FW: JOSE -19 drafts intended for Working Group Last Call from Mike Jones on 2013-12-29 (public-webcrypto@w3.org from December 2013)

From: Mike Jones <Michael.Jones@microsoft.com>
Date: Sun, 29 Dec 2013 19:55:18 +0000
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <4E1F6AAD24975D4BA5B16804296739437CD7A79A@TK5EX14MBXC286.redmond.corp.microsoft.>

FYI, the "use_details" JSON Web Key (JWK) field, which directly uses the WebCrypto KeyUsage array values, is now in the JWK spec.  See http://tools.ietf.org/html/draft-ietf-jose-json-web-key-19#section-3.3.  And as also previously discussed, the "Implementation Requirements" algorithm registry fields have been renamed to "JOSE Implementation Requirements" to make it clear that these requirements apply only to JWS and JWE implementations - not to all uses of the algorithms.  See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-19#section-7.1.

I believe that together, these changes unblock any issues for WebCrypto to directly use JWK.

                                                            -- Mike

From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Sunday, December 29, 2013 4:49 AM
To: jose@ietf.org
Cc: Sean Turner
Subject: [jose] JOSE -19 drafts intended for Working Group Last Call

JSON Object Signing and Encryption (JOSE) -19 drafts have been published that address all my remaining to-do items for the open issues.  I believe the remainder of the issues are either ready to close because of actions already taken in the drafts (the majority of them), require further input to identify any specific remaining proposed actions, if any (a few of them), or will be considered during Working Group Last Call (a few of them).  Only editorial changes and one addition were made - no breaking changes.

In short, I believe I have addressed everything needed to bring us to Working Group Last Call for the JWS, JWE, JWK, and JWA specs.  (Chairs and Sean, please let me know whether you agree or whether you believe anything else remains to be done before WGLC.)

The one addition was to add the optional "use_details" JWK field, as discussed on the JOSE list and the WebCrypto list.  While I realize that this proposal hasn't gotten much review yet (I believe due to the holidays), I wanted to get it in so people can review it in context, and as a concrete step towards meeting a perceived need for additional JWK functionality from the WebCrypto working group.  It's cleanly separable from the rest of the spec, so if the JOSE WG ends up hating it, we can always take it back out and possibly move it to a separate spec.  But at least we have a concrete write-up of it now to review.

I also made a one-paragraph change to the JSON Web Token (JWT) spec to reference text in JWE, rather than duplicating it in JWT.

See the History entries for details of the (small number of) changes made.

The drafts are available at:

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-19

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-19

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-19

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-19

*        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-14

HTML formatted versions are also available at:

*        http://self-issued.info/docs/draft-ietf-jose-json-web-signature-19.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-19.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-key-19.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-19.html

*        http://self-issued.info/docs/draft-ietf-oauth-json-web-token-14.html

                                                            -- Mike

Received on Sunday, 29 December 2013 19:56:39 UTC