datatracker.ietf.org
Sign in
Version 5.6.3, 2014-09-19
Report a bug

Javascript Object Signing and Encryption (jose)

Group
Name: Javascript Object Signing and Encryption
Acronym:jose
Area:Security Area (sec)
State: Active
Charter: charter-ietf-jose-02 (Approved)
Personnel
Chairs: Karen O'Donoghue <odonoghue@isoc.org>
Jim Schaad <ietf@augustcellars.com>
Area Director: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Mailing List
Address:jose@ietf.org
To Subscribe:https://www.ietf.org/mailman/listinfo/jose
Archive:http://www.ietf.org/mail-archive/web/jose/
Jabber Chat
Room Address: xmpp:jose@jabber.ietf.org
Logs: http://jabber.ietf.org/logs/jose/

Charter for Working Group

JavaScript Object Notation (JSON) is a text format for the serialization
of structured data described in RFC 4627. The JSON format is often used
for serializing and transmitting structured data over a network
connection. With the increased usage of JSON in protocols in the IETF and
elsewhere, there is now a desire to offer security services, which use
encryption, digital signatures, message authentication codes (MACs)
algorithms, that carry their data in JSON format.

Different proposals for providing such security services have already
been defined and implemented. This Working Group will standardize the
mechanism for integrity protection (signature and MAC) and encryption as
well as the format for keys and algorithm identifiers to support
interoperability of security services for protocols that use JSON. The
Working Group will base its work on well-known message security
primitives (e.g., CMS), and will solicit input from the rest of the IETF
Security Area to be sure that the security functionality in the JSON
format is sound. The WG will strive to gather use cases to ensure the
broadest possible applicability of the mechanism.

As JSON adoption expands, the different applications utilizing JSON
security services will grow and this leads to the need to support
different requirements. The WG will develop a JSON syntax that can
be used by applications to describe secure data objects. The syntax will
be constrained by the needs of the security process of the document. The
WG will develop two serializations of the syntax. The first is standard
JSON serialization. The second will be a smaller serialization that can be
used in URLs. The WG or applications may create other serializations in
the future. Applications will be expected to select one serialization
method used.

This group is chartered to work on the following deliverables:

- An Informational document detailing Use Cases and Requirements for JSON
Object Signing and Encryption (JOSE).

- A Standards Track document specifying a representation of
integrity-protected data using JSON data structures, where the data
to be protected includes (but is not limited to) JSON data structures.
"Integrity protection" includes public-key digital signatures as well as
symmetric-key MACs.

- A Standards Track document specifying a representation of encrypted
data using JSON data structures, where the data to be protected
includes (but is not limited to) JSON data structures.

- A Standards Track document specifying how to encode public keys as
JSON-structured objects.

- A Standards Track document specifying algorithms and algorithm
identifiers for the previous three documents.

- A Standards Track document specifying how to encode private and
symmetric keys as JSON-structured objects. This document will build upon
the concepts and structures specified in the document specifying how to
encode public keys as JSON-structured objects.

- A Standards Track document specifying a means of protecting private and
symmetric keys via encryption. This document will build upon the
concepts and structures specified in other documents produced by the WG.
This document may register additional algorithms in registries also
defined by other WG documents.

- An Informational document that tells an application what needs to be
specified in order to implement JOSE.

One or more of these goals may be combined into a single document, in
which case the concrete milestones for these goals will be satisfied by
the consolidated document(s).

Milestones

Done
Submit JSON object integrity document as a WG item.
Done
Submit JSON object encryption document as a WG item.
Done
Submit JSON key format document as a WG item.
Done
Submit JSON algorithm document as a WG item.
Done
Submit JSON use cases and requirements document as a WG item
Done
Submit JSON private and symmetric key document as a WG item.
draft-ietf-jose-json-web-key
Done
Submit JSON private and symmetric key protection document as a WG item.
draft-ietf-jose-json-web-algorithms draft-ietf-jose-json-web-encryption draft-ietf-jose-json-web-key
Done
WGLC JSON use cases and requirements document.
Done
Submit JSON "cookbook" as a WG document.
draft-ietf-jose-cookbook
Dec 2013
IETF LC JSON use cases and requirements document.
Dec 2013
IETF LC JSON object integrity document.
Dec 2013
IETF LC JSON object encryption document.
Dec 2013
IETF LC JSON key format document.
Dec 2013
IETF LC JSON algorithm document.
Dec 2013
IETF LC JSON private and symmetric key document.
Dec 2013
IETF LC JSON private and symmetric key protection document.
Dec 2013
WGLC JSON "cookbook".
Jan 2014
WGLC JSON object integrity document.
draft-ietf-jose-json-web-signature
Jan 2014
WGLC JSON object encryption document.
draft-ietf-jose-json-web-encryption
Jan 2014
WGLC JSON key format document.
draft-ietf-jose-json-web-key
Jan 2014
WGLC JSON algorithm document.
draft-ietf-jose-json-web-algorithms
Jan 2014
WGLC JSON private and symmetric key document.
draft-ietf-jose-json-web-algorithms draft-ietf-jose-json-web-key
Jan 2014
WGLC JSON private and symmetric key protection document.
draft-ietf-jose-json-web-algorithms draft-ietf-jose-json-web-encryption draft-ietf-jose-json-web-key
Jan 2014
IETF LC JSON "cookbook".