One document matched: draft-jones-json-web-signature-json-serialization-02.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?xml-stylesheet type='text/xsl' href='http://xml.resource.org/authoring/rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" ipr="trust200902" docName="draft-jones-json-web-signature-json-serialization-02">
<front>
<title abbrev="JWS JSON Serialization (JWS-JS)">JSON Web Signature JSON Serialization (JWS-JS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization>independent</organization>
<address>
<email>ve7jtb@ve7jtb.com</email>
</address>
</author>
<author fullname="Nat Sakimura" initials="N." surname="Sakimura">
<organization>Nomura Research Institute</organization>
<address>
<email>n-sakimura@nri.co.jp</email>
</address>
</author>
<date day="6" month="July" year="2012" />
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>JavaScript Object Notation</keyword>
<keyword>JSON</keyword>
<keyword>JSON Web Token</keyword>
<keyword>JWT</keyword>
<keyword>JSON Web Signature</keyword>
<keyword>JWS</keyword>
<keyword>JSON Web Encryption</keyword>
<keyword>JWE</keyword>
<keyword>JSON Web Key</keyword>
<keyword>JWK</keyword>
<keyword>JSON Web Algorithms</keyword>
<keyword>JWA</keyword>
<abstract>
<t>
The JSON Web Signature JSON Serialization (JWS-JS) is a means of
representing content secured with digital signatures or
Hash-based Message Authentication Codes (HMACs)
using JavaScript Object Notation (JSON) data structures.
This specification describes a means of representing
secured content as a JSON data object
(as opposed to the JWS specification, which uses a
compact serialization with a URL-safe representation).
It enables multiple digital signatures and/or HMACs to
be applied to the same content (unlike JWS).
Cryptographic algorithms and identifiers used with this
specification are described in the separate
JSON Web Algorithms (JWA) specification.
The JSON Serialization for
related encryption functionality is described in the separate
JSON Web Encryption JSON Serialization (JWE-JS) specification.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
The JSON Web Signature JSON Serialization (JWS-JS) is a format for
representing content secured with digital signatures or
Hash-based Message Authentication Codes (HMACs) as a
JavaScript Object Notation (JSON) <xref target="RFC4627"/> object.
It enables multiple digital signatures and/or HMACs to
be applied to the same content (unlike JWS <xref target="JWS" />).
The digital signature and HMAC mechanisms used are independent of
the type of content being secured, allowing arbitrary content
to be secured.
Cryptographic algorithms and identifiers used with this
specification are described in the separate
JSON Web Algorithms (JWA) <xref target="JWA" /> specification.
The JSON Serialization for
related encryption functionality is described in the separate
JSON Web Encryption JSON Serialization (JWE-JS) <xref target="JWE-JS" />
specification.
</t>
<section title='Notational Conventions'>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels <xref target='RFC2119' />.
</t>
</section>
</section>
<section title="Terminology">
<t>
This specification uses the same terminology as the
JSON Web Signature (JWS) <xref target="JWS" />
specification.
</t>
</section>
<section title="JSON Serialization">
<t>
The JSON Serialization represents secured content as a JSON
object with members for each of three constituent parts: a
<spanx style="verb">headers</spanx> member whose value is a
non-empty array of Encoded JWS Header values, a <spanx
style="verb">payload</spanx> member whose value is an Encoded
JWS Payload value, and a <spanx
style="verb">signatures</spanx> member whose value is a
non-empty array of Encoded JWS Signature values, where the
number of elements in both arrays is the same.
</t>
<t>
Unlike the compact serialization used by JWSs, content using
the JSON Serialization MAY be secured with more than one
digital signature and/or HMAC value. Each is represented as
an Encoded JWS Signature in the <spanx
style="verb">signatures</spanx> member array. For each, there
is a corresponding <spanx style="verb">headers</spanx> member
array element that is an Encoded JWS Header specifying the
digital signature or HMAC applied to the Encoded JWS Header
value and the Encoded JWS Payload value to create the JWS
Signature value. Therefore, the syntax is:
</t>
<figure><artwork><![CDATA[{"headers":["<header 1 contents>",...,"<header N contents>"],
"payload":"<payload contents>",
"signatures":["<signature 1 contents>",...,"<signature N contents>"]
}]]></artwork></figure>
<t>
The contents of the Encoded JWS Header, Encoded JWS Payload,
and Encoded JWS Signature values are exactly as specified in
JSON Web Signature (JWS) <xref target="JWS" />. They are
interpreted and validated in the same manner, with each
corresponding <spanx style="verb">headers</spanx> and <spanx
style="verb">signatures</spanx> value being created or
validated together. The arrays MUST have the same number of
elements.
</t>
<t>
The i'th JWS Signature value is computed on the JWS Secured
Input corresponding to the concatenation of the i'th Encoded
JWS Header, a period ('.') character, and the Encoded JWS
Payload in the same manner described in the JWS specification.
