains the following changes:

  • Changed “algorithm” member value for Elliptic Curve keys from “ECDSA” to “EC”, since Elliptic Curve keys can be used with more algorithms than just the Elliptic Curve Digital Signature Algorithm (ECDSA).
  • Added OPTIONAL “use” member to identify intended key usage, especially since the same Elliptic Curve key should not be used for both signing and encryption operations.

The specification is available at these locations:

JSON Web Token (JWT) Draft -05

I posted JSON Web Token (JWT) draft -05 today, with the only change being to define an optional “nbf” (not before) claim that is distinct from the “iat” (issued at) claim. (This more closely parallels the capabilities of SAML tokens, where there are NotBefore, NotAfter, and IssueInstant values.) The “nbf” and “exp” claims should be used for bounding the token validity period, whereas “iat” should be used to determine token age.

The draft is available at these locations:

Simple Web Discovery (SWD) Refresh

I posted Simple Web Discovery (SWD) draft -01 today because -00 was about to expire. No normative changes were made.

Powered by WordPress & Theme by Anders Norén