JOSE

From MgmtWiki
Revision as of 11:47, 22 October 2019 by Tom (talk | contribs) (Solutions)

Jump to: navigation, search

Full Title

Javascript Object Signing and Encryption (jose)

Context

In OAuth 2.0 and other specs from the Open ID Foundation, there was a need for a small packed of identity information that could be coded and include in a HTTP header.

Problems

  • The existing specs at the time the JWT was created were XML and SAML which were very wording and not amenable to coding in an HTTP header.

Solutions

  • The IETF Working Group on Javascript Object Signing and Encryption (jose) issued a final report.
  • Justin Richer has some suggestions.[1]

References

  1. Justin Richer, Moving On from OAuth 2: A Proposal. https://medium.com/@justinsecurity/moving-on-from-oauth-2-629a00133ade

Other reference material

  1. Nimbus JOSE + JWT v6.0 is an open source java library
  2. JWE - Json Web Encription
  3. JWT: The Complete Guide to JSON Web Tokens from the folks that brought you angular.
  4. RFC 6749 The OAuth 2.0 Authorization Framework specification
  5. RFC 8252 OAuth 2.0 for Native Apps Specification
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=JOSE&oldid=6726"