| < draft-ietf-jose-json-web-key-01.txt | draft-ietf-jose-json-web-key-02.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track March 12, 2012 | Intended status: Standards Track May 12, 2012 | |||
| Expires: September 13, 2012 | Expires: November 13, 2012 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-01 | draft-ietf-jose-json-web-key-02 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JSON data structure that represents a set | A JSON Web Key (JWK) is a JSON data structure that represents a | |||
| of public keys. | public key. This specification also defines a JSON Web Key Set (JWK | |||
| Set) JSON data structure for representing a set of JWKs. | ||||
| Cryptographic algorithms and identifiers used with this specification | ||||
| are enumerated in the separate JSON Web Algorithms (JWA) | ||||
| specification. | ||||
| Requirements Language | Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 13, 2012. | This Internet-Draft will expire on November 13, 2012. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. JSON Web Key (JWK) Overview . . . . . . . . . . . . . . . . . . 3 | 3. Example JSON Web Key Set . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . 3 | 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. JWK Format . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4.1. "alg" (Algorithm Family) Parameter . . . . . . . . . . . . 4 | |||
| 4.1. JWK Container Object Format . . . . . . . . . . . . . . . . 4 | 4.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . . 5 | |||
| 4.2. JWK Key Object Format . . . . . . . . . . . . . . . . . . . 5 | 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | |||
| 4.2.1. JWK Key Object Members for Elliptic Curve Keys . . . . 5 | 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . . 5 | |||
| 4.2.2. JWK Key Object Members for RSA Keys . . . . . . . . . . 6 | 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . . 5 | |||
| 5. Base64url encoding as used by JWKs . . . . . . . . . . . . . . 7 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 | 6.1. JSON Web Key Set Parameters Registry . . . . . . . . . . . 6 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 | |||
| 8. Open Issues and Things To Be Done (TBD) . . . . . . . . . . . . 7 | 8. Open Issues and Things To Be Done (TBD) . . . . . . . . . . . . 6 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 6 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 7 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 8 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 7 | |||
| Appendix B. Document History . . . . . . . . . . . . . . . . . . . 8 | Appendix B. Document History . . . . . . . . . . . . . . . . . . . 7 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| A JSON Web Key (JWK) is a JSON data structure that represents a set | A JSON Web Key (JWK) is a JSON data structure that represents a | |||
| of public keys as a JSON object [RFC4627]. The JWK format is used to | public key as a JSON object [RFC4627]. This specification also | |||
| represent bare keys; representing certificate chains is an explicit | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| non-goal of this specification. JSON Web Keys are referenced in JSON | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| Web Signature (JWS) [JWS] using the "jku" (JSON Key URL) header | used with this specification are enumerated in the separate JSON Web | |||
| parameter and in JSON Web Encryption (JWE) [JWE] using the "jku" | Algorithms (JWA) [JWA] specification. | |||
| (JSON Key URL) and "epk" (Ephemeral Public Key) header parameters. | ||||
| 2. Terminology | Non-goals for this specification include representing private keys, | |||
| representing symmetric keys, representing certificate chains, | ||||
| representing certified keys, and replacing X.509 certificates. | ||||
| JSON Web Key (JWK) A JSON data structure that represents a set of | JWKs are used in the JSON Web Signature (JWS) [JWS] "jwk" (JSON Web | |||
| public keys. A JWK consists of a single JWK Container Object that | Key) header parameter and the JSON Web Encryption (JWE) [JWE] "jwk" | |||
| contains an array of JWK Key Objects. | (JSON Web Key) and "epk" (Ephemeral Public Key) header parameters. | |||
| The resources referenced by the JWS "jku" (JWK Set URL) and JWE "jku" | ||||
| (JWK Set URL) header parameters contain JWK Sets. | ||||
