The -27 drafts of the JOSE specs (JWS, JWE, JWK, & JWA) and the -21 draft of the JWT spec have been posted that incorporate feedback received from our security area director, Kathleen Moriarty. The one normative change was to add certificate thumbprint parameters using SHA-256 as the hash function. There were no breaking changes. A number of additional security considerations were added across the drafts. An example JWK was added early in the JWK draft (paralleling the early examples in the JWS, JWE, and JWT drafts). Several algorithm cross-reference entries were updated in the JWA draft. A number of other editorial improvements were also applied.
The specifications are available at: * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-27 * http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-27 * http://tools.ietf.org/html/draft-ietf-jose-json-web-key-27 * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-27 * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-21 HTML formatted versions are available at: * http://self-issued.info/docs/draft-ietf-jose-json-web-signature-27.html * http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-27.html * http://self-issued.info/docs/draft-ietf-jose-json-web-key-27.html * http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-27.html * http://self-issued.info/docs/draft-ietf-oauth-json-web-token-21.html Thanks for the detailed feedback, Kathleen. -- Mike P.S. This notice was also posted at http://self-issued.info/?p=1236 and as @selfissued.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
