draft-ietf-jose-json-web-signature-28.txt   draft-ietf-jose-json-web-signature-29.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track J. Bradley Intended status: Standards Track J. Bradley
Expires: December 22, 2014 Ping Identity Expires: December 22, 2014 Ping Identity
N. Sakimura N. Sakimura
NRI NRI
June 20, 2014 June 20, 2014
JSON Web Signature (JWS) JSON Web Signature (JWS)
draft-ietf-jose-json-web-signature-28 draft-ietf-jose-json-web-signature-29
Abstract Abstract
JSON Web Signature (JWS) represents content secured with digital JSON Web Signature (JWS) represents content secured with digital
signatures or Message Authentication Codes (MACs) using JavaScript signatures or Message Authentication Codes (MACs) using JavaScript
Object Notation (JSON) based data structures. Cryptographic Object Notation (JSON) based data structures. Cryptographic
algorithms and identifiers for use with this specification are algorithms and identifiers for use with this specification are
described in the separate JSON Web Algorithms (JWA) specification and described in the separate JSON Web Algorithms (JWA) specification and
an IANA registry defined by that specification. Related encryption an IANA registry defined by that specification. Related encryption
capabilities are described in the separate JSON Web Encryption (JWE) capabilities are described in the separate JSON Web Encryption (JWE)
skipping to change at page 2, line 18 skipping to change at page 2, line 18
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. JSON Web Signature (JWS) Overview . . . . . . . . . . . . . . 6 3. JSON Web Signature (JWS) Overview . . . . . . . . . . . . . . 6
3.1. Example JWS . . . . . . . . . . . . . . . . . . . . . . . 8 3.1. Example JWS . . . . . . . . . . . . . . . . . . . . . . . 8
4. JWS Header . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. Registered Header Parameter Names . . . . . . . . . . . . 9 4.1. Registered Header Parameter Names . . . . . . . . . . . . 9
4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 10 4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 10
4.1.2. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 10 4.1.2. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 10
4.1.3. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 10 4.1.3. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 10
4.1.4. "kid" (Key ID) Header Parameter . . . . . . . . . . . 10 4.1.4. "kid" (Key ID) Header Parameter . . . . . . . . . . . 11
4.1.5. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 11 4.1.5. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 11
4.1.6. "x5c" (X.509 Certificate Chain) Header Parameter . . . 11 4.1.6. "x5c" (X.509 Certificate Chain) Header Parameter . . . 11
4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header 4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header
Parameter . . . . . . . . . . . . . . . . . . . . . . 11 Parameter . . . . . . . . . . . . . . . . . . . . . . 12
4.1.8. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 4.1.8. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)
Header Parameter . . . . . . . . . . . . . . . . . . . 11 Header Parameter . . . . . . . . . . . . . . . . . . . 12
4.1.9. "typ" (Type) Header Parameter . . . . . . . . . . . . 12 4.1.9. "typ" (Type) Header Parameter . . . . . . . . . . . . 12
4.1.10. "cty" (Content Type) Header Parameter . . . . . . . . 12 4.1.10. "cty" (Content Type) Header Parameter . . . . . . . . 13
4.1.11. "crit" (Critical) Header Parameter . . . . . . . . . . 13 4.1.11. "crit" (Critical) Header Parameter . . . . . . . . . . 13
4.2. Public Header Parameter Names . . . . . . . . . . . . . . 14 4.2. Public Header Parameter Names . . . . . . . . . . . . . . 14
4.3. Private Header Parameter Names . . . . . . . . . . . . . . 14 4.3. Private Header Parameter Names . . . . . . . . . . . . . . 14
5. Producing and Consuming JWSs . . . . . . . . . . . . . . . . . 14 5. Producing and Consuming JWSs . . . . . . . . . . . . . . . . . 14
5.1. Message Signature or MAC Computation . . . . . . . . . . . 14 5.1. Message Signature or MAC Computation . . . . . . . . . . . 14
5.2. Message Signature or MAC Validation . . . . . . . . . . . 15 5.2. Message Signature or MAC Validation . . . . . . . . . . . 15
5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 16 5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 16
6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 17 6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 17
7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 17 7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 17
7.1. JWS Compact Serialization . . . . . . . . . . . . . . . . 17 7.1. JWS Compact Serialization . . . . . . . . . . . . . . . . 18
7.2. JWS JSON Serialization . . . . . . . . . . . . . . . . . . 18 7.2. JWS JSON Serialization . . . . . . . . . . . . . . . . . . 18
8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 19 8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 19
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
9.1. JSON Web Signature and Encryption Header Parameters 9.1. JSON Web Signature and Encryption Header Parameters
Registry . . . . . . . . . . . . . . . . . . . . . . . . . 20 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 21
9.1.1. Registration Template . . . . . . . . . . . . . . . . 21 9.1.1. Registration Template . . . . . . . . . . . . . . . . 21
9.1.2. Initial Registry Contents . . . . . . . . . . . . . . 21 9.1.2. Initial Registry Contents . . . . . . . . . . . . . . 22
9.2. Media Type Registration . . . . . . . . . . . . . . . . . 23 9.2. Media Type Registration . . . . . . . . . . . . . . . . . 23
9.2.1. Registry Contents . . . . . . . . . . . . . . . . . . 23 9.2.1. Registry Contents . . . . . . . . . . . . . . . . . . 23
10. Security Considerations . . . . . . . . . . . . . . . . . . . 24 10. Security Considerations . . . . . . . . . . . . . . . . . . . 24
10.1. Key Entropy . . . . . . . . . . . . . . . . . . . . . . . 24 10.1. Key Entropy . . . . . . . . . . . . . . . . . . . . . . . 25
10.2. Chosen Plaintext Attacks . . . . . . . . . . . . . . . . . 25 10.2. Chosen Plaintext Attacks . . . . . . . . . . . . . . . . . 25
10.3. Timing Attacks . . . . . . . . . . . . . . . . . . . . . . 25 10.3. Timing Attacks . . . . . . . . . . . . . . . . . . . . . . 25
10.4. Differences between Digital Signatures and MACs . . . . . 25 10.4. Differences between Digital Signatures and MACs . . . . . 25
10.5. SHA-1 Certificate Thumbprints . . . . . . . . . . . . . . 25 10.5. SHA-1 Certificate Thumbprints . . . . . . . . . . . . . . 26
10.6. JSON Security Considerations . . . . . . . . . . . . . . . 26 10.6. JSON Security Considerations . . . . . . . . . . . . . . . 26
10.7. Unicode Comparison Security Considerations . . . . . . . . 26 10.7. Unicode Comparison Security Considerations . . . . . . . . 27
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
11.1. Normative References . . . . . . . . . . . . . . . . . . . 27 11.1. Normative References . . . . . . . . . . . . . . . . . . . 27
11.2. Informative References . . . . . . . . . . . . . . . . . . 28 11.2. Informative References . . . . . . . . . . . . . . . . . . 29
Appendix A. JWS Examples . . . . . . . . . . . . . . . . . . . . 29 Appendix A. JWS Examples . . . . . . . . . . . . . . . . . . . . 29
A.1. Example JWS using HMAC SHA-256 . . . . . . . . . . . . . . 29 A.1. Example JWS using HMAC SHA-256 . . . . . . . . . . . . . . 30
A.1.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 29 A.1.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 30
A.1.2. Validating . . . . . . . . . . . . . . . . . . . . . . 32 A.1.2. Validating . . . . . . . . . . . . . . . . . . . . . . 32
A.2. Example JWS using RSASSA-PKCS-v1_5 SHA-256 . . . . . . . . 32 A.2. Example JWS using RSASSA-PKCS-v1_5 SHA-256 . . . . . . . . 32
A.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 32 A.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 32
A.2.2. Validating . . . . . . . . . . . . . . . . . . . . . . 35 A.2.2. Validating . . . . . . . . . . . . . . . . . . . . . . 35
A.3. Example JWS using ECDSA P-256 SHA-256 . . . . . . . . . . 35 A.3. Example JWS using ECDSA P-256 SHA-256 . . . . . . . . . . 35
A.3.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 35 A.3.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 35
A.3.2. Validating . . . . . . . . . . . . . . . . . . . . . . 37 A.3.2. Validating . . . . . . . . . . . . . . . . . . . . . . 37
A.4. Example JWS using ECDSA P-521 SHA-512 . . . . . . . . . . 37 A.4. Example JWS using ECDSA P-521 SHA-512 . . . . . . . . . . 38
A.4.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 37 A.4.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 38
A.4.2. Validating . . . . . . . . . . . . . . . . . . . . . . 39 A.4.2. Validating . . . . . . . . . . . . . . . . . . . . . . 40
A.5. Example Plaintext JWS . . . . . . . . . . . . . . . . . . 40 A.5. Example Plaintext JWS . . . . . . . . . . . . . . . . . . 40
A.6. Example JWS Using JWS JSON Serialization . . . . . . . . . 40 A.6. Example JWS Using JWS JSON Serialization . . . . . . . . . 41
A.6.1. JWS Per-Signature Protected Headers . . . . . . . . . 41 A.6.1. JWS Per-Signature Protected Headers . . . . . . . . . 41
A.6.2. JWS Per-Signature Unprotected Headers . . . . . . . . 41 A.6.2. JWS Per-Signature Unprotected Headers . . . . . . . . 42
A.6.3. Complete JWS Header Values . . . . . . . . . . . . . . 41 A.6.3. Complete JOSE Header Values . . . . . . . . . . . . . 42
A.6.4. Complete JWS JSON Serialization Representation . . . . 42 A.6.4. Complete JWS JSON Serialization Representation . . . . 42
Appendix B. "x5c" (X.509 Certificate Chain) Example . . . . . . . 42 Appendix B. "x5c" (X.509 Certificate Chain) Example . . . . . . . 43
Appendix C. Notes on implementing base64url encoding without Appendix C. Notes on implementing base64url encoding without
padding . . . . . . . . . . . . . . . . . . . . . . . 44 padding . . . . . . . . . . . . . . . . . . . . . . . 45
Appendix D. Notes on Key Selection . . . . . . . . . . . . . . . 45 Appendix D. Notes on Key Selection . . . . . . . . . . . . . . . 46
Appendix E. Negative Test Case for "crit" Header Parameter . . . 47 Appendix E. Negative Test Case for "crit" Header Parameter . . . 47
Appendix F. Detached Content . . . . . . . . . . . . . . . . . . 48 Appendix F. Detached Content . . . . . . . . . . . . . . . . . . 48
Appendix G. Acknowledgements . . . . . . . . . . . . . . . . . . 48 Appendix G. Acknowledgements . . . . . . . . . . . . . . . . . . 48
Appendix H. Document History . . . . . . . . . . . . . . . . . . 49 Appendix H. Document History . . . . . . . . . . . . . . . . . . 49
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 57 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 58
1. Introduction 1. Introduction
JSON Web Signature (JWS) represents content secured with digital JSON Web Signature (JWS) represents content secured with digital
signatures or Message Authentication Codes (MACs) using JavaScript signatures or Message Authentication Codes (MACs) using JavaScript
Object Notation (JSON) [RFC7159] based data structures. The JWS Object Notation (JSON) [RFC7159] based data structures. The JWS
cryptographic mechanisms provide integrity protection for an cryptographic mechanisms provide integrity protection for an
arbitrary sequence of octets. arbitrary sequence of octets.
Two closely related serializations for JWS objects are defined. The Two closely related serializations for JWS objects are defined. The
skipping to change at page 5, line 7 skipping to change at page 5, line 7
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING.
ASCII(STRING) denotes the octets of the ASCII [USASCII] ASCII(STRING) denotes the octets of the ASCII [USASCII]
representation of STRING. representation of STRING.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms are defined by this specification:
JSON Web Signature (JWS) JSON Web Signature (JWS)
A data structure representing a digitally signed or MACed message. A data structure representing a digitally signed or MACed message.
JWS Header JOSE Header
JSON object containing the parameters describing the cryptographic JSON object containing the parameters describing the cryptographic
operations and parameters employed. The JWS Header members are operations and parameters employed. The members of the JOSE
the union of the members of the JWS Protected Header and the JWS Header are Header Parameters.
Unprotected Header. The members of the JWS Header are Header
Parameters.
JWS Payload JWS Payload
The sequence of octets to be secured -- a.k.a., the message. The The sequence of octets to be secured -- a.k.a., the message. The
payload can contain an arbitrary sequence of octets. payload can contain an arbitrary sequence of octets.
JWS Signature JWS Signature
Digital signature or MAC over the JWS Protected Header and the JWS Digital signature or MAC over the JWS Protected Header and the JWS
Payload. Payload.
Header Parameter Header Parameter
A name/value pair that is member of the JWS Header. A name/value pair that is member of the JOSE Header.
JWS Protected Header JWS Protected Header
JSON object that contains the JWS Header Parameters that are JSON object that contains the Header Parameters that are integrity
integrity protected by the JWS Signature digital signature or MAC protected by the JWS Signature digital signature or MAC operation.
operation. For the JWS Compact Serialization, this comprises the For the JWS Compact Serialization, this comprises the entire JOSE
entire JWS Header. For the JWS JSON Serialization, this is one Header. For the JWS JSON Serialization, this is one component of
component of the JWS Header. the JOSE Header.
JWS Unprotected Header JWS Unprotected Header
JSON object that contains the JWS Header Parameters that are not JSON object that contains the Header Parameters that are not
integrity protected. This can only be present when using the JWS integrity protected. This can only be present when using the JWS
JSON Serialization. JSON Serialization.
Base64url Encoding Base64url Encoding
Base64 encoding using the URL- and filename-safe character set Base64 encoding using the URL- and filename-safe character set
defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' defined in Section 5 of RFC 4648 [RFC4648], with all trailing '='
characters omitted (as permitted by Section 3.2) and without the characters omitted (as permitted by Section 3.2) and without the
inclusion of any line breaks, white space, or other additional inclusion of any line breaks, white space, or other additional
characters. (See Appendix C for notes on implementing base64url characters. (See Appendix C for notes on implementing base64url
encoding without padding.) encoding without padding.)
skipping to change at page 6, line 15 skipping to change at page 6, line 15
JWS Compact Serialization JWS Compact Serialization
A representation of the JWS as a compact, URL-safe string. A representation of the JWS as a compact, URL-safe string.
JWS JSON Serialization JWS JSON Serialization
A representation of the JWS as a JSON object. Unlike the JWS A representation of the JWS as a JSON object. Unlike the JWS
Compact Serialization, the JWS JSON Serialization enables multiple Compact Serialization, the JWS JSON Serialization enables multiple
digital signatures and/or MACs to be applied to the same content. digital signatures and/or MACs to be applied to the same content.
This representation is neither optimized for compactness nor URL- This representation is neither optimized for compactness nor URL-
safe. safe.
Plaintext JWS
A JWS object that provides no integrity protection.
Collision-Resistant Name Collision-Resistant Name
A name in a namespace that enables names to be allocated in a A name in a namespace that enables names to be allocated in a
manner such that they are highly unlikely to collide with other manner such that they are highly unlikely to collide with other
names. Examples of collision-resistant namespaces include: Domain names. Examples of collision-resistant namespaces include: Domain
Names, Object Identifiers (OIDs) as defined in the ITU-T X.660 and Names, Object Identifiers (OIDs) as defined in the ITU-T X.660 and
X.670 Recommendation series, and Universally Unique IDentifiers X.670 Recommendation series, and Universally Unique IDentifiers
(UUIDs) [RFC4122]. When using an administratively delegated (UUIDs) [RFC4122]. When using an administratively delegated
namespace, the definer of a name needs to take reasonable namespace, the definer of a name needs to take reasonable
precautions to ensure they are in control of the portion of the precautions to ensure they are in control of the portion of the
namespace they use to define the name. namespace they use to define the name.
StringOrURI StringOrURI
A JSON string value, with the additional requirement that while A JSON string value, with the additional requirement that while
arbitrary string values MAY be used, any value containing a ":" arbitrary string values MAY be used, any value containing a ":"
character MUST be a URI [RFC3986]. StringOrURI values are character MUST be a URI [RFC3986]. StringOrURI values are
compared as case-sensitive strings with no transformations or compared as case-sensitive strings with no transformations or
canonicalizations applied. canonicalizations applied.
These terms defined by the JSON Web Encryption (JWE) [JWE]
specification are incorporated into this specification: "JSON Web
Encryption (JWE)" and "JWE Compact Serialization".
3. JSON Web Signature (JWS) Overview 3. JSON Web Signature (JWS) Overview
JWS represents digitally signed or MACed content using JSON data JWS represents digitally signed or MACed content using JSON data
structures and base64url encoding. A JWS represents these logical structures and base64url encoding. A JWS represents these logical
values: values:
JWS Header JOSE Header
JSON object containing the parameters describing the cryptographic JSON object containing the parameters describing the cryptographic
operations and parameters employed. The JWS Header members are operations and parameters employed. For a JWS object, the JOSE
the union of the members of the JWS Protected Header and the JWS Header members are the union of the members of the JWS Protected
Unprotected Header, as described below. Header and the JWS Unprotected Header, as described below.
JWS Payload JWS Payload
The sequence of octets to be secured -- a.k.a., the message. The The sequence of octets to be secured -- a.k.a., the message. The
payload can contain an arbitrary sequence of octets. payload can contain an arbitrary sequence of octets.
JWS Signature JWS Signature
Digital signature or MAC over the JWS Protected Header and the JWS Digital signature or MAC over the JWS Protected Header and the JWS
Payload. Payload.
The JWS Header represents the combination of these values: For a JWS object, the JOSE Header represents the combination of these
values:
JWS Protected Header JWS Protected Header
JSON object that contains the JWS Header Parameters that are JSON object that contains the Header Parameters that are integrity
integrity protected by the JWS Signature digital signature or MAC protected by the JWS Signature digital signature or MAC operation.
operation.
JWS Unprotected Header JWS Unprotected Header
JSON object that contains the JWS Header Parameters that are not JSON object that contains the Header Parameters that are not
integrity protected. integrity protected.
This document defines two serializations for JWS objects: a compact, This document defines two serializations for JWS objects: a compact,
URL-safe serialization called the JWS Compact Serialization and a URL-safe serialization called the JWS Compact Serialization and a
JSON serialization called the JWS JSON Serialization. In both JSON serialization called the JWS JSON Serialization. In both
serializations, the JWS Protected Header, JWS Payload, and JWS serializations, the JWS Protected Header, JWS Payload, and JWS
Signature are base64url encoded for transmission, since JSON lacks a Signature are base64url encoded for transmission, since JSON lacks a
way to directly represent octet sequences. way to directly represent octet sequences.
In the JWS Compact Serialization, no JWS Unprotected Header is used. In the JWS Compact Serialization, no JWS Unprotected Header is used.
In this case, the JWS Header and the JWS Protected Header are the In this case, the JOSE Header and the JWS Protected Header are the
same. same.
In the JWS Compact Serialization, a JWS object is represented as the In the JWS Compact Serialization, a JWS object is represented as the
combination of these three string values, combination of these three string values,
BASE64URL(UTF8(JWS Protected Header)), BASE64URL(UTF8(JWS Protected Header)),
BASE64URL(JWS Payload), and BASE64URL(JWS Payload), and
BASE64URL(JWS Signature), BASE64URL(JWS Signature),
concatenated in that order, with the three strings being separated by concatenated in that order, with the three strings being separated by
two period ('.') characters. two period ('.') characters.
In the JWS JSON Serialization, one or both of the JWS Protected In the JWS JSON Serialization, one or both of the JWS Protected
Header and JWS Unprotected Header MUST be present. In this case, the Header and JWS Unprotected Header MUST be present. In this case, the
members of the JWS Header are the combination of the members of the members of the JOSE Header are the combination of the members of the
JWS Protected Header and the JWS Unprotected Header values that are JWS Protected Header and the JWS Unprotected Header values that are
present. present.
In the JWS JSON Serialization, a JWS object is represented as the In the JWS JSON Serialization, a JWS object is represented as the
combination of these four values, combination of these four values,
BASE64URL(UTF8(JWS Protected Header)), BASE64URL(UTF8(JWS Protected Header)),
JWS Unprotected Header, JWS Unprotected Header,
BASE64URL(JWS Payload), and BASE64URL(JWS Payload), and
BASE64URL(JWS Signature), BASE64URL(JWS Signature),
with the three base64url encoding result strings and the JWS with the three base64url encoding result strings and the JWS
skipping to change at page 9, line 16 skipping to change at page 9, line 22
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
. .
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ cGxlLmNvbS9pc19yb290Ijp0cnVlfQ
. .
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
See Appendix A for additional examples. See Appendix A for additional examples.
4. JWS Header 4. JOSE Header
The members of the JSON object(s) representing the JWS Header For a JWS object, the members of the JSON object(s) representing the
describe the digital signature or MAC applied to the JWS Protected JOSE Header describe the digital signature or MAC applied to the JWS
Header and the JWS Payload and optionally additional properties of Protected Header and the JWS Payload and optionally additional
the JWS. The Header Parameter names within the JWS Header MUST be properties of the JWS. The Header Parameter names within the JOSE
unique; recipients MUST either reject JWSs with duplicate Header Header MUST be unique; recipients MUST either reject JWSs with
Parameter names or use a JSON parser that returns only the lexically duplicate Header Parameter names or use a JSON parser that returns
last duplicate member name, as specified in Section 15.12 (The JSON only the lexically last duplicate member name, as specified in
Object) of ECMAScript 5.1 [ECMAScript]. Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
Implementations are required to understand the specific Header Implementations are required to understand the specific Header
Parameters defined by this specification that are designated as "MUST Parameters defined by this specification that are designated as "MUST
be understood" and process them in the manner defined in this be understood" and process them in the manner defined in this
specification. All other Header Parameters defined by this specification. All other Header Parameters defined by this
specification that are not so designated MUST be ignored when not specification that are not so designated MUST be ignored when not
understood. Unless listed as a critical Header Parameter, per understood. Unless listed as a critical Header Parameter, per
Section 4.1.11, all Header Parameters not defined by this Section 4.1.11, all Header Parameters not defined by this
specification MUST be ignored when not understood. specification MUST be ignored when not understood.
There are three classes of Header Parameter names: Registered Header There are three classes of Header Parameter names: Registered Header
Parameter names, Public Header Parameter names, and Private Header Parameter names, Public Header Parameter names, and Private Header
Parameter names. Parameter names.
4.1. Registered Header Parameter Names 4.1. Registered Header Parameter Names
The following Header Parameter names are registered in the IANA JSON The following Header Parameter names for use in JWS objects are
Web Signature and Encryption Header Parameters registry defined in registered in the IANA JSON Web Signature and Encryption Header
Section 9.1, with meanings as defined below. Parameters registry defined in Section 9.1, with meanings as defined
below.
As indicated by the common registry, JWSs and JWEs share a common As indicated by the common registry, JWSs and JWEs share a common
Header Parameter space; when a parameter is used by both Header Parameter space; when a parameter is used by both
specifications, its usage must be compatible between the specifications, its usage must be compatible between the
specifications. specifications.
4.1.1. "alg" (Algorithm) Header Parameter 4.1.1. "alg" (Algorithm) Header Parameter
The "alg" (algorithm) Header Parameter identifies the cryptographic The "alg" (algorithm) Header Parameter identifies the cryptographic
algorithm used to secure the JWS. The signature, MAC, or plaintext algorithm used to secure the JWS. The signature, MAC, or plaintext
skipping to change at page 13, line 25 skipping to change at page 13, line 38
'/'. For instance, a "cty" value of "example" SHOULD be used to '/'. For instance, a "cty" value of "example" SHOULD be used to
represent the "application/example" media type; whereas, the media represent the "application/example" media type; whereas, the media
type "application/example;part="1/2"" cannot be shortened to type "application/example;part="1/2"" cannot be shortened to
"example;part="1/2"". "example;part="1/2"".
4.1.11. "crit" (Critical) Header Parameter 4.1.11. "crit" (Critical) Header Parameter
The "crit" (critical) Header Parameter indicates that extensions to The "crit" (critical) Header Parameter indicates that extensions to
the initial RFC versions of [[ this specification ]] and [JWA] are the initial RFC versions of [[ this specification ]] and [JWA] are
being used that MUST be understood and processed. Its value is an being used that MUST be understood and processed. Its value is an
array listing the Header Parameter names present in the JWS Header array listing the Header Parameter names present in the JOSE Header
that use those extensions. If any of the listed extension Header that use those extensions. If any of the listed extension Header
Parameters are not understood and supported by the receiver, it MUST Parameters are not understood and supported by the receiver, it MUST
reject the JWS. Senders MUST NOT include Header Parameter names reject the JWS. Senders MUST NOT include Header Parameter names
defined by the initial RFC versions of [[ this specification ]] or defined by the initial RFC versions of [[ this specification ]] or
[JWA] for use with JWS, duplicate names, or names that do not occur [JWA] for use with JWS, duplicate names, or names that do not occur
as Header Parameter names within the JWS Header in the "crit" list. as Header Parameter names within the JOSE Header in the "crit" list.
Senders MUST NOT use the empty list "[]" as the "crit" value. Senders MUST NOT use the empty list "[]" as the "crit" value.
Recipients MAY reject the JWS if the critical list contains any Recipients MAY reject the JWS if the critical list contains any
Header Parameter names defined by the initial RFC versions of [[ this Header Parameter names defined by the initial RFC versions of [[ this
specification ]] or [JWA] for use with JWS, or any other constraints specification ]] or [JWA] for use with JWS, or any other constraints
on its use are violated. This Header Parameter MUST be integrity on its use are violated. This Header Parameter MUST be integrity
protected, and therefore MUST occur only within the JWS Protected protected, and therefore MUST occur only within the JWS Protected
Header, when used. Use of this Header Parameter is OPTIONAL. This Header, when used. Use of this Header Parameter is OPTIONAL. This
Header Parameter MUST be understood and processed by implementations. Header Parameter MUST be understood and processed by implementations.
An example use, along with a hypothetical "exp" (expiration-time) An example use, along with a hypothetical "exp" (expiration-time)
skipping to change at page 14, line 38 skipping to change at page 14, line 46
5. Producing and Consuming JWSs 5. Producing and Consuming JWSs
5.1. Message Signature or MAC Computation 5.1. Message Signature or MAC Computation
To create a JWS, one MUST perform these steps. The order of the To create a JWS, one MUST perform these steps. The order of the
steps is not significant in cases where there are no dependencies steps is not significant in cases where there are no dependencies
between the inputs and outputs of the steps. between the inputs and outputs of the steps.
1. Create the content to be used as the JWS Payload. 1. Create the content to be used as the JWS Payload.
2. Compute the encoded payload value BASE64URL(JWS Payload). 2. Compute the encoded payload value BASE64URL(JWS Payload).
3. Create the JSON object(s) containing the desired set of Header 3. Create the JSON object(s) containing the desired set of Header
Parameters, which together comprise the JWS Header: the JWS Parameters, which together comprise the JOSE Header: the JWS
Protected Header, and if the JWS JSON Serialization is being Protected Header, and if the JWS JSON Serialization is being
used, the JWS Unprotected Header. used, the JWS Unprotected Header.
4. Compute the encoded header value BASE64URL(UTF8(JWS Protected 4. Compute the encoded header value BASE64URL(UTF8(JWS Protected
Header)). If the JWS Protected Header is not present (which can Header)). If the JWS Protected Header is not present (which can
only happen when using the JWS JSON Serialization and no only happen when using the JWS JSON Serialization and no
"protected" member is present), let this value be the empty "protected" member is present), let this value be the empty
string. string.
5. Compute the JWS Signature in the manner defined for the 5. Compute the JWS Signature in the manner defined for the
particular algorithm being used over the JWS Signing Input particular algorithm being used over the JWS Signing Input
ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload)). The "alg" (algorithm) Header Parameter BASE64URL(JWS Payload)). The "alg" (algorithm) Header Parameter
MUST be present in the JWS Header, with the algorithm value MUST be present in the JOSE Header, with the algorithm value
accurately representing the algorithm used to construct the JWS accurately representing the algorithm used to construct the JWS
Signature. Signature.
6. Compute the encoded signature value BASE64URL(JWS Signature). 6. Compute the encoded signature value BASE64URL(JWS Signature).
7. These three encoded values are used in both the JWS Compact 7. These three encoded values are used in both the JWS Compact
Serialization and the JWS JSON Serialization representations. Serialization and the JWS JSON Serialization representations.
8. If the JWS JSON Serialization is being used, repeat this process 8. If the JWS JSON Serialization is being used, repeat this process
(steps 3-7) for each digital signature or MAC operation being (steps 3-7) for each digital signature or MAC operation being
performed. performed.
9. Create the desired serialized output. The JWS Compact 9. Create the desired serialized output. The JWS Compact
Serialization of this result is BASE64URL(UTF8(JWS Protected Serialization of this result is BASE64URL(UTF8(JWS Protected
skipping to change at page 15, line 43 skipping to change at page 16, line 4
1. Parse the JWS representation to extract the serialized values 1. Parse the JWS representation to extract the serialized values
for the components of the JWS -- when using the JWS Compact for the components of the JWS -- when using the JWS Compact
Serialization, the base64url encoded representations of the JWS Serialization, the base64url encoded representations of the JWS
Protected Header, the JWS Payload, and the JWS Signature, and Protected Header, the JWS Payload, and the JWS Signature, and
when using the JWS JSON Serialization, also the unencoded JWS when using the JWS JSON Serialization, also the unencoded JWS
Unprotected Header value. When using the JWS Compact Unprotected Header value. When using the JWS Compact
Serialization, the JWS Protected Header, the JWS Payload, and Serialization, the JWS Protected Header, the JWS Payload, and
the JWS Signature are represented as base64url encoded values in the JWS Signature are represented as base64url encoded values in
that order, separated by two period ('.') characters. The JWS that order, separated by two period ('.') characters. The JWS
JSON Serialization is described in Section 7.2. JSON Serialization is described in Section 7.2.
2. The encoded representation of the JWS Protected Header MUST be 2. The encoded representation of the JWS Protected Header MUST be
successfully base64url decoded following the restriction that no successfully base64url decoded following the restriction that no
padding characters have been used. padding characters have been used.
3. The resulting octet sequence MUST be a UTF-8 encoded 3. The resulting octet sequence MUST be a UTF-8 encoded
representation of a completely valid JSON object conforming to representation of a completely valid JSON object conforming to
[RFC7159], which is the JWS Protected Header. [RFC7159], which is the JWS Protected Header.
4. If using the JWS Compact Serialization, let the JWS Header be 4. If using the JWS Compact Serialization, let the JOSE Header be
the JWS Protected Header; otherwise, when using the JWS JSON the JWS Protected Header; otherwise, when using the JWS JSON
Serialization, let the JWS Header be the union of the members of Serialization, let the JOSE Header be the union of the members
the corresponding JWS Protected Header and JWS Unprotected of the corresponding JWS Protected Header and JWS Unprotected
Header, all of which must be completely valid JSON objects. Header, all of which must be completely valid JSON objects.
5. The resulting JWS Header MUST NOT contain duplicate Header 5. The resulting JOSE Header MUST NOT contain duplicate Header
Parameter names. When using the JWS JSON Serialization, this Parameter names. When using the JWS JSON Serialization, this
restriction includes that the same Header Parameter name also restriction includes that the same Header Parameter name also
MUST NOT occur in distinct JSON object values that together MUST NOT occur in distinct JSON object values that together
comprise the JWS Header. comprise the JOSE Header.
6. Verify that the implementation understands and can process all 6. Verify that the implementation understands and can process all
fields that it is required to support, whether required by this fields that it is required to support, whether required by this
specification, by the algorithm being used, or by the "crit" specification, by the algorithm being used, or by the "crit"
Header Parameter value, and that the values of those parameters Header Parameter value, and that the values of those parameters
are also understood and supported. are also understood and supported.
7. The encoded representation of the JWS Payload MUST be 7. The encoded representation of the JWS Payload MUST be
successfully base64url decoded following the restriction that no successfully base64url decoded following the restriction that no
padding characters have been used. padding characters have been used.
8. The encoded representation of the JWS Signature MUST be 8. The encoded representation of the JWS Signature MUST be
successfully base64url decoded following the restriction that no successfully base64url decoded following the restriction that no
skipping to change at page 16, line 37 skipping to change at page 16, line 47
be present. be present.
10. If the JWS JSON Serialization is being used, repeat this process 10. If the JWS JSON Serialization is being used, repeat this process
(steps 4-9) for each digital signature or MAC value contained in (steps 4-9) for each digital signature or MAC value contained in
the representation. the representation.
5.3. String Comparison Rules 5.3. String Comparison Rules
Processing a JWS inevitably requires comparing known strings to Processing a JWS inevitably requires comparing known strings to
members and values in a JSON object. For example, in checking what members and values in a JSON object. For example, in checking what
the algorithm is, the Unicode string "alg" will be checked against the algorithm is, the Unicode string "alg" will be checked against
the member names in the JWS Header to see if there is a matching the member names in the JOSE Header to see if there is a matching
Header Parameter name. The same process is then used to determine if Header Parameter name. The same process is then used to determine if
the value of the "alg" Header Parameter represents a supported the value of the "alg" Header Parameter represents a supported
algorithm. algorithm.
