The Javascript Object Signing and Encryption (jose) working group in the Security Area of the IETF has been rechartered. For additional information please contact the Area Directors or the WG Chairs. Javascript Object Signing and Encryption (jose) ------------------------------------------------ Current Status: Active WG Chairs: Karen O'Donoghue <odonoghue@isoc.org> Jim Schaad <ietf@augustcellars.com> Assigned Area Director: Sean Turner <turners@ieca.com> Mailing list Address: jose@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/jose Archive: http://www.ietf.org/mail-archive/web/jose/ Charter: JavaScript Object Notation (JSON) is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services, which use encryption, digital signatures, message authentication codes (MACs) algorithms, that carry their data in JSON format. Different proposals for providing such security services have already been defined and implemented. This Working Group will standardize the mechanism for integrity protection (signature and MAC) and encryption as well as the format for keys and algorithm identifiers to support interoperability of security services for protocols that use JSON. The Working Group will base its work on well-known message security primitives (e.g., CMS), and will solicit input from the rest of the IETF Security Area to be sure that the security functionality in the JSON format is sound. The WG will strive to gather use cases to ensure the broadest possible applicability of the mechanism. As JSON adoption expands, the different applications utilizing JSON security services will grow and this leads to the need to support different requirements. The WG will develop a JSON syntax that can be used by applications to describe secure data objects. The syntax will be constrained by the needs of the security process of the document. The WG will develop two serializations of the syntax. The first is standard JSON serialization. The second will be a smaller serialization that can be used in URLs. The WG or applications may create other serializations in the future. Applications will be expected to select one serialization method used. This group is chartered to work on the following deliverables: - An Informational document detailing Use Cases and Requirements for JSON Object Signing and Encryption (JOSE). - A Standards Track document specifying a representation of integrity-protected data using JSON data structures, where the data to be protected includes (but is not limited to) JSON data structures. "Integrity protection" includes public-key digital signatures as well as symmetric-key MACs. - A Standards Track document specifying a representation of encrypted data using JSON data structures, where the data to be protected includes (but is not limited to) JSON data structures. - A Standards Track document specifying how to encode public keys as JSON-structured objects. - A Standards Track document specifying algorithms and algorithm identifiers for the previous three documents. - A Standards Track document specifying how to encode private and symmetric keys as JSON-structured objects. This document will build upon the concepts and structures specified in the document specifying how to encode public keys as JSON-structured objects. - A Standards Track document specifying a means of protecting private and symmetric keys via encryption. This document will build upon the concepts and structures specified in other documents produced by the WG. This document may register additional algorithms in registries also defined by other WG documents. - An Informational document that tells an application what needs to be specified in order to implement JOSE. One or more of these goals may be combined into a single document, in which case the concrete milestones for these goals will be satisfied by the consolidated document(s). Milestones: Done - Submit JSON object integrity document as a WG item. Done - Submit JSON object encryption document as a WG item. Done - Submit JSON key format document as a WG item. Done - Submit JSON algorithm document as a WG item. Jun 2012 - Start Working Group Last Call on JSON object integrity document. Jun 2012 - Start Working Group Last Call on JSON object encryption document. Jun 2012 - Start Working Group Last Call on JSON key format document. Jun 2012 - Start Working Group Last Call on JSON algorithm document. Jul 2012 - Submit JSON object integrity document to IESG for consideration as Standards Track document. Jul 2012 - Submit JSON object encryption document to IESG for consideration as Standards Track document. Jul 2012 - Submit JSON key format document to IESG for consideration as Standards Track document. Jul 2012 - Submit JSON algorithm document to IESG for consideration as Standards Track document.
