IETF-86 Proceedings
Introduction | Area, Working Goup & BoF Reports | Plenaries | Training | Internet Research Task Force
Additional information is available at
Chair(s):Security Area Area Director(s):Security Area Advisor |
Javascript Object Notation (JSON) is a text format for the serialization
of structured data described in RFC 4627. The JSON format is often used
for serializing and transmitting structured data over a network
connection. With the increased usage of JSON in protocols in the IETF
and elsewhere, there is now a desire to offer security services such as
encryption, digital signatures, and message authentication codes (MACs)
for data that is being carried in JSON format.
Different proposals for providing such security services have already
been defined and implemented. This Working Group's task is to
standardize two security services, integrity protection (signature and
MAC) and encryption, in order to increase interoperability of security
features between protocols that use JSON. The Working Group will base
its work on well-known message security primitives (e.g., CMS), and will
solicit input from the rest of the IETF Security Area to be sure that
the security functionality in the JSON format is correct.
This group is chartered to work on four documents:
1) A Standards Track document specifying how to apply JSON-structured
integrity protection to data, including (but not limited to) JSON data
structures. "Integrity protection" includes public-key digital
signatures as well as symmetric-key MACs.
2) A Standards Track document specifying how to apply a JSON-structured
encryption to data, including (but not limited to) JSON data structures.
3) A Standards Track document specifying how to encode public keys as
JSON-structured objects.
4) A Standards Track document specifying mandatory-to-implement
algorithms for the other three documents.
The working group may decide to address one or more of these goals in a
single document, in which case the concrete milestones for
signing/encryption below will both be satisfied by the single document.