Month: March 2014

JOSE -24 drafts have been released that fix two errors found in example values. The JWT -19 draft clarifies that support for Nested JWTs is optional. The JSON reference was also updated to RFC 7159 in all drafts.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-24
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-24
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-24
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19

HTML formatted versions are also available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-24.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-24.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-24.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-24.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-19.html

Thanks to Edmund Jay and Hideki Nara for finding the bugs in the examples.

Draft -18 of the JSON Web Token (JWT) spec has been released, which addresses the few remaining outstanding comments from Working Group Last Call (WGLC). All edits were clarifications, rather than normative changes. See the Document History appendix for a description of the changes made.

New -23 versions of the JSON Object Signing and Encryption (JOSE) specs were also released since one clarification made to JWT also applied to JWS.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-18
• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-23
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-23
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-23
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-23

HTML formatted versions are also available at:

• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-18.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-23.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-23.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-23.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-23.html

Updated JOSE and JWT drafts have been published that fix a few instances of incorrect uses of RFC 2119 requirements language, such as changing an occurrence of “MUST not” to “MUST NOT”. These drafts also reference the newly completed JSON specification — RFC 7158.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-22
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-22
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-22
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-22
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-17

HTML formatted versions are also available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-22.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-22.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-22.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-22.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-17.html