Скачать презентацию JOSE New Specs New Features Mike Jones Скачать презентацию JOSE New Specs New Features Mike Jones

13cfa82e81c5a42a46b05e9c437a5f2b.ppt

  • Количество слайдов: 7

JOSE New Specs & New Features Mike Jones Microsoft Identity Standards Architect March 27, JOSE New Specs & New Features Mike Jones Microsoft Identity Standards Architect March 27, 2012

New Features • JWS and JWE: – jpk for including JWK public key in New Features • JWS and JWE: – jpk for including JWK public key in header – x 5 c for including X. 509 certificate chain in header • JWE: – Add integrity check for non-AEAD algorithms • JWA: – Add AES Key Wrap with 512 bit keys (A 512 KW) – Moved JWS "alg": "none" here from JWT spec

New JSON Serialization Specs • Meet WG requirements: – JSON top-level representations of signed/HMACed New JSON Serialization Specs • Meet WG requirements: – JSON top-level representations of signed/HMACed and encrypted content – Multiple signatures/HMACs over same payload – Encrypt same plaintext to multiple recipients • New Specs: – JSON Web Signature JSON Serialization (JWS-JS) • draft-jones-json-web-signature-json-serialization – JSON Web Encryption JSON Serialization (JWE-JS) • draft-jones-json-web-encryption-json-serialization

Example JWS-JS { Example JWS-JS {"headers": [ "ey. Jhb. Gci. Oi. JSUz. I 1 Ni. J 9", "ey. Jhb. Gci. Oi. JFUz. I 1 Ni. J 9"], "payload": "ey. Jpc 3 Mi. Oi. Jqb 2 Ui. LA 0 KICJle. HAi. Oj. Ez. MDA 4 MTkz. ODAs. DQog. Imh 0 d. HA 6 Ly 9 le. GFtc. Gxl. Lm. Nvb. S 9 pc 19 yb 290 Ijp 0 cn. Vlf. Q", "signatures": [ "c. C 4 hi. UPoj 9 Eetdgtv 3 h. F 80 EGrhu. B__dz. ERat 0 XF 9 g 2 Vt. Qgr 9 PJbu 3 XOi. Zj 5 RZ mh 7 AAu. HIm 4 Bh-0 Qc_l. F 5 YKt_O 8 W 2 Fp 5 juj. Gbds 9 u. Jdb. F 9 CUAr 7 t 1 dn. Zc. Ac. Qjb. KBY NX 4 BAyn. RFdiu. B--f_n. ZLgrnby. Ty. Wz. O 75 v. RK 5 h 6 x. BAr. LIARNPvk. Sjt. QBMHlb 1 L 07 Q e 7 K 0 Gar. ZRm. B_e. SN 9383 Lc. OLn 6_d. O--xi 12 jz. Dwus. C-e. Ok. HWEsqt. FZESc 6 Bf. I 7 no. O Pqvh. J 1 ph. Cnv. Wh 6 Ie. YI 2 w 9 QOYEUip. UTI 8 np 6 Lbg. GY 9 Fs 98 rq. Vt 5 AXLIh. Wk. Wywl. Vmt Vr. Bp 0 igc. N_Ioyp. Gl. UPQGe 77 Rw", "Dt. Eh. U 3 ljb. Eg 8 L 38 VWAf. UAq. Oy. KAM 6 -Xx-F 4 Gawxaepm. XFCgf. Tj. Dxw 5 djx. La 8 IS l. SApm. WQxf. KTUJq. PP 3 -Kg 6 NU 1 Q"] }

Compare to JWS Example Format Header. Payload. Signature: ey. Jhb. Gci. Oi. JFUz. I Compare to JWS Example Format Header. Payload. Signature: ey. Jhb. Gci. Oi. JFUz. I 1 Ni. J 9. ey. Jpc 3 Mi. Oi. Jqb 2 Ui. LA 0 KICJle. HAi. Oj. Ez. MDA 4 MTkz. ODAs. DQog. Imh 0 d. HA 6 Ly 9 le. GFtc. Gxl. Lm. Nvb. S 9 pc 19 yb 290 Ijp 0 cn. Vlf. Q. l. SApm. WQxf. KTUJq. PP 3 -Kg 6 NU 1 Q

Why are the headers base 64 url encoded? • Why: – Why are the headers base 64 url encoded? • Why: – "ey. Jhb. Gci. Oi. JFUz. I 1 Ni. J 9" • Rather than: – {"alg": "ES 256"} • Simple answer: – Header contents is signed/HMACed

Request for WG Draft Status • Request WG decision to move JSON Serialization docs Request for WG Draft Status • Request WG decision to move JSON Serialization docs WG doc status – JSON Web Signature JSON Serialization (JWS-JS) • draft-jones-json-web-signature-json-serialization – JSON Web Encryption JSON Serialization (JWE-JS) • draft-jones-json-web-encryption-json-serialization