idnits 2.17.1 draft-smith-oauth-json-web-document-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 6, 2017) is 2634 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 176 == Missing Reference: 'JWT' is mentioned on line 90, but not defined == Missing Reference: 'JWS' is mentioned on line 91, but not defined == Missing Reference: 'JWE' is mentioned on line 91, but not defined == Unused Reference: 'RFC7515' is defined on line 162, but no explicit reference was found in the text == Unused Reference: 'RFC7516' is defined on line 166, but no explicit reference was found in the text == Unused Reference: 'RFC7519' is defined on line 170, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OAuth Working Group C. Smith 3 Internet-Draft T. Hardjono 4 Intended status: Standards Track MIT 5 Expires: August 10, 2017 February 6, 2017 7 JSON Web Document (JWD) 8 draft-smith-oauth-json-web-document-00 10 Abstract 12 JSON Web Document (JWD) is a means of representing optionally signed 13 and/or encrypted JSON content suitable for storage, retrieval, 14 transmission, and display in a graphical user interface. The content 15 of a JWD is used as the payload of a JSON Web Signature (JWS) 16 structure or as the plaintext of a JSON Web Encryption (JWE) 17 structure. 19 Requirements Language 21 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 22 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 23 document are to be interpreted as described in RFC 2119 [RFC2119]. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on August 10, 2017. 42 Copyright Notice 44 Copyright (c) 2017 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 61 3. JWS Document Serialization . . . . . . . . . . . . . . . . . 3 62 4. JWS Flattened Document Serialization . . . . . . . . . . . . 3 63 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 64 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 65 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 66 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 67 8.1. Normative References . . . . . . . . . . . . . . . . . . 4 68 8.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 69 Appendix A. Example Signed JWD . . . . . . . . . . . . . . . . . 4 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 72 1. Introduction 74 JWD introduces a new set of serializations to JWS and JWE called the 75 Document Serializations. These serializations follow the form of the 76 JSON Serialization and Flattened JSON Serialization described in JWS 77 Section 7.2 [1], except that the payload, integrity-protected header, 78 and non-integrity-protected header contents are all represented as 79 unencoded JSON values and MUST NOT be base64url-encoded. 81 Signatures present in the data structure MUST be base64url-encoded. 82 Signatures are computed using base64url-encoded JSON values for the 83 payload and integrity-protected headers as in JWS. For a given 84 payload and JOSE Header, the signature(s) of a JWD MUST be identical 85 to signatures computed for semantically equivalent JWT 86 serializations. 88 2. Terminology 90 This specification uses terms defined in the JSON Web Token [JWT], 91 JSON Web Signature [JWS], and JSON Web Encryption [JWE] 92 specifications. 94 These terms are defined by this specification: 96 JSON Web Document (JWD) 97 A data structure representing a digitally signed, MACed, or 98 encrypted JSON document. 100 JWS Document Serialization 102 A representation of the JWD as a JSON document. Unlike the JWS 103 JSON Serialization, the JWS Document Serialization represents 104 the JWS Payload and integrity-protected JOSE Header parameters 105 as unencoded JSON values. This representation simplifies 106 storage and retrieval of signed content with document stores 107 and search engines, as well as display in applications. 109 3. JWS Document Serialization 111 { 112 "payload": , 113 "signatures": [ 114 { 115 "protected": , 116 "header": , 117 "signature": "" 118 }, 119 ... 120 { 121 "protected": , 122 "header": , 123 "signature": "" 124 } 125 ] 126 } 128 Figure 1 130 4. JWS Flattened Document Serialization 132 { 133 "payload": , 134 "protected": , 135 "header": , 136 "signature": "" 137 } 139 Figure 2 141 5. IANA Considerations 143 TBD 145 6. Security Considerations 147 TBD 149 7. Acknowledgements 151 TBD 153 8. References 155 8.1. Normative References 157 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 158 Requirement Levels", BCP 14, RFC 2119, 159 DOI 10.17487/RFC2119, March 1997, 160 . 162 [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 163 Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 164 2015, . 166 [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 167 RFC 7516, DOI 10.17487/RFC7516, May 2015, 168 . 170 [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token 171 (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, 172 . 174 8.2. URIs 176 [1] https://tools.ietf.org/html/rfc7515#section-7.2 178 Appendix A. Example Signed JWD 179 { 180 "protected": { 181 "alg": "ES512", 182 "jku": "https://example.com/jwks" 183 }, 184 "payload": { 185 "a": "Please don't BASE64URL encode me!", 186 "b": "I need to be indexed!", 187 "c": "I need to be rendered!" 188 }, 189 "signature": "" 190 } 192 Figure 3 194 Authors' Addresses 196 Christian Smith 197 MIT 199 Email: csmth@mit.edu 201 Thomas Hardjono 202 MIT 204 Email: hardjono@mit.edu