From Michael.Jones@microsoft.com Mon Mar 5 11:07:00 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9758C21F87FA for ; Mon, 5 Mar 2012 11:07:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.476 X-Spam-Level: X-Spam-Status: No, score=-3.476 tagged_above=-999 required=5 tests=[AWL=-0.478, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_42=0.6, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z315Vobkp3eI for ; Mon, 5 Mar 2012 11:06:59 -0800 (PST) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe010.messaging.microsoft.com [216.32.180.30]) by ietfa.amsl.com (Postfix) with ESMTP id CA81821F87D4 for ; Mon, 5 Mar 2012 11:06:58 -0800 (PST) Received: from mail41-va3-R.bigfish.com (10.7.14.247) by VA3EHSOBE009.bigfish.com (10.7.40.29) with Microsoft SMTP Server id 14.1.225.23; Mon, 5 Mar 2012 19:06:56 +0000 Received: from mail41-va3 (localhost [127.0.0.1]) by mail41-va3-R.bigfish.com (Postfix) with ESMTP id 507C13001F6 for ; Mon, 5 Mar 2012 19:06:56 +0000 (UTC) X-SpamScore: -24 X-BigFish: VS-24(zz1803Mc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail41-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail41-va3 (localhost.localdomain [127.0.0.1]) by mail41-va3 (MessageSwitch) id 1330974413969641_19113; Mon, 5 Mar 2012 19:06:53 +0000 (UTC) Received: from VA3EHSMHS004.bigfish.com (unknown [10.7.14.237]) by mail41-va3.bigfish.com (Postfix) with ESMTP id E0DC93C0048 for ; Mon, 5 Mar 2012 19:06:53 +0000 (UTC) Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS004.bigfish.com (10.7.99.14) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 5 Mar 2012 19:06:52 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.124]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.02.0283.004; Mon, 5 Mar 2012 19:06:40 +0000 From: Mike Jones To: "jose@ietf.org" Thread-Topic: JSON Serializations for JWS and JWE Thread-Index: Acz7AxLe9+Fhgg+gSkO93D/WxKRKtQ== Date: Mon, 5 Mar 2012 19:06:40 +0000 Message-ID: <4E1F6AAD24975D4BA5B1680429673943663DAA26@TK5EX14MBXC283.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.75] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943663DAA26TK5EX14MBXC283r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [jose] JSON Serializations for JWS and JWE X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2012 19:07:00 -0000 --_000_4E1F6AAD24975D4BA5B1680429673943663DAA26TK5EX14MBXC283r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Members of the JOSE working group have described use cases where a JSON top= -level representation of digitally signed, HMAC'ed, or encrypted content is= desirable. They have also described use cases where multiple digital sign= atures and/or HMACs need to applied to the same message and where the same = plaintext needs to be encrypted to multiple recipients. Responding to those use cases and working group input, I have created two n= ew brief specifications: * JSON Web Signature JSON Serialization (JWS-JS) * JSON Web Encryption JSON Serialization (JWE-JS) These use the same cryptographic operations as JWS and JWE, but serialize t= he results into a JSON objects, rather than a set of base64url encoded valu= es separated by periods (as is done for JWS and JWE to produce compact, URL= -safe representations). These drafts are available at: * http://tools.ietf.org/html/draft-jones-json-web-signature-json-se= rialization-00 * http://tools.ietf.org/html/draft-jones-json-web-encryption-json-s= erialization-00 HTML-formatted versions are available at: * http://self-issued.info/docs/draft-jones-json-web-signature-json-= serialization-00.html * http://self-issued.info/docs/draft-jones-json-web-encryption-json= -serialization-00.html Feedback welcome! -- Mike P.S. Since I'm sure working group members will ask, this version of JSE-JS= doesn't add integrity for non-AEAD operations. I plan to publish a new JW= E draft that does so in the next week and will update JWE-JS to also incorp= orate this functionality at the same time. --_000_4E1F6AAD24975D4BA5B1680429673943663DAA26TK5EX14MBXC283r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Members of the JOSE working group have described use= cases where a JSON top-level representation of digitally signed, HMAC̵= 7;ed, or encrypted content is desirable.  They have also described use= cases where multiple digital signatures and/or HMACs need to applied to the same message and where the same plaintext nee= ds to be encrypted to multiple recipients.

 

Responding to those use cases and working group inpu= t, I have created two new brief specifications:

·         JSON Web Signature JSON Serialization (JWS-J= S)

·         JSON Web Encryption JSON Serialization (JWE-= JS)

These use the same cryptographic operations as JWS a= nd JWE, but serialize the results into a JSON objects, rather than a set of= base64url encoded values separated by periods (as is done for JWS and JWE = to produce compact, URL-safe representations).

 

These drafts are available at:

·         http://tools.ietf.org/html/= draft-jones-json-web-signature-json-serialization-00

·         http://tools.ietf.org/html= /draft-jones-json-web-encryption-json-serialization-00

 

HTML-formatted versions are available at:=

·         http://self-issued.i= nfo/docs/draft-jones-json-web-signature-json-serialization-00.html=

·         http://self-issued.= info/docs/draft-jones-json-web-encryption-json-serialization-00.html

 

Feedback welcome!

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

P.S.  Since I’m sure working group member= s will ask, this version of JSE-JS doesn’t add integrity for non-AEAD= operations.  I plan to publish a new JWE draft that does so in the ne= xt week and will update JWE-JS to also incorporate this functionality at the same time.

 

--_000_4E1F6AAD24975D4BA5B1680429673943663DAA26TK5EX14MBXC283r_-- From internet-drafts@ietf.org Mon Mar 12 15:20:49 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA67A21F88F7; Mon, 12 Mar 2012 15:20:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.582 X-Spam-Level: X-Spam-Status: No, score=-102.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nvgnZnmgOw3K; Mon, 12 Mar 2012 15:20:49 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 343B821F88D9; Mon, 12 Mar 2012 15:20:49 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.00 Message-ID: <20120312222049.13380.65201.idtracker@ietfa.amsl.com> Date: Mon, 12 Mar 2012 15:20:49 -0700 Cc: jose@ietf.org Subject: [jose] I-D Action: draft-ietf-jose-json-web-signature-01.txt X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 22:20:50 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Javascript Object Signing and Encrypt= ion Working Group of the IETF. Title : JSON Web Signature (JWS) Author(s) : Michael B. Jones John Bradley Nat Sakimura Filename : draft-ietf-jose-json-web-signature-01.txt Pages : 30 Date : 2012-03-12 JSON Web Signature (JWS) is a means of representing content secured with digital signatures or Hash-based Message Authentication Codes (HMACs) using JSON data structures. Cryptographic algorithms and identifiers used with this specification are enumerated in the separate JSON Web Algorithms (JWA) specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-signature-01.t= xt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-jose-json-web-signature-01.txt From internet-drafts@ietf.org Mon Mar 12 15:22:09 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2652621F8968; Mon, 12 Mar 2012 15:22:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.583 X-Spam-Level: X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cuQWAunN-Ua6; Mon, 12 Mar 2012 15:22:08 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A316221F8918; Mon, 12 Mar 2012 15:22:08 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.00 Message-ID: <20120312222208.13292.87537.idtracker@ietfa.amsl.com> Date: Mon, 12 Mar 2012 15:22:08 -0700 Cc: jose@ietf.org Subject: [jose] I-D Action: draft-ietf-jose-json-web-encryption-01.txt X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 22:22:09 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Javascript Object Signing and Encrypt= ion Working Group of the IETF. Title : JSON Web Encryption (JWE) Author(s) : Michael B. Jones Eric Rescorla Joe Hildebrand Filename : draft-ietf-jose-json-web-encryption-01.txt Pages : 24 Date : 2012-03-12 JSON Web Encryption (JWE) is a means of representing encrypted content using JSON data structures. Cryptographic algorithms and identifiers used with this specification are enumerated in the separate JSON Web Algorithms (JWA) specification. Related digital signature and HMAC capabilities are described in the separate JSON Web Signature (JWS) specification. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-encryption-01.= txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-jose-json-web-encryption-01.t= xt From internet-drafts@ietf.org Mon Mar 12 15:23:39 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A5B521F845D; Mon, 12 Mar 2012 15:23:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.583 X-Spam-Level: X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOeyJwj877WU; Mon, 12 Mar 2012 15:23:37 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE5A021F899D; Mon, 12 Mar 2012 15:23:36 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.00 Message-ID: <20120312222336.14591.99125.idtracker@ietfa.amsl.com> Date: Mon, 12 Mar 2012 15:23:36 -0700 Cc: jose@ietf.org Subject: [jose] I-D Action: draft-ietf-jose-json-web-algorithms-01.txt X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 22:23:39 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Javascript Object Signing and Encrypt= ion Working Group of the IETF. Title : JSON Web Algorithms (JWA) Author(s) : Michael B. Jones Filename : draft-ietf-jose-json-web-algorithms-01.txt Pages : 20 Date : 2012-03-12 The JSON Web Algorithms (JWA) specification enumerates cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS) and JSON Web Encryption (JWE) specifications. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-algorithms-01.= txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-jose-json-web-algorithms-01.t= xt From internet-drafts@ietf.org Mon Mar 12 15:24:57 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D40721F8AC9; Mon, 12 Mar 2012 15:24:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.583 X-Spam-Level: X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTQfYq-9Ml34; Mon, 12 Mar 2012 15:24:56 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A4B21F8AC5; Mon, 12 Mar 2012 15:24:52 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.00 Message-ID: <20120312222452.15261.99887.idtracker@ietfa.amsl.com> Date: Mon, 12 Mar 2012 15:24:52 -0700 Cc: jose@ietf.org Subject: [jose] I-D Action: draft-ietf-jose-json-web-key-01.txt X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 22:24:57 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Javascript Object Signing and Encrypt= ion Working Group of the IETF. Title : JSON Web Key (JWK) Author(s) : Michael B. Jones Filename : draft-ietf-jose-json-web-key-01.txt Pages : 8 Date : 2012-03-12 A JSON Web Key (JWK) is a JSON data structure that represents a set of public keys. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-key-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-jose-json-web-key-01.txt From Michael.Jones@microsoft.com Mon Mar 12 17:37:36 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDD721E8073 for ; Mon, 12 Mar 2012 17:37:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.278 X-Spam-Level: X-Spam-Status: No, score=-5.278 tagged_above=-999 required=5 tests=[AWL=1.320, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XFsrC6N0gbwm for ; Mon, 12 Mar 2012 17:37:34 -0700 (PDT) Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe005.messaging.microsoft.com [65.55.88.15]) by ietfa.amsl.com (Postfix) with ESMTP id 68CEB21E8011 for ; Mon, 12 Mar 2012 17:37:34 -0700 (PDT) Received: from mail56-tx2-R.bigfish.com (10.9.14.242) by TX2EHSOBE004.bigfish.com (10.9.40.24) with Microsoft SMTP Server id 14.1.225.23; Tue, 13 Mar 2012 00:37:33 +0000 Received: from mail56-tx2 (localhost [127.0.0.1]) by mail56-tx2-R.bigfish.com (Postfix) with ESMTP id D7EDB24009B for ; Tue, 13 Mar 2012 00:37:33 +0000 (UTC) X-SpamScore: -19 X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail56-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail56-tx2 (localhost.localdomain [127.0.0.1]) by mail56-tx2 (MessageSwitch) id 133159905113299_1334; Tue, 13 Mar 2012 00:37:31 +0000 (UTC) Received: from TX2EHSMHS004.bigfish.com (unknown [10.9.14.240]) by mail56-tx2.bigfish.com (Postfix) with ESMTP id F0AF0200DC for ; Tue, 13 Mar 2012 00:37:30 +0000 (UTC) Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS004.bigfish.com (10.9.99.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 13 Mar 2012 00:37:30 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0283.004; Tue, 13 Mar 2012 00:37:29 +0000 From: Mike Jones To: "jose@ietf.org" Thread-Topic: Draft -01 of JSON Crypto Specs: JWS, JWE, JWK, JWA, JWS-JS, JWE-JS Thread-Index: Ac0AsXe8nVQEXhi3RWWAlZ3h4dYRKA== Date: Tue, 13 Mar 2012 00:37:28 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366416EDD@TK5EX14MBXC284.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.79] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366416EDDTK5EX14MBXC284r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [jose] Draft -01 of JSON Crypto Specs: JWS, JWE, JWK, JWA, JWS-JS, JWE-JS X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 00:37:36 -0000 --_000_4E1F6AAD24975D4BA5B168042967394366416EDDTK5EX14MBXC284r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable New versions of the JSON Object Signing and Encryption (JOSE) specifications are now available that incorporate = working group feedback since publication of the initial versions. They are= : * JSON Web Signature (JWS) - Digital signature/HMAC specification * JSON Web Encryption (JWE) - Encryption specification * JSON Web Key (JWK) - Public key specification * JSON Web Algorithms (JWA) - Algorithms and identifiers specificat= ion The most important changes are: * Added a separate integrity check for encryption algorithms withou= t an integral integrity check. * Defined header parameters for including JWK public keys and X.509= certificate chains directly in the header. See the Document History section in each specification for a more detailed = list of changes. Corresponding versions of the JSON Serialization specs, which use these JOS= E drafts, are also available. Besides using JSON Serializations of the cry= ptographic results (rather than Compact Serializations using a series of ba= se64url encoded values), these specifications also enable multiple digital = signatures and/or HMACs to applied to the same message and enable the same = plaintext to be encrypted to multiple recipients. They are: * JSON Web Signature JSON Serialization (JWS-JS) * JSON Web Encryption JSON Serialization (JWE-JS) These specifications are available at: * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-01 * http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-01 * http://tools.ietf.org/html/draft-ietf-jose-json-web-key-01 * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-01 * http://tools.ietf.org/html/draft-jones-json-web-signature-json-se= rialization-01 * http://tools.ietf.org/html/draft-jones-json-web-encryption-json-s= erialization-01 HTML formatted versions are available at: * http://self-issued.info/docs/draft-ietf-jose-json-web-signature-0= 1.html * http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-= 01.html * http://self-issued.info/docs/draft-ietf-jose-json-web-key-01.html * http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-= 01.html * http://self-issued.info/docs/draft-jones-json-web-signature-json-= serialization-01.html * http://self-issued.info/docs/draft-jones-json-web-encryption-json= -serialization-01.html -- Mike --_000_4E1F6AAD24975D4BA5B168042967394366416EDDTK5EX14MBXC284r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

New versions of the JSON Object Signing and Encryption (JOSE) specifications are now availa= ble that incorporate working group feedback since publication of the initia= l versions.  They are:

·         JSON Web Signature (JWS) – Digital sig= nature/HMAC specification

·         JSON Web Encryption (JWE) – Encryption= specification

·         JSON Web Key (JWK) – Public key specif= ication

·         JSON Web Algorithms (JWA) – Algorithms= and identifiers specification

The most important changes are:

·         Added a separate integrity check for encrypt= ion algorithms without an integral integrity check.

·         Defined header parameters for including JWK = public keys and X.509 certificate chains directly in the header.=

See the Document History section in each specificati= on for a more detailed list of changes.

Corresponding versions of the JSON Serialization spe= cs, which use these JOSE drafts, are also available.  Besides using JS= ON Serializations of the cryptographic results (rather than Compact Seriali= zations using a series of base64url encoded values), these specifications also enable multiple digital signatures and/= or HMACs to applied to the same message and enable the same plaintext to be= encrypted to multiple recipients.  They are:

·         JSON Web Signature JSON Serialization (JWS-J= S)

·         JSON Web Encryption JSON Serialization (JWE-= JS)

These specifications are available at:

·         http://tools.ietf.org/html/draft-ietf-jose= -json-web-signature-01

·         http://tools.ietf.org/html/draft-ietf-jos= e-json-web-encryption-01

·         http://tools.ietf.org/html/draft-ietf-jose-json-= web-key-01

·         http://tools.ietf.org/html/draft-ietf-jos= e-json-web-algorithms-01

·         http://tools.ietf.org/html/= draft-jones-json-web-signature-json-serialization-01

·         http://tools.ietf.org/html= /draft-jones-json-web-encryption-json-serialization-01

HTML formatted versions are available at:=

·         http://self-issued.info/docs/draft-= ietf-jose-json-web-signature-01.html

·         http://self-issued.info/docs/draft= -ietf-jose-json-web-encryption-01.html

·         http://self-issued.info/docs/draft-ietf-j= ose-json-web-key-01.html

·         http://self-issued.info/docs/draft= -ietf-jose-json-web-algorithms-01.html

·         http://self-issued.i= nfo/docs/draft-jones-json-web-signature-json-serialization-01.html=

·         http://self-issued.= info/docs/draft-jones-json-web-encryption-json-serialization-01.html

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

--_000_4E1F6AAD24975D4BA5B168042967394366416EDDTK5EX14MBXC284r_-- From Michael.Jones@microsoft.com Mon Mar 12 18:07:41 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A7C11E808E for ; Mon, 12 Mar 2012 18:07:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.325 X-Spam-Level: X-Spam-Status: No, score=-5.325 tagged_above=-999 required=5 tests=[AWL=1.273, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rpnh7fZ+FsPn for ; Mon, 12 Mar 2012 18:07:40 -0700 (PDT) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id B4AB011E8079 for ; Mon, 12 Mar 2012 18:07:39 -0700 (PDT) Received: from mail119-va3-R.bigfish.com (10.7.14.245) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.23; Tue, 13 Mar 2012 01:07:38 +0000 Received: from mail119-va3 (localhost [127.0.0.1]) by mail119-va3-R.bigfish.com (Postfix) with ESMTP id A6DDE2A007E for ; Tue, 13 Mar 2012 01:07:38 +0000 (UTC) X-SpamScore: -20 X-BigFish: VS-20(zz9371Ic85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail119-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail119-va3 (localhost.localdomain [127.0.0.1]) by mail119-va3 (MessageSwitch) id 1331600857491469_14428; Tue, 13 Mar 2012 01:07:37 +0000 (UTC) Received: from VA3EHSMHS023.bigfish.com (unknown [10.7.14.243]) by mail119-va3.bigfish.com (Postfix) with ESMTP id 74A47E0046 for ; Tue, 13 Mar 2012 01:07:37 +0000 (UTC) Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS023.bigfish.com (10.7.99.33) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 13 Mar 2012 01:07:37 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.02.0283.004; Tue, 13 Mar 2012 01:07:32 +0000 From: Mike Jones To: "jose@ietf.org" Thread-Topic: JSON Web Token (JWT) Specification Draft -08 Thread-Index: Ac0AtZ2VWOQ/geNTRauMlubauujftQAAAigg Date: Tue, 13 Mar 2012 01:07:32 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.79] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436641801ETK5EX14MBXC284r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08 X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 01:07:41 -0000 --_000_4E1F6AAD24975D4BA5B16804296739436641801ETK5EX14MBXC284r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Mike Jones Sent: Monday, March 12, 2012 6:07 PM To: oauth@ietf.org Subject: JSON Web Token (JWT) Specification Draft -08 Draft 08 of the JSON Web Token (JWT) specification has been published. It uses the -01 vers= ions of the JOSE specifications and also = contains these changes: * Removed language that required that a JWT must have three parts. = Now the number of parts is explicitly dependent upon the representation of= the underlying JWS or JWE. * Moved the "alg":"none" definition to the JWS spec. * Registered the application/jwt MIME Media Type. * Clarified that the order of the creation and validation steps is = not significant in cases where there are no dependencies between the inputs= and outputs of the steps. * Corrected the Magic Signatures and Simple Web Token (SWT) referen= ces. This specification is available at: * http://tools.ietf.org/html/draft-jones-json-web-token-08 An HTML formatted version is available at: * http://self-issued.info/docs/draft-jones-json-web-token-08.html -- Mike --_000_4E1F6AAD24975D4BA5B16804296739436641801ETK5EX14MBXC284r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

 

 

From: Mike Jon= es
Sent: Monday, March 12, 2012 6:07 PM
To: oauth@ietf.org
Subject: JSON Web Token (JWT) Specification Draft -08

 

Draft 08 of the JSON Web Token (JWT) specification has been published.  It uses th= e -01 versions of the JOSE specifications and also contains these changes= :

·         Removed language that required that a JWT mu= st have three parts.  Now the number of parts is explicitly dependent = upon the representation of the underlying JWS or JWE.

·         Moved the “alg”:“none̶= 1; definition to the JWS spec.

·         Registered the application/jwt MIME Media Type.

·         Clarified that the order of the creation and= validation steps is not significant in cases where there are no dependenci= es between the inputs and outputs of the steps.

·         Corrected the Magic Signatures and Simple We= b Token (SWT) references.