Since the only string comparison operations that are performed are Since the only string comparison operations that are performed are
equality and inequality, the same rules can be used for comparing equality and inequality, the same rules can be used for comparing
both member names and member values against known strings. The JSON both member names and member values against known strings. The JSON
rules for doing member name comparison are described in Section 8.3 rules for doing member name comparison are described in Section 8.3
of [RFC7159]. of [RFC7159].
skipping to change at page 19, line 5 skipping to change at page 19, line 15
Additional members can be present in both the JSON objects defined Additional members can be present in both the JSON objects defined
above; if not understood by implementations encountering them, they above; if not understood by implementations encountering them, they
MUST be ignored. MUST be ignored.
The Header Parameter values used when creating or validating The Header Parameter values used when creating or validating
individual signature or MAC values are the union of the two sets of individual signature or MAC values are the union of the two sets of
Header Parameter values that may be present: (1) the JWS Protected Header Parameter values that may be present: (1) the JWS Protected
Header represented in the "protected" member of the signature/MAC's Header represented in the "protected" member of the signature/MAC's
array element, and (2) the JWS Unprotected Header in the "header" array element, and (2) the JWS Unprotected Header in the "header"
member of the signature/MAC's array element. The union of these sets member of the signature/MAC's array element. The union of these sets
of Header Parameters comprises the JWS Header. The Header Parameter of Header Parameters comprises the JOSE Header. The Header Parameter
names in the two locations MUST be disjoint. names in the two locations MUST be disjoint.
Each JWS Signature value is computed using the parameters of the Each JWS Signature value is computed using the parameters of the
corresponding JWS Header value in the same manner as for the JWS corresponding JOSE Header value in the same manner as for the JWS
Compact Serialization. This has the desirable property that each JWS Compact Serialization. This has the desirable property that each JWS
Signature value represented in the "signatures" array is identical to Signature value represented in the "signatures" array is identical to
the value that would have been computed for the same parameter in the the value that would have been computed for the same parameter in the
JWS Compact Serialization, provided that the JWS Protected Header JWS Compact Serialization, provided that the JWS Protected Header
value for that signature/MAC computation (which represents the value for that signature/MAC computation (which represents the
integrity-protected Header Parameter values) matches that used in the integrity-protected Header Parameter values) matches that used in the
JWS Compact Serialization. JWS Compact Serialization.
In summary, the syntax of a JWS using the JWS JSON Serialization is In summary, the syntax of a JWS using the JWS JSON Serialization is
as follows: as follows:
skipping to change at page 20, line 52 skipping to change at page 21, line 14
able to represent the perspectives of different applications using able to represent the perspectives of different applications using
this specification, in order to enable broadly-informed review of this specification, in order to enable broadly-informed review of
registration decisions. In cases where a registration decision could registration decisions. In cases where a registration decision could
be perceived as creating a conflict of interest for a particular be perceived as creating a conflict of interest for a particular
Expert, that Expert should defer to the judgment of the other Expert, that Expert should defer to the judgment of the other
Expert(s). Expert(s).
9.1. JSON Web Signature and Encryption Header Parameters Registry 9.1. JSON Web Signature and Encryption Header Parameters Registry
This specification establishes the IANA JSON Web Signature and This specification establishes the IANA JSON Web Signature and
Encryption Header Parameters registry for JWS and JWE Header Encryption Header Parameters registry for Header Parameter names.
Parameter names. The registry records the Header Parameter name and The registry records the Header Parameter name and a reference to the
a reference to the specification that defines it. The same Header specification that defines it. The same Header Parameter name can be
Parameter name can be registered multiple times, provided that the registered multiple times, provided that the parameter usage is
parameter usage is compatible between the specifications. Different compatible between the specifications. Different registrations of
registrations of the same Header Parameter name will typically use the same Header Parameter name will typically use different Header
different Header Parameter Usage Location(s) values. Parameter Usage Location(s) values.
9.1.1. Registration Template 9.1.1. Registration Template
Header Parameter Name: Header Parameter Name:
The name requested (e.g., "example"). Because a core goal of this The name requested (e.g., "example"). Because a core goal of this
specification is for the resulting representations to be compact, specification is for the resulting representations to be compact,
it is RECOMMENDED that the name be short -- not to exceed 8 it is RECOMMENDED that the name be short -- not to exceed 8
characters without a compelling reason to do so. This name is characters without a compelling reason to do so. This name is
case-sensitive. Names may not match other registered names in a case-sensitive. Names may not match other registered names in a
case-insensitive manner unless the Designated Expert(s) state that case-insensitive manner unless the Designated Expert(s) state that
skipping to change at page 31, line 25 skipping to change at page 31, line 38
105, 76, 65, 48, 75, 73, 67, 74, 104, 98, 71, 99, 105, 79, 105, 74, 105, 76, 65, 48, 75, 73, 67, 74, 104, 98, 71, 99, 105, 79, 105, 74,
73, 85, 122, 73, 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 73, 85, 122, 73, 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51,
77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67,
74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84,
107, 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 107, 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100,
72, 65, 54, 76, 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 72, 65, 54, 76, 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76,
109, 78, 118, 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 109, 78, 118, 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73,
106, 112, 48, 99, 110, 86, 108, 102, 81] 106, 112, 48, 99, 110, 86, 108, 102, 81]
HMACs are generated using keys. This example uses the symmetric key HMACs are generated using keys. This example uses the symmetric key
represented in JSON Web Key [JWK] format below (with line breaks for represented in JSON Web Key [JWK] format below (with line breaks
display purposes only): within values for display purposes only):
{"kty":"oct", {"kty":"oct",
"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75
aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow" aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"
} }
Running the HMAC SHA-256 algorithm on the JWS Signing Input with this Running the HMAC SHA-256 algorithm on the JWS Signing Input with this
key yields this JWS Signature octet sequence: key yields this JWS Signature octet sequence:
[116, 24, 223, 180, 151, 153, 224, 37, 79, 250, 96, 125, 216, 173, [116, 24, 223, 180, 151, 153, 224, 37, 79, 250, 96, 125, 216, 173,
skipping to change at page 33, line 31 skipping to change at page 33, line 39
[101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, [101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73,
49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105,
74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72, 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72,
65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68,
65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76,
121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118,
98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48,
99, 110, 86, 108, 102, 81] 99, 110, 86, 108, 102, 81]
This example uses the RSA key represented in JSON Web Key [JWK] This example uses the RSA key represented in JSON Web Key [JWK]
format below (with line breaks for display purposes only): format below (with line breaks within values for display purposes
only):
{"kty":"RSA", {"kty":"RSA",
"n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx "n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx
HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs
D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH
SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV
MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8 MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8
NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ", NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",
"e":"AQAB", "e":"AQAB",
"d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I "d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I
skipping to change at page 38, line 17 skipping to change at page 38, line 36
The JWS Payload used in this example, is the ASCII string "Payload". The JWS Payload used in this example, is the ASCII string "Payload".
