Thank you guys for this update. I just released a new version of the Java JOSE+JWT library that incorporates all the latest changes in the JOSE -08 suite as well as the JWT -06 draft:
https://bitbucket.org/nimbusds http://nimbusds.com/files/jose-jwt/javadoc/ I'm still looking for a contributor to help out with the JWE alg implementations. The JPSK draft looks like a useful development and I intend to code it into the library eventually. BTW, the [JPSK] ref link in draft-ietf-jose-json-web-key-08#section-9.2 appears to be broken. Cheers, Vladimir -- Vladimir Dzhuvinov : www.NimbusDS.com : [email protected] -------- Original Message -------- Subject: [jose] December 27, 2012 JOSE Release From: Mike Jones <[email protected]> Date: Sat, December 29, 2012 1:07 am To: "[email protected]" <[email protected]> New versions of the JOSE specs have been released incorporating feedback since IETF 85 in Atlanta. The highlight of this release is the new JSON Private and Symmetric Key spec, which extends JWKs to be able to represent private and symmetric keys. These sensitive keys can then be protected for transmission and storage by JWE encryption of their JWK representations. One new feature added to JWK is the ability to optionally specify which specific algorithm the key is intended to be used with. (This is already existing practice for keys in X.509 format.) For instance, a symmetric key might be annotated to say that it is to be used with the “HS256” algorithm. Because the natural field name for this functionality is “alg”, the “alg” name is now used for this purpose (matching JWS and JWE) and the key type (formerly “alg”) is now denoted by the “kty” field. This release incorporates editorial improvements suggested by Jeff Hodges and Hannes Tschofenig in their reviews of the JWT specification. Many of these simplified the terminology usage. See the Document History section of each specification for more details about the changes made. This release is part of a coordinated release of JOSE, OAuth, and OpenID Connect specifications. You can read about the other releases here: OAuth Release Notes, OpenID Connect Release Notes. The new specification versions are: · http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08 · http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08 · http://tools.ietf.org/html/draft-ietf-jose-json-web-key-08 · http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-08 · http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-04 · http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-04 · http://tools.ietf.org/html/draft-jones-jose-json-private-and-symmetric-key-00 HTML formatted versions are available at: · http://self-issued.info/docs/draft-ietf-jose-json-web-signature-08.html · http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-08.html · http://self-issued.info/docs/draft-ietf-jose-json-web-key-08.html · http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-08.html · http://self-issued.info/docs/draft-jones-jose-jws-json-serialization-04.html · http://self-issued.info/docs/draft-jones-jose-jwe-json-serialization-04.html · http://self-issued.info/docs/draft-jones-jose-json-private-and-symmetric-key-00.html -- Mike _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
