And what does it mean to "base it on CMS"? It could, for example, mean that 1) the same functionality as CMS has to be provided (but with a JSON encoding) 2) folks should look at CMS to get inspired 3) for a chosen subset of CMS that the JSON-based realization must be semantically equivalent (for example, to make translation easy or so) 4) re-use of parts is encouraged (such as registries, etc.)
What did you had in mind, Paul? On Jul 8, 2011, at 12:17 AM, Anthony Nadalin wrote: > Why do we need to base this on CMS, that should be an open. > > -----Original Message----- > From: Paul Hoffman [mailto:[email protected]] > Sent: Thursday, July 07, 2011 10:55 AM > To: [email protected] > Subject: Re: [woes] New WOES charter proposal > > More comments, please. > > On Jul 5, 2011, at 1:44 PM, Paul Hoffman wrote: > >> Greetings again. After discussion with our ADs about having a much more >> limited charter than what was initially proposed, Richard Barnes and I have >> come up with the following. We would like this discussed as much as possible >> on the list before the Quebec meeting so that the meeting can be about >> finalizing the charter. Thus, comments are welcome. >> >> We also note that the WG might want to change its name to JOES (JavaScript >> Object Encryption and Signing) to make its work clearer to people who don't >> read the first paragraph of the charter. >> >> Web Object Encryption and Signing (woes) >> ======================================== >> >> Background >> ---------- >> >> JSON is a text format for the serialization of structured data described in >> RFC 4627. The JSON format is often used for serializing and transmitting >> structured data over a network connection. With the increased usage of JSON >> in protocols in the IETF and elsewhere, there is now a desire to offer >> security services such as object encryption and message signing for data >> that is being carried in JSON format. >> >> Different proposals for providing such security services have already been >> defined and implemented. This Working Group's task is to standardize two >> security services, encrypting and digitally signing, in order to increase >> interoperability of security features between protocols that use JSON. The >> Working Group will base its work on the Cryptographic Message Syntax (CMS), >> and will solicit input from the rest of the IETF Security Area to be sure >> that the security functionality in the JSON format is correct. > >> >> This group is chartered to work on one or two documents: >> >> 1) A Standards Track document specifying how to apply a JSON-structured >> digital signature to data, including (but not limited to) JSON data >> structures. >> >> 2) A Standards Track document specifying how to apply a JSON-structured >> encryption to data, including (but not limited to) JSON data structures. >> >> The working group may decide to address both of these goals in a single >> document, in which case the concrete milestones for signing/encryption below >> will both be satisfied by the single document. >> >> Goals and Milestones >> -------------------- >> >> Aug 2011 Submit JSON object signing document as a WG item. >> >> Aug 2011 Submit JSON object encryption document as a WG item. >> >> Jan 2012 Start Working Group Last Call on JSON object signing document. >> >> Jan 2012 Start Working Group Last Call on JSON object encryption document. >> >> Feb 2012 Submit JSON object signing document to IESG for consideration as >> Standards Track document. >> >> Feb 2012 Submit JSON object encryption document to IESG for consideration >> as Standards Track document. >> >> --Paul Hoffman >> >> _______________________________________________ >> woes mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/woes >> >> > > --Paul Hoffman > > > > _______________________________________________ > woes mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/woes _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
