Musings on Digital Identity

Month: May 2014

Merged OAuth Dynamic Client Registration Spec

OAuth logoA new version of the OAuth Dynamic Client Registration specification has been published that folds the client metadata definitions back into the core registration specification, as requested by the working group. The updated spec is clear that the use of each of the defined client metadata fields is optional. The related registration management specification remains separate.

The updated specifications are available at:

HTML formatted versions are also available at:

JWT and JOSE have won a Special European Identity Award

IETF logoToday the JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications were granted a Special European Identity Award for Best Innovation for Security in the API Economy. I was honored to accept the award, along with Nat Sakimura and John Bradley, on behalf of the contributors to and implementers of these specifications at the European Identity and Cloud Conference.

It’s great to see this recognition for the impact that these specs are having by making it easy to use simple JSON-based security tokens and other Web-friendly cryptographically protected data structures. Special thanks are due to all of you have built and deployed implementations and provided feedback on the specs throughout their development; they significantly benefitted from your active involvement!

These specifications are:

The authors are:

Dirk Balfanz, Yaron Goland, John Panzer, and Eric Rescorla also deserve thanks for their significant contributions to creating these specifications.

EIC 2014 Award Mike Jones EIC 2014 Award Certificate EIC 2014 Award Nat Sakimura, Mike Jones, John Bradley

Publication requested for JSON Web Token (JWT), OAuth Assertions, and JOSE specifications

IETF logoToday, the OAuth Working Group requested publication of four specifications as proposed standards:

This follows on the JOSE Working Group likewise requesting publication of the JSON Object Signing and Encryption specifications last month:

This means that the working groups have sent the specifications to the IESG for review, which is the next step towards them becoming IETF Standards — RFCs.

Powered by WordPress & Theme by Anders Norén