Month: August 2012

JSON Private Key Specification

On August 15, 2012

The W3C WebCrypto working group recently made an inquiry to the IETF JOSE working group about the possibility of defining a JSON representation for private keys. To facilitate discussion of this topic by both working groups, I created a draft JSON Private Key specification. The specification is very simple; it just defines two additional members for the JWK structure for representing the private parts of Elliptic Curve and RSA keys.

The specification is available at:

http://tools.ietf.org/html/draft-jones-jose-json-private-key-00

A HTML-formatted version of the specification is available at:

https://self-issued.info/docs/draft-jones-jose-json-private-key-00.html

OAuth Core -31 and OAuth Bearer -23 specs published

By Mike Jones

On August 1, 2012

In OAuth, Specifications

OAuth logo Hopefully final versions of the OAuth Core and Bearer specs have been published. These versions correct an editorial issue with the security clarification made in Core -30 and remove David Recordon from the author lists, at his request.

The specifications are available at:

Changes in http://tools.ietf.org/html/draft-ietf-oauth-v2-31 are:

Clarify that any client can send client_id but that sending it is only required when using the code flow if the client is not otherwise authenticated.
Removed David Recordon’s name from the author list, at his request.

Changes in http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23 are:

Removed David Recordon’s name from the author list, at his request.

HTML-formatted versions are available at: