Re: [woes] WOES Charter Proposal
Sean Turner <turners@ieca.com> Tue, 14 June 2011 16:31 UTC
Return-Path: <turners@ieca.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC54F9E803B for <woes@ietfa.amsl.com>; Tue, 14 Jun 2011 09:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.049
X-Spam-Level:
X-Spam-Status: No, score=-102.049 tagged_above=-999 required=5 tests=[AWL=0.549, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88zk3hx5qO4Z for <woes@ietfa.amsl.com>; Tue, 14 Jun 2011 09:31:18 -0700 (PDT)
Received: from nm2-vm0.access.bullet.mail.sp2.yahoo.com (nm2-vm0.access.bullet.mail.sp2.yahoo.com [98.139.44.158]) by ietfa.amsl.com (Postfix) with SMTP id 98C5A11E8078 for <woes@ietf.org>; Tue, 14 Jun 2011 09:31:14 -0700 (PDT)
Received: from [98.139.44.103] by nm2.access.bullet.mail.sp2.yahoo.com with NNFMP; 14 Jun 2011 16:31:11 -0000
Received: from [98.139.44.76] by tm8.access.bullet.mail.sp2.yahoo.com with NNFMP; 14 Jun 2011 16:31:11 -0000
Received: from [127.0.0.1] by omp1013.access.mail.sp2.yahoo.com with NNFMP; 14 Jun 2011 16:31:11 -0000
X-Yahoo-Newman-Id: 655296.580.bm@omp1013.access.mail.sp2.yahoo.com
Received: (qmail 41772 invoked from network); 14 Jun 2011 16:31:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1308069071; bh=meGDq35k6AnL41cbTlOK89/Iveo5omWNNtH+4eYYmLU=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=dYjZNasPkuLz0FfW3ER4l24/JvoMlYawv54p3nFTmPZZnLzT73t4FTwQSvcK9lGLWnL0tqbZkBE64Wv/ugDnuHp0IcEU6IcFiLnwzMMduYLjACJLAUWHRFFuCGfeoU+ZJb2UHOOtvlbzBn1wzgC+9wGY8Gtiyzl09mEhjq3oKws=
Received: from thunderfish.local (turners@71.191.15.93 with plain) by smtp115.biz.mail.sp1.yahoo.com with SMTP; 14 Jun 2011 09:31:08 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: GSZOHeUVM1lOeDs89DqyQ3BUqUVt3bbC8Hv0KiF810I7Dw_ CtASl6LX4y0ev7QklUBA6ckoTKZPdhbnFlfl3azS1Z4LvNf0cvt4HIS81GgM btEsevsLTz7EoOyNj6d6_0m1fhcGrP6U9BOl2xsJEZ6Zb8I_lYQqdQlHSpBz 3LS5FKx9uQics9vN2977ibJ1U_h5YoLUT2n1RD5y9RJTi8ly3vrxRweUt.Dj KCRNUvsVZmEHfuDgDpG1sQuRULeEpXQnB5QKum6PQ5zlTtTqsR4osZd7PZko h0OsnzZD9Mfx08WN3ggFBbjT7CdJhMxu.C4I60yzTrx.9nSxuz4B9a8AXW6e l6V4no_tntS7BZRKYicEC_cS4rLG1EewS_iF8Fjw9nfuWSOmqjxEx1e3cqub sS3ulQS0rRZJnJz6WTQ7bjg26keLR9tmMY.vAwAyj4zMJF6yN
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4DF78CCB.8070103@ieca.com>
Date: Tue, 14 Jun 2011 12:31:07 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: woes@ietf.org
References: <999913AB42CC9341B05A99BBF358718D41FA35@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718D41FA35@FIESEXC035.nsn-intra.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [woes] WOES Charter Proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 16:31:18 -0000
Thanks for kicking this off Hannes. In Prague, I thought the goal was pretty straightforward: JSONize CMS. To that end I think we can clip out some of the references to work already done. The BOF can decide later what draft is the basis for the starting point. Edits as follows - and one embedded question: On 6/14/11 8:24 AM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > Web Object Encryption and Signing (woes) > ======================================== > > Background > ---------- > > JSON (an acronym for JavaScript Object Notation) is a text format for > the serialization of structured data. It is derived from the JavaScript > programming language for representing simple data structures and > associative arrays, called objects. Despite its relationship to > JavaScript, it is language-independent, with parsers available for > almost every programming language. > > The JSON format is described in RFC 4627 and builds on two structures: > * A collection of name/value pairs. In various languages, this is > realized as an object, record, struct, dictionary, hash table, keyed > list, or associative array. > > * An ordered list of values. In most languages, this is realized as an > array, vector, list, or sequence. > > The JSON format is often used for serializing and transmitting > structured data over a network connection. It was initially used in the > Web environment to transmit data between a server and web application, > serving as an alternative to XML. Now, JSON is being used in various > other protocols as well. > > With the increased usage of JSON in protocols there is now also the > desire to offer security