Re: ACTION-92 | JOSE Use Case

Mike,

Given that JOSE has MTA algorithms, I'm not sure that's possible to
guarantee. I don't think it's a reasonable spec restriction, as much
as it is a reasonable goal.

On Mon, Jul 8, 2013 at 5:56 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> That's part of it.  But I would make sure that there is a section in the Use Cases document that states that it should be possible to build a complete JOSE implementation using the WebCrypto APIs.  That's the core of the JOSE use case.
>
>                                 Thanks,
>                                 -- Mike
>
> -----Original Message-----
> From: Arun Ranganathan [mailto:arun@mozilla.com]
> Sent: Monday, July 08, 2013 6:57 AM
> To: Web Cryptography Working Group (public-webcrypto@w3.org)
> Subject: ACTION-92 | JOSE Use Case
>
> I think I can close ACTION-92 assigned to me, which is to account for the JOSE use case.
>
> A few observations:
>
> 1. The "JOSE use case" is actually the API's consumption of "JWK" in import/export.  Everything else is an application layer consideration (and the use cases document makes mention of the use of JWT for assertions, for example).  By stipulating a use case that allows for import (and export) in JWK format, I think the JOSE use case is accounted for.
>
> Since the remaining JOSE formats are not directly "natively" consumed by the API, I don't think they constitute a use case (and in fact can already be used by JavaScript web applications).
>
> Mike: please let me know if you disagree.
>
> 2. I think the WebCrypto API's CryptoOperationData should include the possibility of JWK as JSON.  Maybe:
>
> typedef (ArrayBuffer or ArrayBufferView or DOMString) CryptoOperationData;
>
> But we should restrict it to be used only for import/export.
>
> The use cases document is: https://dvcs.w3.org/hg/webcrypto-usecases/raw-file/4ee6bd222b1c/Overview.html
>

Received on Tuesday, 9 July 2013 00:59:06 UTC