Microsoft

mbj@microsoft.com http://self-issued.info/

independent

ve7jtb@ve7jtb.com

Nomura Research Institute

n-sakimura@nri.co.jp

Security JOSE Working Group RFC Request for Comments I-D Internet-Draft JavaScript Object Notation JSON JSON Web Token JWT JSON Web Signature JWS JSON Web Encryption JWE JSON Web Key JWK JSON Web Algorithms JWA The JSON Web Signature JSON Serialization (JWS-JS) is a means of representing content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) data structures. This specification describes a means of representing secured content as a JSON data object (as opposed to the JWS specification, which uses a compact serialization with a URL-safe representation). It enables multiple digital signatures and/or MACs to be applied to the same content (unlike JWS). Cryptographic algorithms and identifiers used with this specification are described in the separate JSON Web Algorithms (JWA) specification. The JSON Serialization for related encryption functionality is described in the separate JSON Web Encryption JSON Serialization (JWE-JS) specification.

The JSON Web Signature JSON Serialization (JWS-JS) is a format for representing content secured with digital signatures or Message Authentication Codes (MACs) as a JavaScript Object Notation (JSON) object. It enables multiple digital signatures and/or MACs to be applied to the same content (unlike JWS ). The digital signature and MAC mechanisms used are independent of the type of content being secured, allowing arbitrary content to be secured. Cryptographic algorithms and identifiers used with this specification are described in the separate JSON Web Algorithms (JWA) specification. The JSON Serialization for related encryption functionality is described in the separate JSON Web Encryption JSON Serialization (JWE-JS) specification.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in Key words for use in RFCs to Indicate Requirement Levels .

This specification uses the same terminology as the JSON Web Signature (JWS) specification.

The JSON Serialization represents secured content as a JSON object with a recipients member containing an array of per-recipient information and a payload member containing a shared Encoded JWS Payload value. Each member of the recipients array is a JSON object with a header member containing an Encoded JWS Header value and a signature member containing an Encoded JWS Signature value. Unlike the compact serialization used by JWSs, content using the JSON Serialization MAY be secured with more than one digital signature and/or MAC value. Each is represented as an Encoded JWS Signature value in the signature member of an object in the recipients array. For each, there is an Encoded JWS Encoded Header value in the header member of the same object in the recipients array. This specifies the digital signature or MAC applied to the Encoded JWS Header value and the shared Encoded JWS Payload value to create the JWS Signature value. Therefore, the syntax is:

", "signature":""}, ... {"header":"

", "signature":""}], "payload":"" } ]]>

The contents of the Encoded JWS Header, Encoded JWS Payload, and Encoded JWS Signature values are exactly as specified in JSON Web Signature (JWS) . They are interpreted and validated in the same manner, with each corresponding header and signature value being created and validated together. Each JWS Signature value is computed on the JWS Secured Input corresponding to the concatenation of the Encoded JWS Header, a period ('.') character, and the Encoded JWS Payload in the same manner described in the JWS specification. This has the desirable result that each Encoded JWS signature value in the recipients array is identical to the value that would be used for the same parameters in a JWS.

This section contains an example using the JWS JSON Serialization. This example demonstrates the capability for conveying multiple digital signatures and/or MACs for the same payload. The Encoded JWS Payload used in this example is the same as used in the examples in Appendix A of JWS (with line breaks for display purposes only):

Two digital signatures are used in this example: an RSA SHA-256 signature, for which the header and signature values are the same as in Appendix A.2 of JWS, and an ECDSA P-256 SHA-256 signature, for which the header and signature values are the same as in Appendix A.3 of JWS. The two Decoded JWS Header Segments used are:

and:

Since the computations of the JWS Header and JWS Signature values are the same as in Appendix A.2 and Appendix A.3 of JWS, they are not repeated here. The complete JSON Web Signature JSON Serialization (JWS-JS) for these values is as follows (with line breaks for display purposes only):

This specification makes no requests of IANA.

The security considerations for this specification are the same as those for the JSON Web Signature (JWS) specification.

Microsoft

mbj@microsoft.com http://self-issued.info/

independent

ve7jtb@ve7jtb.com

Nomura Research Institute

n-sakimura@nri.co.jp

Microsoft

mbj@microsoft.com http://self-issued.info/

Microsoft

mbj@microsoft.com http://self-issued.info/

independent Nomura Research Institute

JSON serializations for secured content were previously explored by Magic Signatures and JSON Simple Sign.

[[ to be removed by the RFC editor before publication as an RFC ]] The following items remain to be considered or done in this draft: Track changes that occur in the JWS spec.

[[ to be removed by the RFC editor before publication as an RFC ]] -03 Updated references. -02 Changed to use an array of structures for per-recipient values, rather than a set of parallel arrays. -01 Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs). -00 Renamed draft-jones-json-web-signature-json-serialization to draft-jones-jose-jws-json-serialization to have "jose" be in the document name so it can be included in the Related Documents list at http://datatracker.ietf.org/wg/jose/. No normative changes. draft-jones-json-web-signature-json-serialization-02 Tracked editorial changes made to the JWS spec. draft-jones-json-web-signature-json-serialization-01 Corrected the Magic Signatures reference. draft-jones-json-web-signature-json-serialization-00 Created the initial version incorporating JOSE working group input and drawing from the JSON Serialization previously proposed in draft-jones-json-web-token-01.