Introduce
Javascript Object Signing and Encryption - JOSE
Charter
https://tools.ietf.org/wg/jose/
JavaScript Object Notation (JSON) is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services, which use encryption, digital signatures, message authentication codes (MACs) algorithms, that carry their data in JSON format.
Documents
| RFC | Title | Date | Pages | Status |
|---|---|---|---|---|
| Active Internet-Drafts | ||||
| draft-ietf-jose-cfrg-curves | CFRG ECDH and signatures in JOSE | - | - | - |
| RFCs | ||||
| RFC 7165 | Use Cases and Requirements for JSON Object Signing and Encryption (JOSE) | 2014-04 | 25 | Informational |
| RFC 7515 | JSON Web Signature (JWS) | 2015-05 | 59 | Proposed Standard |
| RFC 7516 | JSON Web Encryption (JWE) | 2015-05 | 51 | Proposed Standard |
| RFC 7517 | JSON Web Key (JWK) | 2015-05 | 40 | Proposed Standard |
| RFC 7518 | JSON Web Algorithms (JWA) | 2015-05 | 69 | Proposed Standard |
| RFC 7519 | JSON Web Token (JWT) | 2015-05 | 30 | Proposed Standard |
| RFC 7520 | Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE) | 2015-05 | 120 | Informational |
| RFC 7638 | JSON Web Key (JWK) Thumbprint | 2015-12 | 13 | Standards Track |
| RFC 7797 | JSON Web Signature (JWS) Unencoded Payload Option | 2016-02 | 11 | Standards Track |
| Related | ||||
| key-managed-json-web-signature | Key Managed JSON Web Signature (KMJWS) | - | - | - |
JWK
Format
jwk = {'k': <password>}
JWS
Algorithm
| 对称算法 | HS256, HS384, HS512 |
|---|---|
| 非对称算法 | RS256, RS384, RS512 |
JWA
JWE
JWT
http://codelife.me/blog/2014/03/26/token-based-authentication-and-claims-based-identity/
Library
Java
…
.Net
https://github.com/dvsekhvalnov/jose-jwt - Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET
http://openid.net/developers/libraries/
Read More
Reference
- https://tools.ietf.org/wg/jose/charters - Charter
- https://datatracker.ietf.org/wg/jose/documents/ - Documents
- http://jose.readthedocs.org/ - Javascript Object Signing and Encryption (JOSE) [github]
- http://codelife.me/blog/2014/03/26/token-based-authentication-and-claims-based-identity/ - 基于Token的认证和基于声明的标识
- http://openid.net/developers/libraries/ - Libraries, Products, and Tools