 

This specification is available at:

·         http://tools.ietf.org/html/draft-jones-json-web-to= ken-08

 

An HTML formatted version is available at:

·         http://self-issued.info/docs/draft-jones-js= on-web-token-08.html

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

--_000_4E1F6AAD24975D4BA5B16804296739436641801ETK5EX14MBXC284r_-- From hardjono@mit.edu Tue Mar 13 09:37:09 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 744D521E806B for ; Tue, 13 Mar 2012 09:37:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQdxI+qYKMrs for ; Tue, 13 Mar 2012 09:37:04 -0700 (PDT) Received: from dmz-mailsec-scanner-3.mit.edu (DMZ-MAILSEC-SCANNER-3.MIT.EDU [18.9.25.14]) by ietfa.amsl.com (Postfix) with ESMTP id CA45A21E807A for ; Tue, 13 Mar 2012 09:36:27 -0700 (PDT) X-AuditID: 1209190e-b7f7c6d0000008c3-b9-4f5f778a8178 Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 46.72.02243.A877F5F4; Tue, 13 Mar 2012 12:36:26 -0400 (EDT) Received: from outgoing-exchange-1.mit.edu (OUTGOING-EXCHANGE-1.MIT.EDU [18.9.28.15]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id q2DGaQjT025040 for ; Tue, 13 Mar 2012 12:36:26 -0400 Received: from OC11EXEDGE4.EXCHANGE.MIT.EDU (OC11EXEDGE4.EXCHANGE.MIT.EDU [18.9.3.27]) by outgoing-exchange-1.mit.edu (8.13.8/8.12.4) with ESMTP id q2DGaQVS007231 for ; Tue, 13 Mar 2012 12:36:26 -0400 Received: from OC11EXHUB11.exchange.mit.edu (18.9.3.25) by OC11EXEDGE4.EXCHANGE.MIT.EDU (18.9.3.27) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 13 Mar 2012 12:35:35 -0400 Received: from OC11EXPO24.exchange.mit.edu ([169.254.1.142]) by OC11EXHUB11.exchange.mit.edu ([18.9.3.25]) with mapi id 14.01.0355.002; Tue, 13 Mar 2012 12:36:25 -0400 From: Thomas Hardjono To: "jose@ietf.org" Thread-Topic: JSON Web Token (JWT) Specification Draft -08 Thread-Index: Ac0AtZ2VWOQ/geNTRauMlubauujftQAAAiggACBAkAA= Date: Tue, 13 Mar 2012 16:36:25 +0000 Message-ID: <5E393DF26B791A428E5F003BB6C5342A10722362@OC11EXPO24.exchange.mit.edu> References: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [18.111.4.238] Content-Type: multipart/alternative; boundary="_000_5E393DF26B791A428E5F003BB6C5342A10722362OC11EXPO24excha_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrOKsWRmVeSWpSXmKPExsUixG6nottVHu9vcHKCucWaNd1MDoweS5b8 ZApgjOKySUnNySxLLdK3S+DK2Hi7h6XgeW1FW98RtgbGq/ldjJwcEgImEl0Tr7NC2GISF+6t ZwOxhQT2MUq8mm3VxcgFZF9hlGhc9JgdwrnNKPHl/nw2CGc7o0RzwyMmCGc1o0Tv2iksIP1s AhoS537vZQexRQSUJTrOTGYEsYUFLCWeNR5jgohbSSzZfR7OXnC1E8xmEVCVmPvkA9hNvAJB EveaNgDFOYAWJEjMOxABEuYUSJSY2PsUbBUj0NnfT60Ba2UWEJe49WQ+E8Q7ghKLZu9hhnnt 366HbBC2gkT/vjXsEPX5Eoe/rmGEWCUocXLmE5YJjOKzkIyahaRsFpIyiLiOxILdn9ggbG2J ZQtfM8PYZw48ZkIWX8DIvopRNiW3Sjc3MTOnODVZtzg5MS8vtUjXWC83s0QvNaV0EyMoPjkl +XYwfj2odIhRgINRiYf3lGCcvxBrYllxZe4hRkkOJiVR3oyyeH8hvqT8lMqMxOKM+KLSnNTi Q4wSHMxKIrw2pUA53pTEyqrUonyYlDQHi5I4r5rWOz8hgfTEktTs1NSC1CKYrAwHh5IE73KQ oYJFqempFWmZOSUIaSYOTpDhPEDDeUBqeIsLEnOLM9Mh8qcYFaXEefeDJARAEhmleXC9sPT5 ilEc6BVh3kUgVTzA1AvX/QpoMBPQ4JJvcSCDSxIRUlINjDNL/jc8Yl3gkjv1mo1+2+KUV/m5 K5zC82VuFrn/ZWTwyEjtLCjU3RImUpbccqBhkpRJBkvkfuE3f5e/cdGt8Nqtd9DnY6uF8ZJc jZR3Vxi9Z80pZZ6w39SD8bvk88liuquuPGNYvsT8rtCR+5cWme2emc5ez5E+aa5AxoFVJX5e GqfyT59JVGIpzkg01GIuKk4EAMDS3vJ6AwAA Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 16:37:09 -0000 --_000_5E393DF26B791A428E5F003BB6C5342A10722362OC11EXPO24excha_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Mike, Just a minor nit/clarification: what does "nested signing" and "nested enc= ryption" mean in this draft? (versus ordinary signing and encryption). Does it mean signing/encryption of some Claims inside the JWT (as separatel= y from signing/encryption the entire JWT)? Thanks. /thomas/ __________________________________________ From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mik= e Jones Sent: Monday, March 12, 2012 9:08 PM To: jose@ietf.org Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08 From: Mike Jones Sent: Monday, March 12, 2012 6:07 PM To: oauth@ietf.org Subject: JSON Web Token (JWT) Specification Draft -08 Draft 08 of the JSON Web Token (JWT) specification has been published. It uses the -01 vers= ions of the JOSE specifications and also = contains these changes: * Removed language that required that a JWT must have three parts. = Now the number of parts is explicitly dependent upon the representation of= the underlying JWS or JWE. * Moved the "alg":"none" definition to the JWS spec. * Registered the application/jwt MIME Media Type. * Clarified that the order of the creation and validation steps is = not significant in cases where there are no dependencies between the inputs= and outputs of the steps. * Corrected the Magic Signatures and Simple Web Token (SWT) referen= ces. This specification is available at: * http://tools.ietf.org/html/draft-jones-json-web-token-08 An HTML formatted version is available at: * http://self-issued.info/docs/draft-jones-json-web-token-08.html -- Mike --_000_5E393DF26B791A428E5F003BB6C5342A10722362OC11EXPO24excha_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Mike,

 

Just a minor nit/clarification:  what does “nested= signing” and “nested encryption” mean in this draft? (ve= rsus ordinary signing and encryption).

 

Does it mean signing/encryption of some Claims inside the JWT= (as separately from signing/encryption the entire JWT)?<= /p>

 

Thanks.

 

/thomas/

 

 

__________________________________________

 

From: jose-bou= nces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Monday, March 12, 2012 9:08 PM
To: jose@ietf.org
Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08

 

 

 

From: Mike Jon= es
Sent: Monday, March 12, 2012 6:07 PM
To: oauth@ietf.org
Subject: JSON Web Token (JWT) Specification Draft -08

 

Draft 08 of the JSON Web Token (JWT) specification has been published.  It uses th= e -01 versions of the JOSE specifications and also contains these changes= :

·         Removed language that required that a JWT mu= st have three parts.  Now the number of parts is explicitly dependent = upon the representation of the underlying JWS or JWE.

·         Moved the “alg”:“none̶= 1; definition to the JWS spec.

·         Registered the application/jwt MIME Media Type.

·         Clarified that the order of the creation and= validation steps is not significant in cases where there are no dependenci= es between the inputs and outputs of the steps.

·         Corrected the Magic Signatures and Simple We= b Token (SWT) references.

 

This specification is available at:

·         http://tools.ietf.org/html/draft-jones-json-web-to= ken-08

 

An HTML formatted version is available at:

·         http://self-issued.info/docs/draft-jones-js= on-web-token-08.html

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

--_000_5E393DF26B791A428E5F003BB6C5342A10722362OC11EXPO24excha_-- From ve7jtb@ve7jtb.com Tue Mar 13 09:43:49 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C291921F864F for ; Tue, 13 Mar 2012 09:43:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.202 X-Spam-Level: X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCHTY1t+Rgxg for ; Tue, 13 Mar 2012 09:43:49 -0700 (PDT) Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 3DD1521F860E for ; Tue, 13 Mar 2012 09:43:46 -0700 (PDT) Received: by ghbg16 with SMTP id g16so881429ghb.31 for ; Tue, 13 Mar 2012 09:43:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=5Cbf0Y6mHh/jZzZKnFhVMIQR6lTR0d6POEewcCSFBHA=; b=pGNCJqstit7+k0wtrK/TJP4irIobvTi/nZ0rNSLiRoPpE1O3/k++e6+aw8yf4E0R6v KHeuJ95MCaQ3vkRaSec//tpyxKL9b/nrqnj9YNeLQaKnMY8CbKc4cFGckXT0ns4vmN43 eJ4vpWxlC96w2N+bcD0vzhm9xI5U323OIx6Jvyxxzpw2SOe5XDtAV60BatQslxthtuTA xuANOLvFYB7ZCf3vSzi6ySrU7cU5SzJzoeaEUfBISG6EmRqxidDVyfO63ps4MXapm0KX 3X1zKScvG2zPLMUzW/3iHSEtzGvDJYYb+o7RgKZobESZu+N+Bf3K6rkVRmc7zEVyQi3D 6haQ== Received: by 10.224.31.18 with SMTP id w18mr13261502qac.44.1331657025481; Tue, 13 Mar 2012 09:43:45 -0700 (PDT) Received: from [129.6.252.128] ([129.6.252.128]) by mx.google.com with ESMTPS id h11sm4119524qae.3.2012.03.13.09.43.44 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 13 Mar 2012 09:43:44 -0700 (PDT) References: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5E393DF26B791A428E5F003BB6C5342A10722362@OC11EXPO24.exchange.mit.edu> In-Reply-To: <5E393DF26B791A428E5F003BB6C5342A10722362@OC11EXPO24.exchange.mit.edu> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=Apple-Mail-A1738D34-5A42-4A7A-8133-CAA11C6123EB Message-Id: X-Mailer: iPhone Mail (9B179) From: John Bradley Date: Tue, 13 Mar 2012 12:43:41 -0400 To: Thomas Hardjono X-Gm-Message-State: ALoCoQm9HD+k1CU698uHK4YAvtJg4QuLAT3ev3HZ9rDCIu5fXWCwlDMKhNWu2n8SNRWl9coTfYIj Cc: "jose@ietf.org" Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 16:43:49 -0000 --Apple-Mail-A1738D34-5A42-4A7A-8133-CAA11C6123EB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Encrypting a signed token or encrypting a signed one. This is intend to be o= ver whole objects. The JWT spec allows the more complicated composition.=20= Sent from my iPhone On 2012-03-13, at 12:36 PM, Thomas Hardjono wrote: > Mike, > =20 > Just a minor nit/clarification: what does =E2=80=9Cnested signing=E2=80=9D= and =E2=80=9Cnested encryption=E2=80=9D mean in this draft? (versus ordinar= y signing and encryption). > =20 > Does it mean signing/encryption of some Claims inside the JWT (as separate= ly from signing/encryption the entire JWT)? > =20 > Thanks. > =20 > /thomas/ > =20 > =20 > __________________________________________ > =20 > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mi= ke Jones > Sent: Monday, March 12, 2012 9:08 PM > To: jose@ietf.org > Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08 > =20 > =20 > =20 > From: Mike Jones=20 > Sent: Monday, March 12, 2012 6:07 PM > To: oauth@ietf.org > Subject: JSON Web Token (JWT) Specification Draft -08 > =20 > Draft 08 of the JSON Web Token (JWT) specification has been published. It= uses the -01 versions of the JOSE specifications and also contains these ch= anges: > =C2=B7 Removed language that required that a JWT must have three p= arts. Now the number of parts is explicitly dependent upon the representati= on of the underlying JWS or JWE. > =C2=B7 Moved the =E2=80=9Calg=E2=80=9D:=E2=80=9Cnone=E2=80=9D defi= nition to the JWS spec. > =C2=B7 Registered the application/jwt MIME Media Type. > =C2=B7 Clarified that the order of the creation and validation ste= ps is not significant in cases where there are no dependencies between the i= nputs and outputs of the steps. > =C2=B7 Corrected the Magic Signatures and Simple Web Token (SWT) r= eferences. > =20 > This specification is available at: > =C2=B7 http://tools.ietf.org/html/draft-jones-json-web-token-08 > =20 > An HTML formatted version is available at: > =C2=B7 http://self-issued.info/docs/draft-jones-json-web-token-08.= html > =20 > -- Mike > =20 > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose --Apple-Mail-A1738D34-5A42-4A7A-8133-CAA11C6123EB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Encrypting a signed token o= r encrypting a signed one.  This is intend to be over whole objects. &n= bsp;The JWT spec allows the more complicated composition. 

Sent f= rom my iPhone

On 2012-03-13, at 12:36 PM, Thomas Hardjono <= hardjono@MIT.EDU> wrote:

<= /div>
=

Mike,

 

Just a minor nit/clarification:  what does =E2=80=9Cnested= signing=E2=80=9D and =E2=80=9Cnested encryption=E2=80=9D mean in this draft= ? (versus ordinary signing and encryption).

 

Does it mean signing/encryption of some Claims inside the JWT (= as separately from signing/encryption the entire JWT)?

=

 

Thanks.

 

/thomas/

 

 

__________________________________________

 

From: jose-bounces@ietf.org [mailto:jose-bounces= @ietf.org] On Behalf Of Mike Jones
Sent: Monday, March 12, 2012 9:08 PM
To: jose@ietf.org
Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08=

 

 

 

From: Mike Jones
Sent: Monday, March 12, 2012 6:07 PM
To: oauth@ietf.org
Subject: JSON Web Token (JWT) Specification Draft -08

 

Draft 08 of the JSON Web Token (JWT) specification has been published.  It uses the= -01 versions of the JOSE specifications and also contains these changes:=

=C2=B7         Removed language that required that a JWT= must have three parts.  Now the number of parts is explicitly dependen= t upon the representation of the underlying JWS or JWE.

=C2=B7         Moved the =E2=80=9Calg=E2=80=9D:=E2=80=9C= none=E2=80=9D definition to the JWS spec.

=C2=B7         Registered the application/jwt MIME Media Type.

=C2=B7         Clarified that the order of the creation a= nd validation steps is not significant in cases where there are no dependenc= ies between the inputs and outputs of the steps.

=C2=B7         Corrected the Magic Signatures and Simple= Web Token (SWT) references.

 

This specification is available at:

=C2=B7         http://tools.ietf.org/html/draft-jones-json-web-= token-08

 

An HTML formatted version is available at:=

=C2=B7         http://self-issued.info/docs/draft-jones-= json-web-token-08.html

 

         = ;            &nb= sp;            &= nbsp;            = ;            &nb= sp;    -- Mike

 

