August 2015 – Mike Jones: self-issued

Proof-of-Possession Key Semantics for JWTs spec addressing remaining comments

On August 28, 2015

In Claims, Cryptography, JSON, OAuth, Specifications

OAuth logo Proof-of-Possession Key Semantics for JWTs draft -04 addresses the remaining working group comments received — both a few leftover WGLC comments and comments received during IETF 93 in Prague. The changes were:

Allowed the use of “jwk” for symmetric keys when the JWT is encrypted.
Added the “jku” (JWK Set URL) member.
Added privacy considerations.
Reordered sections so that the “cnf” (confirmation) claim is defined before it is used.
Noted that applications can define new claim names, in addition to “cnf“, to represent additional proof-of-possession keys, using the same representation as “cnf“.
Applied wording clarifications suggested by Nat Sakimura.

The updated specification is available at:

http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-04

An HTML formatted version is also available at:

https://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-04.html

“amr” values “rba” and “sc”

By Mike Jones

On August 21, 2015

In Claims, JSON, OAuth, OpenID, Specifications

OAuth logo Authentication Method Reference Values draft -02 changed the identifier for risk-based authentication from “risk” to “rba“, by popular acclaim, and added the identifier “sc” (smart card).

The specification is available at:

http://tools.ietf.org/html/draft-jones-oauth-amr-values-02

An HTML formatted version is also available at:

https://self-issued.info/docs/draft-jones-oauth-amr-values-02.html

“amr” Values spec updated

By Mike Jones

On August 13, 2015

In Claims, JSON, OAuth, OpenID, Specifications

OAuth logo I’ve updated the Authentication Method Reference Values spec to incorporate feedback received from the OAuth working group. Changes were:

Added the values “mca” (multiple-channel authentication), “risk” (risk-based authentication), and “user” (user presence test).
Added citations in the definitions of Windows integrated authentication, knowledge-based authentication, risk-based authentication, multiple-factor authentication, one-time password, and proof-of-possession.
Alphabetized the values.
Added Tony Nadalin as an author and added acknowledgements.

The specification is available at:

http://tools.ietf.org/html/draft-jones-oauth-amr-values-01

An HTML formatted version is also available at:

https://self-issued.info/docs/draft-jones-oauth-amr-values-01.html

JWS Unencoded Payload Option specification

By Mike Jones

On August 9, 2015

In Cryptography, JSON, Specifications

The former JWS Signing Input Options specification has been renamed to JWS Unencoded Payload Option to reflect that there is now only one JWS Signing Input option defined in the spec — the “b64”:false option. The “sph” option was removed by popular demand. I also added a section on unencoded payload content restrictions and an example using the JWS JSON Serialization.

The specification is available at:

http://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-01

An HTML formatted version is also available at:

https://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-01.html

Musings on Digital Identity

Month: August 2015

Proof-of-Possession Key Semantics for JWTs spec addressing remaining comments

“amr” values “rba” and “sc”

“amr” Values spec updated

JWS Unencoded Payload Option specification