| < draft-ietf-jose-json-web-key-03.txt | draft-ietf-jose-json-web-key-04.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track July 6, 2012 | Intended status: Standards Track July 16, 2012 | |||
| Expires: January 7, 2013 | Expires: January 17, 2013 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-03 | draft-ietf-jose-json-web-key-04 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| structure that represents a public key. This specification also | structure that represents a public key. This specification also | |||
| defines a JSON Web Key Set (JWK Set) JSON data structure for | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| representing a set of JWKs. Cryptographic algorithms and identifiers | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) specification. | Web Algorithms (JWA) specification. | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 7, 2013. | This Internet-Draft will expire on January 17, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 25 ¶ | skipping to change at page 2, line 25 ¶ | |||
| 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | |||
| 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 6 | 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 6 | |||
| 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . 6 | 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . 6 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 7 | 6.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 7 | |||
| 6.1.1. Registration Template . . . . . . . . . . . . . . . . 7 | 6.1.1. Registration Template . . . . . . . . . . . . . . . . 7 | |||
| 6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 7 | 6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 7 | |||
| 6.2. JSON Web Key Set Parameters Registry . . . . . . . . . . . 8 | 6.2. JSON Web Key Set Parameters Registry . . . . . . . . . . . 8 | |||
| 6.2.1. Registration Template . . . . . . . . . . . . . . . . 8 | 6.2.1. Registration Template . . . . . . . . . . . . . . . . 8 | |||
| 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 8 | 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 8 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 8. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 9 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix B. Document History . . . . . . . . . . . . . . . . . . 10 | Appendix B. Document History . . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] | |||
| data structure that represents a public key. This specification also | data structure that represents a public key. This specification also | |||
| defines a JSON Web Key Set (JWK Set) JSON data structure for | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| representing a set of JWKs. Cryptographic algorithms and identifiers | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) [JWA] specification. | Web Algorithms (JWA) [JWA] specification. | |||
| skipping to change at page 3, line 36 ¶ | skipping to change at page 3, line 36 ¶ | |||
| RFCs to Indicate Requirement Levels [RFC2119]. | RFCs to Indicate Requirement Levels [RFC2119]. | |||
| 2. Terminology | 2. Terminology | |||
| JSON Web Key (JWK) A JSON data structure that represents a public | JSON Web Key (JWK) A JSON data structure that represents a public | |||
| key. | key. | |||
| JSON Web Key Set (JWK Set) A JSON object that contains an array of | JSON Web Key Set (JWK Set) A JSON object that contains an array of | |||
| JWKs as a member. | JWKs as a member. | |||
| Base64url Encoding For the purposes of this specification, this term | Base64url Encoding The URL- and filename-safe Base64 encoding | |||
| always refers to the URL- and filename-safe Base64 encoding | ||||
| described in RFC 4648 [RFC4648], Section 5, with the (non URL- | described in RFC 4648 [RFC4648], Section 5, with the (non URL- | |||
| safe) '=' padding characters omitted, as permitted by Section 3.2. | safe) '=' padding characters omitted, as permitted by Section 3.2. | |||
| (See Appendix C of [JWS] for notes on implementing base64url | (See Appendix C of [JWS] for notes on implementing base64url | |||
| encoding without padding.) | encoding without padding.) | |||
| Collision Resistant Namespace A namespace that allows names to be | Collision Resistant Namespace A namespace that allows names to be | |||
| allocated in a manner such that they are highly unlikely to | allocated in a manner such that they are highly unlikely to | |||
| collide with other names. For instance, collision resistance can | collide with other names. For instance, collision resistance can | |||
| be achieved through administrative delegation of portions of the | be achieved through administrative delegation of portions of the | |||
| namespace or through use of collision-resistant name allocation | namespace or through use of collision-resistant name allocation | |||
| skipping to change at page 4, line 44 ¶ | skipping to change at page 4, line 43 ¶ | |||
| "kid":"2011-04-29"} | "kid":"2011-04-29"} | |||
| ] | ] | |||
| } | } | |||
| 4. JSON Web Key (JWK) Format | 4. JSON Web Key (JWK) Format | |||
| A JSON Web Key (JWK) is a JSON object containing specific members, as | A JSON Web Key (JWK) is a JSON object containing specific members, as | |||
| specified below. Those members that are common to all key types are | specified below. Those members that are common to all key types are | |||
| defined below. | defined below. | |||
| A JWK also requires members that are specific to the particular kind | In addition to the common parameters, each JWK will have members that | |||
| of key to represent the key parameters. See Section 5 of the JSON | are specific to the key being represented. These members represent | |||
| Web Algorithms (JWA) [JWA] specification for definitions of the | the parameters of the key. Section 5 of the JSON Web Algorithms | |||
| members specific to the kinds of keys defined there. | (JWA) [JWA] specification defines multiple kinds of public keys and | |||
| their associated members. | ||||
| The member names within a JWK MUST be unique; objects with duplicate | The member names within a JWK MUST be unique; objects with duplicate | |||
| member names MUST be rejected. | member names MUST be rejected. | |||
| Additional members MAY be present in the JWK. If present, they MUST | Additional members MAY be present in the JWK. If present, they MUST | |||
| be understood by implementations using them. Member names for | be understood by implementations using them. Member names used for | |||
| representing specific kinds of keys SHOULD either be registered in | representing key parameters for different kinds of keys need not be | |||
| the IANA JSON Web Key Parameters registry Section 6.1 or be URIs that | distinct. Member names SHOULD either be registered in the IANA JSON | |||
| contain a Collision Resistant Namespace. | Web Key Parameters registry Section 6.1 or be URIs that contain a | |||
| Collision Resistant Namespace. | ||||
| 4.1. "alg" (Algorithm Family) Parameter | 4.1. "alg" (Algorithm Family) Parameter | |||
| The "alg" (algorithm family) member identifies the cryptographic | The "alg" (algorithm family) member identifies the cryptographic | |||
| algorithm family used with the key. The "alg" value is case | algorithm family used with the key. "alg" values SHOULD either be | |||
| sensitive. Its value MUST be a string. | registered in the IANA JSON Web Key Algorithm Families registry [JWA] | |||
| or be a URI that contains a Collision Resistant Namespace. The "alg" | ||||
| value is a case sensitive string. | ||||
| A list of defined "alg" values is presented in Section 5.1 of the | A list of defined "alg" values can be found in the IANA JSON Web Key | |||
| JSON Web Algorithms (JWA) [JWA] specification. Additional members | Algorithm Families registry [JWA]; the initial contents of this | |||
| used with these "alg" values are defined in Sections 5.2 and 5.3 of | registry is the values defined in Section 5.1 of the JSON Web | |||
| the JSON Web Algorithms (JWA) [JWA] specification. "alg" values | Algorithms (JWA) [JWA] specification. | |||
| SHOULD either be registered in the IANA JSON Web Key Algorithm | ||||
| Families registry [JWA] or be a URI that contains a Collision | Additional members used with these "alg" values can be found in the | |||
| Resistant Namespace. | IANA JSON Web Key Parameters registry Section 6.1; the initial | |||
| contents of this registry is the values defined in Sections 5.2 and | ||||
| 5.3 of the JSON Web Algorithms (JWA) [JWA] specification. | ||||
| 4.2. "use" (Key Use) Parameter | 4.2. "use" (Key Use) Parameter | |||
| The "use" (key use) member identifies the intended use of the key. | The "use" (key use) member identifies the intended use of the key. | |||
| Values defined by this specification are: | Values defined by this specification are: | |||
| o "sig" (signature) | o "sig" (signature) | |||
| o "enc" (encryption) | o "enc" (encryption) | |||
| Other values MAY be used. The "use" value is case sensitive. Its | Other values MAY be used. The "use" value is a case sensitive | |||
| value MUST be a string. This member is OPTIONAL. | string. This member is OPTIONAL. | |||
| 4.3. "kid" (Key ID) Parameter | 4.3. "kid" (Key ID) Parameter | |||
| The "kid" (key ID) member can be used to match a specific key. This | The "kid" (key ID) member can be used to match a specific key. This | |||
| can be used, for instance, to choose among a set of keys within the | can be used, for instance, to choose among a set of keys within the | |||
| JWK during key rollover. The interpretation of the "kid" value is | JWK during key rollover. The interpretation of the "kid" value is | |||
| unspecified. Key ID values within a JWK Set need not be unique; for | unspecified. Key ID values within a JWK Set need not be unique. The | |||
| instance, in some contexts different keys using the same Key ID value | "kid" value is a case sensitive string. This member is OPTIONAL. | |||
| might be present, with the keys being disambiguated using other | ||||
| information, such as the "alg" or "use" values. The "kid" value is | ||||
| case sensitive. Its value MUST be a string. This member is | ||||
| OPTIONAL. | ||||
| When used with JWS or JWE, the "kid" value MAY be used to match a JWS | When used with JWS or JWE, the "kid" value MAY be used to match a JWS | |||
| or JWE "kid" header parameter value. | or JWE "kid" header parameter value. | |||
| In some contexts, different keys using the same Key ID value might be | ||||
| present, with the keys being disambiguated using other information, | ||||
| such as the "alg" or "use" values. For example, imagine "kid" values | ||||
| like "Current", "Upcoming", and "Deprecated", used for key rollover | ||||
| guidance. One could apply a label to all keys where the | ||||
| classification fits. If there are multiple "Current" keys, then in | ||||
| this example, they might be differentiated either by having different | ||||
| "alg" or "use" values, or some combination of both. As one example, | ||||
| there might only be one current RSA signing key and one current | ||||
| Elliptic Curve signing key, but both would be "Current". | ||||
| 5. JSON Web Key Set (JWK Set) Format | 5. JSON Web Key Set (JWK Set) Format | |||
| A JSON Web Key Set (JWK Set) is a JSON object that contains an array | A JSON Web Key Set (JWK Set) is a JSON object that contains an array | |||
| of JSON Web Key values as the value of its "keys" member. | of JSON Web Key values as the value of its "keys" member. | |||
| The member names within a JWK Set MUST be unique; objects with | The member names within a JWK Set MUST be unique; objects with | |||
| duplicate member names MUST be rejected. | duplicate member names MUST be rejected. | |||
| Additional members MAY be present in the JWK Set. If present, they | Additional members MAY be present in the JWK Set. If present, they | |||
| MUST be understood by implementations using them. Parameters for | MUST be understood by implementations using them. Parameters for | |||
| skipping to change at page 7, line 16 ¶ | skipping to change at page 7, line 30 ¶ | |||
| This specification establishes the IANA JSON Web Key Parameters | This specification establishes the IANA JSON Web Key Parameters | |||
| registry for reserved JWK parameter names. The registry records the | registry for reserved JWK parameter names. The registry records the | |||
| reserved parameter name and a reference to the specification that | reserved parameter name and a reference to the specification that | |||
| defines it. This specification registers the parameter names defined | defines it. This specification registers the parameter names defined | |||
| in Section 4. | in Section 4. | |||
| 6.1.1. Registration Template | 6.1.1. Registration Template | |||
| Parameter Name: | Parameter Name: | |||
| The name requested (e.g., "example"). | The name requested (e.g., "example"). This name is case | |||
| sensitive. Names that match other registered names in a case | ||||
| insensitive manner SHOULD NOT be accepted. | ||||
| Change Controller: | Change Controller: | |||
| For standards-track RFCs, state "IETF". For others, give the name | For standards-track RFCs, state "IETF". For others, give the name | |||
| of the responsible party. Other details (e.g., postal address, | of the responsible party. Other details (e.g., postal address, | |||
| e-mail address, home page URI) may also be included. | e-mail address, home page URI) may also be included. | |||
| Specification Document(s): | Specification Document(s): | |||
| Reference to the document that specifies the parameter, preferably | Reference to the document that specifies the parameter, preferably | |||
| including a URI that can be used to retrieve a copy of the | including a URI that can be used to retrieve a copy of the | |||
| document. An indication of the relevant sections may also be | document. An indication of the relevant sections may also be | |||
| skipping to change at page 8, line 16 ¶ | skipping to change at page 8, line 29 ¶ | |||
| This specification establishes the IANA JSON Web Key Set Parameters | This specification establishes the IANA JSON Web Key Set Parameters | |||
| registry for reserved JWK Set parameter names. The registry records | registry for reserved JWK Set parameter names. The registry records | |||
| the reserved parameter name and a reference to the specification that | the reserved parameter name and a reference to the specification that | |||
| defines it. This specification registers the parameter names defined | defines it. This specification registers the parameter names defined | |||
| in Section 5. | in Section 5. | |||
| 6.2.1. Registration Template | 6.2.1. Registration Template | |||
| Parameter Name: | Parameter Name: | |||
| The name requested (e.g., "example"). | The name requested (e.g., "example"). This name is case | |||
| sensitive. Names that match other registered names in a case | ||||
| insensitive manner SHOULD NOT be accepted. | ||||
| Change Controller: | Change Controller: | |||
| For standards-track RFCs, state "IETF". For others, give the name | For standards-track RFCs, state "IETF". For others, give the name | |||
| of the responsible party. Other details (e.g., postal address, | of the responsible party. Other details (e.g., postal address, | |||
| e-mail address, home page URI) may also be included. | e-mail address, home page URI) may also be included. | |||
| Specification Document(s): | Specification Document(s): | |||
| Reference to the document that specifies the parameter, preferably | Reference to the document that specifies the parameter, preferably | |||
| including a URI that can be used to retrieve a copy of the | including a URI that can be used to retrieve a copy of the | |||
| document. An indication of the relevant sections may also be | document. An indication of the relevant sections may also be | |||
| skipping to change at page 9, line 16 ¶ | skipping to change at page 9, line 32 ¶ | |||
| [W3C.CR-xmldsig-core2-20120124], about public key representations | [W3C.CR-xmldsig-core2-20120124], about public key representations | |||
| also apply to this specification, other than those that are XML | also apply to this specification, other than those that are XML | |||
| specific. | specific. | |||
| 8. Open Issues | 8. Open Issues | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| The following items remain to be considered or done in this draft: | The following items remain to be considered or done in this draft: | |||
| o (None at present) | o There was a request to define the key use value "both". This | |||
| would seem to be semantically redundant, since omitting a key use | ||||
| value effectively allows unconstrained use of the key. For what | ||||
| it's worth, omitting the use parameter is how XMLDSIG expresses | ||||
| the same thing, so we're currently parallel to XMLDSIG. | ||||
| Furthermore, legitimizing the use of a single key for both signing | ||||
| and encryption seems like it may be a bad idea, since there's a | ||||
| potential vulnerability with using the same key for both signing | ||||
| and encryption. | ||||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", July 2012. | [JWA] Jones, M., "JSON Web Algorithms (JWA)", July 2012. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC4627] Crockford, D., "The application/json Media Type for | [RFC4627] Crockford, D., "The application/json Media Type for | |||
| JavaScript Object Notation (JSON)", RFC 4627, July 2006. | JavaScript Object Notation (JSON)", RFC 4627, July 2006. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, October 2006. | Encodings", RFC 4648, October 2006. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | IANA Considerations Section in RFCs", BCP 26, RFC 5226, | |||
| May 2008. | May 2008. | |||
| [W3C.CR-xmldsig-core2-20120124] | ||||
| Reagle, J., Hirsch, F., Cantor, S., Roessler, T., | ||||
| Eastlake, D., Yiu, K., Solo, D., and P. Datta, "XML | ||||
| Signature Syntax and Processing Version 2.0", World Wide | ||||
| Web Consortium CR CR-xmldsig-core2-20120124, January 2012, | ||||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | ||||
| 9.2. Informative References | 9.2. Informative References | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", July 2012. | Encryption (JWE)", July 2012. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", July 2012. | Signature (JWS)", July 2012. | |||
| [MagicSignatures] | [MagicSignatures] | |||
| Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | |||
| Signatures", January 2011. | Signatures", January 2011. | |||
| [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | |||
| Unique IDentifier (UUID) URN Namespace", RFC 4122, | Unique IDentifier (UUID) URN Namespace", RFC 4122, | |||
| July 2005. | July 2005. | |||
| [W3C.CR-xmldsig-core2-20120124] | ||||
| Reagle, J., Solo, D., Datta, P., Hirsch, F., Eastlake, D., | ||||
| Roessler, T., Cantor, S., and K. Yiu, "XML Signature | ||||
| Syntax and Processing Version 2.0", World Wide Web | ||||
| Consortium CR CR-xmldsig-core2-20120124, January 2012, | ||||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | ||||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| A JSON representation for RSA public keys was previously introduced | A JSON representation for RSA public keys was previously introduced | |||
| by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures | by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures | |||
| [MagicSignatures]. | [MagicSignatures]. | |||
| Appendix B. Document History | Appendix B. Document History | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| -04 | ||||
| o Refer to the registries as the primary sources of defined values | ||||
| and then secondarily reference the sections defining the initial | ||||
| contents of the registries. | ||||
| o Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124] | ||||
| for its security considerations. | ||||
| o Added this language to Registration Templates: "This name is case | ||||
| sensitive. Names that match other registered names in a case | ||||
| insensitive manner SHOULD NOT be accepted." | ||||
| o Described additional open issues. | ||||
| o Applied editorial suggestions. | ||||
| -03 | -03 | |||
| o Clarified that "kid" values need not be unique within a JWK Set. | o Clarified that "kid" values need not be unique within a JWK Set. | |||
| o Moved JSON Web Key Parameters registry to the JWK specification. | o Moved JSON Web Key Parameters registry to the JWK specification. | |||
| o Added "Collision Resistant Namespace" to the terminology section. | o Added "Collision Resistant Namespace" to the terminology section. | |||
| o Changed registration requirements from RFC Required to | o Changed registration requirements from RFC Required to | |||
| Specification Required with Expert Review. | Specification Required with Expert Review. | |||
| End of changes. 20 change blocks. | ||||
| 44 lines changed or deleted | 84 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||