____________________= ___________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman= /listinfo/jose
= --Apple-Mail-A1738D34-5A42-4A7A-8133-CAA11C6123EB-- From hardjono@mit.edu Tue Mar 13 13:01:23 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C6DC21F869C for ; Tue, 13 Mar 2012 13:01:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eAyE+mHKWtW6 for ; Tue, 13 Mar 2012 13:01:21 -0700 (PDT) Received: from dmz-mailsec-scanner-3.mit.edu (DMZ-MAILSEC-SCANNER-3.MIT.EDU [18.9.25.14]) by ietfa.amsl.com (Postfix) with ESMTP id D02F121F8699 for ; Tue, 13 Mar 2012 13:01:20 -0700 (PDT) X-AuditID: 1209190e-b7f7c6d0000008c3-b5-4f5fa78e607f Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 72.60.02243.E87AF5F4; Tue, 13 Mar 2012 16:01:18 -0400 (EDT) Received: from outgoing-exchange-2.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id q2DK1IeF030441; Tue, 13 Mar 2012 16:01:18 -0400 Received: from OC11EXEDGE4.EXCHANGE.MIT.EDU (OC11EXEDGE4.EXCHANGE.MIT.EDU [18.9.3.27]) by outgoing-exchange-2.mit.edu (8.13.8/8.12.4) with ESMTP id q2DK1GgJ026290; Tue, 13 Mar 2012 16:01:17 -0400 Received: from W92EXHUB14.exchange.mit.edu (18.7.73.25) by OC11EXEDGE4.EXCHANGE.MIT.EDU (18.9.3.27) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 13 Mar 2012 16:00:25 -0400 Received: from OC11EXPO24.exchange.mit.edu ([169.254.1.142]) by W92EXHUB14.exchange.mit.edu ([18.7.73.25]) with mapi id 14.01.0355.002; Tue, 13 Mar 2012 16:01:16 -0400 From: Thomas Hardjono To: John Bradley Thread-Topic: [jose] JSON Web Token (JWT) Specification Draft -08 Thread-Index: Ac0AtZ2VWOQ/geNTRauMlubauujftQAAAiggACBAkAAACNQ2gAABkmrA Date: Tue, 13 Mar 2012 20:01:06 +0000 Message-ID: <5E393DF26B791A428E5F003BB6C5342A10722844@OC11EXPO24.exchange.mit.edu> References: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5E393DF26B791A428E5F003BB6C5342A10722362@OC11EXPO24.exchange.mit.edu> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [18.111.82.215] Content-Type: multipart/alternative; boundary="_000_5E393DF26B791A428E5F003BB6C5342A10722844OC11EXPO24excha_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPKsWRmVeSWpSXmKPExsUixCmqrNu3PN7f4GqXvMWaNd1MFqvv/mVz YPJYsuQnk8ft2xtZApiiuGxSUnMyy1KL9O0SuDL+/HjBXDDvMmPF7JNpDYxXzjJ2MXJySAiY SDzbt5AFwhaTuHBvPVsXIxeHkMA+RonPXQdYIJwDjBJLlh2FylxllNjzYg8rhLOdUWLeg12M EM5qRomtF64xgwxjE9CQOPd7LzuILSKgIrFv3yOgIg4OZgFliRt9piBhYQEHibM7JzBDlDhK 7Fu8CMp2k+hYdZkNxGYRUJVYe2smWJxXIEji9c2dTBC77jJKTLu+DqyIU8BO4vXSp2A2I9AT 30+tYQKxmQXEJW49mc8E8ZygxKLZe5hhHv236yEbhK0ocer0AXaI+nyJhoWzGSGWCUqcnPmE ZQKjxCwko2YhKZuFpGwW2GuaEut36UOUKEpM6X7IDmFrSLTOmcuOLL6AkX0Vo2xKbpVubmJm TnFqsm5xcmJeXmqRrrFebmaJXmpK6SZGcDxL8u1g/HpQ6RCjAAejEg+vcG28vxBrYllxZe4h RkkOJiVRXm5gMhDiS8pPqcxILM6ILyrNSS0+xCjBwawkwvtiKlCONyWxsiq1KB8mJc3BoiTO q6b1zk9IID2xJDU7NbUgtQgmK8PBoSTB6wkyVLAoNT21Ii0zpwQhzcTBCTKcB2i4HEgNb3FB Ym5xZjpE/hSjopQ4rwFIQgAkkVGaB9cLS7evGMWBXhHmZQCp4gGmarjuV0CDmYAGl3yLAxlc koiQkmpgFDEL430wJae8lDPh1a5ixa5NG93nnvfQmPPMtPrrhf8Nqza1yz02qdPtkfw/5YNc uY+X3NFfnSWm/x4bXX37l0F7y0ae3xn3OO/8f8kT+93Sgdf4SI/UB/GpG2Zkvd0g6v4wY2GS Y/TsftM7Di/fnLA4+TNslsIvJo9NsvyrpKuZp9munsn7WImlOCPRUIu5qDgRAEaSIFySAwAA Cc: "jose@ietf.org" Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 20:01:23 -0000 --_000_5E393DF26B791A428E5F003BB6C5342A10722844OC11EXPO24excha_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzLiAgRG9lcyBpdCBtZWFuIEpXVCBzdXBwb3J0cyAoYWxsb3dzIGZvcikgbXVsdGktbGV2 ZWwgbmVzdGluZy4gIElmIHNvLCBkb2VzIGl0IG1lYW4gdGhhdCBhcyBhIHZlcmlmaWVyIEkgd291 bGQgbmVlZCB0byB1cHdyYXAgKGRlY3J5cHQpIGNvbnRpbnVvdXNseSB1bnRpbCBJIHNlZSB0aGUg 4oCcYWxn4oCdIGZsYWc/DQoNCi90aG9tYXMvDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KDQpGcm9tOiBKb2huIEJyYWRsZXkgW21haWx0bzp2ZTdqdGJAdmU3 anRiLmNvbV0NClNlbnQ6IFR1ZXNkYXksIE1hcmNoIDEzLCAyMDEyIDEyOjQ0IFBNDQpUbzogVGhv bWFzIEhhcmRqb25vDQpDYzogam9zZUBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtqb3NlXSBKU09O IFdlYiBUb2tlbiAoSldUKSBTcGVjaWZpY2F0aW9uIERyYWZ0IC0wOA0KDQpFbmNyeXB0aW5nIGEg c2lnbmVkIHRva2VuIG9yIGVuY3J5cHRpbmcgYSBzaWduZWQgb25lLiAgVGhpcyBpcyBpbnRlbmQg dG8gYmUgb3ZlciB3aG9sZSBvYmplY3RzLiAgVGhlIEpXVCBzcGVjIGFsbG93cyB0aGUgbW9yZSBj b21wbGljYXRlZCBjb21wb3NpdGlvbi4NCg0KU2VudCBmcm9tIG15IGlQaG9uZQ0KDQpPbiAyMDEy LTAzLTEzLCBhdCAxMjozNiBQTSwgVGhvbWFzIEhhcmRqb25vIDxoYXJkam9ub0BNSVQuRURVPG1h aWx0bzpoYXJkam9ub0BNSVQuRURVPj4gd3JvdGU6DQpNaWtlLA0KDQpKdXN0IGEgbWlub3Igbml0 L2NsYXJpZmljYXRpb246ICB3aGF0IGRvZXMg4oCcbmVzdGVkIHNpZ25pbmfigJ0gYW5kIOKAnG5l c3RlZCBlbmNyeXB0aW9u4oCdIG1lYW4gaW4gdGhpcyBkcmFmdD8gKHZlcnN1cyBvcmRpbmFyeSBz aWduaW5nIGFuZCBlbmNyeXB0aW9uKS4NCg0KRG9lcyBpdCBtZWFuIHNpZ25pbmcvZW5jcnlwdGlv biBvZiBzb21lIENsYWltcyBpbnNpZGUgdGhlIEpXVCAoYXMgc2VwYXJhdGVseSBmcm9tIHNpZ25p bmcvZW5jcnlwdGlvbiB0aGUgZW50aXJlIEpXVCk/DQoNClRoYW5rcy4NCg0KL3Rob21hcy8NCg0K DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCg0KRnJvbTogam9z ZS1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpqb3NlLWJvdW5jZXNAaWV0Zi5vcmc+IFttYWlsdG86 am9zZS1ib3VuY2VzQGlldGYub3JnXTxtYWlsdG86W21haWx0bzpqb3NlLWJvdW5jZXNAaWV0Zi5v cmddPiBPbiBCZWhhbGYgT2YgTWlrZSBKb25lcw0KU2VudDogTW9uZGF5LCBNYXJjaCAxMiwgMjAx MiA5OjA4IFBNDQpUbzogam9zZUBpZXRmLm9yZzxtYWlsdG86am9zZUBpZXRmLm9yZz4NClN1Ympl Y3Q6IFtqb3NlXSBGVzogSlNPTiBXZWIgVG9rZW4gKEpXVCkgU3BlY2lmaWNhdGlvbiBEcmFmdCAt MDgNCg0KDQoNCkZyb206IE1pa2UgSm9uZXMNClNlbnQ6IE1vbmRheSwgTWFyY2ggMTIsIDIwMTIg NjowNyBQTQ0KVG86IG9hdXRoQGlldGYub3JnPG1haWx0bzpvYXV0aEBpZXRmLm9yZz4NClN1Ympl Y3Q6IEpTT04gV2ViIFRva2VuIChKV1QpIFNwZWNpZmljYXRpb24gRHJhZnQgLTA4DQoNCkRyYWZ0 IDA4IG9mIHRoZSBKU09OIFdlYiBUb2tlbiAoSldUKSBzcGVjaWZpY2F0aW9uPGh0dHA6Ly90b29s cy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpzb24td2ViLXRva2VuLTA4PiBoYXMgYmVlbiBw dWJsaXNoZWQuICBJdCB1c2VzIHRoZSAtMDEgdmVyc2lvbnMgb2YgdGhlIEpPU0Ugc3BlY2lmaWNh dGlvbnM8aHR0cDovL3NlbGYtaXNzdWVkLmluZm8vP3A9Njg4PiBhbmQgYWxzbyBjb250YWlucyB0 aGVzZSBjaGFuZ2VzOg0KDQrCtyAgICAgICAgIFJlbW92ZWQgbGFuZ3VhZ2UgdGhhdCByZXF1aXJl ZCB0aGF0IGEgSldUIG11c3QgaGF2ZSB0aHJlZSBwYXJ0cy4gIE5vdyB0aGUgbnVtYmVyIG9mIHBh cnRzIGlzIGV4cGxpY2l0bHkgZGVwZW5kZW50IHVwb24gdGhlIHJlcHJlc2VudGF0aW9uIG9mIHRo ZSB1bmRlcmx5aW5nIEpXUyBvciBKV0UuDQoNCsK3ICAgICAgICAgTW92ZWQgdGhlIOKAnGFsZ+KA nTrigJxub25l4oCdIGRlZmluaXRpb24gdG8gdGhlIEpXUyBzcGVjLg0KDQrCtyAgICAgICAgIFJl Z2lzdGVyZWQgdGhlIGFwcGxpY2F0aW9uL2p3dCBNSU1FIE1lZGlhIFR5cGUuDQoNCsK3ICAgICAg ICAgQ2xhcmlmaWVkIHRoYXQgdGhlIG9yZGVyIG9mIHRoZSBjcmVhdGlvbiBhbmQgdmFsaWRhdGlv biBzdGVwcyBpcyBub3Qgc2lnbmlmaWNhbnQgaW4gY2FzZXMgd2hlcmUgdGhlcmUgYXJlIG5vIGRl cGVuZGVuY2llcyBiZXR3ZWVuIHRoZSBpbnB1dHMgYW5kIG91dHB1dHMgb2YgdGhlIHN0ZXBzLg0K DQrCtyAgICAgICAgIENvcnJlY3RlZCB0aGUgTWFnaWMgU2lnbmF0dXJlcyBhbmQgU2ltcGxlIFdl YiBUb2tlbiAoU1dUKSByZWZlcmVuY2VzLg0KDQpUaGlzIHNwZWNpZmljYXRpb24gaXMgYXZhaWxh YmxlIGF0Og0KDQrCtyAgICAgICAgIGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpv bmVzLWpzb24td2ViLXRva2VuLTA4DQoNCkFuIEhUTUwgZm9ybWF0dGVkIHZlcnNpb24gaXMgYXZh aWxhYmxlIGF0Og0KDQrCtyAgICAgICAgIGh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvL2RvY3MvZHJh ZnQtam9uZXMtanNvbi13ZWItdG9rZW4tMDguaHRtbA0KDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0gTWlrZQ0KDQpfX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0Kam9zZSBtYWlsaW5n IGxpc3QNCmpvc2VAaWV0Zi5vcmc8bWFpbHRvOmpvc2VAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2pvc2UNCg== --_000_5E393DF26B791A428E5F003BB6C5342A10722844OC11EXPO24excha_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMg MiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1 IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglw YW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5 OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXtt c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5k ZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5 bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp bmU7fQ0KcC5Nc29BY2V0YXRlLCBsaS5Nc29BY2V0YXRlLCBkaXYuTXNvQWNldGF0ZQ0KCXttc28t c3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkJhbGxvb24gVGV4dCBDaGFyIjsN CgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6OC4wcHQ7 DQoJZm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMtc2VyaWYiO30NCnAuTXNvTGlzdFBhcmFncmFw aCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxl LXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFy Z2luLWJvdHRvbTowaW47DQoJbWFyZ2luLWxlZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAx cHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2Vy aWYiO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6d2luZG93dGV4dDt9DQpz cGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOiMwMDIwNjA7fQ0Kc3Bhbi5FbWFpbFN0 eWxlMjANCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIg TmV3IjsNCgljb2xvcjojMUY0OTdEOw0KCWZvbnQtd2VpZ2h0Om5vcm1hbDsNCglmb250LXN0eWxl Om5vcm1hbDsNCgl0ZXh0LWRlY29yYXRpb246bm9uZSBub25lO30NCnNwYW4uRW1haWxTdHlsZTIx DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVy IE5ldyI7DQoJY29sb3I6IzFGNDk3RDsNCglmb250LXdlaWdodDpub3JtYWw7DQoJZm9udC1zdHls ZTpub3JtYWw7DQoJdGV4dC1kZWNvcmF0aW9uOm5vbmUgbm9uZTt9DQpzcGFuLkJhbGxvb25UZXh0 Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiQmFsbG9vbiBUZXh0IENoYXIiOw0KCW1zby1zdHlsZS1w cmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiQmFsbG9vbiBUZXh0IjsNCglmb250LWZhbWls eToiVGFob21hIiwic2Fucy1zZXJpZiI7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5 cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjEN Cgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30N CmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0 aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6NzczMTMyMjM1Ow0KCW1zby1saXN0LXR5 cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotOTczNzI1NDMwIDY3Njk4Njg5IDY3 Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4 NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg bDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7 fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt c28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0 IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2Rp bmdzO30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjEzNTQ5MTkzNDg7DQoJbXNvLWxpc3QtdHlw ZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xMDkzOTE0MzI0IDY3Njk4Njg5IDY3 Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4 NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwxOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsMg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWwzDQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg bDE6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7 fQ0KQGxpc3QgbDE6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt c28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTpsZXZlbDcNCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDgNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0 IGwxOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2Rp bmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGluO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGlu O30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRz IHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtp ZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1h cCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRp Zl0tLT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGluaz0i Ymx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3 JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlRoYW5rcy4gJm5ic3A7RG9lcyBpdCBtZWFuIEpXVCBzdXBw b3J0cyAoYWxsb3dzIGZvcikgbXVsdGktbGV2ZWwgbmVzdGluZy4mbmJzcDsgSWYgc28sIGRvZXMg aXQgbWVhbiB0aGF0IGFzIGEgdmVyaWZpZXIgSSB3b3VsZCBuZWVkIHRvIHVwd3JhcCAoZGVjcnlw dCkgY29udGludW91c2x5IHVudGlsIEkgc2VlIHRoZSDigJxhbGfigJ0gZmxhZz88bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1p bHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFt aWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPi90aG9tYXMvPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztj b2xvcjojMUY0OTdEIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdE Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0K PGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAx LjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPiBKb2huIEJyYWRsZXkgW21haWx0bzp2ZTdqdGJAdmU3anRiLmNvbV0N Cjxicj4NCjxiPlNlbnQ6PC9iPiBUdWVzZGF5LCBNYXJjaCAxMywgMjAxMiAxMjo0NCBQTTxicj4N CjxiPlRvOjwvYj4gVGhvbWFzIEhhcmRqb25vPGJyPg0KPGI+Q2M6PC9iPiBqb3NlQGlldGYub3Jn PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbam9zZV0gSlNPTiBXZWIgVG9rZW4gKEpXVCkgU3Bl Y2lmaWNhdGlvbiBEcmFmdCAtMDg8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+RW5jcnlwdGluZyBhIHNpZ25lZCB0b2tlbiBvciBlbmNyeXB0aW5n IGEgc2lnbmVkIG9uZS4gJm5ic3A7VGhpcyBpcyBpbnRlbmQgdG8gYmUgb3ZlciB3aG9sZSBvYmpl Y3RzLiAmbmJzcDtUaGUgSldUIHNwZWMgYWxsb3dzIHRoZSBtb3JlIGNvbXBsaWNhdGVkIGNvbXBv c2l0aW9uLiZuYnNwOzxicj4NCjxicj4NClNlbnQgZnJvbSBteSBpUGhvbmU8bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjEyLjBwdCI+PGJyPg0KT24gMjAxMi0wMy0xMywgYXQgMTI6MzYgUE0sIFRob21hcyBIYXJk am9ubyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmhhcmRqb25vQE1JVC5FRFUiPmhhcmRqb25vQE1JVC5F RFU8L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5 bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3 JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPk1pa2UsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3 JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5l dyZxdW90Oztjb2xvcjojMUY0OTdEIj5KdXN0IGEgbWlub3Igbml0L2NsYXJpZmljYXRpb246Jm5i c3A7IHdoYXQgZG9lcyDigJxuZXN0ZWQgc2lnbmluZ+KAnSBhbmQg4oCcbmVzdGVkIGVuY3J5cHRp b27igJ0gbWVhbiBpbiB0aGlzIGRyYWZ0PyAodmVyc3VzIG9yZGluYXJ5IHNpZ25pbmcgYW5kIGVu Y3J5cHRpb24pLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0 OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFG NDk3RCI+RG9lcyBpdCBtZWFuIHNpZ25pbmcvZW5jcnlwdGlvbiBvZiBzb21lIENsYWltcyBpbnNp ZGUgdGhlIEpXVCAoYXMgc2VwYXJhdGVseSBmcm9tIHNpZ25pbmcvZW5jcnlwdGlvbiB0aGUgZW50 aXJlIEpXVCk/PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5 N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0 OTdEIj5UaGFua3MuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMx RjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjoj MUY0OTdEIj4vdGhvbWFzLzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv cjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpw PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi Pl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNv bGlkIGJsdWUgMS41cHQ7cGFkZGluZzowaW4gMGluIDBpbiA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6 My4wcHQgMGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+DQo8YSBocmVmPSJtYWlsdG86am9zZS1ib3VuY2VzQGlldGYub3JnIj5qb3NlLWJvdW5jZXNA aWV0Zi5vcmc8L2E+IDxhIGhyZWY9Im1haWx0bzpbbWFpbHRvOmpvc2UtYm91bmNlc0BpZXRmLm9y Z10iPg0KW21haWx0bzpqb3NlLWJvdW5jZXNAaWV0Zi5vcmddPC9hPiA8Yj5PbiBCZWhhbGYgT2Yg PC9iPk1pa2UgSm9uZXM8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBNYXJjaCAxMiwgMjAxMiA5 OjA4IFBNPGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86am9zZUBpZXRmLm9yZyI+am9z ZUBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW2pvc2VdIEZXOiBKU09OIFdlYiBU b2tlbiAoSldUKSBTcGVjaWZpY2F0aW9uIERyYWZ0IC0wODwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iY29sb3I6IzAwMjA2MCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxk aXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRk aW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPiBNaWtlIEpvbmVzDQo8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBNYXJjaCAxMiwg MjAxMiA2OjA3IFBNPGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86b2F1dGhAaWV0Zi5v cmciPm9hdXRoQGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBKU09OIFdlYiBUb2tl biAoSldUKSBTcGVjaWZpY2F0aW9uIERyYWZ0IC0wODwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkRyYWZ0IDA4IG9mIHRoZSA8YSBocmVmPSJodHRwOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0wOCI+DQpKU09OIFdl YiBUb2tlbiAoSldUKSBzcGVjaWZpY2F0aW9uPC9hPiBoYXMgYmVlbiBwdWJsaXNoZWQuICZuYnNw O0l0IHVzZXMgdGhlIDxhIGhyZWY9Imh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLz9wPTY4OCI+DQot MDEgdmVyc2lvbnMgb2YgdGhlIEpPU0Ugc3BlY2lmaWNhdGlvbnM8L2E+IGFuZCBhbHNvIGNvbnRh aW5zIHRoZXNlIGNoYW5nZXM6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFn cmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+ PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNw YW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVv dDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPlJlbW92ZWQg bGFuZ3VhZ2UgdGhhdCByZXF1aXJlZCB0aGF0IGEgSldUIG11c3QgaGF2ZSB0aHJlZSBwYXJ0cy4g Jm5ic3A7Tm93IHRoZSBudW1iZXIgb2YgcGFydHMgaXMgZXhwbGljaXRseSBkZXBlbmRlbnQgdXBv biB0aGUgcmVwcmVzZW50YXRpb24gb2YgdGhlIHVuZGVybHlpbmcgSldTIG9yIEpXRS48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6 LS4yNWluO21zby1saXN0OmwxIGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3Bh biBzdHlsZT0iZm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3Jl Ij7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+ PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+TW92ZWQgdGhlIOKAnGFsZ+KAnTrigJxub25l4oCdIGRl ZmluaXRpb24gdG8gdGhlIEpXUyBzcGVjLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xp c3RQYXJhZ3JhcGgiIHN0eWxlPSJ0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDEgbGV2ZWwx IGxmbzIiPjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1i b2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4w cHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT5S ZWdpc3RlcmVkIHRoZSA8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcm cXVvdDsiPg0KYXBwbGljYXRpb24vand0PC9zcGFuPiBNSU1FIE1lZGlhIFR5cGUuPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0u MjVpbjttc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+ wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwv c3Bhbj48L3NwYW4+PCFbZW5kaWZdPkNsYXJpZmllZCB0aGF0IHRoZSBvcmRlciBvZiB0aGUgY3Jl YXRpb24gYW5kIHZhbGlkYXRpb24gc3RlcHMgaXMgbm90IHNpZ25pZmljYW50IGluIGNhc2VzIHdo ZXJlIHRoZXJlIGFyZSBubyBkZXBlbmRlbmNpZXMgYmV0d2VlbiB0aGUgaW5wdXRzIGFuZCBvdXRw dXRzIG9mIHRoZSBzdGVwcy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdy YXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwxIGxldmVsMSBsZm8yIj48 IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6U3ltYm9sIj48c3Bh biBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90 O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+Q29ycmVjdGVk IHRoZSBNYWdpYyBTaWduYXR1cmVzIGFuZCBTaW1wbGUgV2ViIFRva2VuIChTV1QpIHJlZmVyZW5j ZXMuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoaXMgc3BlY2lmaWNhdGlvbiBpcyBhdmFpbGFi bGUgYXQ6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9 InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMCBsZXZlbDEgbGZvNCI+PCFbaWYgIXN1cHBv cnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1z by1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcg Um9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly90b29s cy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpzb24td2ViLXRva2VuLTA4Ij5odHRwOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0wODwvYT48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+QW4gSFRNTCBmb3JtYXR0ZWQgdmVyc2lvbiBpcyBhdmFpbGFibGUg YXQ6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9InRl eHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMCBsZXZlbDEgbGZvNCI+PCFbaWYgIXN1cHBvcnRM aXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1zby1s aXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9t YW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw Ow0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly9zZWxmLWlz c3VlZC5pbmZvL2RvY3MvZHJhZnQtam9uZXMtanNvbi13ZWItdG9rZW4tMDguaHRtbCI+aHR0cDov L3NlbGYtaXNzdWVkLmluZm8vZG9jcy9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0wOC5odG1s PC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgLS0gTWlrZTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGJsb2Nr cXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7LCZxdW90O3NlcmlmJnF1b3Q7Ij5f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCmpvc2Ug bWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOmpvc2VAaWV0Zi5vcmciPmpvc2VAaWV0 Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9qb3NlIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2pvc2U8L2E+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_5E393DF26B791A428E5F003BB6C5342A10722844OC11EXPO24excha_-- From Michael.Jones@microsoft.com Tue Mar 13 13:08:43 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ED8E21F85B8 for ; Tue, 13 Mar 2012 13:08:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.348 X-Spam-Level: X-Spam-Status: No, score=-5.348 tagged_above=-999 required=5 tests=[AWL=1.250, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qxcd5ZCZuS9N for ; Tue, 13 Mar 2012 13:08:42 -0700 (PDT) Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe003.messaging.microsoft.com [65.55.88.13]) by ietfa.amsl.com (Postfix) with ESMTP id 5A6A821F8450 for ; Tue, 13 Mar 2012 13:08:42 -0700 (PDT) Received: from mail116-tx2-R.bigfish.com (10.9.14.244) by TX2EHSOBE006.bigfish.com (10.9.40.26) with Microsoft SMTP Server id 14.1.225.23; Tue, 13 Mar 2012 20:08:42 +0000 Received: from mail116-tx2 (localhost [127.0.0.1]) by mail116-tx2-R.bigfish.com (Postfix) with ESMTP id 14B591A01D6; Tue, 13 Mar 2012 20:08:42 +0000 (UTC) X-SpamScore: -26 X-BigFish: VS-26(zz9371Ic89bh936eKc857h98dKzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail116-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail116-tx2 (localhost.localdomain [127.0.0.1]) by mail116-tx2 (MessageSwitch) id 1331669320391850_26816; Tue, 13 Mar 2012 20:08:40 +0000 (UTC) Received: from TX2EHSMHS012.bigfish.com (unknown [10.9.14.241]) by mail116-tx2.bigfish.com (Postfix) with ESMTP id 594921C0045; Tue, 13 Mar 2012 20:08:40 +0000 (UTC) Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS012.bigfish.com (10.9.99.112) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 13 Mar 2012 20:08:37 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0283.004; Tue, 13 Mar 2012 20:08:33 +0000 From: Mike Jones To: Thomas Hardjono , John Bradley Thread-Topic: [jose] JSON Web Token (JWT) Specification Draft -08 Thread-Index: Ac0AtZ2VWOQ/geNTRauMlubauujftQAAAiggACBAkAAAAHJxgAAG5QsAAAAQvOA= Date: Tue, 13 Mar 2012 20:08:32 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366419F37@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5E393DF26B791A428E5F003BB6C5342A10722362@OC11EXPO24.exchange.mit.edu> <5E393DF26B791A428E5F003BB6C5342A10722844@OC11EXPO24.exchange.mit.edu> In-Reply-To: <5E393DF26B791A428E5F003BB6C5342A10722844@OC11EXPO24.exchange.mit.