draft-ietf-jose-json-web-key-12.txt   draft-ietf-jose-json-web-key-13.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track July 11, 2013 Intended status: Standards Track July 15, 2013
Expires: January 12, 2014 Expires: January 16, 2014
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-12 draft-ietf-jose-json-web-key-13
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure for also defines a JSON Web Key Set (JWK Set) JSON data structure for
representing a set of JWKs. Cryptographic algorithms and identifiers representing a set of JWKs. Cryptographic algorithms and identifiers
for use with this specification are described in the separate JSON for use with this specification are described in the separate JSON
Web Algorithms (JWA) specification. Web Algorithms (JWA) specification.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 12, 2014. This Internet-Draft will expire on January 16, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 23 skipping to change at page 4, line 23
A JSON Web Key (JWK) is a JSON object containing specific members, as A JSON Web Key (JWK) is a JSON object containing specific members, as
specified below. Those members that are common to all key types are specified below. Those members that are common to all key types are
defined below. defined below.
In addition to the common parameters, each JWK will have members that In addition to the common parameters, each JWK will have members that
are specific to the kind of key being represented. These members are specific to the kind of key being represented. These members
represent the parameters of the key. Section 5 of the JSON Web represent the parameters of the key. Section 5 of the JSON Web
Algorithms (JWA) [JWA] specification defines multiple kinds of Algorithms (JWA) [JWA] specification defines multiple kinds of
cryptographic keys and their associated members. cryptographic keys and their associated members.
The member names within a JWK MUST be unique; receipients MUST either The member names within a JWK MUST be unique; recipients MUST either
reject JWKs with duplicate member names or use a JSON parser that reject JWKs with duplicate member names or use a JSON parser that
returns only the lexically last duplicate member name, as specified returns only the lexically last duplicate member name, as specified
in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
Additional members MAY be present in the JWK. If not understood by Additional members MAY be present in the JWK. If not understood by
implementations encountering them, they MUST be ignored. Member implementations encountering them, they MUST be ignored. Member
names used for representing key parameters for different kinds of names used for representing key parameters for different kinds of
keys need not be distinct. Any new member name SHOULD either be keys need not be distinct. Any new member name SHOULD either be
registered in the IANA JSON Web Key Parameters registry Section 7.1 registered in the IANA JSON Web Key Parameters registry Section 7.1
or be a value that contains a Collision Resistant Namespace. or be a value that contains a Collision Resistant Namespace.
skipping to change at page 6, line 32 skipping to change at page 6, line 32
each subsequent certificate being the one used to certify the each subsequent certificate being the one used to certify the
previous one. The key in the first certificate MUST match the bare previous one. The key in the first certificate MUST match the bare
public key represented by other members of the JWK. Use of this public key represented by other members of the JWK. Use of this
member is OPTIONAL. member is OPTIONAL.
4. JSON Web Key Set (JWK Set) Format 4. JSON Web Key Set (JWK Set) Format
A JSON Web Key Set (JWK Set) is a JSON object that contains an array A JSON Web Key Set (JWK Set) is a JSON object that contains an array
of JSON Web Key values as the value of its "keys" member. of JSON Web Key values as the value of its "keys" member.
The member names within a JWK Set MUST be unique; receipients MUST The member names within a JWK Set MUST be unique; recipients MUST
either reject JWK Sets with duplicate member names or use a JSON either reject JWK Sets with duplicate member names or use a JSON
parser that returns only the lexically last duplicate member name, as parser that returns only the lexically last duplicate member name, as
specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1
[ECMAScript]. [ECMAScript].
Additional members MAY be present in the JWK Set. If not understood Additional members MAY be present in the JWK Set. If not understood
by implementations encountering them, they MUST be ignored. by implementations encountering them, they MUST be ignored.
Parameters for representing additional properties of JWK Sets SHOULD Parameters for representing additional properties of JWK Sets SHOULD
either be registered in the IANA JSON Web Key Set Parameters registry either be registered in the IANA JSON Web Key Set Parameters registry
Section 7.2 or be a value that contains a Collision Resistant Section 7.2 or be a value that contains a Collision Resistant
skipping to change at page 19, line 19 skipping to change at page 19, line 19
Turner. Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix D. Document History Appendix D. Document History
[[ to be removed by the RFC editor before publication as an RFC ]] [[ to be removed by the RFC editor before publication as an RFC ]]
-13
o Applied spelling and grammar corrections.
-12 -12
o Stated that receipients MUST either reject JWKs and JWK Sets with o Stated that recipients MUST either reject JWKs and JWK Sets with
duplicate member names or use a JSON parser that returns only the duplicate member names or use a JSON parser that returns only the
lexically last duplicate member name. lexically last duplicate member name.
-11 -11
o Stated that when "kid" values are used within a JWK Set, different o Stated that when "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. keys within the JWK Set SHOULD use distinct "kid" values.
o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate
Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters.
 End of changes. 7 change blocks. 
7 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/