draft-ietf-jose-json-web-key-37.txt   draft-ietf-jose-json-web-key-38.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track November 19, 2014 Intended status: Standards Track December 9, 2014
Expires: May 23, 2015 Expires: June 12, 2015
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-37 draft-ietf-jose-json-web-key-38
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure that also defines a JSON Web Key Set (JWK Set) JSON data structure that
represents a set of JWKs. Cryptographic algorithms and identifiers represents a set of JWKs. Cryptographic algorithms and identifiers
for use with this specification are described in the separate JSON for use with this specification are described in the separate JSON
Web Algorithms (JWA) specification and IANA registries defined by Web Algorithms (JWA) specification and IANA registries defined by
that specification. that specification.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 23, 2015. This Internet-Draft will expire on June 12, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 18 skipping to change at page 5, line 18
"Plaintext". "Plaintext".
These terms are defined by this specification: These terms are defined by this specification:
JSON Web Key (JWK) JSON Web Key (JWK)
A JSON object that represents a cryptographic key. The members of A JSON object that represents a cryptographic key. The members of
the object represent properties of the key, including its value. the object represent properties of the key, including its value.
JSON Web Key Set (JWK Set) JSON Web Key Set (JWK Set)
A JSON object that represents a set of JWKs. The JSON object MUST A JSON object that represents a set of JWKs. The JSON object MUST
have a "keys" member, which is an array of JWK objects. have a "keys" member, which is an array of JWKs.
3. Example JWK 3. Example JWK
This section provides an example of a JWK. The following example JWK This section provides an example of a JWK. The following example JWK
declares that the key is an Elliptic Curve [DSS] key, it is used with declares that the key is an Elliptic Curve [DSS] key, it is used with
the P-256 Elliptic Curve, and its x and y coordinates are the the P-256 Elliptic Curve, and its x and y coordinates are the
base64url encoded values shown. A key identifier is also provided base64url encoded values shown. A key identifier is also provided
for the key. for the key.
{"kty":"EC", {"kty":"EC",
skipping to change at page 10, line 25 skipping to change at page 10, line 25
algorithm, or other information MAY also be present when the algorithm, or other information MAY also be present when the
"x5t#S256" member is used. If other members are present, the "x5t#S256" member is used. If other members are present, the
contents of those members MUST be semantically consistent with the contents of those members MUST be semantically consistent with the
related fields in the referenced certificate. See the last paragraph related fields in the referenced certificate. See the last paragraph
of Section 4.6 for additional guidance on this. of Section 4.6 for additional guidance on this.
5. JSON Web Key Set (JWK Set) Format 5. JSON Web Key Set (JWK Set) Format
A JSON Web Key Set (JWK Set) is a JSON object that represents a set A JSON Web Key Set (JWK Set) is a JSON object that represents a set
of JWKs. The JSON object MUST have a "keys" member, with its value of JWKs. The JSON object MUST have a "keys" member, with its value
being an array of JWK objects. This JSON object MAY contain white being an array of JWKs. This JSON object MAY contain white space
space and/or line breaks. and/or line breaks.
The member names within a JWK Set MUST be unique; JWK Set parsers The member names within a JWK Set MUST be unique; JWK Set parsers
MUST either reject JWK Sets with duplicate member names or use a JSON MUST either reject JWK Sets with duplicate member names or use a JSON
parser that returns only the lexically last duplicate member name, as parser that returns only the lexically last duplicate member name, as
specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1
[ECMAScript]. [ECMAScript].
Additional members can be present in the JWK Set; if not understood Additional members can be present in the JWK Set; if not understood
by implementations encountering them, they MUST be ignored. by implementations encountering them, they MUST be ignored.
Parameters for representing additional properties of JWK Sets should Parameters for representing additional properties of JWK Sets should
skipping to change at page 22, line 7 skipping to change at page 22, line 7
[ITU.X690.1994] [ITU.X690.1994]
International Telecommunications Union, "Information International Telecommunications Union, "Information
Technology - ASN.1 encoding rules: Specification of Basic Technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, 1994. X.690, 1994.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
November 2014. December 2014.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption (work in progress), draft-ietf-jose-json-web-encryption (work in progress),
November 2014. December 2014.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), November 2014. in progress), December 2014.
[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20,
October 1969. October 1969.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996. November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 28, line 8 skipping to change at page 28, line 8
This example encrypts an RSA private key to the recipient using This example encrypts an RSA private key to the recipient using
"PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for
content encryption. content encryption.
NOTE: Unless otherwise indicated, all line breaks are included solely NOTE: Unless otherwise indicated, all line breaks are included solely
for readability. for readability.
C.1. Plaintext RSA Private Key C.1. Plaintext RSA Private Key
The following RSA key is the plaintext for the authenticated The following RSA key is the plaintext for the authenticated
encryption operation, formatted as a JWK object: encryption operation, formatted as a JWK:
{ {
"kty":"RSA", "kty":"RSA",
"kid":"juliet@capulet.lit", "kid":"juliet@capulet.lit",
"use":"enc", "use":"enc",
"n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy
O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP
8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0
Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X
OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1
skipping to change at page 38, line 30 skipping to change at page 38, line 30
Hannes Tschofenig, and Sean Turner. Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-38
o Replaced uses of the phrase "JWK object" with "JWK".
-37 -37
o Updated the TLS requirements language to only require o Updated the TLS requirements language to only require
implementations to support TLS when they support features using implementations to support TLS when they support features using
TLS. TLS.
o Restricted algorithm names to using only ASCII characters. o Restricted algorithm names to using only ASCII characters.
o Updated the example IANA registration request subject line. o Updated the example IANA registration request subject line.
 End of changes. 10 change blocks. 
11 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/