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.37] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366419F37TK5EX14MBXC284r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: "jose@ietf.org" Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 20:08:43 -0000 --_000_4E1F6AAD24975D4BA5B168042967394366419F37TK5EX14MBXC284r_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 WWVzLCB5b3UgaGF2ZSB0byBrZWVwIHZhbGlkYXRpbmcgdGhyb3VnaCB0aGUgbmVzdGluZyBsZXZl bHMuICAoQWx0aG91Z2ggdGhlIHRlcm1pbmF0aW9uIGNvbmRpdGlvbiBhcyB3cml0dGVuIHVzZXMg dGhlIOKAnHR5cOKAnSB2YWx1ZSwgc2luY2UgdGhlcmUgd2lsbCBiZSBhbiDigJxhbGfigJ0gdmFs dWUgZm9yIGFsbCBsZXZlbHMgb2YgbmVzdGVkIHNpZ25pbmcvZW5jcnlwdGlvbi4gIFNlZSBTdGVw IDggb2YgdGhlIHZhbGlkYXRpb24gcnVsZXMgaW4gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwv ZHJhZnQtam9uZXMtanNvbi13ZWItdG9rZW4tMDgjc2VjdGlvbi03LikNCg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0gTWlrZQ0K DQpGcm9tOiBqb3NlLWJvdW5jZXNAaWV0Zi5vcmcgW21haWx0bzpqb3NlLWJvdW5jZXNAaWV0Zi5v cmddIE9uIEJlaGFsZiBPZiBUaG9tYXMgSGFyZGpvbm8NClNlbnQ6IFR1ZXNkYXksIE1hcmNoIDEz LCAyMDEyIDE6MDEgUE0NClRvOiBKb2huIEJyYWRsZXkNCkNjOiBqb3NlQGlldGYub3JnDQpTdWJq ZWN0OiBSZTogW2pvc2VdIEpTT04gV2ViIFRva2VuIChKV1QpIFNwZWNpZmljYXRpb24gRHJhZnQg LTA4DQoNClRoYW5rcy4gIERvZXMgaXQgbWVhbiBKV1Qgc3VwcG9ydHMgKGFsbG93cyBmb3IpIG11 bHRpLWxldmVsIG5lc3RpbmcuICBJZiBzbywgZG9lcyBpdCBtZWFuIHRoYXQgYXMgYSB2ZXJpZmll ciBJIHdvdWxkIG5lZWQgdG8gdXB3cmFwIChkZWNyeXB0KSBjb250aW51b3VzbHkgdW50aWwgSSBz ZWUgdGhlIOKAnGFsZ+KAnSBmbGFnPw0KDQovdGhvbWFzLw0KDQpfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18NCg0KRnJvbTogSm9obiBCcmFkbGV5IFttYWlsdG86dmU3 anRiQHZlN2p0Yi5jb21dPG1haWx0bzpbbWFpbHRvOnZlN2p0YkB2ZTdqdGIuY29tXT4NClNlbnQ6 IFR1ZXNkYXksIE1hcmNoIDEzLCAyMDEyIDEyOjQ0IFBNDQpUbzogVGhvbWFzIEhhcmRqb25vDQpD Yzogam9zZUBpZXRmLm9yZzxtYWlsdG86am9zZUBpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbam9z ZV0gSlNPTiBXZWIgVG9rZW4gKEpXVCkgU3BlY2lmaWNhdGlvbiBEcmFmdCAtMDgNCg0KRW5jcnlw dGluZyBhIHNpZ25lZCB0b2tlbiBvciBlbmNyeXB0aW5nIGEgc2lnbmVkIG9uZS4gIFRoaXMgaXMg aW50ZW5kIHRvIGJlIG92ZXIgd2hvbGUgb2JqZWN0cy4gIFRoZSBKV1Qgc3BlYyBhbGxvd3MgdGhl IG1vcmUgY29tcGxpY2F0ZWQgY29tcG9zaXRpb24uDQoNClNlbnQgZnJvbSBteSBpUGhvbmUNCg0K T24gMjAxMi0wMy0xMywgYXQgMTI6MzYgUE0sIFRob21hcyBIYXJkam9ubyA8aGFyZGpvbm9ATUlU LkVEVTxtYWlsdG86aGFyZGpvbm9ATUlULkVEVT4+IHdyb3RlOg0KTWlrZSwNCg0KSnVzdCBhIG1p bm9yIG5pdC9jbGFyaWZpY2F0aW9uOiAgd2hhdCBkb2VzIOKAnG5lc3RlZCBzaWduaW5n4oCdIGFu ZCDigJxuZXN0ZWQgZW5jcnlwdGlvbuKAnSBtZWFuIGluIHRoaXMgZHJhZnQ/ICh2ZXJzdXMgb3Jk aW5hcnkgc2lnbmluZyBhbmQgZW5jcnlwdGlvbikuDQoNCkRvZXMgaXQgbWVhbiBzaWduaW5nL2Vu Y3J5cHRpb24gb2Ygc29tZSBDbGFpbXMgaW5zaWRlIHRoZSBKV1QgKGFzIHNlcGFyYXRlbHkgZnJv bSBzaWduaW5nL2VuY3J5cHRpb24gdGhlIGVudGlyZSBKV1QpPw0KDQpUaGFua3MuDQoNCi90aG9t YXMvDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQoNCkZy b206IGpvc2UtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86am9zZS1ib3VuY2VzQGlldGYub3JnPiBb bWFpbHRvOmpvc2UtYm91bmNlc0BpZXRmLm9yZ108bWFpbHRvOlttYWlsdG86am9zZS1ib3VuY2Vz QGlldGYub3JnXT4gT24gQmVoYWxmIE9mIE1pa2UgSm9uZXMNClNlbnQ6IE1vbmRheSwgTWFyY2gg MTIsIDIwMTIgOTowOCBQTQ0KVG86IGpvc2VAaWV0Zi5vcmc8bWFpbHRvOmpvc2VAaWV0Zi5vcmc+ DQpTdWJqZWN0OiBbam9zZV0gRlc6IEpTT04gV2ViIFRva2VuIChKV1QpIFNwZWNpZmljYXRpb24g RHJhZnQgLTA4DQoNCg0KDQpGcm9tOiBNaWtlIEpvbmVzDQpTZW50OiBNb25kYXksIE1hcmNoIDEy LCAyMDEyIDY6MDcgUE0NClRvOiBvYXV0aEBpZXRmLm9yZzxtYWlsdG86b2F1dGhAaWV0Zi5vcmc+ DQpTdWJqZWN0OiBKU09OIFdlYiBUb2tlbiAoSldUKSBTcGVjaWZpY2F0aW9uIERyYWZ0IC0wOA0K DQpEcmFmdCAwOCBvZiB0aGUgSlNPTiBXZWIgVG9rZW4gKEpXVCkgc3BlY2lmaWNhdGlvbjxodHRw Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0wOD4gaGFz IGJlZW4gcHVibGlzaGVkLiAgSXQgdXNlcyB0aGUgLTAxIHZlcnNpb25zIG9mIHRoZSBKT1NFIHNw ZWNpZmljYXRpb25zPGh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLz9wPTY4OD4gYW5kIGFsc28gY29u dGFpbnMgdGhlc2UgY2hhbmdlczoNCg0KwrcgICAgICAgIFJlbW92ZWQgbGFuZ3VhZ2UgdGhhdCBy ZXF1aXJlZCB0aGF0IGEgSldUIG11c3QgaGF2ZSB0aHJlZSBwYXJ0cy4gIE5vdyB0aGUgbnVtYmVy IG9mIHBhcnRzIGlzIGV4cGxpY2l0bHkgZGVwZW5kZW50IHVwb24gdGhlIHJlcHJlc2VudGF0aW9u IG9mIHRoZSB1bmRlcmx5aW5nIEpXUyBvciBKV0UuDQoNCsK3ICAgICAgICBNb3ZlZCB0aGUg4oCc YWxn4oCdOuKAnG5vbmXigJ0gZGVmaW5pdGlvbiB0byB0aGUgSldTIHNwZWMuDQoNCsK3ICAgICAg ICBSZWdpc3RlcmVkIHRoZSBhcHBsaWNhdGlvbi9qd3QgTUlNRSBNZWRpYSBUeXBlLg0KDQrCtyAg ICAgICAgQ2xhcmlmaWVkIHRoYXQgdGhlIG9yZGVyIG9mIHRoZSBjcmVhdGlvbiBhbmQgdmFsaWRh dGlvbiBzdGVwcyBpcyBub3Qgc2lnbmlmaWNhbnQgaW4gY2FzZXMgd2hlcmUgdGhlcmUgYXJlIG5v IGRlcGVuZGVuY2llcyBiZXR3ZWVuIHRoZSBpbnB1dHMgYW5kIG91dHB1dHMgb2YgdGhlIHN0ZXBz Lg0KDQrCtyAgICAgICAgQ29ycmVjdGVkIHRoZSBNYWdpYyBTaWduYXR1cmVzIGFuZCBTaW1wbGUg V2ViIFRva2VuIChTV1QpIHJlZmVyZW5jZXMuDQoNClRoaXMgc3BlY2lmaWNhdGlvbiBpcyBhdmFp bGFibGUgYXQ6DQoNCsK3ICAgICAgICBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1q b25lcy1qc29uLXdlYi10b2tlbi0wOA0KDQpBbiBIVE1MIGZvcm1hdHRlZCB2ZXJzaW9uIGlzIGF2 YWlsYWJsZSBhdDoNCg0KwrcgICAgICAgIGh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvL2RvY3MvZHJh ZnQtam9uZXMtanNvbi13ZWItdG9rZW4tMDguaHRtbA0KDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0gTWlrZQ0KDQpfX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0Kam9zZSBtYWlsaW5n IGxpc3QNCmpvc2VAaWV0Zi5vcmc8bWFpbHRvOmpvc2VAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2pvc2UNCg== --_000_4E1F6AAD24975D4BA5B168042967394366419F37TK5EX14MBXC284r_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9 DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3Nl LTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNv Tm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJn aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsInNhbnMtc2VyaWYiO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0 eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGlu ZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30N CnAuTXNvQWNldGF0ZSwgbGkuTXNvQWNldGF0ZSwgZGl2Lk1zb0FjZXRhdGUNCgl7bXNvLXN0eWxl LXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJCYWxsb29uIFRleHQgQ2hhciI7DQoJbWFy Z2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjguMHB0Ow0KCWZv bnQtZmFtaWx5OiJUYWhvbWEiLCJzYW5zLXNlcmlmIjt9DQpwLk1zb0xpc3RQYXJhZ3JhcGgsIGxp Lk1zb0xpc3RQYXJhZ3JhcGgsIGRpdi5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1zdHlsZS1wcmlv cml0eTozNDsNCgltYXJnaW4tdG9wOjBpbjsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1hcmdpbi1i b3R0b206MGluOw0KCW1hcmdpbi1sZWZ0Oi41aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0K CWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjt9 DQpzcGFuLkJhbGxvb25UZXh0Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiQmFsbG9vbiBUZXh0IENo YXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiQmFsbG9vbiBU ZXh0IjsNCglmb250LWZhbWlseToiVGFob21hIiwic2Fucy1zZXJpZiI7fQ0Kc3Bhbi5FbWFpbFN0 eWxlMjANCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki LCJzYW5zLXNlcmlmIjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIxDQoJ e21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1z ZXJpZiI7DQoJY29sb3I6IzAwMjA2MDt9DQpzcGFuLkVtYWlsU3R5bGUyMg0KCXttc28tc3R5bGUt dHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCWNvbG9yOiMxRjQ5 N0Q7DQoJZm9udC13ZWlnaHQ6bm9ybWFsOw0KCWZvbnQtc3R5bGU6bm9ybWFsOw0KCXRleHQtZGVj b3JhdGlvbjpub25lIG5vbmU7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjMNCgl7bXNvLXN0eWxlLXR5cGU6 cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgljb2xvcjojMUY0OTdEOw0K CWZvbnQtd2VpZ2h0Om5vcm1hbDsNCglmb250LXN0eWxlOm5vcm1hbDsNCgl0ZXh0LWRlY29yYXRp b246bm9uZSBub25lO30NCnNwYW4uRW1haWxTdHlsZTI0DQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6 IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsN Cglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDEx LjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9u MQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBs MA0KCXttc28tbGlzdC1pZDo3NzMxMzIyMzU7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNv LWxpc3QtdGVtcGxhdGUtaWRzOi05NzM3MjU0MzAgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMg Njc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0K QGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZl bDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87 DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N CkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y NWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21z by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDEN Cgl7bXNvLWxpc3QtaWQ6MTM1NDkxOTM0ODsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28t bGlzdC10ZW1wbGF0ZS1pZHM6LTEwOTM5MTQzMjQgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMg Njc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0K QGxpc3QgbDE6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTpsZXZlbDQNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZl bDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87 DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N CkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y NWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw5DQoJe21z by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFy Z2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNw aWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBk YXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0K PGJvZHkgYmdjb2xvcj0id2hpdGUiIGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVy cGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+WWVzLCB5b3UgaGF2ZSB0byBrZWVwIHZhbGlkYXRp bmcgdGhyb3VnaCB0aGUgbmVzdGluZyBsZXZlbHMuJm5ic3A7IChBbHRob3VnaCB0aGUgdGVybWlu YXRpb24gY29uZGl0aW9uIGFzIHdyaXR0ZW4gdXNlcyB0aGUg4oCcdHlw4oCdIHZhbHVlLCBzaW5j ZSB0aGVyZSB3aWxsIGJlIGFuIOKAnGFsZ+KAnSB2YWx1ZSBmb3IgYWxsIGxldmVscyBvZiBuZXN0 ZWQgc2lnbmluZy9lbmNyeXB0aW9uLiZuYnNwOw0KIFNlZSBTdGVwIDggb2YgdGhlIHZhbGlkYXRp b24gcnVsZXMgaW4gPGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtam9u ZXMtanNvbi13ZWItdG9rZW4tMDgjc2VjdGlvbi03Ij4NCmh0dHA6Ly90b29scy5pZXRmLm9yZy9o dG1sL2RyYWZ0LWpvbmVzLWpzb24td2ViLXRva2VuLTA4I3NlY3Rpb24tNzwvYT4uKTxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjoj MUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0 IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiBq b3NlLWJvdW5jZXNAaWV0Zi5vcmcgW21haWx0bzpqb3NlLWJvdW5jZXNAaWV0Zi5vcmddDQo8Yj5P biBCZWhhbGYgT2YgPC9iPlRob21hcyBIYXJkam9ubzxicj4NCjxiPlNlbnQ6PC9iPiBUdWVzZGF5 LCBNYXJjaCAxMywgMjAxMiAxOjAxIFBNPGJyPg0KPGI+VG86PC9iPiBKb2huIEJyYWRsZXk8YnI+ DQo8Yj5DYzo8L2I+IGpvc2VAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtqb3Nl XSBKU09OIFdlYiBUb2tlbiAoSldUKSBTcGVjaWZpY2F0aW9uIERyYWZ0IC0wODxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZh bWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj5UaGFua3MuICZuYnNw O0RvZXMgaXQgbWVhbiBKV1Qgc3VwcG9ydHMgKGFsbG93cyBmb3IpIG11bHRpLWxldmVsIG5lc3Rp bmcuJm5ic3A7IElmIHNvLCBkb2VzIGl0IG1lYW4gdGhhdCBhcyBhIHZlcmlmaWVyIEkgd291bGQg bmVlZCB0byB1cHdyYXAgKGRlY3J5cHQpIGNvbnRpbnVvdXNseSB1bnRpbCBJIHNlZSB0aGUg4oCc YWxn4oCdIGZsYWc/PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMx RjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjoj MUY0OTdEIj4vdGhvbWFzLzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv cjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+X19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBO ZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRp diBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRkaW5n OjBpbiAwaW4gMGluIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250 LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+RnJvbTo8 L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4gSm9obiBCcmFkbGV5DQo8YSBo cmVmPSJtYWlsdG86W21haWx0bzp2ZTdqdGJAdmU3anRiLmNvbV0iPlttYWlsdG86dmU3anRiQHZl N2p0Yi5jb21dPC9hPiA8YnI+DQo8Yj5TZW50OjwvYj4gVHVlc2RheSwgTWFyY2ggMTMsIDIwMTIg MTI6NDQgUE08YnI+DQo8Yj5Ubzo8L2I+IFRob21hcyBIYXJkam9ubzxicj4NCjxiPkNjOjwvYj4g PGEgaHJlZj0ibWFpbHRvOmpvc2VAaWV0Zi5vcmciPmpvc2VAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+ U3ViamVjdDo8L2I+IFJlOiBbam9zZV0gSlNPTiBXZWIgVG9rZW4gKEpXVCkgU3BlY2lmaWNhdGlv biBEcmFmdCAtMDg8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+RW5jcnlwdGluZyBhIHNpZ25lZCB0b2tlbiBvciBlbmNyeXB0aW5nIGEgc2lnbmVk IG9uZS4gJm5ic3A7VGhpcyBpcyBpbnRlbmQgdG8gYmUgb3ZlciB3aG9sZSBvYmplY3RzLiAmbmJz cDtUaGUgSldUIHNwZWMgYWxsb3dzIHRoZSBtb3JlIGNvbXBsaWNhdGVkIGNvbXBvc2l0aW9uLiZu YnNwOzxicj4NCjxicj4NClNlbnQgZnJvbSBteSBpUGhvbmU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBw dCI+PGJyPg0KT24gMjAxMi0wMy0xMywgYXQgMTI6MzYgUE0sIFRob21hcyBIYXJkam9ubyAmbHQ7 PGEgaHJlZj0ibWFpbHRvOmhhcmRqb25vQE1JVC5FRFUiPmhhcmRqb25vQE1JVC5FRFU8L2E+Jmd0 OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdp bi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2Nv bG9yOiMxRjQ5N0QiPk1pa2UsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2Nv bG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztj b2xvcjojMUY0OTdEIj5KdXN0IGEgbWlub3Igbml0L2NsYXJpZmljYXRpb246Jm5ic3A7IHdoYXQg ZG9lcyDigJxuZXN0ZWQgc2lnbmluZ+KAnSBhbmQg4oCcbmVzdGVkIGVuY3J5cHRpb27igJ0gbWVh biBpbiB0aGlzIGRyYWZ0PyAodmVyc3VzIG9yZGluYXJ5IHNpZ25pbmcgYW5kIGVuY3J5cHRpb24p Ljwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+RG9l cyBpdCBtZWFuIHNpZ25pbmcvZW5jcnlwdGlvbiBvZiBzb21lIENsYWltcyBpbnNpZGUgdGhlIEpX VCAoYXMgc2VwYXJhdGVseSBmcm9tIHNpZ25pbmcvZW5jcnlwdGlvbiB0aGUgZW50aXJlIEpXVCk/ PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNw Ozwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj5UaGFu a3MuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZu YnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj4v dGhvbWFzLzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdE Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2Zv bnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZx dW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUg MS41cHQ7cGFkZGluZzowaW4gMGluIDBpbiA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9y ZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGlu IDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250 LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+DQo8YSBo cmVmPSJtYWlsdG86am9zZS1ib3VuY2VzQGlldGYub3JnIj5qb3NlLWJvdW5jZXNAaWV0Zi5vcmc8 L2E+IDxhIGhyZWY9Im1haWx0bzpbbWFpbHRvOmpvc2UtYm91bmNlc0BpZXRmLm9yZ10iPg0KW21h aWx0bzpqb3NlLWJvdW5jZXNAaWV0Zi5vcmddPC9hPiA8Yj5PbiBCZWhhbGYgT2YgPC9iPk1pa2Ug Sm9uZXM8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBNYXJjaCAxMiwgMjAxMiA5OjA4IFBNPGJy Pg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86am9zZUBpZXRmLm9yZyI+am9zZUBpZXRmLm9y ZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW2pvc2VdIEZXOiBKU09OIFdlYiBUb2tlbiAoSldU KSBTcGVjaWZpY2F0aW9uIERyYWZ0IC0wODwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj4mbmJzcDs8L3NwYW4+ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6 IzAwMjA2MCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0 IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiBN aWtlIEpvbmVzDQo8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBNYXJjaCAxMiwgMjAxMiA2OjA3 IFBNPGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86b2F1dGhAaWV0Zi5vcmciPm9hdXRo QGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBKU09OIFdlYiBUb2tlbiAoSldUKSBT cGVjaWZpY2F0aW9uIERyYWZ0IC0wODwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPkRyYWZ0IDA4IG9mIHRoZSA8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5v cmcvaHRtbC9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0wOCI+DQpKU09OIFdlYiBUb2tlbiAo SldUKSBzcGVjaWZpY2F0aW9uPC9hPiBoYXMgYmVlbiBwdWJsaXNoZWQuICZuYnNwO0l0IHVzZXMg dGhlIDxhIGhyZWY9Imh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLz9wPTY4OCI+DQotMDEgdmVyc2lv bnMgb2YgdGhlIEpPU0Ugc3BlY2lmaWNhdGlvbnM8L2E+IGFuZCBhbHNvIGNvbnRhaW5zIHRoZXNl IGNoYW5nZXM6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5 bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+PCFbaWYgIXN1 cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9 Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBO ZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw Ow0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPlJlbW92ZWQgbGFuZ3VhZ2UgdGhhdCBy ZXF1aXJlZCB0aGF0IGEgSldUIG11c3QgaGF2ZSB0aHJlZSBwYXJ0cy4gJm5ic3A7Tm93IHRoZSBu dW1iZXIgb2YgcGFydHMgaXMgZXhwbGljaXRseSBkZXBlbmRlbnQgdXBvbiB0aGUgcmVwcmVzZW50 YXRpb24gb2YgdGhlIHVuZGVybHlpbmcgSldTIG9yIEpXRS48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0 OmwxIGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxl PSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRp Zl0+TW92ZWQgdGhlIOKAnGFsZ+KAnTrigJxub25l4oCdIGRlZmluaXRpb24gdG8gdGhlIEpXUyBz cGVjLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJ0 ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzIiPjwhW2lmICFzdXBwb3J0 TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28t bGlzdDpJZ25vcmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJv bWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwv c3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT5SZWdpc3RlcmVkIHRoZSA8c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPg0KYXBwbGljYXRpb24vand0PC9z cGFuPiBNSU1FIE1lZGlhIFR5cGUuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBh cmFncmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMSBsZXZlbDEgbGZv MiI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+ PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAm cXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPkNsYXJpZmllZCB0 aGF0IHRoZSBvcmRlciBvZiB0aGUgY3JlYXRpb24gYW5kIHZhbGlkYXRpb24gc3RlcHMgaXMgbm90 IHNpZ25pZmljYW50IGluIGNhc2VzIHdoZXJlIHRoZXJlIGFyZSBubyBkZXBlbmRlbmNpZXMgYmV0 d2VlbiB0aGUgaW5wdXRzIGFuZCBvdXRwdXRzIG9mIHRoZSBzdGVwcy48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21z by1saXN0OmwxIGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFu IHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48 IVtlbmRpZl0+Q29ycmVjdGVkIHRoZSBNYWdpYyBTaWduYXR1cmVzIGFuZCBTaW1wbGUgV2ViIFRv a2VuIChTV1QpIHJlZmVyZW5jZXMuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoaXMgc3BlY2lm aWNhdGlvbiBpcyBhdmFpbGFibGUgYXQ6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlz dFBhcmFncmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMCBsZXZlbDEg bGZvNCI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJv bCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBw dCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9 Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpzb24td2ViLXRva2VuLTA4 Ij5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0w ODwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QW4gSFRNTCBmb3JtYXR0ZWQgdmVyc2lvbiBp cyBhdmFpbGFibGUgYXQ6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFw aCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMCBsZXZlbDEgbGZvNCI+PCFb aWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4g c3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtU aW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly9z ZWxmLWlzc3VlZC5pbmZvL2RvY3MvZHJhZnQtam9uZXMtanNvbi13ZWItdG9rZW4tMDguaHRtbCI+ aHR0cDovL3NlbGYtaXNzdWVkLmluZm8vZG9jcy9kcmFmdC1qb25lcy1qc29uLXdlYi10b2tlbi0w OC5odG1sPC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgLS0gTWlrZTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0K PGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7LCZxdW90O3NlcmlmJnF1 b3Q7Ij5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4N Cmpvc2UgbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOmpvc2VAaWV0Zi5vcmciPmpv c2VAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9qb3NlIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2pv c2U8L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_4E1F6AAD24975D4BA5B168042967394366419F37TK5EX14MBXC284r_-- From ve7jtb@ve7jtb.com Tue Mar 13 14:56:17 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6EB21E802B for ; Tue, 13 Mar 2012 14:56:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.202 X-Spam-Level: X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBTmT0qDaVAv for ; Tue, 13 Mar 2012 14:56:17 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id BCEF021E8028 for ; Tue, 13 Mar 2012 14:56:16 -0700 (PDT) Received: by yenm5 with SMTP id m5so1253664yen.31 for ; Tue, 13 Mar 2012 14:56:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=7DRc28KW40iId6TiP5fO2oxRnHjrqhzpeGAbV5r8hs8=; b=fMQo6YAitt3Od4OL+sY72SZvIB/L4JDDXOjVXbjmWiy9WS+j7snoziMrpvvhISRf12 2RZIY/Ppy5wXTLmivktinNAdej7Kzc6mrvu0h/Q1XGv1XVnL9T+mq5dH09P9NJJJOy6z GL7Yjrxveagu14qNxpdwohCHLn8xwVQdqSSlmaQ6N5ycWw9skZ2g5ywaJ89lCwW+XU/C hlEfpY6WKqKd7drrd+3SkZXEj0J/jd2iskKWLqFVHt49xDZgSjQzxq4bbe76vOggQmCE yvTS/oE8xcyEL36SyBMkcjdKivj1lsGLmaYMKM4WUR4VawJwmnyGumNH/06/5J8S7UWS VW/w== Received: by 10.224.195.201 with SMTP id ed9mr453513qab.65.1331675776201; Tue, 13 Mar 2012 14:56:16 -0700 (PDT) Received: from [25.229.119.181] (md42336d0.tmodns.net. [208.54.35.212]) by mx.google.com with ESMTPS id o8sm5571637qan.11.2012.03.13.14.56.12 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 13 Mar 2012 14:56:15 -0700 (PDT) References: <4E1F6AAD24975D4BA5B16804296739436641801E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5E393DF26B791A428E5F003BB6C5342A10722362@OC11EXPO24.exchange.mit.edu> <5E393DF26B791A428E5F003BB6C5342A10722844@OC11EXPO24.exchange.mit.edu> <4E1F6AAD24975D4BA5B168042967394366419F37@TK5EX14MBXC284.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366419F37@TK5EX14MBXC284.redmond.corp.microsoft.com> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=Apple-Mail-05FBB40E-3B9C-45A0-BCAD-E2298D9F608E Message-Id: <6597F7BB-74B6-4A4F-988C-55BEF72253AC@ve7jtb.com> X-Mailer: iPhone Mail (9B179) From: John Bradley Date: Tue, 13 Mar 2012 17:56:06 -0400 To: Mike Jones X-Gm-Message-State: ALoCoQlzMVY1CWjBhpBzjTlQfL3ZVZjc4WStZngAuLQwryLG5RdQzz3beAtilSqbNpIdKKmM0ese Cc: Thomas Hardjono , "jose@ietf.org" Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 21:56:18 -0000 --Apple-Mail-05FBB40E-3B9C-45A0-BCAD-E2298D9F608E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Yes. =20 You can also pass a JWS or JWE as the value of a JWT claim.=20 John B.=20 Sent from my iPhone On 2012-03-13, at 4:08 PM, Mike Jones wrote: > Yes, you have to keep validating through the nesting levels. (Although th= e termination condition as written uses the =E2=80=9Ctyp=E2=80=9D value, sin= ce there will be an =E2=80=9Calg=E2=80=9D value for all levels of nested sig= ning/encryption. See Step 8 of the validation rules in http://tools.ietf.or= g/html/draft-jones-json-web-token-08#section-7.) > =20 > -- Mike > =20 > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Th= omas Hardjono > Sent: Tuesday, March 13, 2012 1:01 PM > To: John Bradley > Cc: jose@ietf.org > Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 > =20 > Thanks. Does it mean JWT supports (allows for) multi-level nesting. If s= o, does it mean that as a verifier I would need to upwrap (decrypt) continuo= usly until I see the =E2=80=9Calg=E2=80=9D flag? > =20 > /thomas/ > =20 > __________________________________________ > =20 > From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 > Sent: Tuesday, March 13, 2012 12:44 PM > To: Thomas Hardjono > Cc: jose@ietf.org > Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08 > =20 > Encrypting a signed token or encrypting a signed one. This is intend to b= e over whole objects. The JWT spec allows the more complicated composition.= =20 >=20 > Sent from my iPhone >=20 > On 2012-03-13, at 12:36 PM, Thomas Hardjono wrote: >=20 > Mike, > =20 > Just a minor nit/clarification: what does =E2=80=9Cnested signing=E2=80=9D= and =E2=80=9Cnested encryption=E2=80=9D mean in this draft? (versus ordinar= y signing and encryption). > =20 > Does it mean signing/encryption of some Claims inside the JWT (as separate= ly from signing/encryption the entire JWT)? > =20 > Thanks. > =20 > /thomas/ > =20 > =20 > __________________________________________ > =20 > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mi= ke Jones > Sent: Monday, March 12, 2012 9:08 PM > To: jose@ietf.org > Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08 > =20 > =20 > =20 > From: Mike Jones=20 > Sent: Monday, March 12, 2012 6:07 PM > To: oauth@ietf.org > Subject: JSON Web Token (JWT) Specification Draft -08 > =20 > Draft 08 of the JSON Web Token (JWT) specification has been published. It= uses the -01 versions of the JOSE specifications and also contains these ch= anges: > =C2=B7 Removed language that required that a JWT must have three pa= rts. Now the number of parts is explicitly dependent upon the representatio= n of the underlying JWS or JWE. > =C2=B7 Moved the =E2=80=9Calg=E2=80=9D:=E2=80=9Cnone=E2=80=9D defin= ition to the JWS spec. > =C2=B7 Registered the application/jwt MIME Media Type. > =C2=B7 Clarified that the order of the creation and validation step= s is not significant in cases where there are no dependencies between the in= puts and outputs of the steps. > =C2=B7 Corrected the Magic Signatures and Simple Web Token (SWT) re= ferences. > =20 > This specification is available at: > =C2=B7 http://tools.ietf.org/html/draft-jones-json-web-token-08 > =20 > An HTML formatted version is available at: > =C2=B7 http://self-issued.info/docs/draft-jones-json-web-token-08.h= tml > =20 > -- Mike > =20 > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose --Apple-Mail-05FBB40E-3B9C-45A0-BCAD-E2298D9F608E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Yes.  

