Mike Jones: self-issued

The W3C WebCrypto working group recently made an inquiry to the IETF JOSE working group about the possibility of defining a JSON representation for private keys. To facilitate discussion of this topic by both working groups, I created a draft JSON Private Key specification. The specification is very simple; it just defines two additional members for the JWK structure for representing the private parts of Elliptic Curve and RSA keys.

The specification is available at:

• http://tools.ietf.org/html/draft-jones-jose-json-private-key-00

A HTML-formatted version of the specification is available at:

• http://self-issued.info/docs/draft-jones-jose-json-private-key-00.html

No Comments » Posted under Cryptography & JSON & Specifications

Hopefully final versions of the OAuth Core and Bearer specs have been published. These versions correct an editorial issue with the security clarification made in Core -30 and remove David Recordon from the author lists, at his request.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-oauth-v2-31
• http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23

Changes in http://tools.ietf.org/html/draft-ietf-oauth-v2-31 are:

• Clarify that any client can send client_id but that sending it is only required when using the code flow if the client is not otherwise authenticated.
• Removed David Recordon’s name from the author list, at his request.

Changes in http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23 are:

• Removed David Recordon’s name from the author list, at his request.

HTML-formatted versions are available at:

• http://self-issued.info/docs/draft-ietf-oauth-v2-31.html
• http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-23.html

No Comments » Posted under OAuth & Specifications