| < draft-ietf-jose-json-web-key-12.txt | draft-ietf-jose-json-web-key-13.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track July 11, 2013 | Intended status: Standards Track July 15, 2013 | |||
| Expires: January 12, 2014 | Expires: January 16, 2014 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-12 | draft-ietf-jose-json-web-key-13 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| structure that represents a cryptographic key. This specification | structure that represents a cryptographic key. This specification | |||
| also defines a JSON Web Key Set (JWK Set) JSON data structure for | also defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| representing a set of JWKs. Cryptographic algorithms and identifiers | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) specification. | Web Algorithms (JWA) specification. | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 12, 2014. | This Internet-Draft will expire on January 16, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 23 ¶ | skipping to change at page 4, line 23 ¶ | |||
| A JSON Web Key (JWK) is a JSON object containing specific members, as | A JSON Web Key (JWK) is a JSON object containing specific members, as | |||
| specified below. Those members that are common to all key types are | specified below. Those members that are common to all key types are | |||
| defined below. | defined below. | |||
| In addition to the common parameters, each JWK will have members that | In addition to the common parameters, each JWK will have members that | |||
| are specific to the kind of key being represented. These members | are specific to the kind of key being represented. These members | |||
| represent the parameters of the key. Section 5 of the JSON Web | represent the parameters of the key. Section 5 of the JSON Web | |||
| Algorithms (JWA) [JWA] specification defines multiple kinds of | Algorithms (JWA) [JWA] specification defines multiple kinds of | |||
| cryptographic keys and their associated members. | cryptographic keys and their associated members. | |||
| The member names within a JWK MUST be unique; receipients MUST either | The member names within a JWK MUST be unique; recipients MUST either | |||
| reject JWKs with duplicate member names or use a JSON parser that | reject JWKs with duplicate member names or use a JSON parser that | |||
| returns only the lexically last duplicate member name, as specified | returns only the lexically last duplicate member name, as specified | |||
| in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. | in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. | |||
| Additional members MAY be present in the JWK. If not understood by | Additional members MAY be present in the JWK. If not understood by | |||
| implementations encountering them, they MUST be ignored. Member | implementations encountering them, they MUST be ignored. Member | |||
| names used for representing key parameters for different kinds of | names used for representing key parameters for different kinds of | |||
| keys need not be distinct. Any new member name SHOULD either be | keys need not be distinct. Any new member name SHOULD either be | |||
| registered in the IANA JSON Web Key Parameters registry Section 7.1 | registered in the IANA JSON Web Key Parameters registry Section 7.1 | |||
| or be a value that contains a Collision Resistant Namespace. | or be a value that contains a Collision Resistant Namespace. | |||
| skipping to change at page 6, line 32 ¶ | skipping to change at page 6, line 32 ¶ | |||
| each subsequent certificate being the one used to certify the | each subsequent certificate being the one used to certify the | |||
| previous one. The key in the first certificate MUST match the bare | previous one. The key in the first certificate MUST match the bare | |||
| public key represented by other members of the JWK. Use of this | public key represented by other members of the JWK. Use of this | |||
| member is OPTIONAL. | member is OPTIONAL. | |||
| 4. JSON Web Key Set (JWK Set) Format | 4. JSON Web Key Set (JWK Set) Format | |||
| A JSON Web Key Set (JWK Set) is a JSON object that contains an array | A JSON Web Key Set (JWK Set) is a JSON object that contains an array | |||
| of JSON Web Key values as the value of its "keys" member. | of JSON Web Key values as the value of its "keys" member. | |||
| The member names within a JWK Set MUST be unique; receipients MUST | The member names within a JWK Set MUST be unique; recipients MUST | |||
| either reject JWK Sets with duplicate member names or use a JSON | either reject JWK Sets with duplicate member names or use a JSON | |||
| parser that returns only the lexically last duplicate member name, as | parser that returns only the lexically last duplicate member name, as | |||
| specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 | specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 | |||
| [ECMAScript]. | [ECMAScript]. | |||
| Additional members MAY be present in the JWK Set. If not understood | Additional members MAY be present in the JWK Set. If not understood | |||
| by implementations encountering them, they MUST be ignored. | by implementations encountering them, they MUST be ignored. | |||
| Parameters for representing additional properties of JWK Sets SHOULD | Parameters for representing additional properties of JWK Sets SHOULD | |||
| either be registered in the IANA JSON Web Key Set Parameters registry | either be registered in the IANA JSON Web Key Set Parameters registry | |||
| Section 7.2 or be a value that contains a Collision Resistant | Section 7.2 or be a value that contains a Collision Resistant | |||
| skipping to change at page 19, line 19 ¶ | skipping to change at page 19, line 19 ¶ | |||
| Turner. | Turner. | |||
| Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | |||
| Sean Turner and Stephen Farrell served as Security area directors | Sean Turner and Stephen Farrell served as Security area directors | |||
| during the creation of this specification. | during the creation of this specification. | |||
| Appendix D. Document History | Appendix D. Document History | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| -13 | ||||
| o Applied spelling and grammar corrections. | ||||
| -12 | -12 | |||
| o Stated that receipients MUST either reject JWKs and JWK Sets with | o Stated that recipients MUST either reject JWKs and JWK Sets with | |||
| duplicate member names or use a JSON parser that returns only the | duplicate member names or use a JSON parser that returns only the | |||
| lexically last duplicate member name. | lexically last duplicate member name. | |||
| -11 | -11 | |||
| o Stated that when "kid" values are used within a JWK Set, different | o Stated that when "kid" values are used within a JWK Set, different | |||
| keys within the JWK Set SHOULD use distinct "kid" values. | keys within the JWK Set SHOULD use distinct "kid" values. | |||
| o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate | o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate | |||
| Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. | Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. | |||
| End of changes. 7 change blocks. | ||||
| 7 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||