=
You can also pass a JWS or JWE as the value of a JWT claim. =

John B. 

Sent from my iPhone

On 2012-03-13, at 4:08 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:

Yes, you have to keep v= alidating through the nesting levels.  (Although the termination condit= ion as written uses the =E2=80=9Ctyp=E2=80=9D value, since there will be an =E2= =80=9Calg=E2=80=9D value for all levels of nested signing/encryption.  See Step 8 of the validation rules in http://tools.ietf.org/html/draft-jones-json-web-token-08#section-7.)

 

    = ;            &nb= sp;            &= nbsp;            = ;            &nb= sp;     -- Mike

 

From: jose-bounces@ietf.org [mailto:jose-bounces= @ietf.org] On Behalf Of Thomas Hardjono
Sent: Tuesday, March 13, 2012 1:01 PM
To: John Bradley
Cc: jose@ietf.org
Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08=

 

Thanks.  Does it mean JWT supports (allows for) multi-leve= l nesting.  If so, does it mean that as a verifier I would need to upwr= ap (decrypt) continuously until I see the =E2=80=9Calg=E2=80=9D flag?

 

/thomas/

 

__________________________________________

 

From: John Bradle= y [mailto:ve7jtb@ve7jtb.com]=
Sent: Tuesday, March 13, 2012 12:44 PM
To: Thomas Hardjono
Cc: jose@ietf.org
Subject: Re: [jose] JSON Web Token (JWT) Specification Draft -08=

 

Encrypting a signed token or encrypting a signed one.=  This is intend to be over whole objects.  The JWT spec allows th= e more complicated composition. 

Sent from my iPhone


On 2012-03-13, at 12:36 PM, Thomas Hardjono <hardjono@MIT.EDU> wrote:

Mike,

 

Just a minor nit/clarification:  what does =E2=80=9Cnested= signing=E2=80=9D and =E2=80=9Cnested encryption=E2=80=9D mean in this draft= ? (versus ordinary signing and encryption).

 

Does it mean signing/encryption of some Claims inside the JWT (= as separately from signing/encryption the entire JWT)?

=

 

Thanks.

 

/thomas/

 

 

__________________________________________

 

From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Monday, March 12, 2012 9:08 PM
To: jose@ietf.org
Subject: [jose] FW: JSON Web Token (JWT) Specification Draft -08

 

 

 

From: Mike Jones
Sent: Monday, March 12, 2012 6:07 PM
To: oauth@ietf.org
Subject: JSON Web Token (JWT) Specification Draft -08

 

Draft 08 of the JSON Web Token (JWT) specification has been published.  It uses the= -01 versions of the JOSE specifications and also contains these changes:=

=C2=B7        Removed language that required that a JWT= must have three parts.  Now the number of parts is explicitly dependen= t upon the representation of the underlying JWS or JWE.

=C2=B7        Moved the =E2=80=9Calg=E2=80=9D:=E2=80=9C= none=E2=80=9D definition to the JWS spec.

=C2=B7        Registered the application/jwt MIME Media Type.

=C2=B7        Clarified that the order of the creation a= nd validation steps is not significant in cases where there are no dependenc= ies between the inputs and outputs of the steps.

=C2=B7        Corrected the Magic Signatures and Simple= Web Token (SWT) references.

 

This specification is available at:

=C2=B7        http://tools.ietf.org/html/draft-jones-json-web-= token-08

 

An HTML formatted version is available at:=

=C2=B7        http://self-issued.info/docs/draft-jones-= json-web-token-08.html

 

         = ;            &nb= sp;            &= nbsp;            = ;            &nb= sp;    -- Mike

 

______________________________________= _________
jose mailing list
jose@ietf.org
https://www.ietf.org/= mailman/listinfo/jose

= --Apple-Mail-05FBB40E-3B9C-45A0-BCAD-E2298D9F608E-- From khali3620@gmail.com Wed Mar 14 06:12:14 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 308B521F8703 for ; Wed, 14 Mar 2012 06:12:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2ZysIIbQyFi for ; Wed, 14 Mar 2012 06:12:13 -0700 (PDT) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by ietfa.amsl.com (Postfix) with ESMTP id 6B0FF21F86F4 for ; Wed, 14 Mar 2012 06:12:13 -0700 (PDT) Received: by dald2 with SMTP id d2so3863136dal.27 for ; Wed, 14 Mar 2012 06:12:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=QKA1KgTc80v+8SQ3g2xMmh5Mna28TCavLIz+RLeOTHg=; b=06vXQOPeERPcgtmMb/Yb2+kI9FF3FXCiRWLDFXmMvfGaHQqsqcu6hExY7QhuSnGxJR 8zgaOgDN79TxuiDdAxXDwUimlzIzOgK1gzL7f8XmDzfkjocM8kWI9Na6fjwV+Tay4z5d /XydlGBjsqBxpdOGNE3SkoO64MlAdeBZM+eeiQ5+a5yhC2rfbgxptiXHQ91J5NvQSMxp vDJpT2QVfngsw0V6f+BcHtebII02y+URMj03vLKyfjshwyCr2C8gge0vnB4Rysvyo47p Z/gI8VEG5UIcDmePE4mL2BlJa8Ok4TnQb21sBHjp4O1NgvIJvs/C4NzU5mya3XwB7mLD Xagg== MIME-Version: 1.0 Received: by 10.68.213.163 with SMTP id nt3mr3319125pbc.14.1331730726167; Wed, 14 Mar 2012 06:12:06 -0700 (PDT) Received: by 10.142.174.20 with HTTP; Wed, 14 Mar 2012 06:12:06 -0700 (PDT) Date: Wed, 14 Mar 2012 15:12:06 +0200 Message-ID: From: khali singh To: jose@ietf.org Content-Type: multipart/alternative; boundary=e89a8ff1cb62dea33d04bb33b894 X-Mailman-Approved-At: Wed, 14 Mar 2012 09:48:51 -0700 Subject: [jose] application/jwt? X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 13:18:43 -0000 --e89a8ff1cb62dea33d04bb33b894 Content-Type: text/plain; charset=ISO-8859-1 Hi Mike and others I am reading the JOSE drafts. I have a question regarding it. Suppose I want to sign some random non json data in JWS. Does this mean that the media type still has to be application/jwt? How does the other party know how to interpret the payload that I send? Best Regards Khali --e89a8ff1cb62dea33d04bb33b894 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Mike and others

I am reading the JOSE drafts. I have a question regarding it. Suppose I wan= t to sign some random non json data in JWS. Does this mean that the media t= ype still has to be application/jwt? How does the other party know how to i= nterpret the payload that I send?

Best Regards
Khali
--e89a8ff1cb62dea33d04bb33b894-- From Frederick.Hirsch@nokia.com Wed Mar 14 08:33:07 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 347A221F8796 for ; Wed, 14 Mar 2012 08:33:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-qBp+HKDgmj for ; Wed, 14 Mar 2012 08:33:06 -0700 (PDT) Received: from mgw-da01.nokia.com (smtp.nokia.com [147.243.128.24]) by ietfa.amsl.com (Postfix) with ESMTP id 5CEA221F862F for ; Wed, 14 Mar 2012 08:33:06 -0700 (PDT) Received: from vaebh101.NOE.Nokia.com (in-mx.nokia.com [10.160.244.22]) by mgw-da01.nokia.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id q2EFX3oA021065 for ; Wed, 14 Mar 2012 17:33:04 +0200 Received: from smtp.mgd.nokia.com ([65.54.30.60]) by vaebh101.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 14 Mar 2012 17:33:03 +0200 Received: from 008-AM1MPN1-034.mgdnok.nokia.com ([169.254.4.44]) by 008-AM1MMR1-005.mgdnok.nokia.com ([65.54.30.60]) with mapi id 14.01.0355.003; Wed, 14 Mar 2012 16:33:02 +0100 From: To: Thread-Topic: JSON Web Signature, Encryption comment, signature best practices Thread-Index: AQHNAfe9cbRw9NVIkUet0eQv9oaLwQ== Date: Wed, 14 Mar 2012 15:33:01 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.184.18.26] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 14 Mar 2012 15:33:03.0008 (UTC) FILETIME=[BE9C5A00:01CD01F7] X-Nokia-AV: Clean X-Mailman-Approved-At: Wed, 14 Mar 2012 09:48:51 -0700 Cc: Frederick.Hirsch@nokia.com Subject: [jose] JSON Web Signature, Encryption comment, signature best practices X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 15:33:07 -0000 Hi You might wish to add an informative reference to XML Signature 1.1 to the= JSON web signature draft (similar to having informative reference to XML E= ncryption 1.1 in JSON encryption draft). [XMLDSIG-CORE1] D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML Signat= ure Syntax and Processing Version 1.1. 3 March 2011. W3C Candidate Recommen= dation. (Work in progress.) URL: http://www.w3.org/TR/2011/CR-xmldsig-core1= -20110303/ The XML Encryption 1.1 reference should be updated [XMLENC-CORE1] J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and P= rocessing Version 1.1. 13 March 2012. W3C Candidate Recommendation. (Work i= n progress.) URL: http://www.w3.org/TR/2012/CR-xmlenc-core1-20120313/ In addition, it might be useful to reference the XML Signature Best Practi= ces document, as similar issues may apply to JSON signing [XMLDSIG-BESTPRACTICES] Pratik Datta; Frederick Hirsch. XML Signature Best Practices. 9 August 2011= . W3C Working Draft. (Work in progress.) URL:http://www.w3.org/TR/2011/WD-x= mldsig-bestpractices-20110809/ regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG From Michael.Jones@microsoft.com Wed Mar 14 09:56:58 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5748B21F85F8 for ; Wed, 14 Mar 2012 09:56:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.871 X-Spam-Level: X-Spam-Status: No, score=-3.871 tagged_above=-999 required=5 tests=[AWL=-0.273, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SyAJlkum0Fdj for ; Wed, 14 Mar 2012 09:56:57 -0700 (PDT) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id 1D89C21F87B7 for ; Wed, 14 Mar 2012 09:56:56 -0700 (PDT) Received: from mail18-ch1-R.bigfish.com (10.43.68.234) by CH1EHSOBE003.bigfish.com (10.43.70.53) with Microsoft SMTP Server id 14.1.225.23; Wed, 14 Mar 2012 16:56:57 +0000 Received: from mail18-ch1 (localhost [127.0.0.1]) by mail18-ch1-R.bigfish.com (Postfix) with ESMTP id A4BB8300141; Wed, 14 Mar 2012 16:56:57 +0000 (UTC) X-SpamScore: -21 X-BigFish: VS-21(zz9371Ic85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail18-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail18-ch1 (localhost.localdomain [127.0.0.1]) by mail18-ch1 (MessageSwitch) id 1331744214673521_10259; Wed, 14 Mar 2012 16:56:54 +0000 (UTC) Received: from CH1EHSMHS006.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.254]) by mail18-ch1.bigfish.com (Postfix) with ESMTP id A0BB22004D; Wed, 14 Mar 2012 16:56:54 +0000 (UTC) Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS006.bigfish.com (10.43.70.6) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 14 Mar 2012 16:56:53 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0283.004; Wed, 14 Mar 2012 16:56:34 +0000 From: Mike Jones To: khali singh , "jose@ietf.org" Thread-Topic: [jose] application/jwt? Thread-Index: AQHNAgJauIEQUj82aEm0IgZE+Muf/5ZqAbtA Date: Wed, 14 Mar 2012 16:56:33 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436641D18B@TK5EX14MBXC284.redmond.corp.microsoft.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.37] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436641D18BTK5EX14MBXC284r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: Re: [jose] application/jwt? X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 16:56:58 -0000 --_000_4E1F6AAD24975D4BA5B16804296739436641D18BTK5EX14MBXC284r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Two answers. First, it may be clear from the application context what the = type of the signed content is, so you may need no syntax on the wire to say= what it is. If in the context, you might be sending different kinds of JW= S content, in that case, you can use the "typ" header parameter to disambig= uate between them. The media type application/jwt is applicable when sending a JSON Web Token = in an HTTP message. Of course, not all JWSs are JWTs, so in many cases, th= e media type application/jwt would not apply. -- Mike From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of kha= li singh Sent: Wednesday, March 14, 2012 6:12 AM To: jose@ietf.org Subject: [jose] application/jwt? Hi Mike and others I am reading the JOSE drafts. I have a question regarding it. Suppose I wan= t to sign some random non json data in JWS. Does this mean that the media t= ype still has to be application/jwt? How does the other party know how to i= nterpret the payload that I send? Best Regards Khali --_000_4E1F6AAD24975D4BA5B16804296739436641D18BTK5EX14MBXC284r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Two answers.  First,= it may be clear from the application context what the type of the signed c= ontent is, so you may need no syntax on the wire to say what it is.  If in the context, you might be sending different kinds of JW= S content, in that case, you can use the “typ” header parameter= to disambiguate between them.

 <= /p>

The media type applicatio= n/jwt is applicable when sending a JSON Web Token in an HTTP message. = Of course, not all JWSs are JWTs, so in many cases, the media type application/jwt would not apply.

 <= /p>

    &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     -- Mike

 <= /p>

From: jose-bou= nces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of khali singh
Sent: Wednesday, March 14, 2012 6:12 AM
To: jose@ietf.org
Subject: [jose] application/jwt?

 

Hi Mike and others

 

I am reading t= he JOSE drafts. I have a question regarding it. Suppose I want to sign some= random non json data in JWS. Does this mean that the media type still has to be application/jwt? How does the other party know how to= interpret the payload that I send?

 

Best Regards

Khali

--_000_4E1F6AAD24975D4BA5B16804296739436641D18BTK5EX14MBXC284r_-- From Michael.Jones@microsoft.com Wed Mar 14 09:57:40 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F254C21F86EB for ; Wed, 14 Mar 2012 09:57:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.867 X-Spam-Level: X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[AWL=-0.268, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fkCTTxnZPtjV for ; Wed, 14 Mar 2012 09:57:39 -0700 (PDT) Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe002.messaging.microsoft.com [213.199.154.140]) by ietfa.amsl.com (Postfix) with ESMTP id AD36021F85F8 for ; Wed, 14 Mar 2012 09:57:38 -0700 (PDT) Received: from mail67-db3-R.bigfish.com (10.3.81.243) by DB3EHSOBE002.bigfish.com (10.3.84.22) with Microsoft SMTP Server id 14.1.225.23; Wed, 14 Mar 2012 16:57:39 +0000 Received: from mail67-db3 (localhost [127.0.0.1]) by mail67-db3-R.bigfish.com (Postfix) with ESMTP id 4F2F53401CF; Wed, 14 Mar 2012 16:57:39 +0000 (UTC) X-SpamScore: -29 X-BigFish: VS-29(zz9371I103dK542Mzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail67-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail67-db3 (localhost.localdomain [127.0.0.1]) by mail67-db3 (MessageSwitch) id 1331744257998144_28071; Wed, 14 Mar 2012 16:57:37 +0000 (UTC) Received: from DB3EHSMHS011.bigfish.com (unknown [10.3.81.230]) by mail67-db3.bigfish.com (Postfix) with ESMTP id EBCB4100063; Wed, 14 Mar 2012 16:57:37 +0000 (UTC) Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS011.bigfish.com (10.3.87.111) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 14 Mar 2012 16:57:37 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0283.004; Wed, 14 Mar 2012 16:57:19 +0000 From: Mike Jones To: "Frederick.Hirsch@nokia.com" , "jose@ietf.org" Thread-Topic: [jose] JSON Web Signature, Encryption comment, signature best practices Thread-Index: Ac0CA4RDnVjeBmMBQ8SmebiD7IJ4ug== Date: Wed, 14 Mar 2012 16:57:19 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436641D1B6@TK5EX14MBXC284.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.37] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: Re: [jose] JSON Web Signature, Encryption comment, signature best practices X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 16:57:40 -0000 Will do - thanks! -- Mike -----Original Message----- From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Fre= derick.Hirsch@nokia.com Sent: Wednesday, March 14, 2012 8:33 AM To: jose@ietf.org Cc: Frederick.Hirsch@nokia.com Subject: [jose] JSON Web Signature, Encryption comment, signature best prac= tices Hi You might wish to add an informative reference to XML Signature 1.1 to the= JSON web signature draft (similar to having informative reference to XML E= ncryption 1.1 in JSON encryption draft). [XMLDSIG-CORE1] D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML Signat= ure Syntax and Processing Version 1.1. 3 March 2011. W3C Candidate Recommen= dation. (Work in progress.) URL: http://www.w3.org/TR/2011/CR-xmldsig-core1= -20110303/ The XML Encryption 1.1 reference should be updated [XMLENC-CORE1] J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and P= rocessing Version 1.1. 13 March 2012. W3C Candidate Recommendation. (Work i= n progress.) URL: http://www.w3.org/TR/2012/CR-xmlenc-core1-20120313/ In addition, it might be useful to reference the XML Signature Best Practi= ces document, as similar issues may apply to JSON signing [XMLDSIG-BESTPRACTICES] Pratik Datta; Frederick Hirsch. XML Signature Best Practices. 9 August 2011= . W3C Working Draft. (Work in progress.) URL:http://www.w3.org/TR/2011/WD-x= mldsig-bestpractices-20110809/ regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose From khali3620@gmail.com Wed Mar 14 12:34:01 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04A5721F84FD for ; Wed, 14 Mar 2012 12:34:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.522 X-Spam-Level: X-Spam-Status: No, score=-3.522 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KP66NdNeeh5D for ; Wed, 14 Mar 2012 12:34:00 -0700 (PDT) Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5AB8F21F84FC for ; Wed, 14 Mar 2012 12:33:59 -0700 (PDT) Received: by ghbg16 with SMTP id g16so2514457ghb.31 for ; Wed, 14 Mar 2012 12:33:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=F7asCo0Nt/zcov3aohidDh+skccv78/7AfM374UFFwE=; b=IvBKXiZmLHNYIf8rn4UohWTVmMZSPThSw2BZQAeQNblBZKIzHchxUefUPe/m7fUP51 Mw3fLOkEkEe6UTNQdNoqrCAXC9GMJ8bxrGiezeXyxU9HC/p+KIHa5/yOvr5bqUnmaKhS M54FpXT2T79Kta/nUrHqUE4v3X66x/3ttmvG0tzDrzaQKoasu3gnXsUZksvsuJwUqMMD h8F6vGovh9nXdrl2Qkjisic6ab+iHSY2TvEGTXHtG1K7XfhmNUZ7pbuvmsmwQEXKAvWC 7xVEsjD3UoH139WFJAy/y770IO+/UoDfOodDQ7hr3jGHKxUSuw5NH/qhKWgbjlQX6TN9 f5pw== MIME-Version: 1.0 Received: by 10.68.212.232 with SMTP id nn8mr4301447pbc.156.1331753638602; Wed, 14 Mar 2012 12:33:58 -0700 (PDT) Received: by 10.142.174.20 with HTTP; Wed, 14 Mar 2012 12:33:58 -0700 (PDT) In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436641D18B@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436641D18B@TK5EX14MBXC284.redmond.corp.microsoft.com> Date: Wed, 14 Mar 2012 21:33:58 +0200 Message-ID: From: khali singh To: Mike Jones , jose@ietf.org Content-Type: multipart/alternative; boundary=e89a8ffba8a58ea68a04bb390e09 X-Mailman-Approved-At: Wed, 14 Mar 2012 12:35:45 -0700 Subject: Re: [jose] application/jwt? X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 19:34:01 -0000 --e89a8ffba8a58ea68a04bb390e09 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi I am not sure if I have understood this clearly. Let's say I am using a protocol like HTTP/CoAP or some other Restful protocol. Now I would like to tell the other party that it should interpret the payload as "xyz" by setting the content-type in the header as application/json or application/media or so on etc. etc. Now I want to sign random data, could be a string or could be a structured object. I can differentiate it by the "typ" in the header of JWS. But how does the other party know to interpret the payload in the packet as a JWS/signature in the first place. I am sort of a newbie so forgive me if I am missing something here? Best Khali On Wed, Mar 14, 2012 at 6:56 PM, Mike Jones wr= ote: > Two answers. First, it may be clear from the application context what > the type of the signed content is, so you may need no syntax on the wire = to > say what it is. If in the context, you might be sending different kinds = of > JWS content, in that case, you can use the =93typ=94 header parameter to > disambiguate between them.**** > > ** ** > > The media type application/jwt is applicable when sending a JSON Web Toke= n > in an HTTP message. Of course, not all JWSs are JWTs, so in many cases, > the media type application/jwt would not apply.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf > Of *khali singh > *Sent:* Wednesday, March 14, 2012 6:12 AM > *To:* jose@ietf.org > *Subject:* [jose] application/jwt?**** > > ** ** > > Hi Mike and others**** > > ** ** > > I am reading the JOSE drafts. I have a question regarding it. Suppose I > want to sign some random non json data in JWS. Does this mean that the > media type still has to be application/jwt? How does the other party know > how to interpret the payload that I send?**** > > ** ** > > Best Regards**** > > Khali**** > --e89a8ffba8a58ea68a04bb390e09 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi

I am not sure if I have understood this clearly. Let&= #39;s say I am using a protocol like HTTP/CoAP or some other Restful protoc= ol. Now I would like to tell the other party that it should interpret the p= ayload as "xyz" by setting the content-type in the header as appl= ication/json or application/media or so on etc. etc.

Now I want to sign random data, could be a string or co= uld be a structured object. I can differentiate it by the "typ" i= n the header of JWS. But how does the other party know to interpret the pay= load in the packet as a JWS/signature in the first place.=A0

I am sort of a newbie so forgive me if I am missing som= ething here?

Best
Khali
On Wed, Mar 14, 2012 at 6:56 PM, Mike Jones <Michael.Jones@microsoft= .com> wrote:

Two answers.=A0 First, it= may be clear from the application context what the type of the signed cont= ent is, so you may need no syntax on the wire to say what it is.=A0 If in the context, you might be sending different kinds of JWS c= ontent, in that case, you can use the =93typ=94 header parameter to disambi= guate between them.

=A0<= /p>

The media type applicatio= n/jwt is applicable when sending a JSON Web Token in an HTTP message.=A0 Of= course, not all JWSs are JWTs, so in many cases, the media type application/jwt would not apply.

=A0<= /p>

=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0 -- Mike

=A0<= /p>

From: jose-bounces@ietf.org [mailto:jose-= bounces@ietf.org] On Behalf Of khali singh
Sent: Wednesday, March 14, 2012 6:12 AM
To: jose@ietf.org=
Subject: [jose] application/jwt?

<= /div>

=A0

Hi Mike and others

=A0<= /u>

I am reading t= he JOSE drafts. I have a question regarding it. Suppose I want to sign some= random non json data in JWS. Does this mean that the media type still has to be application/jwt? How does the other party know how to= interpret the payload that I send?

=A0<= /u>

Best Regards

Khali


--e89a8ffba8a58ea68a04bb390e09-- From jimsch@augustcellars.com Wed Mar 14 15:15:10 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79FD821F86C7 for ; Wed, 14 Mar 2012 15:15:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.438 X-Spam-Level: X-Spam-Status: No, score=-1.438 tagged_above=-999 required=5 tests=[AWL=-1.546, BAYES_05=-1.11, RCVD_IN_DNSWL_LOW=-1, TVD_SPACE_RATIO=2.219] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joHX8GHk82wW for ; Wed, 14 Mar 2012 15:15:10 -0700 (PDT) Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA6121F8866 for ; Wed, 14 Mar 2012 15:15:10 -0700 (PDT) Received: from Tobias (173-160-230-153-Washington.hfc.comcastbusiness.net [173.160.230.153]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id 0974B2CA1B for ; Wed, 14 Mar 2012 15:15:09 -0700 (PDT) From: "Jim Schaad" To: Date: Wed, 14 Mar 2012 15:14:22 -0700 Message-ID: <01ca01cd022f$cf717490$6e545db0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: Ac0CL8huwi0FWxncQ1i+lnR7tHLukg== Content-Language: en-us Subject: [jose] Agenda X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 22:15:10 -0000 Agenda is now posted @ http://www.ietf.org/proceedings/83/agenda/agenda-83-jose.html Jim From Michael.Jones@microsoft.com Thu Mar 15 01:48:20 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE5E21F8698 for ; Thu, 15 Mar 2012 01:48:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.852 X-Spam-Level: X-Spam-Status: No, score=-3.852 tagged_above=-999 required=5 tests=[AWL=-0.254, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBHU79zPlYIT for ; Thu, 15 Mar 2012 01:48:18 -0700 (PDT) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id AB23E21F8693 for ; Thu, 15 Mar 2012 01:48:18 -0700 (PDT) Received: from mail75-ch1-R.bigfish.com (10.43.68.233) by CH1EHSOBE009.bigfish.com (10.43.70.59) with Microsoft SMTP Server id 14.1.225.23; Thu, 15 Mar 2012 08:48:19 +0000 Received: from mail75-ch1 (localhost [127.0.0.1]) by mail75-ch1-R.bigfish.com (Postfix) with ESMTP id B781542005C; Thu, 15 Mar 2012 08:48:18 +0000 (UTC) X-SpamScore: -24 X-BigFish: VS-24(zz9371Ic85fh98dKzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail75-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail75-ch1 (localhost.localdomain [127.0.0.1]) by mail75-ch1 (MessageSwitch) id 1331801297207770_1451; Thu, 15 Mar 2012 08:48:17 +0000 (UTC) Received: from CH1EHSMHS020.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.230]) by mail75-ch1.bigfish.com (Postfix) with ESMTP id 2E0F34C004D; Thu, 15 Mar 2012 08:48:17 +0000 (UTC) Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS020.bigfish.com (10.43.70.20) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 15 Mar 2012 08:48:16 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0283.004; Thu, 15 Mar 2012 08:47:58 +0000 From: Mike Jones To: khali singh , "jose@ietf.org" Thread-Topic: [jose] application/jwt? Thread-Index: AQHNAgJauIEQUj82aEm0IgZE+Muf/5ZqAbtAgAAtDQCAANuFEA== Date: Thu, 15 Mar 2012 08:47:57 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436641F0E9@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436641D18B@TK5EX14MBXC284.redmond.corp.microsoft.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.36] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436641F0E9TK5EX14MBXC284r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: Re: [jose] application/jwt? X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 08:48:20 -0000 --_000_4E1F6AAD24975D4BA5B16804296739436641F0E9TK5EX14MBXC284r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable If the content is not a JWT, there isn't presently a MIME type for describi= ng it. The MIME types application/jws and application/jwe could be introdu= ced for this purpose if the working feels that this is appropriate and ther= e is a need to do so. Another possibility is introducing a single MIME typ= e saying that the content follows the JOSE encodings (such as application/j= ose?), which would require the receiver to then look at the header to deter= mine whether the content is a JWS or JWE. I'm curious what others think about this issue. -- Mike From: khali singh [mailto:khali3620@gmail.com] Sent: Wednesday, March 14, 2012 12:34 PM To: Mike Jones; jose@ietf.org Subject: Re: [jose] application/jwt? Hi I am not sure if I have understood this clearly. Let's say I am using a pro= tocol like HTTP/CoAP or some other Restful protocol. Now I would like to te= ll the other party that it should interpret the payload as "xyz" by setting= the content-type in the header as application/json or application/media or= so on etc. etc. Now I want to sign random data, could be a string or could be a structured = object. I can differentiate it by the "typ" in the header of JWS. But how d= oes the other party know to interpret the payload in the packet as a JWS/si= gnature in the first place. I am sort of a newbie so forgive me if I am missing something here? Best Khali On Wed, Mar 14, 2012 at 6:56 PM, Mike Jones > wrote: Two answers. First, it may be clear from the application context what the = type of the signed content is, so you may need no syntax on the wire to say= what it is. If in the context, you might be sending different kinds of JW= S content, in that case, you can use the "typ" header parameter to disambig= uate between them. The media type application/jwt is applicable when sending a JSON Web Token = in an HTTP message. Of course, not all JWSs are JWTs, so in many cases, th= e media type application/jwt would not apply. -- Mike From: jose-bounces@ietf.org [mailto:jose-boun= ces@ietf.org] On Behalf Of khali singh Sent: Wednesday, March 14, 2012 6:12 AM To: jose@ietf.org Subject: [jose] application/jwt? Hi Mike and others I am reading the JOSE drafts. I have a question regarding it. Suppose I wan= t to sign some random non json data in JWS. Does this mean that the media t= ype still has to be application/jwt? How does the other party know how to i= nterpret the payload that I send? Best Regards Khali --_000_4E1F6AAD24975D4BA5B16804296739436641F0E9TK5EX14MBXC284r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

If the content is not a J= WT, there isn’t presently a MIME type for describing it.  The MI= ME types application/jws and application/jwe could be introduced for this purpose if the working feels that this is appropriate and there is a = need to do so.  Another possibility is introducing a single MIME type = saying that the content follows the JOSE encodings (such as application/jos= e?), which would require the receiver to then look at the header to determine whether the content is a JWS or JW= E.

 <= /p>

I’m curious what ot= hers think about this issue.

 <= /p>

    &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     -- Mike

 <= /p>

From: khali si= ngh [mailto:khali3620@gmail.com]
Sent: Wednesday, March 14, 2012 12:34 PM
To: Mike Jones; jose@ietf.org
Subject: Re: [jose] application/jwt?

 

Hi

 

I am not sure if I have understood this clearly. Let= 's say I am using a protocol like HTTP/CoAP or some other Restful protocol.= Now I would like to tell the other party that it should interpret the payl= oad as "xyz" by setting the content-type in the header as application/json or application/media or so on etc. etc.<= o:p>

 

Now I want to sign random data, could be a string or= could be a structured object. I can differentiate it by the "typ"= ; in the header of JWS. But how does the other party know to interpret the = payload in the packet as a JWS/signature in the first place. 

 

I am sort of a newbie so forgive me if I am missing = something here?

 

Best

Khali

On Wed, Mar 14, 2012 at 6:56 PM, Mike Jones <Michael.Jones@microsoft.com&= gt; wrote:

Two answers.  First, it may be cle= ar from the application context what the type of the signed content is, so you may need no syntax on the wire to say what it is.  If in t= he context, you might be sending different kinds of JWS content, in that ca= se, you can use the “typ” header parameter to disambiguate betw= een them.

 

The media type application/jwt is appli= cable when sending a JSON Web Token in an HTTP message.  Of course, not all JWSs are JWTs, so in many cases, the media type applicatio= n/jwt would not apply.

 

      &nb= sp;            =             &nb= sp;            =             &nb= sp;   -- Mike

 

From: jose-bounces@iet= f.org [mailto:jose-bounces@ietf.org] On Behalf Of khali singh
Sent: Wednesday, March 14, 2012 6:12 AM
To: jose@ietf.org=
Subject: [jose] application/jwt?

 

Hi Mike and others

 

I am reading the JOSE drafts. I have a question regarding it. Su= ppose I want to sign some random non json data in JWS. Does this mean that = the media type still has to be application/jwt? How does the other party know how to interpret the payload that I send?=

 

Best Regards

Khali

 

