draft-ietf-jose-json-web-signature-22.txt   draft-ietf-jose-json-web-signature-23.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track J. Bradley Intended status: Standards Track J. Bradley
Expires: September 3, 2014 Ping Identity Expires: September 4, 2014 Ping Identity
N. Sakimura N. Sakimura
NRI NRI
March 2, 2014 March 3, 2014
JSON Web Signature (JWS) JSON Web Signature (JWS)
draft-ietf-jose-json-web-signature-22 draft-ietf-jose-json-web-signature-23
Abstract Abstract
JSON Web Signature (JWS) represents content secured with digital JSON Web Signature (JWS) represents content secured with digital
signatures or Message Authentication Codes (MACs) using JavaScript signatures or Message Authentication Codes (MACs) using JavaScript
Object Notation (JSON) based data structures. Cryptographic Object Notation (JSON) based data structures. Cryptographic
algorithms and identifiers for use with this specification are algorithms and identifiers for use with this specification are
described in the separate JSON Web Algorithms (JWA) specification and described in the separate JSON Web Algorithms (JWA) specification and
an IANA registry defined by that specification. Related encryption an IANA registry defined by that specification. Related encryption
capabilities are described in the separate JSON Web Encryption (JWE) capabilities are described in the separate JSON Web Encryption (JWE)
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 3, 2014. This Internet-Draft will expire on September 4, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 36 skipping to change at page 3, line 36
A.6.3. Complete JWS Header Values . . . . . . . . . . . . . . 40 A.6.3. Complete JWS Header Values . . . . . . . . . . . . . . 40
A.6.4. Complete JWS JSON Serialization Representation . . . . 41 A.6.4. Complete JWS JSON Serialization Representation . . . . 41
Appendix B. "x5c" (X.509 Certificate Chain) Example . . . . . . . 41 Appendix B. "x5c" (X.509 Certificate Chain) Example . . . . . . . 41
Appendix C. Notes on implementing base64url encoding without Appendix C. Notes on implementing base64url encoding without
padding . . . . . . . . . . . . . . . . . . . . . . . 43 padding . . . . . . . . . . . . . . . . . . . . . . . 43
Appendix D. Notes on Key Selection . . . . . . . . . . . . . . . 44 Appendix D. Notes on Key Selection . . . . . . . . . . . . . . . 44
Appendix E. Negative Test Case for "crit" Header Parameter . . . 46 Appendix E. Negative Test Case for "crit" Header Parameter . . . 46
Appendix F. Detached Content . . . . . . . . . . . . . . . . . . 46 Appendix F. Detached Content . . . . . . . . . . . . . . . . . . 46
Appendix G. Acknowledgements . . . . . . . . . . . . . . . . . . 47 Appendix G. Acknowledgements . . . . . . . . . . . . . . . . . . 47
Appendix H. Document History . . . . . . . . . . . . . . . . . . 47 Appendix H. Document History . . . . . . . . . . . . . . . . . . 47
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 54 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 55
1. Introduction 1. Introduction
JSON Web Signature (JWS) represents content secured with digital JSON Web Signature (JWS) represents content secured with digital
signatures or Message Authentication Codes (MACs) using JavaScript signatures or Message Authentication Codes (MACs) using JavaScript
Object Notation (JSON) [RFC7158] based data structures. The JWS Object Notation (JSON) [RFC7158] based data structures. The JWS
cryptographic mechanisms provide integrity protection for an cryptographic mechanisms provide integrity protection for an
arbitrary sequence of octets. arbitrary sequence of octets.
Two closely related serializations for JWS objects are defined. The Two closely related serializations for JWS objects are defined. The
skipping to change at page 5, line 43 skipping to change at page 5, line 43
component of the JWS Header. component of the JWS Header.
JWS Unprotected Header JWS Unprotected Header
JSON object that contains the JWS Header Parameters that are not JSON object that contains the JWS Header Parameters that are not
integrity protected. This can only be present when using the JWS integrity protected. This can only be present when using the JWS
JSON Serialization. JSON Serialization.
Base64url Encoding Base64url Encoding
Base64 encoding using the URL- and filename-safe character set Base64 encoding using the URL- and filename-safe character set
defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' defined in Section 5 of RFC 4648 [RFC4648], with all trailing '='
characters omitted (as permitted by Section 3.2). (See Appendix C characters omitted (as permitted by Section 3.2) and without the
for notes on implementing base64url encoding without padding.) inclusion of any line breaks, white space, or other additional
characters. (See Appendix C for notes on implementing base64url
encoding without padding.)
JWS Signing Input JWS Signing Input
The input to the digital signature or MAC computation. Its value The input to the digital signature or MAC computation. Its value
is ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || is ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload)). BASE64URL(JWS Payload)).
JWS Compact Serialization JWS Compact Serialization
A representation of the JWS as a compact, URL-safe string. A representation of the JWS as a compact, URL-safe string.
JWS JSON Serialization JWS JSON Serialization
skipping to change at page 47, line 33 skipping to change at page 47, line 33
Hannes Tschofenig, and Sean Turner. Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix H. Document History Appendix H. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-23
o Clarified that the base64url encoding includes no line breaks,
white space, or other additional characters.
-22 -22
o Corrected RFC 2119 terminology usage. o Corrected RFC 2119 terminology usage.
o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
-21 -21
o Applied review comments to the appendix "Notes on Key Selection", o Applied review comments to the appendix "Notes on Key Selection",
addressing issue #93. addressing issue #93.
 End of changes. 7 change blocks. 
7 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/