Author: buildbot
Date: Fri Mar 13 13:47:00 2015
New Revision: 943695
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 13:47:00
2015
@@ -117,11 +117,11 @@ Apache CXF -- JAX-RS JOSE
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p> </p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1426247209546 {padding: 0px;}
-div.rbtoc1426247209546 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1426247209546 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1426254394846 {padding: 0px;}
+div.rbtoc1426254394846 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1426254394846 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1426247209546">
+/*]]>*/</style></p><div class="toc-macro rbtoc1426254394846">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect"
href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverview">JOSE Overview</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSSignature">JWS Signature</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JSONEncryption">JSON Encryption</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JSONWebTokens">JSON Web Tokens</a></li></ul>
</li><li><a shape="rect" href="#JAX-RSJOSE-JAX-RSJoseFilters">JAX-RS Jose
Filters</a></li><li><a shape="rect" href="#JAX-RSJOSE-OAuth2andJose">OAuth2 and
Jose</a></li><li><a shape="rect"
href="#JAX-RSJOSE-Third-PartyAlternatives">Third-Party
Alternatives</a></li></ul>
@@ -132,7 +132,7 @@ div.rbtoc1426247209546 li {margin-left:
<version>3.1.0</version>
</dependency>
]]></script>
-</div></div><p> </p><h1 id="JAX-RSJOSE-JOSEOverview">JOSE
Overview</h1><p>JOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers).</p><p>Note that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML.</p><p> </p><p>JOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications.</p><p> </p><p>At the moment two signature and
encryption output formats are supported: compact and
JSON.</p><p> </p><p>Compact format is a concatenation of Base64URL-encoded
JOSE headers (where the cryptographic signature or encryption properties are
set),</p><p>Base64URL-encoded payload (in the original form if it is signed,
otherwise - encrypted), plus Base64URL-encoded signature of the payload or some
of encryption process input or outpu
t data</p><p>such as an initialization vector, authentication tag,
etc.</p><p> </p><p>The JSON (full) format is where all the information
describing a signature or encryption process is presented in a not-compact,
regular JSON document, offering a non-optimized but easier to understand
format.</p><p>The signature process also supports the detached body mode where
the body to be signed is not included in the actual output - assuming that both
the consumer and producer know how to access the original payload in order
to</p><p>validate the signature.</p><p> </p><p>The following subsections
will have the examples with more details.</p><h2
id="JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</h2><h2
id="JAX-RSJOSE-JWKKeys">JWK Keys</h2><h2 id="JAX-RSJOSE-JWSSignature">JWS
Signature</h2><p> </p><h2 id="JAX-RSJOSE-JSONEncryption">JSON
Encryption</h2><h2 id="JAX-RSJOSE-JSONWebTokens">JSON Web
Tokens</h2><p> </p><h1 id="JAX-RSJOSE-JAX-RSJoseFilters">JAX-RS Jose
Filters</h1><p>
60;</p><h1 id="JAX-RSJOSE-OAuth2andJose">OAuth2 and Jose</h1><p> </p><h1
id="JAX-RSJOSE-Third-PartyAlternatives">Third-Party Alternatives</h1><p>Jose4J.
Etc.</p><p> </p></div>
+</div></div><p> </p><h1 id="JAX-RSJOSE-JOSEOverview">JOSE
Overview</h1><p>JOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers).</p><p>Note that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML.</p><p> </p><p>JOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications.</p><p> </p><p>At the moment two signature and
encryption output formats are supported: compact and
JSON.</p><p> </p><p>Compact format is a concatenation of Base64URL-encoded
JOSE headers (where the cryptographic signature or encryption properties are
set),</p><p>Base64URL-encoded payload (in the original form if it is signed,
otherwise - encrypted), plus Base64URL-encoded signature of the payload or some
of encryption process input or outpu
t data</p><p>such as an initialization vector, authentication tag,
etc.</p><p> </p><p>The JSON (full) format is where all the information
describing a signature or encryption process is presented in a not-compact,
regular JSON document, offering a non-optimized but easier to understand
format.</p><p>The signature process also supports the detached body mode where
the body to be signed is not included in the actual output - assuming that both
the consumer and producer know how to access the original payload in order
to</p><p>validate the signature.</p><p> </p><p>The following subsections
will have the examples with more details.</p><h2
id="JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</h2><p>All JOSE signature and
encryption algorithms are grouped and described in a <a shape="rect"
class="external-link"
href="https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40";
rel="nofollow">JSON Web Algorithms</a> (JWA) specification.</p><p>The
algorithms are split into 3 catego
ries: signature algorithms (MAC, RSA, Elliptic Curve), algorithms for
supporting the encryption of content encryption keys (RSA-OAEP, Key Wrap,
etc),</p><p>algorithms for encrypting the actual content (AES GCM,
etc).</p><p>All encryption algorithms produce authentication tags which
provides the protection against manipulating the already encrypted
content.</p><p>Refer to this specification to get all the information needed
(with the follow up links to the corresponding RFC when applicable) about a
particular signature or encryption</p><p>algorithm: the properties, recommended
key sizes, other security considerations related to all of or some specific
algorithms.</p><h2 id="JAX-RSJOSE-JWKKeys">JWK Keys</h2><p> </p><p><a
shape="rect" class="external-link"
href="https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41";
rel="nofollow">Json Web Key</a> (JWK) is a JSON document describing the
cryptographic key properties. JWKs are very flexible and light-weight (in most
cases) and
one can expect JWKs becoming one of the major</p><p>mechanisms for
representing and storing cryptographic keys. What is important is that one does
not have to use a JWK in order to sign or encrypt the document, working
directly with Java JCA secret and asymmetric key</p><p>representations is
sufficient but JWK is a first class citizen in JOSE with all of JOSE examples
using JWK representations.</p><h2 id="JAX-RSJOSE-JWSSignature">JWS
Signature</h2><p> </p><h2 id="JAX-RSJOSE-JSONEncryption">JSON
Encryption</h2><h2 id="JAX-RSJOSE-JSONWebTokens">JSON Web
Tokens</h2><p> </p><h1 id="JAX-RSJOSE-JAX-RSJoseFilters">JAX-RS Jose
Filters</h1><p> </p><h1 id="JAX-RSJOSE-OAuth2andJose">OAuth2 and
Jose</h1><p> </p><h1 id="JAX-RSJOSE-Third-PartyAlternatives">Third-Party
Alternatives</h1><p>Jose4J. Etc.</p><p> </p></div>
</div>
<!-- Content -->
</td>
