| < draft-ietf-oauth-json-web-token-15.txt | draft-ietf-oauth-json-web-token-16.txt > | |||
|---|---|---|---|---|
| OAuth Working Group M. Jones | OAuth Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track J. Bradley | Intended status: Standards Track J. Bradley | |||
| Expires: July 24, 2014 Ping Identity | Expires: August 18, 2014 Ping Identity | |||
| N. Sakimura | N. Sakimura | |||
| NRI | NRI | |||
| January 20, 2014 | February 14, 2014 | |||
| JSON Web Token (JWT) | JSON Web Token (JWT) | |||
| draft-ietf-oauth-json-web-token-15 | draft-ietf-oauth-json-web-token-16 | |||
| Abstract | Abstract | |||
| JSON Web Token (JWT) is a compact URL-safe means of representing | JSON Web Token (JWT) is a compact URL-safe means of representing | |||
| claims to be transferred between two parties. The claims in a JWT | claims to be transferred between two parties. The claims in a JWT | |||
| are encoded as a JavaScript Object Notation (JSON) object that is | are encoded as a JavaScript Object Notation (JSON) object that is | |||
| used as the payload of a JSON Web Signature (JWS) structure or as the | used as the payload of a JSON Web Signature (JWS) structure or as the | |||
| plaintext of a JSON Web Encryption (JWE) structure, enabling the | plaintext of a JSON Web Encryption (JWE) structure, enabling the | |||
| claims to be digitally signed or MACed and/or encrypted. | claims to be digitally signed or MACed and/or encrypted. | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 24, 2014. | This Internet-Draft will expire on August 18, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 20, line 24 ¶ | skipping to change at page 20, line 24 ¶ | |||
| Bray, T., "The JSON Data Interchange Format", | Bray, T., "The JSON Data Interchange Format", | |||
| draft-ietf-json-rfc4627bis-10 (work in progress), | draft-ietf-json-rfc4627bis-10 (work in progress), | |||
| December 2013. | December 2013. | |||
| [IANA.MediaTypes] | [IANA.MediaTypes] | |||
| Internet Assigned Numbers Authority (IANA), "MIME Media | Internet Assigned Numbers Authority (IANA), "MIME Media | |||
| Types", 2005. | Types", 2005. | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", | [JWA] Jones, M., "JSON Web Algorithms (JWA)", | |||
| draft-ietf-jose-json-web-algorithms (work in progress), | draft-ietf-jose-json-web-algorithms (work in progress), | |||
| January 2014. | February 2014. | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", draft-ietf-jose-json-web-encryption | Encryption (JWE)", draft-ietf-jose-json-web-encryption | |||
| (work in progress), January 2014. | (work in progress), February 2014. | |||
| [JWK] Jones, M., "JSON Web Key (JWK)", | [JWK] Jones, M., "JSON Web Key (JWK)", | |||
| draft-ietf-jose-json-web-key (work in progress), | draft-ietf-jose-json-web-key (work in progress), | |||
| January 2014. | February 2014. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", draft-ietf-jose-json-web-signature (work | Signature (JWS)", draft-ietf-jose-json-web-signature (work | |||
| in progress), January 2014. | in progress), February 2014. | |||
| [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
| Extensions (MIME) Part Two: Media Types", RFC 2046, | Extensions (MIME) Part Two: Media Types", RFC 2046, | |||
| November 1996. | November 1996. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3339] Klyne, G., Ed. and C. Newman, "Date and Time on the | ||||
| Internet: Timestamps", RFC 3339, July 2002. | ||||
| [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
| Resource Identifier (URI): Generic Syntax", STD 66, | Resource Identifier (URI): Generic Syntax", STD 66, | |||
| RFC 3986, January 2005. | RFC 3986, January 2005. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, October 2006. | Encodings", RFC 4648, October 2006. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | ||||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | ||||
| May 2008. | ||||
| [RFC6755] Campbell, B. and H. Tschofenig, "An IETF URN Sub-Namespace | ||||
| for OAuth", RFC 6755, October 2012. | ||||
| 12.2. Informative References | 12.2. Informative References | |||
