Folks, a dedicated list has been established for discussion about requirements and potential implementation of JSON to provide security services for Web-based applications. You can subscribe here:
https://www.ietf.org/mailman/listinfo/woes On 2/3/11 3:52 AM, Hannes Tschofenig wrote: > Hi all, > > as mentioned earlier I have requested a BOF about the JSON signature > topic and the IESG discussed the various BOF proposals this Tuesday. > > FYI, here are all the BOF proposals: > http://trac.tools.ietf.org/bof/trac/ > > The BOF was not approved because the IESG felt we need more time for > preparation. That's not a problem. > > We will discuss the topic in the OAuth working group meeting, and the > security area director, Sean Turner, will create a separate mailing list > to involve a larger audience. > > So, you might ask yourself what is the big issue here. Well. In some > sense, the main question that seems to be there is why aren't we using > CMS to protect JSON payloads (instead of developing our own signature > mechanisms). I believe that this is a fair question to ask why existing > and deployed functionality hasn't been used. > > To some extend this question relates to the overall question of what > cryptographic functionality is available with browsers, what are the > usage scenarios (e.g. does JavaScript need to be used to compute a > signature over the JSON token, what functionality can reside in a > browser, etc.). > > These types of topics will be raised and we should discuss them on the > mailing list, once it is created (which should happen today according to > Sean). > > Ciao > Hannes > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
