JSON Object Signing and Encryption (JOSE) drafts have been published that address the feedback received during Working Group Last Call (WGLC) on the specifications, which ran from January 22 to February 13, 2014. Two breaking (but very local) changes were made as a result of working group discussions:
- Replaced the JWK
key_opsvalueswrapandunwrapwithwrapKeyandunwrapKeyto match theKeyUsagevalues defined in the current Web Cryptography API editor’s draft. - Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt Input), where the
p2sHeader Parameter encodes the Salt Input value and Alg is thealgHeader Parameter value.
A few editorial changes were also made to improve readability. See the Document History sections for the issues addressed by these changes. One parallel editorial change was also made to the JSON Web Token (JWT) specification.
The specifications are available at:
- http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-21
- http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-21
- http://tools.ietf.org/html/draft-ietf-jose-json-web-key-21
- http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-21
- http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-16
HTML formatted versions are also available at:
- https://self-issued.info/docs/draft-ietf-jose-json-web-signature-21.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-21.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-key-21.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-21.html
- https://self-issued.info/docs/draft-ietf-oauth-json-web-token-16.html
Thanks to those of you who provided feedback on the specs during Working Group Last Call.
Leave a Reply
You must be logged in to post a comment.