This version is based on Mike's edits to -01, with the minor changes listed below. Many thanks to Mike for his revisions, they make the document appreciably better.
Chairs: I think with this update, we've caught everything that I was supposed to do after the interim. The remainder can be flushed out in WGLC :) Thanks, --Richard Edits: 1. Changed references to JWE/JWS/JWK to clarify that they are informative references. Also, moved external documents to informative references. 2. Focused pre-negotiation text on keys, pursuant to discussions at interim. 3. Minor re-write of Mike's text on requirements for applications. 4. Clarified that client_id reference is in the context of JWT. 5. Removed XMPP direct encryption, since this is addressed by the prior paragraph. 6. Reverted changes in "functional requirements" to clarify that we are producing a single JSON format and a single compact format. 7. Reverted reference to direct encryption in requirement S1, and edited to clarify that the security goal is to avoid repeated use of long-lived keys for direct encryption/MAC. 8. Edited WebCrypto interaction language to be more neutral with respect to coordination. 9. Edited history section to reflect the "whoops" with -01. On Wed, May 29, 2013 at 11:04 PM, <[email protected]> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Javascript Object Signing and Encryption > Working Group of the IETF. > > Title : Use Cases and Requirements for JSON Object > Signing and Encryption (JOSE) > Author(s) : Richard Barnes > Filename : draft-ietf-jose-use-cases-02.txt > Pages : 23 > Date : 2013-05-29 > > Abstract: > Many Internet applications have a need for object-based security > mechanisms in addition to security mechanisms at the network layer or > transport layer. In the past, the Cryptographic Message Syntax has > provided a binary secure object format based on ASN.1. Over time, > the use of binary object encodings such as ASN.1 has been overtaken > by text-based encodings, for example JavaScript Object Notation. > This document defines a set of use cases and requirements for a > secure object format encoded using JavaScript Object Notation, drawn > from a variety of application security mechanisms currently in > development. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-jose-use-cases > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-jose-use-cases-02 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-use-cases-02 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
