Musings on Digital Identity

Month: August 2012

JSON Private Key Specification

IETF logoW3C logoThe W3C WebCrypto working group recently made an inquiry to the IETF JOSE working group about the possibility of defining a JSON representation for private keys. To facilitate discussion of this topic by both working groups, I created a draft JSON Private Key specification. The specification is very simple; it just defines two additional members for the JWK structure for representing the private parts of Elliptic Curve and RSA keys.

The specification is available at:

A HTML-formatted version of the specification is available at:

OAuth Core -31 and OAuth Bearer -23 specs published

OAuth logoHopefully final versions of the OAuth Core and Bearer specs have been published. These versions correct an editorial issue with the security clarification made in Core -30 and remove David Recordon from the author lists, at his request.

The specifications are available at:

Changes in are:

  • Clarify that any client can send client_id but that sending it is only required when using the code flow if the client is not otherwise authenticated.
  • Removed David Recordon’s name from the author list, at his request.

Changes in are:

  • Removed David Recordon’s name from the author list, at his request.

HTML-formatted versions are available at:

Powered by WordPress & Theme by Anders Norén