Month: September 2014

Updated JOSE and JWT drafts have been published that address JSON Web Key (JWK) secdir review comments by Stephen Kent that were inadvertently not addressed in the previous versions. Most of the changes were to the JWK draft. A few changes also had to be made across the other drafts to keep them in sync. I also added acknowledgements to several additional contributors. No breaking changes were made.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-33
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-33
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-33
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-33
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27

Differences since the previous drafts can be viewed at:

• http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-signature-33
• http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-encryption-33
• http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-key-33
• http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-algorithms-33
• http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-json-web-token-27

HTML formatted versions are available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-33.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-33.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-33.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-33.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-27.html

New versions of the JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) specifications have been published incorporating feedback received in IETF Last Call comments. Thanks to Russ Housley and Roni Even for their Gen-ART reviews, to Tero Kivinen, Scott Kelly, Stephen Kent, Charlie Kaufman, and Warren Kumari for their secdir reviews, to Tom Yu for his individual review, and to James Manger and Chuck Mortimore who provided feedback based on deployment experiences, as well as to the many JOSE and OAuth working group members who pitched in to discuss resolutions. Many clarifications resulted. No breaking changes were made.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-32
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-32
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-32
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-32
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-26

HTML formatted versions are available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-32.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-32.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-32.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-32.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-26.html