| [CanvasApp] | [CanvasApp] | |||
| Facebook, "Canvas Applications", 2010. | Facebook, "Canvas Applications", 2010. | |||
| [JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign", | [JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign", | |||
| September 2010. | September 2010. | |||
| [MagicSignatures] | [MagicSignatures] | |||
| Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | |||
| skipping to change at page 21, line 35 ¶ | skipping to change at page 21, line 27 ¶ | |||
| [OASIS.saml-core-2.0-os] | [OASIS.saml-core-2.0-os] | |||
| Cantor, S., Kemp, J., Philpott, R., and E. Maler, | Cantor, S., Kemp, J., Philpott, R., and E. Maler, | |||
| "Assertions and Protocol for the OASIS Security Assertion | "Assertions and Protocol for the OASIS Security Assertion | |||
| Markup Language (SAML) V2.0", OASIS Standard saml-core- | Markup Language (SAML) V2.0", OASIS Standard saml-core- | |||
| 2.0-os, March 2005. | 2.0-os, March 2005. | |||
| [RFC3275] Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup | [RFC3275] Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup | |||
| Language) XML-Signature Syntax and Processing", RFC 3275, | Language) XML-Signature Syntax and Processing", RFC 3275, | |||
| March 2002. | March 2002. | |||
| [RFC3339] Klyne, G., Ed. and C. Newman, "Date and Time on the | ||||
| Internet: Timestamps", RFC 3339, July 2002. | ||||
| [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | |||
| Unique IDentifier (UUID) URN Namespace", RFC 4122, | Unique IDentifier (UUID) URN Namespace", RFC 4122, | |||
| July 2005. | July 2005. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | ||||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | ||||
| May 2008. | ||||
| [RFC6755] Campbell, B. and H. Tschofenig, "An IETF URN Sub-Namespace | ||||
| for OAuth", RFC 6755, October 2012. | ||||
| [SWT] Hardt, D. and Y. Goland, "Simple Web Token (SWT)", | [SWT] Hardt, D. and Y. Goland, "Simple Web Token (SWT)", | |||
| Version 0.9.5.1, November 2009. | Version 0.9.5.1, November 2009. | |||
| [W3C.CR-xml11-20021015] | [W3C.CR-xml11-20021015] | |||
| Cowan, J., "Extensible Markup Language (XML) 1.1", W3C | Cowan, J., "Extensible Markup Language (XML) 1.1", W3C | |||
| CR CR-xml11-20021015, October 2002. | CR CR-xml11-20021015, October 2002. | |||
| [W3C.REC-xml-c14n-20010315] | [W3C.REC-xml-c14n-20010315] | |||
| Boyer, J., "Canonical XML Version 1.0", World Wide Web | Boyer, J., "Canonical XML Version 1.0", World Wide Web | |||
| Consortium Recommendation REC-xml-c14n-20010315, | Consortium Recommendation REC-xml-c14n-20010315, | |||
| skipping to change at page 26, line 4 ¶ | skipping to change at page 26, line 4 ¶ | |||
| John Panzer, Emmanuel Raviart, David Recordon, Eric Rescorla, Jim | John Panzer, Emmanuel Raviart, David Recordon, Eric Rescorla, Jim | |||
| Schaad, Paul Tarjan, Hannes Tschofenig, and Sean Turner. | Schaad, Paul Tarjan, Hannes Tschofenig, and Sean Turner. | |||
| Hannes Tschofenig and Derek Atkins chaired the OAuth working group | Hannes Tschofenig and Derek Atkins chaired the OAuth working group | |||
| and Sean Turner and Stephen Farrell served as Security area directors | and Sean Turner and Stephen Farrell served as Security area directors | |||
| during the creation of this specification. | during the creation of this specification. | |||
| Appendix E. Document History | Appendix E. Document History | |||
| [[ to be removed by the RFC Editor before publication as an RFC ]] | [[ to be removed by the RFC Editor before publication as an RFC ]] | |||
| -16 | ||||
| o Changed some references from being normative to informative, per | ||||
| JOSE issue #90. | ||||
| -15 | -15 | |||
| o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis. | o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis. | |||
| -14 | -14 | |||
| o Referenced the JWE section on Distinguishing between JWS and JWE | o Referenced the JWE section on Distinguishing between JWS and JWE | |||
| Objects. | Objects. | |||
| -13 | -13 | |||
| End of changes. 13 change blocks. | ||||
| 18 lines changed or deleted | 23 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||