The representation of this string is the octet sequence: The representation of this string is the octet sequence:
[80, 97, 121, 108, 111, 97, 100] [80, 97, 121, 108, 111, 97, 100]
Encoding this JWS Payload as BASE64URL(JWS Payload) gives this value: Encoding this JWS Payload as BASE64URL(JWS Payload) gives this value:
UGF5bG9hZA UGF5bG9hZA
Combining these as BASE64URL(UTF8(JWS Protected Header)) || '.' || Combining these as BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload) gives this string (with line breaks for BASE64URL(JWS Payload) gives this string:
display purposes only):
eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA
The resulting JWS Signing Input value, which is the ASCII The resulting JWS Signing Input value, which is the ASCII
representation of above string, is the following octet sequence: representation of above string, is the following octet sequence:
[101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 70, 85, 122, 85, [101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 70, 85, 122, 85,
120, 77, 105, 74, 57, 46, 85, 71, 70, 53, 98, 71, 57, 104, 90, 65] 120, 77, 105, 74, 57, 46, 85, 71, 70, 53, 98, 71, 57, 104, 90, 65]
This example uses the elliptic curve key represented in JSON Web Key This example uses the elliptic curve key represented in JSON Web Key
[JWK] format below (with line breaks for display purposes only): [JWK] format below (with line breaks within values for display
purposes only):
{"kty":"EC", {"kty":"EC",
"crv":"P-521", "crv":"P-521",
"x":"AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_ "x":"AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_
NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk", NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk",
"y":"ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDl "y":"ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDl
y79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2", y79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2",
"d":"AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPA "d":"AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPA
xerEzgdRhajnu0ferB0d53vM9mE15j2C" xerEzgdRhajnu0ferB0d53vM9mE15j2C"
} }
skipping to change at page 41, line 46 skipping to change at page 42, line 16
Key ID values are supplied for both keys using per-signature Header Key ID values are supplied for both keys using per-signature Header
Parameters. The two values used to represent these Key IDs are: Parameters. The two values used to represent these Key IDs are:
{"kid":"2010-12-29"} {"kid":"2010-12-29"}
and and
{"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"} {"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"}
A.6.3. Complete JWS Header Values A.6.3. Complete JOSE Header Values
Combining the protected and unprotected header values supplied, the Combining the protected and unprotected header values supplied, the
JWS Header values used for the first and second signatures JOSE Header values used for the first and second signatures
respectively are: respectively are:
{"alg":"RS256", {"alg":"RS256",
"kid":"2010-12-29"} "kid":"2010-12-29"}
and and
{"alg":"ES256", {"alg":"ES256",
"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"} "kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"}
A.6.4. Complete JWS JSON Serialization Representation A.6.4. Complete JWS JSON Serialization Representation
The complete JSON Web Signature JSON Serialization for these values The complete JSON Web Signature JSON Serialization for these values
is as follows (with line breaks for display purposes only): is as follows (with line breaks within values for display purposes
only):
{"payload": {"payload":
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGF "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGF
tcGxlLmNvbS9pc19yb290Ijp0cnVlfQ", tcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
"signatures":[ "signatures":[
{"protected":"eyJhbGciOiJSUzI1NiJ9", {"protected":"eyJhbGciOiJSUzI1NiJ9",
"header": "header":
{"kid":"2010-12-29"}, {"kid":"2010-12-29"},
"signature": "signature":
"cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ
skipping to change at page 49, line 13 skipping to change at page 49, line 27
Paul Tarjan, Hannes Tschofenig, and Sean Turner. Paul Tarjan, Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix H. Document History Appendix H. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-29
o Replaced the terms JWS Header, JWE Header, and JWT Header with a
single JOSE Header term defined in the JWS specification. This
also enabled a single Header Parameter definition to be used and
reduced other areas of duplication between specifications.
-28 -28
o Revised the introduction to the Security Considerations section. o Revised the introduction to the Security Considerations section.
Also introduced additional subsection headings for security Also introduced additional subsection headings for security
considerations items and also moved a security consideration item considerations items and also moved a security consideration item
here from the JWA draft. here from the JWA draft.
o Added text about when applications typically would and would not o Added text about when applications typically would and would not
use "typ" and "cty" header parameters. use "typ" and "cty" header parameters.
 End of changes. 59 change blocks. 
88 lines changed or deleted 106 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/