--_000_4E1F6AAD24975D4BA5B16804296739436641F0E9TK5EX14MBXC284r_-- From ve7jtb@ve7jtb.com Mon Mar 19 09:31:57 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C85A021F8860 for ; Mon, 19 Mar 2012 09:31:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.641 X-Spam-Level: X-Spam-Status: No, score=-2.641 tagged_above=-999 required=5 tests=[AWL=-0.260, BAYES_00=-2.599, J_CHICKENPOX_32=0.6, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSE2JWB9gcPf for ; Mon, 19 Mar 2012 09:31:57 -0700 (PDT) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1E47B21F885F for ; Mon, 19 Mar 2012 09:31:56 -0700 (PDT) Received: by yhkk25 with SMTP id k25so3311071yhk.31 for ; Mon, 19 Mar 2012 09:31:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=RRX4DneZALRoV5r4wjpi4+FBs8KFCa1Vl33YyeZhd1Q=; b=VZ8VBRCqgLkLk49y/4MLN8P5ED8wl7VV2Dt21pEPjX/JTbLhe5srAc+Li8o0xmW9r6 U41zxLl9ANZ44595LSsbgcCkhNg4otklVSbze0xdM1nWykpK4x9ZfQXXziFNUBvsn3nI 6iKRdz+qbaMdRW9x1KUE98zZvzpx1awciBYcT/Tn7dHY3uGQ7N6DJySNPm+3jdqR2FCB gSrnGgmUnJmmB2yMFb+fk/o6XIw82sxeaHY3Clv5R+xUOdwYl2chPAORWDLVb4LKD/U2 uF5wPJWK72gOR2g8kqnGw8WNxHnKqrdDcPy5VCB2wNhA+aE7rZXC44WjitXLseoshPUw ZX+w== Received: by 10.236.187.6 with SMTP id x6mr1070640yhm.12.1332174716322; Mon, 19 Mar 2012 09:31:56 -0700 (PDT) Received: from [192.168.1.213] ([190.20.24.135]) by mx.google.com with ESMTPS id 2sm9373968ane.12.2012.03.19.09.31.48 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Mar 2012 09:31:54 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: multipart/signed; boundary="Apple-Mail=_A677CF77-976E-4CDE-B5CD-7EF1E1624137"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: Date: Mon, 19 Mar 2012 13:31:26 -0300 Message-Id: References: <4E1F6AAD24975D4BA5B16804296739436641D81E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5710F82C0E73B04FA559560098BF95B1250DCE94E0@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> To: Blaine Cook X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQnJX4JVaXa3GYVZ3hqpU6NTL84dS6r79q1NpljmqaqSJu3qM/b6pLfSWxkUIhW/bS3eWdoq Cc: "oauth@ietf.org WG" , jose@ietf.org Subject: Re: [jose] [OAUTH-WG] OAuth WG Re-Chartering X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2012 16:31:57 -0000 --Apple-Mail=_A677CF77-976E-4CDE-B5CD-7EF1E1624137 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii There is not intention to bring the openID Connect work to the OAuth WG. It like many other protocols rely on OAuth 2.0 but are not part of it. However if there are some things that we are doing as OAuth 2.0 = extensions that are more general and can be standardized in the IETF, we should = understand=20 what they are. =20 We are having a openID Connect meeting on Sunday prior to IETF. People are encouraged to attend and refine opinions about the = appropriate homes for some of this new(to IETF) work. Registration is at: http://www.eventbrite.com/event/3064019565 The account chooser WG that Blaine mentioned at OIDF is up and running = now, with a online meeting happening=20 Thursday for those that are interested. https://sites.google.com/site/oidfacwg/ http://acwg2012march-estw.eventbrite.com So +1 for composition. John B. On 2012-03-19, at 12:24 PM, Blaine Cook wrote: > On 15 March 2012 17:31, Zeltsan, Zachary (Zachary) > wrote: >> ... Considering OpenID Connect as a motivating use case for OAuth, = SWD is >> the one spec that would then be missing for this OAuth use case. >=20 > I worry that bringing OpenID Connect into OAuth (rather than building > upon OAuth) will have detrimental effects for both efforts. OAuth is > successful in part because we chose not to push OAuth-like > functionality into the OpenID umbrella (which at the time was focused > on shipping OpenID 2.0). >=20 > It seems prudent to learn from the experience of WS-*, where > everything was combined into one huge ball of standards-wax. The > result was both impenetrable and not fit for purpose due to the many > interdependencies (both social and technical) involved. >=20 > Composition has served the IETF and the internet well, and nothing > prevents the OpenID standards from being created in the context of a > new working group, or from within the OpenID foundation. Indeed, it's > been working quite well, and projects like the Account Chooser are > showing great promise and focusing on the important things (UX) rather > than specifications-for-specification's sake. >=20 > b. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_A677CF77-976E-4CDE-B5CD-7EF1E1624137 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDMx OTE2MzEyN1owIwYJKoZIhvcNAQkEMRYEFHEfHWmqJnI7Ax/bczahliVelMFhMIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AJYXS0V2mZ2WM+H7mmO5McQJTCRgFF5+D6yfdb1orqujSme7oBs2RFePqyk/lRVMqEXPn9XVC4gJ 636WGghYY1rBm9qLmEjBMfEbF2O0CO2Ycb1qGAuXqHAhn43AA+A/ta1DY0FBfEpWYdwOuTmJEGXD y4t9h1lD7c9SNN3TsAsfYMuyljxaABPr4DMagEIln6nKLCnUBeKc43uUa14W3Au08qiKRCcT4yBM YdxJtT0eL7jawl/qmhmsyl4kn2r3Cgw+Z9G2o9rKgyYBRPLvmmt1Sksq6izpxVppLY4rmv9l2Y7q lN0drF22h7i/5+v3cp7f7gHTFbVNm4oab6ImHGQAAAAAAAA= --Apple-Mail=_A677CF77-976E-4CDE-B5CD-7EF1E1624137-- From phil.hunt@oracle.com Mon Mar 19 10:31:01 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACE5421F8843; Mon, 19 Mar 2012 10:31:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.353 X-Spam-Level: X-Spam-Status: No, score=-9.353 tagged_above=-999 required=5 tests=[AWL=-0.750, BAYES_00=-2.599, J_CHICKENPOX_32=0.6, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FprBtnhFpvqF; Mon, 19 Mar 2012 10:31:00 -0700 (PDT) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id C344521F8839; Mon, 19 Mar 2012 10:31:00 -0700 (PDT) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q2JHUw32006964 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 19 Mar 2012 17:30:59 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q2JHUunD009381 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 19 Mar 2012 17:30:57 GMT Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q2JHUuqp012593; Mon, 19 Mar 2012 12:30:56 -0500 Received: from [192.168.1.19] (/24.85.226.208) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 19 Mar 2012 10:30:56 -0700 References: <4E1F6AAD24975D4BA5B16804296739436641D81E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5710F82C0E73B04FA559560098BF95B1250DCE94E0@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: X-Mailer: iPhone Mail (9B179) From: Phil Hunt Date: Mon, 19 Mar 2012 10:30:51 -0700 To: John Bradley X-Source-IP: ucsinet22.oracle.com [156.151.31.94] X-CT-RefId: str=0001.0A090205.4F676D53.0079,ss=1,re=0.000,fgs=0 Cc: Blaine Cook , "oauth@ietf.org WG" , "jose@ietf.org" Subject: Re: [jose] [OAUTH-WG] OAuth WG Re-Chartering X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2012 17:31:01 -0000 I would support those features of connect that are more general being part o= f the general spec family under the WG.=20 Phil On 2012-03-19, at 9:31, John Bradley wrote: > There is not intention to bring the openID Connect work to the OAuth WG. > It like many other protocols rely on OAuth 2.0 but are not part of it. >=20 > However if there are some things that we are doing as OAuth 2.0 extensions= > that are more general and can be standardized in the IETF, we should under= stand=20 > what they are. =20 >=20 > We are having a openID Connect meeting on Sunday prior to IETF. > People are encouraged to attend and refine opinions about the appropriate h= omes > for some of this new(to IETF) work. >=20 > Registration is at: > http://www.eventbrite.com/event/3064019565 >=20 > The account chooser WG that Blaine mentioned at OIDF is up and running now= , with a online meeting happening=20 > Thursday for those that are interested. > https://sites.google.com/site/oidfacwg/ > http://acwg2012march-estw.eventbrite.com >=20 > So +1 for composition. >=20 > John B. >=20 > On 2012-03-19, at 12:24 PM, Blaine Cook wrote: >=20 >> On 15 March 2012 17:31, Zeltsan, Zachary (Zachary) >> wrote: >>> ... Considering OpenID Connect as a motivating use case for OAuth, SWD i= s >>> the one spec that would then be missing for this OAuth use case. >>=20 >> I worry that bringing OpenID Connect into OAuth (rather than building >> upon OAuth) will have detrimental effects for both efforts. OAuth is >> successful in part because we chose not to push OAuth-like >> functionality into the OpenID umbrella (which at the time was focused >> on shipping OpenID 2.0). >>=20 >> It seems prudent to learn from the experience of WS-*, where >> everything was combined into one huge ball of standards-wax. The >> result was both impenetrable and not fit for purpose due to the many >> interdependencies (both social and technical) involved. >>=20 >> Composition has served the IETF and the internet well, and nothing >> prevents the OpenID standards from being created in the context of a >> new working group, or from within the OpenID foundation. Indeed, it's >> been working quite well, and projects like the Account Chooser are >> showing great promise and focusing on the important things (UX) rather >> than specifications-for-specification's sake. >>=20 >> b. >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth From ve7jtb@ve7jtb.com Mon Mar 19 10:53:02 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53DFB21F88B6 for ; Mon, 19 Mar 2012 10:53:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.484 X-Spam-Level: X-Spam-Status: No, score=-2.484 tagged_above=-999 required=5 tests=[AWL=-0.104, BAYES_00=-2.599, J_CHICKENPOX_32=0.6, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wN1YizUlZxOX for ; Mon, 19 Mar 2012 10:53:01 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6BA21F889F for ; Mon, 19 Mar 2012 10:53:01 -0700 (PDT) Received: by yenm5 with SMTP id m5so6462201yen.31 for ; Mon, 19 Mar 2012 10:53:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=4YSzAb9FvkzWPNqAazFIeJBaqi5hOrRWSe834t5VarI=; b=mthbDvwFSJ2s7hCu36xa85nWOhAnX7mkXl1kgI1bcx3Zi2oayCSmiLXM9ZvOQLpJ9P F2Z6SrvrlENrjtCd92XMM5ErDcHfzuY9G8eOt2+yaia2eXkp0hnCC++wbD3Gdb1brUcy wwmdwkrf+8K+ItHspKKUN5BzEUfcfYGeAqtQ2aZWqqmKbVYZe+CC8DZnngtDfiENJklA U0ueSZ0FxXFzXLYCLh68ox/GlNDYDxfQctff25A4n86nXeN7BuijYM7AZ7p/6giOc4KV gE5VkbvBiCreaanMoa4sdZpM1kgly7zH7jeTVAEKiCZnrX6kS5biaBd1I9j2Ulkm0OXV ByEg== Received: by 10.101.129.7 with SMTP id g7mr4432048ann.12.1332179580901; Mon, 19 Mar 2012 10:53:00 -0700 (PDT) Received: from [192.168.1.213] ([190.20.24.135]) by mx.google.com with ESMTPS id g21sm17581997ani.13.2012.03.19.10.52.50 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Mar 2012 10:52:57 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: multipart/signed; boundary="Apple-Mail=_356BE533-FE10-4347-BB29-1E367C53F098"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: Date: Mon, 19 Mar 2012 14:52:25 -0300 Message-Id: <0A63B04E-D572-4111-B412-DB0B281E3088@ve7jtb.com> References: <4E1F6AAD24975D4BA5B16804296739436641D81E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5710F82C0E73B04FA559560098BF95B1250DCE94E0@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> To: Phil Hunt X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQn/pvWByU7w94OoxopgNlc+wz8YBXw3Gy6aPHYg0FOOjg29/TzsBkVWKGwSMOZqxEqbHGUf Cc: Blaine Cook , "oauth@ietf.org WG" , "jose@ietf.org" Subject: Re: [jose] [OAUTH-WG] OAuth WG Re-Chartering X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2012 17:53:02 -0000 --Apple-Mail=_356BE533-FE10-4347-BB29-1E367C53F098 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii JWT and SWD are the highest priority to find a home. =20 We are doing token introspection and dynamic registration. Those are larger tasks to generalize, though probably worthwhile. John B. On 2012-03-19, at 2:30 PM, Phil Hunt wrote: > I would support those features of connect that are more general being = part of the general spec family under the WG.=20 >=20 > Phil >=20 > On 2012-03-19, at 9:31, John Bradley wrote: >=20 >> There is not intention to bring the openID Connect work to the OAuth = WG. >> It like many other protocols rely on OAuth 2.0 but are not part of = it. >>=20 >> However if there are some things that we are doing as OAuth 2.0 = extensions >> that are more general and can be standardized in the IETF, we should = understand=20 >> what they are. =20 >>=20 >> We are having a openID Connect meeting on Sunday prior to IETF. >> People are encouraged to attend and refine opinions about the = appropriate homes >> for some of this new(to IETF) work. >>=20 >> Registration is at: >> http://www.eventbrite.com/event/3064019565 >>=20 >> The account chooser WG that Blaine mentioned at OIDF is up and = running now, with a online meeting happening=20 >> Thursday for those that are interested. >> https://sites.google.com/site/oidfacwg/ >> http://acwg2012march-estw.eventbrite.com >>=20 >> So +1 for composition. >>=20 >> John B. >>=20 >> On 2012-03-19, at 12:24 PM, Blaine Cook wrote: >>=20 >>> On 15 March 2012 17:31, Zeltsan, Zachary (Zachary) >>> wrote: >>>> ... Considering OpenID Connect as a motivating use case for OAuth, = SWD is >>>> the one spec that would then be missing for this OAuth use case. >>>=20 >>> I worry that bringing OpenID Connect into OAuth (rather than = building >>> upon OAuth) will have detrimental effects for both efforts. OAuth is >>> successful in part because we chose not to push OAuth-like >>> functionality into the OpenID umbrella (which at the time was = focused >>> on shipping OpenID 2.0). >>>=20 >>> It seems prudent to learn from the experience of WS-*, where >>> everything was combined into one huge ball of standards-wax. The >>> result was both impenetrable and not fit for purpose due to the many >>> interdependencies (both social and technical) involved. >>>=20 >>> Composition has served the IETF and the internet well, and nothing >>> prevents the OpenID standards from being created in the context of a >>> new working group, or from within the OpenID foundation. Indeed, = it's >>> been working quite well, and projects like the Account Chooser are >>> showing great promise and focusing on the important things (UX) = rather >>> than specifications-for-specification's sake. >>>=20 >>> b. >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_356BE533-FE10-4347-BB29-1E367C53F098 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDMx OTE3NTIyNlowIwYJKoZIhvcNAQkEMRYEFG9qdwnQTrUwgLdgx9h1paBLSjmXMIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AD0NO319OL8XzpLryAw7qPK8/bgji0bFOcOl0iJ6snQdj0ZPDv0VmKwNZ2WTkJnH22RywNpizpSn kcw9Rh923yTa6H2U1EIP5PHcfLaVV2V8r/KL2E6CAvfUmZUBzVUsCSZSHFmeNIcnGYTkSg0LAWq+ VAAMjqpBCsp/8LbSuvIGOdwVWxwV+C6x+4/m1SoANq77chIiwvkhhkOr5AzRUBFqhQ8unyXNTNvJ bCbyNSuFwz9s2xhIPJb4TyT5Nz/1oMAPRxK3CAhe1AOlZHyu0t3//3J4Ia2VuE2L5b7R00vglm+y ChUCRNFO29NDX8dB8O77ndegx3TQC+AVwyzS97wAAAAAAAA= --Apple-Mail=_356BE533-FE10-4347-BB29-1E367C53F098-- From vladimir@nimbusds.com Tue Mar 20 04:45:44 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31E1821F8675 for ; Tue, 20 Mar 2012 04:45:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7uFg4djDfN1 for ; Tue, 20 Mar 2012 04:45:43 -0700 (PDT) Received: from n1plwbeout07-02.prod.ams1.secureserver.net (n1plsmtp07-02-02.prod.ams1.secureserver.net [188.121.52.107]) by ietfa.amsl.com (Postfix) with SMTP id 9E9A621F865F for ; Tue, 20 Mar 2012 04:45:42 -0700 (PDT) Received: (qmail 2326 invoked from network); 20 Mar 2012 11:45:41 -0000 Received: from unknown (HELO localhost) (188.121.52.245) by n1plwbeout07-02.prod.ams1.secureserver.net with SMTP; 20 Mar 2012 11:45:30 -0000 Received: (qmail 4624 invoked by uid 99); 20 Mar 2012 11:45:30 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Originating-IP: 85.57.2.248 User-Agent: Workspace Webmail 5.6.14 Message-Id: <20120320044529.cc40c4f3d92d2001859047cd8cabb9ab.7e37c1a80b.wbe@email07.europe.secureserver.net> From: "Vladimir Dzhuvinov / NimbusDS" To: jose@ietf.org Date: Tue, 20 Mar 2012 04:45:29 -0700 Mime-Version: 1.0 Subject: [jose] JWT header "typ" parameter X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2012 11:45:44 -0000 Hi guys,=0A=0AI'm working on a JWT implementation for Java and I'm very ple= ased with=0Athis effort to standardise the messages.=0A=0Ahttp://tools.ietf= .org/html/draft-jones-json-web-token-08#section-5 says=0Athat the "typ" dec= lares the structure of the JWT and that if specified=0Aand the token is not= nested, its value should be "JWT" or the equivalent=0AURL.=0A=0AMy impleme= ntation approach has been to emphasise type safety and make=0Ause of enums = where possible. "typ" seems like a candidate for enum, but=0AI hesitate bec= ause of the RECOMMENDED tag. Why is the "typ":"JWT" value=0ARECOMMENDED and= not a MUST? Are there going to be situations when the=0AJWT isn't actually= going to be a JWT?=0A=0ACheers,=0A=0AVladimir=0A=0A--=0AVladimir Dzhuvinov= : www.NimbusDS.com : vladimir@nimbusds.com=0A From ve7jtb@ve7jtb.com Tue Mar 20 08:29:48 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3F2F21F84FC for ; Tue, 20 Mar 2012 08:29:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.076 X-Spam-Level: X-Spam-Status: No, score=-3.076 tagged_above=-999 required=5 tests=[AWL=0.523, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E+Hsrg01wvXI for ; Tue, 20 Mar 2012 08:29:47 -0700 (PDT) Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id ADEE921F84FB for ; Tue, 20 Mar 2012 08:29:47 -0700 (PDT) Received: by ghbg16 with SMTP id g16so184511ghb.31 for ; Tue, 20 Mar 2012 08:29:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=hSAIaLz2VEhoSdp/6Jv42wvaQf8W7NG3J964NgnJyVg=; b=klw2U8ASvainsWsPMCnDbnHe/D+6SUo9AYISF3k23J6zuHameEai307Dr8Y2Ry3F31 QPIMB9faysTK9tDNXUVVeQH1V1EZdHk6oQHa90VsRGcH6pIyG5n74y3uGZhpmggVcVHK X7gvDCgD8m2ZMiF/3NbLu2qrE6TU/l+0uiGPaMJ48Jyxg2BjwF0CyjtcRBcvSpOftOdx pC/HrdBdr8Z0koidOT/E02/pF1IPaYbDpJ2NYNetBKhD40El6IW1rs0BGklhJ0KaKKXP C/vRp/kS1Kp7oWWjDuh6Rv9l10FY7FsSMidMp2IY9Ylox4G+6K4iXbEMatGc/8VCE0r8 6tcg== Received: by 10.101.152.1 with SMTP id e1mr57555ano.83.1332257387203; Tue, 20 Mar 2012 08:29:47 -0700 (PDT) Received: from [192.168.1.213] (190-20-32-250.baf.movistar.cl. [190.20.32.250]) by mx.google.com with ESMTPS id i4sm2209227anm.5.2012.03.20.08.29.42 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 20 Mar 2012 08:29:44 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: multipart/signed; boundary="Apple-Mail=_9A895F78-4E8E-404C-BB72-C73921EED10B"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: <20120320044529.cc40c4f3d92d2001859047cd8cabb9ab.7e37c1a80b.wbe@email07.europe.secureserver.net> Date: Tue, 20 Mar 2012 12:29:25 -0300 Message-Id: <2FDF5177-5217-4A90-90BC-8498E05556A2@ve7jtb.com> References: <20120320044529.cc40c4f3d92d2001859047cd8cabb9ab.7e37c1a80b.wbe@email07.europe.secureserver.net> To: "Vladimir Dzhuvinov / NimbusDS" X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQmVuS8RvVKraHX9ZRIa1h4ExeJxZIMTq5uy5NM9YsRSFVHRT/8maUb9zS8fu3RYCQ2ipmkS Cc: jose@ietf.org Subject: Re: [jose] JWT header "typ" parameter X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2012 15:29:48 -0000 --Apple-Mail=_9A895F78-4E8E-404C-BB72-C73921EED10B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii The value of typ is JWS if the content is a JWS and likewise JWE if the = content is a JWE. The value of typ is JWT to indicate the content is a a JSON object = expressing JWT semantics. =20 The content could be a SAML assertion or anything else. Leading people = to extend typ I think the new JOSE JWE & JWS drafts may help. http://tools.ietf.org/html/draft-ietf-jose-json-web-signature http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption So the short answer is that JWS and JWT can be used to secure any = content. In many cases that content is a JWT security token. The JWT spec is about the case where the content is a JWT so is less = generic than the=20 JWS & JWE specs. In hope that helps. John B. On 2012-03-20, at 8:45 AM, Vladimir Dzhuvinov / NimbusDS wrote: > Hi guys, >=20 > I'm working on a JWT implementation for Java and I'm very pleased with > this effort to standardise the messages. >=20 > http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5 = says > that the "typ" declares the structure of the JWT and that if specified > and the token is not nested, its value should be "JWT" or the = equivalent > URL. >=20 > My implementation approach has been to emphasise type safety and make > use of enums where possible. "typ" seems like a candidate for enum, = but > I hesitate because of the RECOMMENDED tag. Why is the "typ":"JWT" = value > RECOMMENDED and not a MUST? Are there going to be situations when the > JWT isn't actually going to be a JWT? >=20 > Cheers, >=20 > Vladimir >=20 > -- > Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com >=20 > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose --Apple-Mail=_9A895F78-4E8E-404C-BB72-C73921EED10B Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDMy MDE1MjkyNlowIwYJKoZIhvcNAQkEMRYEFNW3LJ/fZ9Oq7zbVhks9TQQ4W8/+MIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB ADCyoesx1gUn5mOMZTQrU+gmnQ4L04hQVqEZTbFNHNekL0EqndmyLOkXgw1SSNRTB/FuGiP7UiZm jylHgcJOOPz3rN2g0sDa618NdQKHK50mifqyDuONc/xZAI6ooGGyBeWNCoeThLtJEcAybcqxpph+ legi1Mu7nevrYDDsvUw9T/CYDlZqpoXtDBQG/FEWMkwGSEzZPsXGscAhbubh4Qul8+HLqTbNfyGT b03kYcMNBwcmayUBMVfhC53Pt9kjqUoiHOnIGDgHs7S6tIu1kqzD/Jmw+KKa7fXe9DaqRskRc7Jz a3Wzc2zOuh1DM/6cEbR8dXRPlTsjr6Fs1b6F5JkAAAAAAAA= --Apple-Mail=_9A895F78-4E8E-404C-BB72-C73921EED10B-- From vladimir@nimbusds.com Tue Mar 20 10:14:09 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64BD421F8554 for ; Tue, 20 Mar 2012 10:14:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTrazRJiZsaz for ; Tue, 20 Mar 2012 10:14:08 -0700 (PDT) Received: from n1plwbeout07-02.prod.ams1.secureserver.net (n1plsmtp07-02-02.prod.ams1.secureserver.net [188.121.52.107]) by ietfa.amsl.com (Postfix) with SMTP id 366E221F8559 for ; Tue, 20 Mar 2012 10:14:08 -0700 (PDT) Received: (qmail 28109 invoked from network); 20 Mar 2012 17:14:06 -0000 Received: from unknown (HELO localhost) (188.121.52.246) by n1plwbeout07-02.prod.ams1.secureserver.net with SMTP; 20 Mar 2012 17:14:00 -0000 Received: (qmail 6444 invoked by uid 99); 20 Mar 2012 17:14:00 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Originating-IP: 85.57.2.248 User-Agent: Workspace Webmail 5.6.14 Message-Id: <20120320101359.cc40c4f3d92d2001859047cd8cabb9ab.b1146ac766.wbe@email07.europe.secureserver.net> From: "Vladimir Dzhuvinov / NimbusDS" To: jose@ietf.org Date: Tue, 20 Mar 2012 10:13:59 -0700 Mime-Version: 1.0 Subject: Re: [jose] JWT header "typ" parameter X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2012 17:14:09 -0000 Thanks John.=0A=0AIs the JWT spec actually considered part of the JOSE spec= group?=0A=0A=0AVladimir=0A=0A--=0AVladimir Dzhuvinov : www.NimbusDS.com : = vladimir@nimbusds.com=0A=0A=0A=0A=0A-------- Original Message --------=0ASu= bject: Re: [jose] JWT header "typ" parameter=0AFrom: John Bradley =0ADate: Tue, March 20, 2012 3:29 pm=0ATo: "Vladimir Dzhuvinov / = NimbusDS" =0ACc: jose@ietf.org=0A=0AThe value of typ= is JWS if the content is a JWS and likewise JWE if the=0Acontent is a JWE.= =0A=0AThe value of typ is JWT to indicate the content is a a JSON object=0A= expressing JWT semantics. =0AThe content could be a SAML assertion or anyth= ing else. Leading people=0Ato extend typ=0A=0AI think the new JOSE JWE & JW= S drafts may help.=0Ahttp://tools.ietf.org/html/draft-ietf-jose-json-web-si= gnature=0Ahttp://tools.ietf.org/html/draft-ietf-jose-json-web-encryption=0A= =0ASo the short answer is that JWS and JWT can be used to secure any=0Acont= ent.=0AIn many cases that content is a JWT security token.=0A=0AThe JWT spe= c is about the case where the content is a JWT so is less=0Ageneric than th= e =0AJWS & JWE specs.=0A=0AIn hope that helps.=0AJohn B.=0A=0A=0A=0AOn 2012= -03-20, at 8:45 AM, Vladimir Dzhuvinov / NimbusDS wrote:=0A=0A> Hi guys,=0A= > =0A> I'm working on a JWT implementation for Java and I'm very pleased wi= th=0A> this effort to standardise the messages.=0A> =0A> http://tools.ietf.= org/html/draft-jones-json-web-token-08#section-5 says=0A> that the "typ" de= clares the structure of the JWT and that if specified=0A> and the token is = not nested, its value should be "JWT" or the equivalent=0A> URL.=0A> =0A> M= y implementation approach has been to emphasise type safety and make=0A> us= e of enums where possible. "typ" seems like a candidate for enum, but=0A> I= hesitate because of the RECOMMENDED tag. Why is the "typ":"JWT" value=0A> = RECOMMENDED and not a MUST? Are there going to be situations when the=0A> J= WT isn't actually going to be a JWT?