Mike Jones: self-issued

The JSON Web Key (JWK) Thumbprint draft has been updated to incorporate feedback received from Jim Schaad, including defining the JWK Thumbprint computation in a manner that allows different hash functions to be used over time. The specification is available at:

• http://tools.ietf.org/html/draft-ietf-jose-jwk-thumbprint-01

An HTML formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-jose-jwk-thumbprint-01.html

No Comments » Posted under Cryptography & JSON & Specifications

All of these 9 drafts have now been approved and sent to the RFC Editor:

1. draft-ietf-jose-json-web-signature
2. draft-ietf-jose-json-web-encryption
3. draft-ietf-jose-json-web-key
4. draft-ietf-jose-json-web-algorithms
5. draft-ietf-oauth-json-web-token
6. draft-ietf-jose-cookbook
7. draft-ietf-oauth-assertions
8. draft-ietf-oauth-saml2-bearer
9. draft-ietf-oauth-jwt-bearer

That means that their content is now completely stable and they’ll soon become Internet standards – RFCs. Thanks for all of your contributions in creating, reviewing, and most importantly, using these specifications. Special thanks go to the other spec editors Nat Sakimura, John Bradley, Joe Hildebrand, Brian Campbell, Chuck Mortimore, Matt Miller, and Yaron Goland.

4 Comments » Posted under Claims & Cryptography & JSON & OAuth & Specifications

New versions of the JSON Web Signature (JWS) and JSON Web Key (JWK) drafts have been submitted that address a few more IESG comments that were identified by our area director Kathleen Moriarty during her final review of the documents. Thanks to Richard Barnes for working on wording to address his comment on security considerations for binding attributes to JWKs. See the Document History sections for descriptions of the edits, none of which resulted in data structure changes.

The plan is for these documents to be forwarded to the RFC editor. The other related documents have already been approved.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-41

HTML formatted versions are available at:

• http://self-issued.info/docs/draft-ietf-jose-json-web-signature-41.html
• http://self-issued.info/docs/draft-ietf-jose-json-web-key-41.html

No Comments » Posted under Cryptography & JSON & Specifications

The document shepherd Karen O’Donoghue and I completed a review of all the IESG comments in the IETF data tracker today in preparation for the drafts going to the RFC Editor. This set of drafts addresses all the remaining comments that we thought should be dealt with in the final documents. The only changes were:

• Clarified the definitions of UTF8(STRING) and ASCII(STRING).
• Stated that “line breaks are for display purposes only” in places where this disclaimer was needed and missing.
• Updated the WebCrypto reference to refer to the W3C Candidate Recommendation.

Unless additional issues are identified soon, these should be the drafts that go to the RFC Editor.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-40
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-40
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40

HTML formatted versions are available at:

• http://self-issued.info/docs/draft-ietf-jose-json-web-signature-40.html
• http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-40.html
• http://self-issued.info/docs/draft-ietf-jose-json-web-key-40.html
• http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-40.html

No Comments » Posted under Cryptography & JSON & Specifications