Archive for August, 2012

August 15, 2012
JSON Private Key Specification

IETF logoW3C logoThe W3C WebCrypto working group recently made an inquiry to the IETF JOSE working group about the possibility of defining a JSON representation for private keys. To facilitate discussion of this topic by both working groups, I created a draft JSON Private Key specification. The specification is very simple; it just defines two additional members for the JWK structure for representing the private parts of Elliptic Curve and RSA keys.

The specification is available at:

A HTML-formatted version of the specification is available at:

August 1, 2012
OAuth Core -31 and OAuth Bearer -23 specs published

OAuth logoHopefully final versions of the OAuth Core and Bearer specs have been published. These versions correct an editorial issue with the security clarification made in Core -30 and remove David Recordon from the author lists, at his request.

The specifications are available at:

Changes in http://tools.ietf.org/html/draft-ietf-oauth-v2-31 are:

  • Clarify that any client can send client_id but that sending it is only required when using the code flow if the client is not otherwise authenticated.
  • Removed David Recordon’s name from the author list, at his request.

Changes in http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23 are:

  • Removed David Recordon’s name from the author list, at his request.

HTML-formatted versions are available at: