| < draft-ietf-jose-json-web-key-02.txt | draft-ietf-jose-json-web-key-03.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track May 12, 2012 | Intended status: Standards Track July 6, 2012 | |||
| Expires: November 13, 2012 | Expires: January 7, 2013 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-02 | draft-ietf-jose-json-web-key-03 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JSON data structure that represents a | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| public key. This specification also defines a JSON Web Key Set (JWK | structure that represents a public key. This specification also | |||
| Set) JSON data structure for representing a set of JWKs. | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| Cryptographic algorithms and identifiers used with this specification | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| are enumerated in the separate JSON Web Algorithms (JWA) | for use with this specification are described in the separate JSON | |||
| specification. | Web Algorithms (JWA) specification. | |||
| Requirements Language | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 13, 2012. | This Internet-Draft will expire on January 7, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Example JSON Web Key Set . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . . 4 | 3. Example JSON Web Key Set . . . . . . . . . . . . . . . . . . . 4 | |||
| 4.1. "alg" (Algorithm Family) Parameter . . . . . . . . . . . . 4 | 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 4 | |||
| 4.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . . 5 | 4.1. "alg" (Algorithm Family) Parameter . . . . . . . . . . . . 5 | |||
| 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | 4.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . 5 | |||
| 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . . 5 | 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | |||
| 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . . 5 | 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 6 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 | 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . 6 | |||
| 6.1. JSON Web Key Set Parameters Registry . . . . . . . . . . . 6 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 | 6.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 7 | |||
| 8. Open Issues and Things To Be Done (TBD) . . . . . . . . . . . . 6 | 6.1.1. Registration Template . . . . . . . . . . . . . . . . 7 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 7 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 6 | 6.2. JSON Web Key Set Parameters Registry . . . . . . . . . . . 8 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 7 | 6.2.1. Registration Template . . . . . . . . . . . . . . . . 8 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 7 | 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 8 | |||
| Appendix B. Document History . . . . . . . . . . . . . . . . . . . 7 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 8. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | ||||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | ||||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 9 | ||||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 | ||||
| Appendix B. Document History . . . . . . . . . . . . . . . . . . 10 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 | ||||
| 1. Introduction | 1. Introduction | |||
| A JSON Web Key (JWK) is a JSON data structure that represents a | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] | |||
| public key as a JSON object [RFC4627]. This specification also | data structure that represents a public key. This specification also | |||
| defines a JSON Web Key Set (JWK Set) JSON data structure for | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| representing a set of JWKs. Cryptographic algorithms and identifiers | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| used with this specification are enumerated in the separate JSON Web | for use with this specification are described in the separate JSON | |||
| Algorithms (JWA) [JWA] specification. | Web Algorithms (JWA) [JWA] specification. | |||
| Non-goals for this specification include representing private keys, | Goals for this specification do not include representing private | |||
| representing symmetric keys, representing certificate chains, | keys, representing symmetric keys, representing certificate chains, | |||
| representing certified keys, and replacing X.509 certificates. | representing certified keys, and replacing X.509 certificates. | |||
| JWKs are used in the JSON Web Signature (JWS) [JWS] "jwk" (JSON Web | JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and | |||
| Key) header parameter and the JSON Web Encryption (JWE) [JWE] "jwk" | JSON Web Encryption (JWE) [JWE] specifications. | |||
| (JSON Web Key) and "epk" (Ephemeral Public Key) header parameters. | ||||
| The resources referenced by the JWS "jku" (JWK Set URL) and JWE "jku" | 1.1. Notational Conventions | |||
| (JWK Set URL) header parameters contain JWK Sets. | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||||
| document are to be interpreted as described in Key words for use in | ||||
| RFCs to Indicate Requirement Levels [RFC2119]. | ||||
| 2. Terminology | 2. Terminology | |||
| JSON Web Key (JWK) A JSON data structure that represents a public | JSON Web Key (JWK) A JSON data structure that represents a public | |||
| key. | key. | |||
| JSON Web Key Set (JWK Set) A JSON object that contains an array of | JSON Web Key Set (JWK Set) A JSON object that contains an array of | |||
| JWKs as a member. | JWKs as a member. | |||
| Base64url Encoding For the purposes of this specification, this term | Base64url Encoding For the purposes of this specification, this term | |||
| always refers to the URL- and filename-safe Base64 encoding | always refers to the URL- and filename-safe Base64 encoding | |||
| described in RFC 4648 [RFC4648], Section 5, with the (non URL- | described in RFC 4648 [RFC4648], Section 5, with the (non URL- | |||
| safe) '=' padding characters omitted, as permitted by Section 3.2. | safe) '=' padding characters omitted, as permitted by Section 3.2. | |||
| (See Appendix B of [JWS] for notes on implementing base64url | (See Appendix C of [JWS] for notes on implementing base64url | |||
| encoding without padding.) | encoding without padding.) | |||
| Collision Resistant Namespace A namespace that allows names to be | ||||
| allocated in a manner such that they are highly unlikely to | ||||
| collide with other names. For instance, collision resistance can | ||||
| be achieved through administrative delegation of portions of the | ||||
| namespace or through use of collision-resistant name allocation | ||||
| functions. Examples of Collision Resistant Namespaces include: | ||||
| Domain Names, Object Identifiers (OIDs) as defined in the ITU-T | ||||
| X.660 and X.670 Recommendation series, and Universally Unique | ||||
| IDentifiers (UUIDs) [RFC4122]. When using an administratively | ||||
| delegated namespace, the definer of a name needs to take | ||||
| reasonable precautions to ensure they are in control of the | ||||
| portion of the namespace they use to define the name. | ||||
| 3. Example JSON Web Key Set | 3. Example JSON Web Key Set | |||
| The following example JWK Set contains two public keys represented as | The following example JWK Set contains two public keys represented as | |||
| JWKs: one using an Elliptic Curve algorithm and a second one using an | JWKs: one using an Elliptic Curve algorithm and a second one using an | |||
| RSA algorithm. The first specifies that the key is to be used for | RSA algorithm. The first specifies that the key is to be used for | |||
| encryption. Both provide a Key ID for key matching purposes. In | encryption. Both provide a Key ID for key matching purposes. In | |||
| both cases, integers are represented using the base64url encoding of | both cases, integers are represented using the base64url encoding of | |||
| their big endian representations. (Long lines are broken are for | their big endian representations. (Long lines are broken are for | |||
| display purposes only.) | display purposes only.) | |||
| {"keys": | {"keys": | |||
| skipping to change at page 4, line 31 ¶ | skipping to change at page 4, line 44 ¶ | |||
| "kid":"2011-04-29"} | "kid":"2011-04-29"} | |||
| ] | ] | |||
| } | } | |||
| 4. JSON Web Key (JWK) Format | 4. JSON Web Key (JWK) Format | |||
| A JSON Web Key (JWK) is a JSON object containing specific members, as | A JSON Web Key (JWK) is a JSON object containing specific members, as | |||
| specified below. Those members that are common to all key types are | specified below. Those members that are common to all key types are | |||
| defined below. | defined below. | |||
| JWKs also require members that are specific to the particular key | A JWK also requires members that are specific to the particular kind | |||
| algorithm family to represent the key parameters. These algorithm | of key to represent the key parameters. See Section 5 of the JSON | |||
| specific members are defined in Section 5 of the JSON Web Algorithms | Web Algorithms (JWA) [JWA] specification for definitions of the | |||
| (JWA) [JWA] specification. | members specific to the kinds of keys defined there. | |||
| The member names within a JWK MUST be unique; objects with duplicate | The member names within a JWK MUST be unique; objects with duplicate | |||
| member names MUST be rejected. | member names MUST be rejected. | |||
| Additional members MAY be present in the JWK. If present, they MUST | Additional members MAY be present in the JWK. If present, they MUST | |||
| be understood by implementations using them. Parameters for | be understood by implementations using them. Member names for | |||
| representing keys for additional algorithm families or additional key | representing specific kinds of keys SHOULD either be registered in | |||
| properties SHOULD either be defined in the IANA JSON Web Key | the IANA JSON Web Key Parameters registry Section 6.1 or be URIs that | |||
| Parameters registry [JWA] or be a URI that contains a collision | contain a Collision Resistant Namespace. | |||
| resistant namespace. | ||||
| 4.1. "alg" (Algorithm Family) Parameter | 4.1. "alg" (Algorithm Family) Parameter | |||
| The "alg" (algorithm family) member identifies the cryptographic | The "alg" (algorithm family) member identifies the cryptographic | |||
| algorithm family used with the key. A list of defined "alg" values | algorithm family used with the key. The "alg" value is case | |||
| is presented in Section 5.1 of the JSON Web Algorithms (JWA) [JWA] | sensitive. Its value MUST be a string. | |||
| specification. Specific additional members are required to represent | ||||
| the key, depending upon the algorithm family. These members are | ||||
| specified in Section 5 of the JSON Web Algorithms (JWA) [JWA] | ||||
| specification. The "alg" value is case sensitive. Its value MUST be | ||||
| a string. | ||||
| "alg" values SHOULD either be defined in the IANA JSON Web Key | A list of defined "alg" values is presented in Section 5.1 of the | |||
| Algorithm Families registry [JWA] or be a URI that contains a | JSON Web Algorithms (JWA) [JWA] specification. Additional members | |||
| collision resistant namespace. | used with these "alg" values are defined in Sections 5.2 and 5.3 of | |||
| the JSON Web Algorithms (JWA) [JWA] specification. "alg" values | ||||
| SHOULD either be registered in the IANA JSON Web Key Algorithm | ||||
| Families registry [JWA] or be a URI that contains a Collision | ||||
| Resistant Namespace. | ||||
| 4.2. "use" (Key Use) Parameter | 4.2. "use" (Key Use) Parameter | |||
| The "use" (key use) member identifies the intended use of the key. | The "use" (key use) member identifies the intended use of the key. | |||
| Values defined by this specification are "sig" (signature) and "enc" | Values defined by this specification are: | |||
| (encryption). Other values MAY be used. The "use" value is case | ||||
| sensitive. Its value MUST be a string. This member is OPTIONAL. | o "sig" (signature) | |||
| o "enc" (encryption) | ||||
| Other values MAY be used. The "use" value is case sensitive. Its | ||||
| value MUST be a string. This member is OPTIONAL. | ||||
| 4.3. "kid" (Key ID) Parameter | 4.3. "kid" (Key ID) Parameter | |||
| The "kid" (key ID) member can be used to match a specific key. This | The "kid" (key ID) member can be used to match a specific key. This | |||
| can be used, for instance, to choose among a set of keys within the | can be used, for instance, to choose among a set of keys within the | |||
| JWK during key rollover. When used with JWS or JWE, the "kid" value | JWK during key rollover. The interpretation of the "kid" value is | |||
| MAY be used to match a JWS or JWE "kid" header parameter value. The | unspecified. Key ID values within a JWK Set need not be unique; for | |||
| interpretation of the "kid" value is unspecified. Its value MUST be | instance, in some contexts different keys using the same Key ID value | |||
| a string. This member is OPTIONAL. | might be present, with the keys being disambiguated using other | |||
| information, such as the "alg" or "use" values. The "kid" value is | ||||
| case sensitive. Its value MUST be a string. This member is | ||||
| OPTIONAL. | ||||
| When used with JWS or JWE, the "kid" value MAY be used to match a JWS | ||||
| or JWE "kid" header parameter value. | ||||
| 5. JSON Web Key Set (JWK Set) Format | 5. JSON Web Key Set (JWK Set) Format | |||
| A JSON Web Key Set (JWK Set) is a JSON object that contains an array | A JSON Web Key Set (JWK Set) is a JSON object that contains an array | |||
| of JSON Web Key values as the value of its "keys" member. | of JSON Web Key values as the value of its "keys" member. | |||
| The member names within a JWK Set MUST be unique; objects with | The member names within a JWK Set MUST be unique; objects with | |||
| duplicate member names MUST be rejected. | duplicate member names MUST be rejected. | |||
| Additional members MAY be present in the JWK Set. If present, they | Additional members MAY be present in the JWK Set. If present, they | |||
| MUST be understood by implementations using them. Parameters for | MUST be understood by implementations using them. Parameters for | |||
| representing additional properties of JWK Sets SHOULD either be | representing additional properties of JWK Sets SHOULD either be | |||
| defined in the IANA JSON Web Key Set Parameters registry Section 6.1 | registered in the IANA JSON Web Key Set Parameters registry | |||
| or be a URI that contains a collision resistant namespace. | Section 6.2 or be a URI that contains a Collision Resistant | |||
| Namespace. | ||||
| 5.1. "keys" (JSON Web Key Set) Parameter | 5.1. "keys" (JSON Web Key Set) Parameter | |||
| The value of the "keys" (JSON Web Key Set) member is an array of JSON | The value of the "keys" (JSON Web Key Set) member is an array of JSON | |||
| Web Key (JWK) values. This member is REQUIRED. | Web Key (JWK) values. This member is REQUIRED. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| 6.1. JSON Web Key Set Parameters Registry | The following registration procedure is used for all the registries | |||
| established by this specification. | ||||
| Values are registered with a Specification Required [RFC5226] after a | ||||
| two week review period on the [TBD]@ietf.org mailing list, on the | ||||
| advice of one or more Designated Experts. However, to allow for the | ||||
| allocation of values prior to publication, the Designated Expert(s) | ||||
| may approve registration once they are satisfied that such a | ||||
| specification will be published. | ||||
| Registration requests must be sent to the [TBD]@ietf.org mailing list | ||||
| for review and comment, with an appropriate subject (e.g., "Request | ||||
| for access token type: example"). [[ Note to RFC-EDITOR: The name of | ||||
| the mailing list should be determined in consultation with the IESG | ||||
| and IANA. Suggested name: jose-reg-review. ]] | ||||
| Within the review period, the Designated Expert(s) will either | ||||
| approve or deny the registration request, communicating this decision | ||||
| to the review list and IANA. Denials should include an explanation | ||||
| and, if applicable, suggestions as to how to make the request | ||||
| successful. | ||||
| IANA must only accept registry updates from the Designated Expert(s), | ||||
| and should direct all requests for registration to the review mailing | ||||
| list. | ||||
| 6.1. JSON Web Key Parameters Registry | ||||
| This specification establishes the IANA JSON Web Key Parameters | ||||
| registry for reserved JWK parameter names. The registry records the | ||||
| reserved parameter name and a reference to the specification that | ||||
| defines it. This specification registers the parameter names defined | ||||
| in Section 4. | ||||
| 6.1.1. Registration Template | ||||
| Parameter Name: | ||||
| The name requested (e.g., "example"). | ||||
| Change Controller: | ||||
| For standards-track RFCs, state "IETF". For others, give the name | ||||
| of the responsible party. Other details (e.g., postal address, | ||||
| e-mail address, home page URI) may also be included. | ||||
| Specification Document(s): | ||||
| Reference to the document that specifies the parameter, preferably | ||||
| including a URI that can be used to retrieve a copy of the | ||||
| document. An indication of the relevant sections may also be | ||||
| included, but is not required. | ||||
| 6.1.2. Initial Registry Contents | ||||
| o Parameter Name: "alg" | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 4.1 of [[ this document ]] | ||||
| o Parameter Name: "use" | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 4.2 of [[ this document ]] | ||||
| o Parameter Name: "kid" | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 4.3 of [[ this document ]] | ||||
| 6.2. JSON Web Key Set Parameters Registry | ||||
| This specification establishes the IANA JSON Web Key Set Parameters | This specification establishes the IANA JSON Web Key Set Parameters | |||
| registry for reserved JWK Set parameter names. Inclusion in the | registry for reserved JWK Set parameter names. The registry records | |||
| registry is RFC Required in the RFC 5226 [RFC5226] sense. The | the reserved parameter name and a reference to the specification that | |||
| registry records the reserved parameter name and a reference to the | defines it. This specification registers the parameter names defined | |||
| RFC that defines it. This specification registers the parameter | in Section 5. | |||
| names defined in Section 5. | ||||
| 6.2.1. Registration Template | ||||
| Parameter Name: | ||||
| The name requested (e.g., "example"). | ||||
| Change Controller: | ||||
| For standards-track RFCs, state "IETF". For others, give the name | ||||
| of the responsible party. Other details (e.g., postal address, | ||||
| e-mail address, home page URI) may also be included. | ||||
| Specification Document(s): | ||||
| Reference to the document that specifies the parameter, preferably | ||||
| including a URI that can be used to retrieve a copy of the | ||||
| document. An indication of the relevant sections may also be | ||||
| included, but is not required. | ||||
| 6.2.2. Initial Registry Contents | ||||
| o Parameter Name: "keys" | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 5.1 of [[ this document ]] | ||||
| 7. Security Considerations | 7. Security Considerations | |||
| All of the security issues faced by any cryptographic application | ||||
| must be faced by a JWS/JWE/JWK agent. Among these issues are | ||||
| protecting the user's private key, preventing various attacks, and | ||||
| helping the user avoid mistakes such as inadvertently encrypting a | ||||
| message for the wrong recipient. The entire list of security | ||||
| considerations is beyond the scope of this document, but some | ||||
| significant concerns are listed here. | ||||
| A key is no more trustworthy than the method by which it was | A key is no more trustworthy than the method by which it was | |||
| received. | received. | |||
| Per Section 4.3, applications should not assume that "kid" values are | ||||
| unique within a JWK Set. | ||||
| The security considerations in XML DSIG 2.0 | The security considerations in XML DSIG 2.0 | |||
| [W3C.CR-xmldsig-core2-20120124], about public key representations | [W3C.CR-xmldsig-core2-20120124], about public key representations | |||
| also apply to this specification, other than those that are XML | also apply to this specification, other than those that are XML | |||
| specific. | specific. | |||
| 8. Open Issues and Things To Be Done (TBD) | 8. Open Issues | |||
| The following items remain to be done in this draft: | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| The following items remain to be considered or done in this draft: | ||||
| o (None at present) | o (None at present) | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", May 2012. | [JWA] Jones, M., "JSON Web Algorithms (JWA)", July 2012. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC4627] Crockford, D., "The application/json Media Type for | [RFC4627] Crockford, D., "The application/json Media Type for | |||
| JavaScript Object Notation (JSON)", RFC 4627, July 2006. | JavaScript Object Notation (JSON)", RFC 4627, July 2006. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, October 2006. | Encodings", RFC 4648, October 2006. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | IANA Considerations Section in RFCs", BCP 26, RFC 5226, | |||
| May 2008. | May 2008. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", May 2012. | Encryption (JWE)", July 2012. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", May 2012. | Signature (JWS)", July 2012. | |||
| [MagicSignatures] | [MagicSignatures] | |||
| Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | |||
| Signatures", January 2011. | Signatures", January 2011. | |||
| [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | ||||
| Unique IDentifier (UUID) URN Namespace", RFC 4122, | ||||
| July 2005. | ||||
| [W3C.CR-xmldsig-core2-20120124] | [W3C.CR-xmldsig-core2-20120124] | |||
| Eastlake, D., Reagle, J., Yiu, K., Solo, D., Datta, P., | Reagle, J., Solo, D., Datta, P., Hirsch, F., Eastlake, D., | |||
| Hirsch, F., Cantor, S., and T. Roessler, "XML Signature | Roessler, T., Cantor, S., and K. Yiu, "XML Signature | |||
| Syntax and Processing Version 2.0", World Wide Web | Syntax and Processing Version 2.0", World Wide Web | |||
| Consortium CR CR-xmldsig-core2-20120124, January 2012, | Consortium CR CR-xmldsig-core2-20120124, January 2012, | |||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| A JSON representation for RSA public keys was previously introduced | A JSON representation for RSA public keys was previously introduced | |||
| in Magic Signatures [MagicSignatures]. | by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures | |||
| [MagicSignatures]. | ||||
| Appendix B. Document History | Appendix B. Document History | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | ||||
| -03 | ||||
| o Clarified that "kid" values need not be unique within a JWK Set. | ||||
| o Moved JSON Web Key Parameters registry to the JWK specification. | ||||
| o Added "Collision Resistant Namespace" to the terminology section. | ||||
| o Changed registration requirements from RFC Required to | ||||
| Specification Required with Expert Review. | ||||
| o Added Registration Template sections for defined registries. | ||||
| o Added Registry Contents sections to populate registry values. | ||||
| o Numerous editorial improvements. | ||||
| -02 | -02 | |||
| o Simplified JWK terminology to get replace the "JWK Key Object" and | o Simplified JWK terminology to get replace the "JWK Key Object" and | |||
| "JWK Container Object" terms with simply "JSON Web Key (JWK)" and | "JWK Container Object" terms with simply "JSON Web Key (JWK)" and | |||
| "JSON Web Key Set (JWK Set)" and to eliminate potential confusion | "JSON Web Key Set (JWK Set)" and to eliminate potential confusion | |||
| between single keys and sets of keys. As part of this change, the | between single keys and sets of keys. As part of this change, the | |||
| top-level member name for a set of keys was changed from "jwk" to | top-level member name for a set of keys was changed from "jwk" to | |||
| "keys". | "keys". | |||
| o Clarified that values with duplicate member names MUST be | o Clarified that values with duplicate member names MUST be | |||
| End of changes. 31 change blocks. | ||||
| 89 lines changed or deleted | 246 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||