| JWK Container Object A JSON object that contains an array of JWK Key | 2. Terminology | |||
| Objects as a member. | ||||
| JWK Key Object A JSON object that represents a single public key. | JSON Web Key (JWK) A JSON data structure that represents a public | |||
| key. | ||||
| JSON Web Key Set (JWK Set) A JSON object that contains an array of | ||||
| JWKs as a member. | ||||
| Base64url Encoding For the purposes of this specification, this term | Base64url Encoding For the purposes of this specification, this term | |||
| always refers to the URL- and filename-safe Base64 encoding | always refers to the URL- and filename-safe Base64 encoding | |||
| described in RFC 4648 [RFC4648], Section 5, with the (non URL- | described in RFC 4648 [RFC4648], Section 5, with the (non URL- | |||
| safe) '=' padding characters omitted, as permitted by Section 3.2. | safe) '=' padding characters omitted, as permitted by Section 3.2. | |||
| (See Appendix B of [JWS] for notes on implementing base64url | (See Appendix B of [JWS] for notes on implementing base64url | |||
| encoding without padding.) | encoding without padding.) | |||
| 3. JSON Web Key (JWK) Overview | 3. Example JSON Web Key Set | |||
| It is sometimes useful to be able to reference public key | ||||
| representations, for instance, in order to verify the digital | ||||
| signature on content signed with the corresponding private key. The | ||||
| JSON Web Key (JWK) data structure provides a convenient JSON | ||||
| representation for sets of public keys utilizing either the Elliptic | ||||
| Curve or RSA families of algorithms. | ||||
| 3.1. Example JWK | ||||
| The following example JWK contains two public keys: one using an | The following example JWK Set contains two public keys represented as | |||
| Elliptic Curve algorithm and a second one using an RSA algorithm. | JWKs: one using an Elliptic Curve algorithm and a second one using an | |||
| The first specifies that the key is to be used for encryption. Both | RSA algorithm. The first specifies that the key is to be used for | |||
| provide a Key ID for matching purposes. In both cases, integers are | encryption. Both provide a Key ID for key matching purposes. In | |||
| represented using the base64url encoding of their big endian | both cases, integers are represented using the base64url encoding of | |||
| representations. (Long lines are broken are for display purposes | their big endian representations. (Long lines are broken are for | |||
| only.) | display purposes only.) | |||
| {"jwk": | {"keys": | |||
| [ | [ | |||
| {"alg":"EC", | {"alg":"EC", | |||
| "crv":"P-256", | "crv":"P-256", | |||
| "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", | "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", | |||
| "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", | "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", | |||
| "use":"enc", | "use":"enc", | |||
| "kid":"1"}, | "kid":"1"}, | |||
| {"alg":"RSA", | {"alg":"RSA", | |||
| "mod": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx | "mod": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx | |||
| 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs | 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs | |||
| tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 | tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 | |||
| QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI | QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI | |||
| SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb | SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb | |||
| w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", | w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", | |||
| "exp":"AQAB", | "exp":"AQAB", | |||
| "kid":"2011-04-29"} | "kid":"2011-04-29"} | |||
| ] | ] | |||
| } | } | |||
| 4. JWK Format | 4. JSON Web Key (JWK) Format | |||
| A JWK consists of a JWK Container Object, which is a JSON object that | ||||
| contains an array of JWK Key Objects as a member. This section | ||||
| specifies the format of these objects. | ||||
| 4.1. JWK Container Object Format | ||||
| A JWK Container Object is a JSON object containing a specific member. | ||||
| This member is: | ||||
| +--------+----------+-----------------------------------------------+ | ||||
| | Member | JSON | Container Object Member Semantics | | ||||
| | Name | Value | | | ||||
| | | Type | | | ||||
| +--------+----------+-----------------------------------------------+ | ||||
| | jwk | array | The "jwk" member value contains an array of | | ||||
| | | | JWK Key Objects. This member is REQUIRED. | | ||||
| +--------+----------+-----------------------------------------------+ | ||||
| JWK Container Object Member | A JSON Web Key (JWK) is a JSON object containing specific members, as | |||
| specified below. Those members that are common to all key types are | ||||
| defined below. | ||||
| Additional members MAY be present in the JWK Container Object. If | JWKs also require members that are specific to the particular key | |||
| present, they MUST be understood by implementations using that JWK. | algorithm family to represent the key parameters. These algorithm | |||
| specific members are defined in Section 5 of the JSON Web Algorithms | ||||
| (JWA) [JWA] specification. | ||||
| 4.2. JWK Key Object Format | The member names within a JWK MUST be unique; objects with duplicate | |||
| member names MUST be rejected. | ||||
| A JWK Key Object is a JSON object containing specific members. Those | Additional members MAY be present in the JWK. If present, they MUST | |||
| members that are common to all key types are as follows: | be understood by implementations using them. Parameters for | |||
| representing keys for additional algorithm families or additional key | ||||
| properties SHOULD either be defined in the IANA JSON Web Key | ||||
| Parameters registry [JWA] or be a URI that contains a collision | ||||
| resistant namespace. | ||||
| +--------+--------+-------------------------------------------------+ | 4.1. "alg" (Algorithm Family) Parameter | |||
| | Member | JSON | Key Object Member Semantics | | ||||
| | Name | Value | | | ||||
| | | Type | | | ||||
| +--------+--------+-------------------------------------------------+ | ||||
| | alg | string | The "alg" member identifies the cryptographic | | ||||
| | | | algorithm family used with the key. Values | | ||||
| | | | defined by this specification are "EC" and | | ||||
| | | | "RSA". Specific additional members are | | ||||
| | | | required to represent the key, depending upon | | ||||
| | | | the "alg" value. The "alg" value is case | | ||||
| | | | sensitive. This member is REQUIRED. | | ||||
| | use | string | The "use" member identifies the intended use of | | ||||
| | | | the key. Values defined by this specification | | ||||
| | | | are "sig" (signature) and "enc" (encryption). | | ||||
| | | | Other values MAY be used. The "use" value is | | ||||
| | | | case sensitive. This member is OPTIONAL. | | ||||
| | kid | string | The "kid" (Key ID) member can be used to match | | ||||
| | | | a specific key. This can be used, for | | ||||
| | | | instance, to choose among a set of keys within | | ||||
| | | | the JWK during key rollover. The "kid" value | | ||||
| | | | MAY correspond to a JWS "kid" value. The | | ||||
| | | | interpretation of the "kid" value is | | ||||
| | | | unspecified. This member is OPTIONAL. | | ||||
| +--------+--------+-------------------------------------------------+ | ||||
| JWK Key Object Members | The "alg" (algorithm family) member identifies the cryptographic | |||
| algorithm family used with the key. A list of defined "alg" values | ||||
| is presented in Section 5.1 of the JSON Web Algorithms (JWA) [JWA] | ||||
| specification. Specific additional members are required to represent | ||||
| the key, depending upon the algorithm family. These members are | ||||
| specified in Section 5 of the JSON Web Algorithms (JWA) [JWA] | ||||
| specification. The "alg" value is case sensitive. Its value MUST be | ||||
| a string. | ||||
| Additional members MAY be present in the JWK Key Object. If present, | "alg" values SHOULD either be defined in the IANA JSON Web Key | |||
| they MUST be understood by implementations using that key. | Algorithm Families registry [JWA] or be a URI that contains a | |||
| collision resistant namespace. | ||||
| 4.2.1. JWK Key Object Members for Elliptic Curve Keys | 4.2. "use" (Key Use) Parameter | |||
| JWKs can represent Elliptic Curve [FIPS.186-3] keys. In this case, | The "use" (key use) member identifies the intended use of the key. | |||
| the "alg" member value MUST be "EC". Furthermore, these additional | Values defined by this specification are "sig" (signature) and "enc" | |||
| members MUST be present: | (encryption). Other values MAY be used. The "use" value is case | |||
| sensitive. Its value MUST be a string. This member is OPTIONAL. | ||||
| +--------+--------+-------------------------------------------------+ | 4.3. "kid" (Key ID) Parameter | |||
| | Member | JSON | Key Object Member Semantics | | ||||
| | Name | Value | | | ||||
| | | Type | | | ||||
| +--------+--------+-------------------------------------------------+ | ||||
| | crv | string | The "crv" member identifies the cryptographic | | ||||
| | | | curve used with the key. Values defined by | | ||||
| | | | this specification are "P-256", "P-384" and | | ||||
| | | | "P-521". Additional "crv" values MAY be used, | | ||||
| | | | provided they are understood by implementations | | ||||
| | | | using that Elliptic Curve key. The "crv" value | | ||||
| | | | is case sensitive. | | ||||
| | x | string | The "x" member contains the x coordinate for | | ||||
| | | | the elliptic curve point. It is represented as | | ||||
| | | | the base64url encoding of the coordinate's big | | ||||
| | | | endian representation. | | ||||
| | y | string | The "y" member contains the y coordinate for | | ||||
| | | | the elliptic curve point. It is represented as | | ||||
| | | | the base64url encoding of the coordinate's big | | ||||
| | | | endian representation. | | ||||
| +--------+--------+-------------------------------------------------+ | ||||
| Members for Elliptic Curve Keys | The "kid" (key ID) member can be used to match a specific key. This | |||
| can be used, for instance, to choose among a set of keys within the | ||||
| JWK during key rollover. When used with JWS or JWE, the "kid" value | ||||
| MAY be used to match a JWS or JWE "kid" header parameter value. The | ||||
| interpretation of the "kid" value is unspecified. Its value MUST be | ||||
| a string. This member is OPTIONAL. | ||||
| 4.2.2. JWK Key Object Members for RSA Keys | 5. JSON Web Key Set (JWK Set) Format | |||
| JWKs can represent RSA [RFC3447] keys. In this case, the "alg" | A JSON Web Key Set (JWK Set) is a JSON object that contains an array | |||
| member value MUST be "RSA". Furthermore, these additional members | of JSON Web Key values as the value of its "keys" member. | |||
| MUST be present: | ||||
| +--------+--------+-------------------------------------------------+ | The member names within a JWK Set MUST be unique; objects with | |||
| | Member | JSON | Key Object Member Semantics | | duplicate member names MUST be rejected. | |||
| | Name | Value | | | ||||
| | | Type | | | ||||
| +--------+--------+-------------------------------------------------+ | ||||
| | mod | string | The "mod" member contains the modulus value for | | ||||
| | | | the RSA public key. It is represented as the | | ||||
| | | | base64url encoding of the value's big endian | | ||||
| | | | representation. | | ||||
| | exp | string | The "exp" member contains the exponent value | | ||||
| | | | for the RSA public key. It is represented as | | ||||
| | | | the base64url encoding of the value's big | | ||||
| | | | endian representation. | | ||||
| +--------+--------+-------------------------------------------------+ | ||||
| Members for RSA Keys | Additional members MAY be present in the JWK Set. If present, they | |||
| MUST be understood by implementations using them. Parameters for | ||||
| representing additional properties of JWK Sets SHOULD either be | ||||
| defined in the IANA JSON Web Key Set Parameters registry Section 6.1 | ||||
| or be a URI that contains a collision resistant namespace. | ||||
| 5. Base64url encoding as used by JWKs | 5.1. "keys" (JSON Web Key Set) Parameter | |||
| JWKs make use of the base64url encoding as defined in RFC 4648 | The value of the "keys" (JSON Web Key Set) member is an array of JSON | |||
| [RFC4648]. As allowed by Section 3.2 of the RFC, this specification | Web Key (JWK) values. This member is REQUIRED. | |||
| mandates that base64url encoding when used with JWKs MUST NOT use | ||||
| padding. Notes on implementing base64url encoding can be found in | ||||
| the JWS [JWS] specification. | ||||
| 6. IANA Considerations | 6. IANA Considerations | |||
| No IANA actions are required by this specification. | 6.1. JSON Web Key Set Parameters Registry | |||
| This specification establishes the IANA JSON Web Key Set Parameters | ||||
