Musings on Digital Identity

Month: January 2012

OAuth 2.0 Bearer Token Specification Draft -16

OAuth logoDraft 16 of the OAuth 2.0 Bearer Token Specification has been published. This version contains a proposed resolution to the auth-param syntax issue that has been reviewed by Julian Reschke, Mark Nottingham, and the OAuth WG chairs. It also addresses the Gen-ART review comments by Alexey Melnikov.

It contains the following changes:

  • Use the HTTPbis auth-param syntax for Bearer challenge attributes.
  • Dropped the sentence “The realm value is intended for programmatic use and is not meant to be displayed to end users”.
  • Reordered form-encoded body parameter description bullets for better readability.
  • Added [USASCII] reference.

The draft is available at:

An HTML-formatted version is available at:

OpenID Connect in a Nutshell

OpenID logoNat Sakimura has written a valuable post describing OpenID Connect in a nutshell. It shows by example how simple it is for relying parties to use basic OpenID Connect functionality. If you’re involved in OpenID Connect in any way, or are considering becoming involved, his post is well worth reading.


IETF logoThe initial versions of the IETF JSON Object Signing and Encryption (JOSE) specifications are now available. They are:

  • JSON Web Signature (JWS) — Digital signature/HMAC specification
  • JSON Web Encryption (JWE) — Encryption specification
  • JSON Web Key (JWK) — Public key specification
  • JSON Web Algorithms (JWA) — Algorithms and identifiers specification

They are refactored from the previous individual submission versions to move algorithms and identifiers into the separate JSA specification, per the working group charter. Also, per the working group’s input, the terminology usage has been changed to no longer call both digital signatures and HMACs “signatures”. The JOSE versions contain no normative changes from the individual submission versions.

These specifications are available at:

HTML formatted versions are available at:

Powered by WordPress & Theme by Anders Norén