services, such as encryption, and message > signing, for JSON encoded data. <delete> > Different proposals for providing these > security services have been defined and implemented. Examples are: JSON > Web Token [JWT], Simple Web Tokens [SWT], Magic Signatures > [MagicSignatures], JSON Simple Sign [JSS], JavaScript Message Security > Format [JSMS]. </delete> > This working group aims to develop specifications to standardize these > security services for JSON encoded data to improve interoperability, and r/these security services/these two security services > to increase confidence in the offered security functionality based on > the expert review process utilized in the IETF. <delete> > Future work in the group > may offer support for other security services. Re-chartering of the > group is, however, required. > > This working group aims to re-use well-defined concepts from > Cryptographic Message Syntax > (CMS) [CMS], XML Digital Signature [XMLDSIG] and XML Encryption [XMLENC] > since the group aims to develop a JavaScript-developer-friendly > JSON-equivalent for CMS. > > Since this work is within the realm of the security domain respective > experts will be involved. > > References > ---------- > > [JWT] M. Jones, et al. "JSON Web Signature (JWS)", > draft-jones-json-web-signature-01 (work in progress), Mar. 2011. > > [JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign", > September 2010. > > [MagicSignatures] Panzer (editor), J., Laurie, B., and D. Balfanz, > "Magic Signatures", August 2010. > > [SWT] Hardt, D. and Y. Goland, "Simple Web Token (SWT)", Version > 0.9.5.1, November 2009. > > XMLDIG] W3C, "XML Signature Syntax and Processing (Second Edition)", > available at > _http://www.w3.org/TR/xmldsig-core/_, Jun. 2008. > > [XMLENC] W3C, "XML Encryption Syntax and Processing", available at > _http://www.w3.org/TR/xmlenc-core/_, Dec. 2002. > > [CMS] R. Housley, "Cryptographic Message Syntax", RFC 3852, Jul. 2004. > > [JSMS] E. Rescorla, J. Hildebrand, "JavaScript Message Security Format", > draft-rescorla-jsms-00 (work in progress), Mar. 2011. </delete> <insert> This working group will base its work on the Cryptographic Message Syntax (CMS). Anything other work items beyond the two listed below are out of scope and will require a recharter. </insert> > Deliverables > ------------ > > This group is chartered to work on two documents: > > 1) A Standards Track document specifying how to apply a digital > signature and a keyed message digest to > JSON encoded data. <question> I want to be clear that when we're talking about digital signatures we're not talking about HMAC-y operations. If you want to include this here then it need to be reflected earlier as something different than digital signatures. </question> > 2) A Standards Track document illustrating how to encrypt JSON encoded > data. > > Goals and Milestones > -------------------- > > Aug 2011 Submit JSON object signing document as a WG item. > > Aug 2011 Submit JSON object encryption document as a WG item. > > Mar 2012 Start Working Group Last Call on JSON object signing document. > > Mar 2012 Start Working Group Last Call on JSON object encryption document. > > Apr 2012 Submit JSON object signing document to IESG for consideration as > Standards Track document. > > Apr 2012 Submit JSON object encryption document to IESG for consideration > as Standards Track document. > > > > > > _______________________________________________ > woes mailing list > woes@ietf.org > https://www.ietf.org/mailman/listinfo/woes
- [woes] WOES Charter Proposal Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [woes] WOES Charter Proposal Sean Turner
- Re: [woes] WOES Charter Proposal Hannes Tschofenig
- Re: [woes] WOES Charter Proposal Manger, James H
- Re: [woes] WOES Charter Proposal Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Joe Hildebrand
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Stephen Farrell
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Stephen Farrell
- Re: [woes] WOES Charter Proposal Mike Jones
- Re: [woes] WOES Charter Proposal Joe Hildebrand
- Re: [woes] WOES Charter Proposal Stephen Farrell
- Re: [woes] WOES Charter Proposal Joe Hildebrand
- Re: [woes] WOES Charter Proposal Peter Saint-Andre
- Re: [woes] WOES Charter Proposal Peter Saint-Andre