- From: Mike Jones <Michael.Jones@microsoft.com>
- Date: Tue, 9 Jul 2013 00:56:34 +0000
- To: Arun Ranganathan <arun@mozilla.com>, "Web Cryptography Working Group (public-webcrypto@w3.org)" <public-webcrypto@w3.org>
That's part of it. But I would make sure that there is a section in the Use Cases document that states that it should be possible to build a complete JOSE implementation using the WebCrypto APIs. That's the core of the JOSE use case. Thanks, -- Mike -----Original Message----- From: Arun Ranganathan [mailto:arun@mozilla.com] Sent: Monday, July 08, 2013 6:57 AM To: Web Cryptography Working Group (public-webcrypto@w3.org) Subject: ACTION-92 | JOSE Use Case I think I can close ACTION-92 assigned to me, which is to account for the JOSE use case. A few observations: 1. The "JOSE use case" is actually the API's consumption of "JWK" in import/export. Everything else is an application layer consideration (and the use cases document makes mention of the use of JWT for assertions, for example). By stipulating a use case that allows for import (and export) in JWK format, I think the JOSE use case is accounted for. Since the remaining JOSE formats are not directly "natively" consumed by the API, I don't think they constitute a use case (and in fact can already be used by JavaScript web applications). Mike: please let me know if you disagree. 2. I think the WebCrypto API's CryptoOperationData should include the possibility of JWK as JSON. Maybe: typedef (ArrayBuffer or ArrayBufferView or DOMString) CryptoOperationData; But we should restrict it to be used only for import/export. The use cases document is: https://dvcs.w3.org/hg/webcrypto-usecases/raw-file/4ee6bd222b1c/Overview.html
Received on Tuesday, 9 July 2013 00:57:03 UTC