These are now published as IETF drafts. The IETF .txt version links are:
http://www.ietf.org/id/draft-jones-json-web-token-03.txt
http://www.ietf.org/id/draft-jones-json-web-signature-01.txt
-- Mike
From: [email protected] [mailto:[email protected]] On Behalf Of Mike
Jones
Sent: Friday, March 25, 2011 10:26 PM
To: [email protected]; [email protected]; [email protected]
Cc: [email protected]
Subject: [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in
separate specs
As promised, I have split the contents of the JWT spec
draft-jones-json-web-token-01<http://self-issued.info/docs/draft-jones-json-web-token-01.html>
into two simpler specs:
draft-jones-json-web-token-02<http://self-issued.info/docs/draft-jones-json-web-token-02.html>
draft-jones-json-web-signature-00<http://self-issued.info/docs/draft-jones-json-web-signature-00.html>
These should have introduced no semantic changes from the previous spec.
I then applied the feedback that I received since JWT -01 and created revised
versions of the split specs:
draft-jones-json-web-token-03<http://self-issued.info/docs/draft-jones-json-web-token-03.html>
draft-jones-json-web-signature-01<http://self-issued.info/docs/draft-jones-json-web-signature-01.html>
The only breaking change introduced was that x5t (X.509 Certificate Thumbprint)
is now a SHA-1 hash of the DER-encoded certificate, rather than a SHA-256 has,
as SHA-1 is the prevailing existing practice for certificate thumbprint
calculations. See the Document History sections for details on each change
made.
.txt and .xml versions are also available. I plan to publish these as IETF
drafts once the submission window re-opens on Monday. Feedback welcome!
-- Mike
P.S. Yes, work on the companion encryption spec is now under way...
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
