Presentation is loading. Please wait.

Presentation is loading. Please wait.

JOSE New Specs & New Features

Published byFanny Kurniawan Modified over 5 years ago

Similar presentations

Presentation on theme: "JOSE New Specs & New Features"— Presentation transcript:

1 JOSE New Specs & New Features
Mike Jones Microsoft Identity Standards Architect March 27, 2012

2 New Features JWS and JWE: JWE: JWA:
jpk for including JWK public key in header x5c for including X.509 certificate chain in header JWE: Add integrity check for non-AEAD algorithms JWA: Add AES Key Wrap with 512 bit keys (A512KW) Moved JWS "alg":"none" here from JWT spec

3 New JSON Serialization Specs
Meet WG requirements: JSON top-level representations of signed/HMACed and encrypted content Multiple signatures/HMACs over same payload Encrypt same plaintext to multiple recipients New Specs: JSON Web Signature JSON Serialization (JWS-JS) draft-jones-json-web-signature-json-serialization JSON Web Encryption JSON Serialization (JWE-JS) draft-jones-json-web-encryption-json-serialization

4 Example JWS-JS {"headers":[ "eyJhbGciOiJSUzI1NiJ9", "eyJhbGciOiJFUzI1NiJ9"], "payload":"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0 dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ", "signatures":[ "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ mh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBY NX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Q e7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noO PqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmt VrBp0igcN_IoypGlUPQGe77Rw", "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS lSApmWQxfKTUJqPP3-Kg6NU1Q"] }

5 Compare to JWS Example Format Header.Payload.Signature:
eyJhbGciOiJFUzI1NiJ9. eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0 dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ. lSApmWQxfKTUJqPP3-Kg6NU1Q

6 Why are the headers base64url encoded?
"eyJhbGciOiJFUzI1NiJ9" Rather than: {"alg":"ES256"} Simple answer: Header contents is signed/HMACed

7 Request for WG Draft Status
Request WG decision to move JSON Serialization docs WG doc status JSON Web Signature JSON Serialization (JWS-JS) draft-jones-json-web-signature-json-serialization JSON Web Encryption JSON Serialization (JWE-JS) draft-jones-json-web-encryption-json-serialization

Download ppt "JOSE New Specs & New Features"

Similar presentations

The Emerging JSON/REST-Based Identity Protocol Suite

The Emerging JSON/REST-Based Identity Protocol Suite
Main Title Here Additional copy here, additional copy here, additional copy here, additional copy here, additional copy here. ADD YOUR WEB ADDRESS HERE.

Main Title Here Additional copy here, additional copy here, additional copy here, additional copy here, additional copy here. ADD YOUR WEB ADDRESS HERE.
JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.

JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.

1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) Mike Jones Standards Architect – Microsoft IETF 82 –

Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) Mike Jones Standards Architect – Microsoft IETF 82 –
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Masud Hasan 03-60-475 SecueEmail VS Hushmail Project 2.

Masud Hasan Secue VS Hushmail Project 2.
XML Signature Prabath Siriwardena Director, Security Architecture.

XML Signature Prabath Siriwardena Director, Security Architecture.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
COSE Overview Jim Schaad August Cellars. Willing Changes No crypto compatibility Use of CBOR idioms Partial change of naming schemes.

COSE Overview Jim Schaad August Cellars. Willing Changes No crypto compatibility Use of CBOR idioms Partial change of naming schemes.
 A Web service is a method of communication between two electronic devices over World Wide Web.

 A Web service is a method of communication between two electronic devices over World Wide Web.
Type your question here. Type Answer Type your question here. Type Answer.

Type your question here. Type Answer Type your question here. Type Answer.
Electronic signature Validity Model 1. Shell model Certificate 1 Certificate 2 Certificate 3 Signed document Generate valid signature validCheck invalidCheck.

Electronic signature Validity Model 1. Shell model Certificate 1 Certificate 2 Certificate 3 Signed document Generate valid signature validCheck invalidCheck.
Main Title Here Additional copy here, additional copy here, additional copy here, additional copy here, additional copy here. ADD YOUR WEB ADDRESS HERE.

Main Title Here Additional copy here, additional copy here, additional copy here, additional copy here, additional copy here. ADD YOUR WEB ADDRESS HERE.

Similar presentations

Ads by Google