| registry for reserved JWK Set parameter names. Inclusion in the | ||||
| registry is RFC Required in the RFC 5226 [RFC5226] sense. The | ||||
| registry records the reserved parameter name and a reference to the | ||||
| RFC that defines it. This specification registers the parameter | ||||
| names defined in Section 5. | ||||
| 7. Security Considerations | 7. Security Considerations | |||
| TBD | A key is no more trustworthy than the method by which it was | |||
| received. | ||||
| The security considerations in XML DSIG 2.0 | ||||
| [W3C.CR-xmldsig-core2-20120124], about public key representations | ||||
| also apply to this specification, other than those that are XML | ||||
| specific. | ||||
| 8. Open Issues and Things To Be Done (TBD) | 8. Open Issues and Things To Be Done (TBD) | |||
| The following items remain to be done in this draft: | The following items remain to be done in this draft: | |||
| o Consider how additional key families would be added. | o (None at present) | |||
| o Write the Security Considerations section. | ||||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [FIPS.186-3] | [JWA] Jones, M., "JSON Web Algorithms (JWA)", May 2012. | |||
| National Institute of Standards and Technology, "Digital | ||||
| Signature Standard (DSS)", FIPS PUB 186-3, June 2009. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | ||||
| Standards (PKCS) #1: RSA Cryptography Specifications | ||||
| Version 2.1", RFC 3447, February 2003. | ||||
| [RFC4627] Crockford, D., "The application/json Media Type for | [RFC4627] Crockford, D., "The application/json Media Type for | |||
| JavaScript Object Notation (JSON)", RFC 4627, July 2006. | JavaScript Object Notation (JSON)", RFC 4627, July 2006. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, October 2006. | Encodings", RFC 4648, October 2006. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | ||||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | ||||
| May 2008. | ||||
| 9.2. Informative References | 9.2. Informative References | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", March 2012. | Encryption (JWE)", May 2012. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", March 2012. | Signature (JWS)", May 2012. | |||
| [MagicSignatures] | [MagicSignatures] | |||
| Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | |||
| Signatures", January 2011. | Signatures", January 2011. | |||
| [W3C.CR-xmldsig-core2-20120124] | ||||
| Eastlake, D., Reagle, J., Yiu, K., Solo, D., Datta, P., | ||||
| Hirsch, F., Cantor, S., and T. Roessler, "XML Signature | ||||
| Syntax and Processing Version 2.0", World Wide Web | ||||
| Consortium CR CR-xmldsig-core2-20120124, January 2012, | ||||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | ||||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| A JSON representation for RSA public keys was previously introduced | A JSON representation for RSA public keys was previously introduced | |||
| in Magic Signatures [MagicSignatures]. | in Magic Signatures [MagicSignatures]. | |||
| Appendix B. Document History | Appendix B. Document History | |||
| -02 | ||||
| o Simplified JWK terminology to get replace the "JWK Key Object" and | ||||
| "JWK Container Object" terms with simply "JSON Web Key (JWK)" and | ||||
| "JSON Web Key Set (JWK Set)" and to eliminate potential confusion | ||||
| between single keys and sets of keys. As part of this change, the | ||||
| top-level member name for a set of keys was changed from "jwk" to | ||||
| "keys". | ||||
| o Clarified that values with duplicate member names MUST be | ||||
| rejected. | ||||
| o Established JSON Web Key Set Parameters registry. | ||||
| o Explicitly listed non-goals in the introduction. | ||||
| o Moved algorithm-specific definitions from JWK to JWA. | ||||
| o Reformatted to give each member definition its own section | ||||
| heading. | ||||
| -01 | -01 | |||
| o Corrected the Magic Signatures reference. | o Corrected the Magic Signatures reference. | |||
| -00 | -00 | |||
| o Created the initial IETF draft based upon | o Created the initial IETF draft based upon | |||
| draft-jones-json-web-key-03 with no normative changes. | draft-jones-json-web-key-03 with no normative changes. | |||
| Author's Address | Author's Address | |||
| End of changes. 40 change blocks. | ||||
| 172 lines changed or deleted | 159 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||