=0A> =0A> Cheers,=0A> =0A> Vladimir=0A>= =0A> --=0A> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com= =0A> =0A> _______________________________________________=0A> jose mailing = list=0A> jose@ietf.org=0A> https://www.ietf.org/mailman/listinfo/jose=0A From ve7jtb@ve7jtb.com Tue Mar 20 10:21:36 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76B3C21F8600 for ; Tue, 20 Mar 2012 10:21:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.151 X-Spam-Level: X-Spam-Status: No, score=-3.151 tagged_above=-999 required=5 tests=[AWL=0.448, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zHKHCzdfvNxO for ; Tue, 20 Mar 2012 10:21:35 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8123821F85F0 for ; Tue, 20 Mar 2012 10:21:35 -0700 (PDT) Received: by yenm5 with SMTP id m5so315952yen.31 for ; Tue, 20 Mar 2012 10:21:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=FFdKgses5JojJjNiQ2R+Ae23B1N9pqLsUYap9xPREPU=; b=jdiCnoJdxf/sqm0uftQ3fKviPjTs5ai8DyUT9KnKQDvLTikqUQuwNcmJhuyoKwrmqH mYP0/4lW79irpkGJUV0Nj/uRxtdRJw4kZytO12pDI2BIYzcptRV0g8P4tNAtVGbhzPNf XAIc5XjvdjyC6ZWlugXNks7qytJ2mDHf0fq4M2d90zuA2fLmkQI0WyQHVzshPtg/dqnl coeePEYEvubLEuIoyrRaf2Z1lKBgP7tCMMjLJroc8NN8EQlP42SLnPQ55xJQ6kR/d96W kjsWJ1swjX9FB4cuudEe2y7pJ3BneD84SJsDRej9+VF4LJiZvZYI7GG/HOmT7B87QHBu E1bA== Received: by 10.236.78.6 with SMTP id f6mr695499yhe.109.1332264095059; Tue, 20 Mar 2012 10:21:35 -0700 (PDT) Received: from [192.168.1.213] (190-20-32-250.baf.movistar.cl. [190.20.32.250]) by mx.google.com with ESMTPS id r7sm5467208yhm.9.2012.03.20.10.21.32 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 20 Mar 2012 10:21:33 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: multipart/signed; boundary="Apple-Mail=_6AEAEB73-FC72-4C0D-942D-241951795418"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: <20120320101359.cc40c4f3d92d2001859047cd8cabb9ab.b1146ac766.wbe@email07.europe.secureserver.net> Date: Tue, 20 Mar 2012 14:21:16 -0300 Message-Id: References: <20120320101359.cc40c4f3d92d2001859047cd8cabb9ab.b1146ac766.wbe@email07.europe.secureserver.net> To: "Vladimir Dzhuvinov / NimbusDS" X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQmhL3LknnLidiLz556Xc9I9SPFLLUIgvb4g+vergiLYrEK/pCKb7G+w0m5YYmwDNCq3Trl8 Cc: jose@ietf.org Subject: Re: [jose] JWT header "typ" parameter X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2012 17:21:36 -0000 --Apple-Mail=_6AEAEB73-FC72-4C0D-942D-241951795418 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Not at the moment. There is a open question about it being more closely related to the = OAuth WG. JOSE is about signing and encryption, so much like xmlenc and xmldsig = are not part of SAML, JWE and JWS may be better not irrevocably married to JWT. That isn't to say that JWT might not eventually wind up in JOSE if there = is demand from the WG. I expect some of these discussions will happen next week in Paris. John B. On 2012-03-20, at 2:13 PM, Vladimir Dzhuvinov / NimbusDS wrote: > Thanks John. >=20 > Is the JWT spec actually considered part of the JOSE spec group? >=20 >=20 > Vladimir >=20 > -- > Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com >=20 >=20 >=20 >=20 > -------- Original Message -------- > Subject: Re: [jose] JWT header "typ" parameter > From: John Bradley > Date: Tue, March 20, 2012 3:29 pm > To: "Vladimir Dzhuvinov / NimbusDS" > Cc: jose@ietf.org >=20 > The value of typ is JWS if the content is a JWS and likewise JWE if = the > content is a JWE. >=20 > The value of typ is JWT to indicate the content is a a JSON object > expressing JWT semantics.=20 > The content could be a SAML assertion or anything else. Leading people > to extend typ >=20 > I think the new JOSE JWE & JWS drafts may help. > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption >=20 > So the short answer is that JWS and JWT can be used to secure any > content. > In many cases that content is a JWT security token. >=20 > The JWT spec is about the case where the content is a JWT so is less > generic than the=20 > JWS & JWE specs. >=20 > In hope that helps. > John B. >=20 >=20 >=20 > On 2012-03-20, at 8:45 AM, Vladimir Dzhuvinov / NimbusDS wrote: >=20 >> Hi guys, >>=20 >> I'm working on a JWT implementation for Java and I'm very pleased = with >> this effort to standardise the messages. >>=20 >> http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5 = says >> that the "typ" declares the structure of the JWT and that if = specified >> and the token is not nested, its value should be "JWT" or the = equivalent >> URL. >>=20 >> My implementation approach has been to emphasise type safety and make >> use of enums where possible. "typ" seems like a candidate for enum, = but >> I hesitate because of the RECOMMENDED tag. Why is the "typ":"JWT" = value >> RECOMMENDED and not a MUST? Are there going to be situations when the >> JWT isn't actually going to be a JWT? >>=20 >> Cheers, >>=20 >> Vladimir >>=20 >> -- >> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com >>=20 >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >=20 > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose --Apple-Mail=_6AEAEB73-FC72-4C0D-942D-241951795418 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDMy MDE3MjExNlowIwYJKoZIhvcNAQkEMRYEFKoi5VkSLh1ijcASg4v4c7johh6zMIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AIWkRN9+fCPMBhuDjWPSXvIg/L1P9waIJV32Fy74Ovt6EX/hjCBVwzWz6USCp9/OXEpTwWKm+cNi qMjuBm5FQNuZ4kYUtoO8+dMZMAIRvP1DJtWTC/JhL4Q5zDTU9baRhn2YLYGgtc760JOBXvI3WgW9 9qoSasKa/PqWpkr9snGf2YRAkp8fby2gvhZULf5YSljSvcpxkwru+L+VPfsGOX1FJjiEYbhHKJ1E fHA6BUV02bPRI/gYMjN/y5QDK79PNEQtCeFSpTUdUVnCoBbz1/jOZEhVlOuFZ0w1OoOx9qT7L1qQ eEwmZktsiK5H3tXQuxeuqj4QOlnTXKZDcVBfK/wAAAAAAAA= --Apple-Mail=_6AEAEB73-FC72-4C0D-942D-241951795418-- From Michael.Jones@microsoft.com Tue Mar 20 10:55:12 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E230221F85CF for ; Tue, 20 Mar 2012 10:55:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.84 X-Spam-Level: X-Spam-Status: No, score=-3.84 tagged_above=-999 required=5 tests=[AWL=-0.241, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kEEpuElsR6jI for ; Tue, 20 Mar 2012 10:55:10 -0700 (PDT) Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe006.messaging.microsoft.com [213.199.154.209]) by ietfa.amsl.com (Postfix) with ESMTP id EF12E21F8597 for ; Tue, 20 Mar 2012 10:55:08 -0700 (PDT) Received: from mail76-am1-R.bigfish.com (10.3.201.246) by AM1EHSOBE003.bigfish.com (10.3.204.23) with Microsoft SMTP Server id 14.1.225.23; Tue, 20 Mar 2012 17:54:58 +0000 Received: from mail76-am1 (localhost [127.0.0.1]) by mail76-am1-R.bigfish.com (Postfix) with ESMTP id 578252E00D6; Tue, 20 Mar 2012 17:54:58 +0000 (UTC) X-SpamScore: -38 X-BigFish: VS-38(zz9371I936eK542M1432N98dKzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail76-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail76-am1 (localhost.localdomain [127.0.0.1]) by mail76-am1 (MessageSwitch) id 1332266096881392_2833; Tue, 20 Mar 2012 17:54:56 +0000 (UTC) Received: from AM1EHSMHS019.bigfish.com (unknown [10.3.201.235]) by mail76-am1.bigfish.com (Postfix) with ESMTP id D2A272C004E; Tue, 20 Mar 2012 17:54:56 +0000 (UTC) Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS019.bigfish.com (10.3.206.22) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 20 Mar 2012 17:54:56 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0283.004; Tue, 20 Mar 2012 17:54:34 +0000 From: Mike Jones To: Vladimir Dzhuvinov / NimbusDS Thread-Topic: [jose] JWT header "typ" parameter Thread-Index: AQHNBrzW8/sNc229YkOGV+dMgOuIl5ZzbjwAgAAI5jA= Date: Tue, 20 Mar 2012 17:54:34 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366426F5E@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <20120320101359.cc40c4f3d92d2001859047cd8cabb9ab.b1146ac766.wbe@email07.europe.secureserver.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.74] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: John Bradley , "jose@ietf.org" Subject: Re: [jose] JWT header "typ" parameter X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2012 17:55:12 -0000 Beyond what John wrote, I'll add that "typ" is optional in JWTs because in = many contexts it's already known what the structure of the token is. In th= ose cases, there's no need to also include this information in the token it= self. -- Mike -----Original Message----- From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Joh= n Bradley Sent: Tuesday, March 20, 2012 10:21 AM To: Vladimir Dzhuvinov / NimbusDS Cc: jose@ietf.org Subject: Re: [jose] JWT header "typ" parameter Not at the moment. There is a open question about it being more closely related to the OAuth W= G. JOSE is about signing and encryption, so much like xmlenc and xmldsig are = not part of SAML, JWE and JWS may be better not irrevocably married to JWT. That isn't to say that JWT might not eventually wind up in JOSE if there is= demand from the WG. I expect some of these discussions will happen next week in Paris. John B. On 2012-03-20, at 2:13 PM, Vladimir Dzhuvinov / NimbusDS wrote: > Thanks John. >=20 > Is the JWT spec actually considered part of the JOSE spec group? >=20 >=20 > Vladimir >=20 > -- > Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com >=20 >=20 >=20 >=20 > -------- Original Message -------- > Subject: Re: [jose] JWT header "typ" parameter > From: John Bradley > Date: Tue, March 20, 2012 3:29 pm > To: "Vladimir Dzhuvinov / NimbusDS" > Cc: jose@ietf.org >=20 > The value of typ is JWS if the content is a JWS and likewise JWE if=20 > the content is a JWE. >=20 > The value of typ is JWT to indicate the content is a a JSON object=20 > expressing JWT semantics. > The content could be a SAML assertion or anything else. Leading people=20 > to extend typ >=20 > I think the new JOSE JWE & JWS drafts may help. > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption >=20 > So the short answer is that JWS and JWT can be used to secure any=20 > content. > In many cases that content is a JWT security token. >=20 > The JWT spec is about the case where the content is a JWT so is less=20 > generic than the JWS & JWE specs. >=20 > In hope that helps. > John B. >=20 >=20 >=20 > On 2012-03-20, at 8:45 AM, Vladimir Dzhuvinov / NimbusDS wrote: >=20 >> Hi guys, >>=20 >> I'm working on a JWT implementation for Java and I'm very pleased=20 >> with this effort to standardise the messages. >>=20 >> http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5=20 >> says that the "typ" declares the structure of the JWT and that if=20 >> specified and the token is not nested, its value should be "JWT" or=20 >> the equivalent URL. >>=20 >> My implementation approach has been to emphasise type safety and make=20 >> use of enums where possible. "typ" seems like a candidate for enum,=20 >> but I hesitate because of the RECOMMENDED tag. Why is the "typ":"JWT"=20 >> value RECOMMENDED and not a MUST? Are there going to be situations=20 >> when the JWT isn't actually going to be a JWT? >>=20 >> Cheers, >>=20 >> Vladimir >>=20 >> -- >> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com >>=20 >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >=20 > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose From ietf@meetecho.com Mon Mar 26 09:34:31 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 142D621E80BC for ; Mon, 26 Mar 2012 09:34:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.046 X-Spam-Level: X-Spam-Status: No, score=-1.046 tagged_above=-999 required=5 tests=[AWL=-0.327, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXLGtGpI+7fP for ; Mon, 26 Mar 2012 09:34:30 -0700 (PDT) Received: from smtplq04.aruba.it (smtplqs-out21.aruba.it [62.149.158.61]) by ietfa.amsl.com (Postfix) with SMTP id 12B1921E80E5 for ; Mon, 26 Mar 2012 09:34:26 -0700 (PDT) Received: (qmail 16405 invoked by uid 89); 26 Mar 2012 16:34:25 -0000 Received: from unknown (HELO smtp4.aruba.it) (62.149.158.224) by smtplq04.aruba.it with SMTP; 26 Mar 2012 16:34:25 -0000 Received: (qmail 30084 invoked by uid 89); 26 Mar 2012 16:34:25 -0000 Received: from unknown (HELO ?130.129.21.177?) (ietf@meetecho.com@130.129.21.177) by smtp4.ad.aruba.it with SMTP; 26 Mar 2012 16:34:25 -0000 Message-ID: <4F709A90.6010802@meetecho.com> Date: Mon, 26 Mar 2012 18:34:24 +0200 From: Meetecho IETF support User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0 MIME-Version: 1.0 To: jose@ietf.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: smtp4.ad.aruba.it 1.6.2 0/1000/N X-Spam-Rating: smtplq04.aruba.it 1.6.2 0/1000/N Cc: Team Meetecho Subject: [jose] Meetecho support for JOSE WG session X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2012 16:34:31 -0000 Hi all, a virtual room has been reserved on the Meetecho system for Tuesday's JOSE WG meeting session. Access to the on-line session (including audio and video streams) will be available at: http://www.meetecho.com/ietf83/jose The Meetecho session automatically logs you into the standard IETF jabber room. So, from there, you can have an integrated experience involving all media and allowing you to interact with the room. Remote participants might also send their own voice to the room, if they want to. A tutorial of interactivity features of the tool can be found at: http://www.meetecho.com/ietf83/tutorials Cheers, the Meetecho team -- Meetecho s.r.l. Web Conferencing and Collaboration Tools www.meetecho.com From ietf@meetecho.com Thu Mar 29 10:11:32 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6434121F892A for ; Thu, 29 Mar 2012 10:11:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.903 X-Spam-Level: X-Spam-Status: No, score=-0.903 tagged_above=-999 required=5 tests=[AWL=-0.184, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nN33u3x-0TyN for ; Thu, 29 Mar 2012 10:11:31 -0700 (PDT) Received: from smtplq04.aruba.it (smtplqs-out26.aruba.it [62.149.158.66]) by ietfa.amsl.com (Postfix) with SMTP id BD25D21F86EE for ; Thu, 29 Mar 2012 10:11:30 -0700 (PDT) Received: (qmail 22602 invoked by uid 89); 29 Mar 2012 17:11:29 -0000 Received: from unknown (HELO smtp5.aruba.it) (62.149.158.225) by smtplq04.aruba.it with SMTP; 29 Mar 2012 17:11:29 -0000 Received: (qmail 417 invoked by uid 89); 29 Mar 2012 17:11:28 -0000 Received: from unknown (HELO ?130.129.21.177?) (alex@meetecho.com@130.129.21.177) by smtp5.ad.aruba.it with ESMTPA; 29 Mar 2012 17:11:28 -0000 Message-ID: <4F7497B8.9020202@meetecho.com> Date: Thu, 29 Mar 2012 19:11:20 +0200 From: Meetecho IETF support User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0 MIME-Version: 1.0 To: jose@ietf.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: smtplq04.aruba.it 1.6.2 0/1000/N Cc: Team Meetecho Subject: [jose] Meetecho session recording available X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 17:11:32 -0000 Dear all, the full recording (synchronized video, audio, slides and jabber room) of JOSE session at IETF-83 is available. You can watch it by either clicking the proper link on the remote participation page (http://www.ietf.org/meeting/83/remote-participation.html#Meetecho), or by directly accessing the following URL: http://ietf83.conf.meetecho.com/index.php/Recorded_Sessions#JOSE_IETF83 For the chair(s): please feel free to put the link to the recording in the minutes, if you think this might be useful. In case of problems with the playout, just drop an e-mail to team@meetecho.com. Cheers, the Meetecho team -- Meetecho s.r.l. Web Conferencing and Collaboration Tools www.meetecho.com From vladimir@nimbusds.com Fri Mar 30 00:47:18 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4351B21F8516 for ; Fri, 30 Mar 2012 00:47:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_ENC_UTF8=0.152] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3+fe2R9Nyv2b for ; Fri, 30 Mar 2012 00:47:17 -0700 (PDT) Received: from n1plwbeout07-01.prod.ams1.secureserver.net (n1plsmtp07-01-02.prod.ams1.secureserver.net [188.121.52.106]) by ietfa.amsl.com (Postfix) with SMTP id 4A8C921F850C for ; Fri, 30 Mar 2012 00:47:17 -0700 (PDT) Received: (qmail 11412 invoked from network); 30 Mar 2012 07:47:16 -0000 Received: from unknown (HELO localhost) (188.121.52.246) by n1plwbeout07-01.prod.ams1.secureserver.net with SMTP; 30 Mar 2012 07:47:00 -0000 Received: (qmail 16301 invoked by uid 99); 30 Mar 2012 07:47:00 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Originating-IP: 77.85.186.214 User-Agent: Workspace Webmail 5.6.15 Message-Id: <20120330004659.cc40c4f3d92d2001859047cd8cabb9ab.1bc3559e06.wbe@email07.europe.secureserver.net> From: "Vladimir Dzhuvinov / NimbusDS" To: jose@ietf.org Date: Fri, 30 Mar 2012 00:46:59 -0700 Mime-Version: 1.0 Subject: [jose] =?utf-8?q?Integrity_algorithm_in_JWE=3A_HMAC_only_or_any_s?= =?utf-8?q?ignature_JWA=3F?= X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 07:47:18 -0000 Hi guys,=0A=0AToday I started rewriting the JWE library code according to t= he latest=0Ahttp://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-= 01=0A=0AI noticed that in this particular draft integrity was introduced bu= t I'm=0Anot sure about the algorithm scope:=0A=0ASection 2 /Terminology/ sa= ys that HMAC is used to ensure the integrity=0Aof the ciphertext and the pa= rameters used to create it.=0A=0ASection 4.1 /Reserved Parameter Names/ imp= lies that any signature JWA=0Acombination may be used.=0A=0AAdvise please := )=0A=0AVladimir=0A=0A=0A--=0AVladimir Dzhuvinov : www.NimbusDS.com : vladim= ir@nimbusds.com=0A From Michael.Jones@microsoft.com Fri Mar 30 04:30:11 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37D9A21F87CC for ; Fri, 30 Mar 2012 04:30:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.328 X-Spam-Level: X-Spam-Status: No, score=-5.328 tagged_above=-999 required=5 tests=[AWL=1.271, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Fn67khMcO5A for ; Fri, 30 Mar 2012 04:30:10 -0700 (PDT) Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe002.messaging.microsoft.com [65.55.88.12]) by ietfa.amsl.com (Postfix) with ESMTP id 375AD21F87C1 for ; Fri, 30 Mar 2012 04:30:10 -0700 (PDT) Received: from mail89-tx2-R.bigfish.com (10.9.14.250) by TX2EHSOBE008.bigfish.com (10.9.40.28) with Microsoft SMTP Server id 14.1.225.23; Fri, 30 Mar 2012 11:30:09 +0000 Received: from mail89-tx2 (localhost [127.0.0.1]) by mail89-tx2-R.bigfish.com (Postfix) with ESMTP id 36E94260595; Fri, 30 Mar 2012 11:30:09 +0000 (UTC) X-SpamScore: -31 X-BigFish: VS-31(zz9371I542M148cMzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25h) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI Received-SPF: pass (mail89-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail89-tx2 (localhost.localdomain [127.0.0.1]) by mail89-tx2 (MessageSwitch) id 1333107007717899_22704; Fri, 30 Mar 2012 11:30:07 +0000 (UTC) Received: from TX2EHSMHS035.bigfish.com (unknown [10.9.14.253]) by mail89-tx2.bigfish.com (Postfix) with ESMTP id AA5E1E004D; Fri, 30 Mar 2012 11:30:07 +0000 (UTC) Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS035.bigfish.com (10.9.99.135) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 30 Mar 2012 11:30:07 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.13]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0283.004; Fri, 30 Mar 2012 11:29:02 +0000 From: Mike Jones To: Vladimir Dzhuvinov / NimbusDS , "jose@ietf.org" Thread-Topic: [jose] Integrity algorithm in JWE: HMAC only or any signature JWA? Thread-Index: AQHNDklZPaKlFFjzaUiHxowzpL7lTpaCswjg Date: Fri, 30 Mar 2012 11:29:01 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366450554@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <20120330004659.cc40c4f3d92d2001859047cd8cabb9ab.1bc3559e06.wbe@email07.europe.secureserver.net> In-Reply-To: <20120330004659.cc40c4f3d92d2001859047cd8cabb9ab.1bc3559e06.wbe@email07.europe.secureserver.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.33] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: Re: [jose] Integrity algorithm in JWE: HMAC only or any signature JWA? X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 11:30:11 -0000 The intent was to always use an HMAC algorithm for the integrity check. Th= anks for pointing out the need to clarify 4.1. -- Mike -----Original Message----- From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Vla= dimir Dzhuvinov / NimbusDS Sent: Friday, March 30, 2012 12:47 AM To: jose@ietf.org Subject: [jose] Integrity algorithm in JWE: HMAC only or any signature JWA? Hi guys, Today I started rewriting the JWE library code according to the latest http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-01 I noticed that in this particular draft integrity was introduced but I'm no= t sure about the algorithm scope: Section 2 /Terminology/ says that HMAC is used to ensure the integrity of t= he ciphertext and the parameters used to create it. Section 4.1 /Reserved Parameter Names/ implies that any signature JWA combi= nation may be used. Advise please :) Vladimir -- Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose From vladimir@nimbusds.com Fri Mar 30 13:01:55 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 123F921F8647 for ; Fri, 30 Mar 2012 13:01:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_ENC_UTF8=0.152] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3GZ-ILmBhZA for ; Fri, 30 Mar 2012 13:01:54 -0700 (PDT) Received: from n1plwbeout07-02.prod.ams1.secureserver.net (n1plsmtp07-02-02.prod.ams1.secureserver.net [188.121.52.107]) by ietfa.amsl.com (Postfix) with SMTP id 0E2F621F8621 for ; Fri, 30 Mar 2012 13:01:53 -0700 (PDT) Received: (qmail 23997 invoked from network); 30 Mar 2012 20:01:52 -0000 Received: from unknown (HELO localhost) (188.121.52.245) by n1plwbeout07-02.prod.ams1.secureserver.net with SMTP; 30 Mar 2012 20:01:46 -0000 Received: (qmail 24613 invoked by uid 99); 30 Mar 2012 20:01:46 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Originating-IP: 77.85.186.214 User-Agent: Workspace Webmail 5.6.15 Message-Id: <20120330130145.cc40c4f3d92d2001859047cd8cabb9ab.5986b72f22.wbe@email07.europe.secureserver.net> From: "Vladimir Dzhuvinov / NimbusDS" To: "jose@ietf.org" Date: Fri, 30 Mar 2012 13:01:45 -0700 Mime-Version: 1.0 Subject: Re: [jose] =?utf-8?q?Integrity_algorithm_in_JWE=3A_HMAC_only_or_any_s?= =?utf-8?q?ignature_JWA=3F?= X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 20:01:55 -0000 Cheers Mike, I can get back to coding now :)=0A=0AVladimir=0A=0A--=0AVladim= ir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com=0A=0A=0A=0A=0A=0A--= ------ Original Message --------=0ASubject: Re: [jose] Integrity algorithm = in JWE: HMAC only or any=0Asignature JWA?=0AFrom: Mike Jones =0ADate: Fri, March 30, 2012 12:29 pm=0ATo: Vladimir Dzhuvin= ov / NimbusDS ,=0A"jose@ietf.org" =0A= =0A=0AThe intent was to always use an HMAC algorithm for the integrity chec= k.=0AThanks for pointing out the need to clarify 4.1.=0A=0A -- Mike=0A=0A--= ---Original Message-----=0AFrom: jose-bounces@ietf.org [mailto:jose-bounces= @ietf.org] On Behalf Of=0AVladimir Dzhuvinov / NimbusDS=0ASent: Friday, Mar= ch 30, 2012 12:47 AM=0ATo: jose@ietf.org=0ASubject: [jose] Integrity algori= thm in JWE: HMAC only or any signature=0AJWA?=0A=0AHi guys,=0A=0AToday I st= arted rewriting the JWE library code according to the latest=0Ahttp://tools= .ietf.org/html/draft-ietf-jose-json-web-encryption-01=0A=0AI noticed that i= n this particular draft integrity was introduced but I'm=0Anot sure about t= he algorithm scope:=0A=0ASection 2 /Terminology/ says that HMAC is used to = ensure the integrity=0Aof the ciphertext and the parameters used to create = it.=0A=0ASection 4.1 /Reserved Parameter Names/ implies that any signature = JWA=0Acombination may be used.=0A=0AAdvise please :)=0A=0AVladimir=0A=0A=0A= --=0AVladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com=0A=0A___= ____________________________________________=0Ajose mailing list=0Ajose@iet= f.org=0Ahttps://www.ietf.org/mailman/listinfo/jose=0A=0A=0A________________= _______________________________=0Ajose mailing list=0Ajose@ietf.org=0Ahttps= ://www.ietf.org/mailman/listinfo/jose=0A From vladimir@nimbusds.com Sat Mar 31 12:47:52 2012 Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401FF21F8638 for ; Sat, 31 Mar 2012 12:47:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.24 X-Spam-Level: X-Spam-Status: No, score=-1.24 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185, SARE_SUB_ENC_UTF8=0.152] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3AC5C+zl7RbF for ; Sat, 31 Mar 2012 12:47:51 -0700 (PDT) Received: from n1plwbeout07-02.prod.ams1.secureserver.net (n1plsmtp07-02-02.prod.ams1.secureserver.net [188.121.52.107]) by ietfa.amsl.com (Postfix) with SMTP id 6112421F8624 for ; Sat, 31 Mar 2012 12:47:51 -0700 (PDT) Received: (qmail 10336 invoked from network); 31 Mar 2012 19:47:49 -0000 Received: from unknown (HELO localhost) (188.121.52.245) by n1plwbeout07-02.prod.ams1.secureserver.net with SMTP; 31 Mar 2012 19:47:49 -0000 Received: (qmail 26530 invoked by uid 99); 31 Mar 2012 19:47:49 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Originating-IP: 77.85.84.246 User-Agent: Workspace Webmail 5.6.15 Message-Id: <20120331124748.cc40c4f3d92d2001859047cd8cabb9ab.5135826b7b.wbe@email07.europe.secureserver.net> From: "Vladimir Dzhuvinov / NimbusDS" To: jose@ietf.org Date: Sat, 31 Mar 2012 12:47:48 -0700 Mime-Version: 1.0 Subject: [jose] =?utf-8?q?JWA_-_list_encryption_algorithms_requiring_integ?= =?utf-8?q?rity=3F?= X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Mar 2012 19:47:52 -0000 Hey guys,=0A=0AJust a small suggestion regarding the JSON Web Algorithms (J= WA) spec: it=0Acould be useful to list which encryption algorithms require = the=0Aadditional integrity protection. =0A=0A=0AVladimir=0A=0A--=0AVladimir= Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com=0A