Musings on Digital Identity

Month: September 2011

OAuth 2.0 Bearer Token Specification Draft -09

OAuth logoDraft 09 of the OAuth 2.0 Bearer Token Specification has been published, which incorporates Working Group Last Call feedback. It contains the following changes:

  • Use definitions from [I-D.ietf-httpbis-p7-auth] rather than [RFC2617].
  • Update credentials definition to conform to [I-D.ietf-httpbis-p7-auth].
  • Further clarified that query parameters may occur in any order.
  • Specify that error_description is UTF-8 encoded (matching the core specification).
  • Registered “Bearer” Authentication Scheme in Authentication Scheme Registry defined by [I-D.ietf-httpbis-p7-auth].
  • Updated references to oauth-v2, httpbis-p1-messaging, and httpbis-p7-auth drafts.
  • Other wording improvements not introducing normative changes.

The draft is available at these locations:

JSON Web Encryption (JWE) draft -00

I’m pleased to announce the publication of the first draft of the JSON Web Encryption (JWE) specification. It enables JSON-based encryption of content in a parallel manner to how the JSON Web Signature (JWS) specification enables JSON-based signing of content.

My thanks to John Bradley, Nat Sakimura, Eric Rescorla, and Joe Hildebrand for helping make this initial version a reality!

The specification is available at these locations:

Powered by WordPress & Theme by Anders Norén