| < draft-ietf-jose-json-web-key-06.txt | draft-ietf-jose-json-web-key-07.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track October 15, 2012 | Intended status: Standards Track November 6, 2012 | |||
| Expires: April 18, 2013 | Expires: May 10, 2013 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-06 | draft-ietf-jose-json-web-key-07 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| structure that represents a public key. This specification also | structure that represents a public key. This specification also | |||
| defines a JSON Web Key Set (JWK Set) JSON data structure for | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| representing a set of JWKs. Cryptographic algorithms and identifiers | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) specification. | Web Algorithms (JWA) specification. | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 18, 2013. | This Internet-Draft will expire on May 10, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 21 ¶ | skipping to change at page 2, line 21 ¶ | |||
| 3. Example JSON Web Key Set . . . . . . . . . . . . . . . . . . . 4 | 3. Example JSON Web Key Set . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 4 | 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 4 | |||
| 4.1. "alg" (Algorithm Family) Parameter . . . . . . . . . . . . 5 | 4.1. "alg" (Algorithm Family) Parameter . . . . . . . . . . . . 5 | |||
| 4.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . 5 | 4.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . 5 | |||
| 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | 4.3. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 5 | |||
| 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 6 | 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 6 | |||
| 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . 6 | 5.1. "keys" (JSON Web Key Set) Parameter . . . . . . . . . . . 6 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 7 | 6.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 7 | |||
| 6.1.1. Registration Template . . . . . . . . . . . . . . . . 7 | 6.1.1. Registration Template . . . . . . . . . . . . . . . . 7 | |||
| 6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 7 | 6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 8 | |||
| 6.2. JSON Web Key Set Parameters Registry . . . . . . . . . . . 8 | 6.2. JSON Web Key Set Parameters Registry . . . . . . . . . . . 8 | |||
| 6.2.1. Registration Template . . . . . . . . . . . . . . . . 8 | 6.2.1. Registration Template . . . . . . . . . . . . . . . . 8 | |||
| 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 8 | 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 8 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . . 9 | 8.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . . 10 | Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix C. Document History . . . . . . . . . . . . . . . . . . 10 | Appendix C. Document History . . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] | |||
| data structure that represents a public key. This specification also | data structure that represents a public key. This specification also | |||
| defines a JSON Web Key Set (JWK Set) JSON data structure for | defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| skipping to change at page 4, line 27 ¶ | skipping to change at page 4, line 27 ¶ | |||
| {"keys": | {"keys": | |||
| [ | [ | |||
| {"alg":"EC", | {"alg":"EC", | |||
| "crv":"P-256", | "crv":"P-256", | |||
| "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", | "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", | |||
| "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", | "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", | |||
| "use":"enc", | "use":"enc", | |||
| "kid":"1"}, | "kid":"1"}, | |||
| {"alg":"RSA", | {"alg":"RSA", | |||
| "mod": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx | "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx | |||
| 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs | 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs | |||
| tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 | tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 | |||
| QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI | QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI | |||
| SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb | SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb | |||
| w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", | w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", | |||
| "xpo":"AQAB", | "e":"AQAB", | |||
| "kid":"2011-04-29"} | "kid":"2011-04-29"} | |||
| ] | ] | |||
| } | } | |||
| 4. JSON Web Key (JWK) Format | 4. JSON Web Key (JWK) Format | |||
| A JSON Web Key (JWK) is a JSON object containing specific members, as | A JSON Web Key (JWK) is a JSON object containing specific members, as | |||
| specified below. Those members that are common to all key types are | specified below. Those members that are common to all key types are | |||
| defined below. | defined below. | |||
| skipping to change at page 7, line 27 ¶ | skipping to change at page 7, line 27 ¶ | |||
| IANA must only accept registry updates from the Designated Expert(s) | IANA must only accept registry updates from the Designated Expert(s) | |||
| and should direct all requests for registration to the review mailing | and should direct all requests for registration to the review mailing | |||
| list. | list. | |||
| 6.1. JSON Web Key Parameters Registry | 6.1. JSON Web Key Parameters Registry | |||
| This specification establishes the IANA JSON Web Key Parameters | This specification establishes the IANA JSON Web Key Parameters | |||
| registry for reserved JWK parameter names. The registry records the | registry for reserved JWK parameter names. The registry records the | |||
| reserved parameter name and a reference to the specification that | reserved parameter name and a reference to the specification that | |||
| defines it. This specification registers the parameter names defined | defines it. This specification registers the parameter names defined | |||
| in Section 4. | in Section 4. The same JWK parameter name may be registered multiple | |||
| times, provided that duplicate parameter registrations are only for | ||||
| algorithm-specific JWK parameters; in this case, the meaning of the | ||||
| duplicate parameter name is disambiguated by the "alg" value of the | ||||
| JWK containing it. | ||||
| 6.1.1. Registration Template | 6.1.1. Registration Template | |||
| Parameter Name: | Parameter Name: | |||
| The name requested (e.g., "example"). This name is case | The name requested (e.g., "example"). This name is case | |||
| sensitive. Names that match other registered names in a case | sensitive. Names that match other registered names in a case | |||
| insensitive manner SHOULD NOT be accepted. | insensitive manner SHOULD NOT be accepted. | |||
| Change Controller: | Change Controller: | |||
| For Standards Track RFCs, state "IETF". For others, give the name | For Standards Track RFCs, state "IETF". For others, give the name | |||
| skipping to change at page 9, line 24 ¶ | skipping to change at page 9, line 30 ¶ | |||
| The security considerations in XML DSIG 2.0 | The security considerations in XML DSIG 2.0 | |||
| [W3C.CR-xmldsig-core2-20120124], about public key representations | [W3C.CR-xmldsig-core2-20120124], about public key representations | |||
| also apply to this specification, other than those that are XML | also apply to this specification, other than those that are XML | |||
| specific. | specific. | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", October 2012. | [JWA] Jones, M., "JSON Web Algorithms (JWA)", November 2012. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC4627] Crockford, D., "The application/json Media Type for | [RFC4627] Crockford, D., "The application/json Media Type for | |||
| JavaScript Object Notation (JSON)", RFC 4627, July 2006. | JavaScript Object Notation (JSON)", RFC 4627, July 2006. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, October 2006. | Encodings", RFC 4648, October 2006. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | IANA Considerations Section in RFCs", BCP 26, RFC 5226, | |||
| May 2008. | May 2008. | |||
| [W3C.CR-xmldsig-core2-20120124] | [W3C.CR-xmldsig-core2-20120124] | |||
| Roessler, T., Yiu, K., Solo, D., Reagle, J., Datta, P., | Reagle, J., Solo, D., Datta, P., Hirsch, F., Eastlake, D., | |||
| Eastlake, D., Hirsch, F., and S. Cantor, "XML Signature | Cantor, S., Roessler, T., and K. Yiu, "XML Signature | |||
| Syntax and Processing Version 2.0", World Wide Web | Syntax and Processing Version 2.0", World Wide Web | |||
| Consortium CR CR-xmldsig-core2-20120124, January 2012, | Consortium CR CR-xmldsig-core2-20120124, January 2012, | |||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", October 2012. | Encryption (JWE)", November 2012. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", October 2012. | Signature (JWS)", November 2012. | |||
| [MagicSignatures] | [MagicSignatures] | |||
| Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | |||
| Signatures", January 2011. | Signatures", January 2011. | |||
| [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | |||
| Unique IDentifier (UUID) URN Namespace", RFC 4122, | Unique IDentifier (UUID) URN Namespace", RFC 4122, | |||
| July 2005. | July 2005. | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| skipping to change at page 10, line 38 ¶ | skipping to change at page 10, line 43 ¶ | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| The following items remain to be considered or done in this draft: | The following items remain to be considered or done in this draft: | |||
| o No known open issues. | o No known open issues. | |||
| Appendix C. Document History | Appendix C. Document History | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| -07 | ||||
| o Changed the name of the JWK RSA modulus parameter from "mod" to | ||||
| "n" and the name of the JWK RSA exponent parameter from "xpo" to | ||||
| "e", so that the identifiers are the same as those used in RFC | ||||
| 3447. | ||||
| -06 | -06 | |||
| o Changed the name of the JWK RSA exponent parameter from "exp" to | o Changed the name of the JWK RSA exponent parameter from "exp" to | |||
| "xpo" so as to allow the potential use of the name "exp" for a | "xpo" so as to allow the potential use of the name "exp" for a | |||
| future extension that might define an expiration parameter for | future extension that might define an expiration parameter for | |||
| keys. (The "exp" name is already used for this purpose in the JWT | keys. (The "exp" name is already used for this purpose in the JWT | |||
| specification.) | specification.) | |||
| o Clarify that the "alg" (algorithm family) member is REQUIRED. | o Clarify that the "alg" (algorithm family) member is REQUIRED. | |||
| End of changes. 14 change blocks. | ||||
| 15 lines changed or deleted | 26 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||