OpenID Connect Implementer’s Draft Review
OpenID Connect is a simple identity layer built on top of OAuth 2.0. It enables clients to verify the identity of and to obtain basic profile information about an end-user. It uses RESTful protocols and JSON data structures to provide a low barrier to entry. The design philosophy behind OpenID Connect is “make simple things...
SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs updated
New versions of the SWD, JWT, JWS, JWE, JWK, and OAuth JWT Profile specs have been posted. They address a number of comments received on the JOSE list and at the JOSE WG meeting in Taipei and make a number of clarifications, corrections, and editorial improvements. The only breaking change made was to use short...
OAuth 2.0 JWT Bearer Token Profiles Specification Draft -02
Draft 02 of the OAuth 2.0 JWT Bearer Token Profiles Specification has been published. It contains the following changes: Removed remaining vestiges of normative text talking about SAML that remained from the SAML Profile draft. Replaced all references where the reference is used as if it were part of the sentence (such as “defined by...
Updated OAuth JWT Bearer Token Profile and OAuth Assertion Profile specs
I updated the OAuth JWT Bearer Token Profile spec to track the changes made in the OAuth SAML Bearer Token Profile spec. Changes were: draft-jones-oauth-jwt-bearer-01: Merged in changes from draft-ietf-oauth-saml2-bearer-09. In particular, this draft now uses draft-ietf-oauth-assertions, rather than being standalone. It also now defines how to use JWT bearer tokens both for Authorization Grants...
Updated versions of JWT, JWS, JWE, and JWK specs
I’ve posted updated versions of the JSON Web Token (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. No changes should be required to any existing deployments as a result of these updates. The primary thrust of these changes was updating the JWT spec to describe how to create...
JSON Web Encryption (JWE) draft -00
I’m pleased to announce the publication of the first draft of the JSON Web Encryption (JWE) specification. It enables JSON-based encryption of content in a parallel manner to how the JSON Web Signature (JWS) specification enables JSON-based signing of content. My thanks to John Bradley, Nat Sakimura, Eric Rescorla, and Joe Hildebrand for helping make...
JSON Web Token (JWT) Draft -05
I posted JSON Web Token (JWT) draft -05 today, with the only change being to define an optional “nbf” (not before) claim that is distinct from the “iat” (issued at) claim. (This more closely parallels the capabilities of SAML tokens, where there are NotBefore, NotAfter, and IssueInstant values.) The “nbf” and “exp” claims should be...
The Emerging JSON-Based Identity Protocol Suite
My submission to the W3C Workshop on Identity in the Browser discusses The Emerging JSON-Based Identity Protocol Suite. The abstract is: A new set of open identity protocols is emerging that utilizes JSON data representations and simple REST-based communication patterns. These protocols and data formats are intentionally designed to be easy to use in browsers...
Kerry McCain bill proposes “minimal disclosure” for transaction
Seminal advance: definition of "covered information" specifically includes device IDs.
JSON Web Token (JWT) Draft -04
Draft -04 of the JSON Web Token (JWT) specification is available. It corrects a typo found by John Bradley in -03. The draft is available at these locations: http://www.ietf.org/internet-drafts/draft-jones-json-web-token-04.txt http://www.ietf.org/internet-drafts/draft-jones-json-web-token-04.xml http://self-issued.info/docs/draft-jones-json-web-token-04.html http://self-issued.info/docs/draft-jones-json-web-token-04.txt http://self-issued.info/docs/draft-jones-json-web-token-04.xml http://self-issued.info/docs/draft-jones-json-web-token.html (will point to new versions as they are posted) http://self-issued.info/docs/draft-jones-json-web-token.txt (will point to new versions as they are posted) http://self-issued.info/docs/draft-jones-json-web-token.xml (will...
JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs
As promised, I have split the contents of the JWT spec draft-jones-json-web-token-01 into two simpler specs: draft-jones-json-web-token-02 draft-jones-json-web-signature-00 These should have introduced no semantic changes from the previous spec. I then applied the feedback that I received since JWT -01 and created revised versions of the split specs: draft-jones-json-web-token-03 draft-jones-json-web-signature-01 The only breaking change introduced...
Touch2Id Testimonials
A good example of "Privacy By Design" delivering tangible benefits
