Mike Jones: self-issued

Musings on Digital Identity

Month: September 2013

WebFinger is now RFC 7033!

By

On September 27, 2013

In JSON, Specifications

IETF logoI’m pleased to announce that the WebFinger specification has now been published as an RFC — RFC 7033. WebFinger enables discovery of information about a user or resource at a host using an HTTP query to a well-known https endpoint, with the discovered information being returned in a simple JSON structure. For instance, OpenID Connect uses WebFinger to discover the location of a user’s OpenID Connect server.

Thanks particularly go to Paul Jones, who tirelessly edited the spec, ably navigating the sometimes thankless task of addressing the numerous and sometimes conflicting comments and suggestions that were made, and in the end, resolving them to everyone’s satisfaction, and in a high-quality manner. Thanks a bunch, Paul!

I’ll also take the occasion to thank Yaron Goland for inventing the Simple Web Discovery specification. I believe that the simplicity of the approved WebFinger specification is a direct result of the influence that Simple Web Discovery had upon WebFinger.

I look forward to seeing all the useful things that will be accomplished using WebFinger!

JOSE -16 drafts addressing 45 editorial and minor issues

By

On September 15, 2013

In Cryptography, JSON, Specifications

IETF logoJSON Object Signing and Encryption (JOSE) -16 drafts have been published that address 45 editorial and minor issues. See the Document History sections for lists of the specific issues addressed. Thanks to Jim Schaad for again meeting with me in person to go over proposed text changes in my working drafts before these specifications were published.

One breaking change was made: When doing ECDH-ES key agreement, the AlgorithmID value used in the KDF computation now has a length prefix. So for instance, the representation of the “enc” value “A128GCM” is now prefixed by the number 7, represented as a 32-bit big-endian value, when used as the AlgorithmID value. (Such prefixes were already in place for the other variable-length KDF parameters.)

The drafts are available at:

HTML formatted versions are also available at:

JOSE -15 drafts addressing 37 editorial and minor issues

By

On September 3, 2013

In Cryptography, JSON, Specifications

IETF logoJSON Object Signing and Encryption (JOSE) -15 drafts have been published that address 37 editorial and minor issues filed by Jim Schaad. See the Document History sections for lists of the specific issues addressed. Thanks to Jim for meeting with me in person to go over proposed text changes in my working drafts before these specifications were published. We also agreed on a number of additional proposed resolutions that will be addressed in the next set of drafts published.

The one substantive change worth noting is that when multiple signatures or encryption recipients are present, it is now up to the application whether to reject the entire JWS or JWE when some, but not all of the signature or encryption validations fail. (Previously, if any validation failed, the entire JWS or JWE was always rejected.)

The drafts are available at:

HTML formatted versions are also available at:

Powered by WordPress & Theme by Anders Norén