draft-ietf-jose-json-web-signature-39.txt   draft-ietf-jose-json-web-signature-40.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track J. Bradley Intended status: Standards Track J. Bradley
Expires: July 3, 2015 Ping Identity Expires: July 17, 2015 Ping Identity
N. Sakimura N. Sakimura
NRI NRI
December 30, 2014 January 13, 2015
JSON Web Signature (JWS) JSON Web Signature (JWS)
draft-ietf-jose-json-web-signature-39 draft-ietf-jose-json-web-signature-40
Abstract Abstract
JSON Web Signature (JWS) represents content secured with digital JSON Web Signature (JWS) represents content secured with digital
signatures or Message Authentication Codes (MACs) using JavaScript signatures or Message Authentication Codes (MACs) using JavaScript
Object Notation (JSON) based data structures. Cryptographic Object Notation (JSON) based data structures. Cryptographic
algorithms and identifiers for use with this specification are algorithms and identifiers for use with this specification are
described in the separate JSON Web Algorithms (JWA) specification and described in the separate JSON Web Algorithms (JWA) specification and
an IANA registry defined by that specification. Related encryption an IANA registry defined by that specification. Related encryption
capabilities are described in the separate JSON Web Encryption (JWE) capabilities are described in the separate JSON Web Encryption (JWE)
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 3, 2015. This Internet-Draft will expire on July 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 30 skipping to change at page 3, line 30
10.11. SHA-1 Certificate Thumbprints . . . . . . . . . . . . . . 31 10.11. SHA-1 Certificate Thumbprints . . . . . . . . . . . . . . 31
10.12. JSON Security Considerations . . . . . . . . . . . . . . 32 10.12. JSON Security Considerations . . . . . . . . . . . . . . 32
10.13. Unicode Comparison Security Considerations . . . . . . . 32 10.13. Unicode Comparison Security Considerations . . . . . . . 32
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
11.1. Normative References . . . . . . . . . . . . . . . . . . 33 11.1. Normative References . . . . . . . . . . . . . . . . . . 33
11.2. Informative References . . . . . . . . . . . . . . . . . 34 11.2. Informative References . . . . . . . . . . . . . . . . . 34
Appendix A. JWS Examples . . . . . . . . . . . . . . . . . . . . 36 Appendix A. JWS Examples . . . . . . . . . . . . . . . . . . . . 36
A.1. Example JWS using HMAC SHA-256 . . . . . . . . . . . . . 36 A.1. Example JWS using HMAC SHA-256 . . . . . . . . . . . . . 36
A.1.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 36 A.1.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 36
A.1.2. Validating . . . . . . . . . . . . . . . . . . . . . . 38 A.1.2. Validating . . . . . . . . . . . . . . . . . . . . . . 38
A.2. Example JWS using RSASSA-PKCS-v1_5 SHA-256 . . . . . . . 38 A.2. Example JWS using RSASSA-PKCS-v1_5 SHA-256 . . . . . . . 39
A.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 39 A.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 39
A.2.2. Validating . . . . . . . . . . . . . . . . . . . . . . 41 A.2.2. Validating . . . . . . . . . . . . . . . . . . . . . . 41
A.3. Example JWS using ECDSA P-256 SHA-256 . . . . . . . . . . 42 A.3. Example JWS using ECDSA P-256 SHA-256 . . . . . . . . . . 42
A.3.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 42 A.3.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 42
A.3.2. Validating . . . . . . . . . . . . . . . . . . . . . . 44 A.3.2. Validating . . . . . . . . . . . . . . . . . . . . . . 44
A.4. Example JWS using ECDSA P-521 SHA-512 . . . . . . . . . . 44 A.4. Example JWS using ECDSA P-521 SHA-512 . . . . . . . . . . 44
A.4.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 44 A.4.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . 44
A.4.2. Validating . . . . . . . . . . . . . . . . . . . . . . 46 A.4.2. Validating . . . . . . . . . . . . . . . . . . . . . . 46
A.5. Example Unsecured JWS . . . . . . . . . . . . . . . . . . 46 A.5. Example Unsecured JWS . . . . . . . . . . . . . . . . . . 46
A.6. Example JWS using General JWS JSON Serialization . . . . 47 A.6. Example JWS using General JWS JSON Serialization . . . . 47
skipping to change at page 5, line 44 skipping to change at page 5, line 44
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
these words are used without being spelled in uppercase then they are these words are used without being spelled in uppercase then they are
to be interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 2. Section 2.
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING, where STRING is a sequence of zero or more Unicode
[UNICODE] characters.
ASCII(STRING) denotes the octets of the ASCII [RFC20] representation ASCII(STRING) denotes the octets of the ASCII [RFC20] representation
of STRING. of STRING, where STRING is a sequence of zero or more ASCII
characters.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms are defined by this specification: These terms are defined by this specification:
JSON Web Signature (JWS) JSON Web Signature (JWS)
A data structure representing a digitally signed or MACed message. A data structure representing a digitally signed or MACed message.
skipping to change at page 33, line 26 skipping to change at page 33, line 26
[ITU.X690.1994] [ITU.X690.1994]
International Telecommunications Union, "Information International Telecommunications Union, "Information
Technology - ASN.1 encoding rules: Specification of Basic Technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, 1994. X.690, 1994.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
December 2014. January 2015.
[JWK] Jones, M., "JSON Web Key (JWK)", [JWK] Jones, M., "JSON Web Key (JWK)",
draft-ietf-jose-json-web-key (work in progress), draft-ietf-jose-json-web-key (work in progress),
December 2014. January 2015.
[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20,
October 1969. October 1969.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996. Bodies", RFC 2045, November 1996.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, Extensions (MIME) Part Two: Media Types", RFC 2046,
skipping to change at page 34, line 35 skipping to change at page 34, line 35
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, March 2011. Security (TLS)", RFC 6125, March 2011.
[RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer [RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer
(SSL) Version 2.0", RFC 6176, March 2011. (SSL) Version 2.0", RFC 6176, March 2011.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, March 2014.
[UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-,
<http://www.unicode.org/versions/latest/>.
11.2. Informative References 11.2. Informative References
[CanvasApp] [CanvasApp]
Facebook, "Canvas Applications", 2010. Facebook, "Canvas Applications", 2010.
[I-D.ietf-uta-tls-bcp] [I-D.ietf-uta-tls-bcp]
Sheffer, Y., Holz, R., and P. Saint-Andre, Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of TLS and DTLS", "Recommendations for Secure Use of TLS and DTLS",
draft-ietf-uta-tls-bcp-08 (work in progress), draft-ietf-uta-tls-bcp-08 (work in progress),
December 2014. December 2014.
[JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign", [JSS] Bradley, J. and N. Sakimura (editor), "JSON Simple Sign",
September 2010. September 2010.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption (work in progress), draft-ietf-jose-json-web-encryption (work in progress),
December 2014. January 2015.
[JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token [JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", draft-ietf-oauth-json-web-token (work in (JWT)", draft-ietf-oauth-json-web-token (work in
progress), December 2014. progress), December 2014.
[MagicSignatures] [MagicSignatures]
Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic
Signatures", January 2011. Signatures", January 2011.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
skipping to change at page 47, line 21 skipping to change at page 47, line 21
in the previous examples. Since the BASE64URL(JWS Payload) value in the previous examples. Since the BASE64URL(JWS Payload) value
will therefore be the same, its computation is not repeated here. will therefore be the same, its computation is not repeated here.
{"iss":"joe", {"iss":"joe",
"exp":1300819380, "exp":1300819380,
"http://example.com/is_root":true} "http://example.com/is_root":true}
The JWS Signature is the empty octet string and BASE64URL(JWS The JWS Signature is the empty octet string and BASE64URL(JWS
Signature) is the empty string. Signature) is the empty string.
Concatenating these parts in the order Header.Payload.Signature with Concatenating these values in the order Header.Payload.Signature with
period ('.') characters between the parts yields this complete JWS period ('.') characters between the parts yields this complete JWS
(with line breaks for display purposes only): representation using the JWS Compact Serialization (with line breaks
for display purposes only):
eyJhbGciOiJub25lIn0 eyJhbGciOiJub25lIn0
. .
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ cGxlLmNvbS9pc19yb290Ijp0cnVlfQ
. .
A.6. Example JWS using General JWS JSON Serialization A.6. Example JWS using General JWS JSON Serialization
This section contains an example using the general JWS JSON This section contains an example using the general JWS JSON
skipping to change at page 50, line 21 skipping to change at page 50, line 21
{"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"}, {"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"},
"signature": "signature":
"DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS
lSApmWQxfKTUJqPP3-Kg6NU1Q" lSApmWQxfKTUJqPP3-Kg6NU1Q"
} }
Appendix B. "x5c" (X.509 Certificate Chain) Example Appendix B. "x5c" (X.509 Certificate Chain) Example
The JSON array below is an example of a certificate chain that could The JSON array below is an example of a certificate chain that could
be used as the value of an "x5c" (X.509 Certificate Chain) Header be used as the value of an "x5c" (X.509 Certificate Chain) Header
Parameter, per Section 4.1.6. Note that since these strings contain Parameter, per Section 4.1.6 (with line breaks within values for
base64 encoded (not base64url encoded) values, they are allowed to display purposes only):
contain white space and line breaks.
["MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVM ["MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVM
xITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR2 xITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR2
8gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExM 8gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExM
TYwMTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UE TYwMTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UE
CBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWR CBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWR
keS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYW keS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYW
RkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlc RkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlc
nRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJ nRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTt KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTt
skipping to change at page 56, line 21 skipping to change at page 56, line 21
Tschofenig, and Sean Turner. Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix H. Document History Appendix H. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-40
o Clarified the definitions of UTF8(STRING) and ASCII(STRING).
o Stated that line breaks are for display purposes only in places
where this disclaimer was needed and missing.
-39 -39
o Updated the reference to draft-ietf-uta-tls-bcp. o Updated the reference to draft-ietf-uta-tls-bcp.
-38 -38
o Replaced uses of the phrases "JWS object" and "JWE object" with o Replaced uses of the phrases "JWS object" and "JWE object" with
"JWS" and "JWE". "JWS" and "JWE".
o Added member names to the JWS JSON Serialization Overview. o Added member names to the JWS JSON Serialization Overview.
 End of changes. 16 change blocks. 
16 lines changed or deleted 28 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/