Technical Summary
This document, the JSON Web Algorithms (JWA) specification, registers
cryptographic algorithms and identifiers to be used with the JSON Web
Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK)
specifications. It establishes several IANA registries for these identifiers.
Working Group Summary
The document has clear working group consensus for publication, and has
been reviewed by several WG participants since its initial adoption as a
working group item. The question of what cryptographic algorithms should be
included was somewhat difficult as it is for any process trying to determine
which algorithms should be included. The considerations included what is
implemented, available, broadly used, and adequate from a security
perspective. The issue of algorithms that are potentially less desirable but
more broadly implemented was considered.
The IETF last call revisited a couple of sticky points across the set of drafts
for JOSE in review. For this draft, JWA, a few additional changes were made
to improve terminology for the most part with working group agreement.
Document Quality
This document has been reviewed and revised many times. There are multiple
implementations of this document. Some of these are listed at:
https://openid.net/developers/libraries/ (see the JWT/JWS/JWE/JWK/JWA
Implementations section).
Contributors are acknowledged in the Acknowledgment section as well as in the
detailed change log.
Personnel
Karen O'Donoghue is acting as the Document Shepherd. Kathleen Moriarty is
the Responsible Area Director.
If the document requires IANA
experts(s), insert 'The registries use the 5226 'Specification Required'
registration policy."
RFC Editor Note
This draft is part of a set of drafts that cross 2 working groups. I am
working through the reviews (shepherd just confirmed them for the OAuth
ones) and would like them processed as a set. The JOSE drafts will
hopefully be ready shortly as well. The set includes (in order):
1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer