Difference between revisions of "JOSE"
From MgmtWiki
(Created page with "==Full Title== JSON Web Token (JWT) -- ==Context== In OAuth 2.0 and other specs from the Open ID Foundation, there was a need for a small packed of identity information...") |
(→Solutions) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title== | ==Full Title== | ||
| − | + | Javascript Object Signing and Encryption (jose) | |
==Context== | ==Context== | ||
| Line 9: | Line 9: | ||
==Solutions== | ==Solutions== | ||
| − | *The | + | * RFC 7165 Use Cases and Requirements for JSON Object Signing and Encryption (JOSE) |
| + | *The IETF Working Group on Javascript Object Signing and Encryption (jose) issued a [https://datatracker.ietf.org/wg/jose/about/ final report].<blockquote>JavaScript Object Notation (JSON) is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services, which use encryption, digital signatures, message authentication codes (MACs) algorithms, that carry their data in JSON format.</blockquote> | ||
*Justin Richer has some suggestions.<ref>Justin Richer, ''Moving On from OAuth 2: A Proposal.'' https://medium.com/@justinsecurity/moving-on-from-oauth-2-629a00133ade</ref> | *Justin Richer has some suggestions.<ref>Justin Richer, ''Moving On from OAuth 2: A Proposal.'' https://medium.com/@justinsecurity/moving-on-from-oauth-2-629a00133ade</ref> | ||
| Line 15: | Line 16: | ||
<references /> | <references /> | ||
===Other reference material=== | ===Other reference material=== | ||
| − | # | + | # [https://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/6.0/overview-summary.html#overview.description Nimbus JOSE + JWT v6.0] is an open source java library |
| + | # [https://tools.ietf.org/html/rfc7516 JWE - Json Web Encription] | ||
# [https://blog.angular-university.io/angular-jwt/ JWT: The Complete Guide to JSON Web Tokens] from the folks that brought you angular. | # [https://blog.angular-university.io/angular-jwt/ JWT: The Complete Guide to JSON Web Tokens] from the folks that brought you angular. | ||
# RFC 6749 The OAuth 2.0 Authorization Framework specification | # RFC 6749 The OAuth 2.0 Authorization Framework specification | ||
Latest revision as of 13:16, 22 October 2019
Full Title
Javascript Object Signing and Encryption (jose)
Context
In OAuth 2.0 and other specs from the Open ID Foundation, there was a need for a small packed of identity information that could be coded and include in a HTTP header.
Problems
- The existing specs at the time the JWT was created were XML and SAML which were very wording and not amenable to coding in an HTTP header.
Solutions
- RFC 7165 Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)
- The IETF Working Group on Javascript Object Signing and Encryption (jose) issued a final report.
JavaScript Object Notation (JSON) is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services, which use encryption, digital signatures, message authentication codes (MACs) algorithms, that carry their data in JSON format.
- Justin Richer has some suggestions.[1]
References
- ↑ Justin Richer, Moving On from OAuth 2: A Proposal. https://medium.com/@justinsecurity/moving-on-from-oauth-2-629a00133ade
Other reference material
- Nimbus JOSE + JWT v6.0 is an open source java library
- JWE - Json Web Encription
- JWT: The Complete Guide to JSON Web Tokens from the folks that brought you angular.
- RFC 6749 The OAuth 2.0 Authorization Framework specification
- RFC 8252 OAuth 2.0 for Native Apps Specification