This has the desirable result that each Encoded JWS signature
value in the <spanx style="verb">signatures</spanx> array is
identical to the value that would be used for the same header
and payload in a JWS.
</t>
</section>
<section title="Example JWS-JS" anchor="JSONSerializationExample">
<t>
This section contains an example using the JWS JSON
Serialization. This example demonstrates the capability for
conveying multiple digital signatures and/or HMACs for the
same payload.
</t>
<t>
The Encoded JWS Payload used in this example is the same as
used in the examples in Appendix A of JWS
(with line breaks for display purposes only):
</t>
<figure><artwork><![CDATA[eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ]]></artwork></figure>
<t>
Two digital signatures are used in this example: an RSA SHA-256
signature, for which the header and signature values are
the same as in Appendix A.2 of JWS, and an
ECDSA P-256 SHA-256 signature, for which the header and
signature values are the same as in Appendix A.3 of JWS.
The two Decoded JWS Header Segments used are:
</t>
<figure><artwork><![CDATA[{"alg":"RS256"}]]></artwork></figure>
<t>
and:
</t>
<figure><artwork><![CDATA[{"alg":"ES256"}]]></artwork></figure>
<t>
Since the computations of the JWS Header and JWS Signature
values are the same as in Appendix A.2 and Appendix A.3 of
JWS, they are not repeated here.
</t>
<t>
The complete JSON Web Signature JSON Serialization (JWS-JS)
for these values is as follows
(with line breaks for display purposes only):
</t>
<figure><artwork><![CDATA[{"headers":[
"eyJhbGciOiJSUzI1NiJ9",
"eyJhbGciOiJFUzI1NiJ9"],
"payload":"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0
dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
"signatures":[
"cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ
mh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBY
NX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Q
e7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noO
PqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmt
VrBp0igcN_IoypGlUPQGe77Rw",
"DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS
lSApmWQxfKTUJqPP3-Kg6NU1Q"]
}]]></artwork></figure>
</section>
<section title="IANA Considerations" anchor="IANA">
<t>
This specification makes no requests of IANA.
</t>
</section>
<section title="Security Considerations" anchor="Security">
<t>
The security considerations for this specification are the
same as those for the JSON Web Signature (JWS) <xref
target="JWS" /> specification.
</t>
</section>
<section title="Open Issues" anchor="TBD">
<t>
[[ to be removed by the RFC editor before publication as an RFC ]]
</t>
<t>
The following items remain to be considered or done in this draft:
<list style="symbols">
<t>
Track changes that occur in the JWS spec.
</t>
</list>
</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.4627.xml' ?>
<reference anchor="JWS">
<front>
<title>JSON Web Signature (JWS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization>independent</organization>
<address>
<email>ve7jtb@ve7jtb.com</email>
</address>
</author>
<author fullname="Nat Sakimura" initials="N." surname="Sakimura">
<organization>Nomura Research Institute</organization>
<address>
<email>n-sakimura@nri.co.jp</email>
</address>
</author>
<date day="6" month="July" year="2012" />
</front>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature" type="HTML" />
</reference>
<reference anchor="JWA">
<front>
<title>JSON Web Algorithms (JWA)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="6" month="July" year="2012" />
</front>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms" type="HTML" />
</reference>
</references>
<references title="Informative References">
<reference anchor="JWE-JS">
<front>
<title abbrev="JWE JSON Serialization (JWE-JS)">JSON Web Encryption JSON Serialization (JWE-JS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="6" month="July" year="2012" />
</front>
<format target="http://tools.ietf.org/html/draft-jones-json-web-encryption-json-serialization" type="HTML" />
</reference>
<reference anchor="MagicSignatures">
<front>
<title>Magic Signatures</title>
<author fullname="John Panzer (editor)" initials="J." surname="Panzer (editor)"></author>
<author fullname="Ben Laurie" initials="B." surname="Laurie"></author>
<author fullname="Dirk Balfanz" initials="D." surname="Balfanz"></author>
<date day="7" month="January" year="2011" />
</front>
<format target="http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html" type="HTML" />
</reference>
<reference anchor="JSS">
<front>
<title>JSON Simple Sign</title>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization>independent</organization>
</author>
<author fullname="Nat Sakimura (editor)" initials="N. " surname="Sakimura (editor)">
<organization>Nomura Research Institute</organization>
</author>
<date month="September" year="2010" />
</front>
<format target="http://jsonenc.info/jss/1.0/" type="HTML" />
</reference>
</references>
<section title="Acknowledgements" anchor="Acknowledgements">
<t>
JSON serializations for secured content were previously explored by
<xref target="MagicSignatures">Magic Signatures</xref> and <xref
target="JSS">JSON Simple Sign</xref>.
</t>
</section>
<section title='Document History'>
<t>
[[ to be removed by the RFC editor before publication as an RFC ]]
</t>
<t>
-02
<list style='symbols'>
<t>
Tracked editorial changes made to the JWS spec.
</t>
</list>
</t>
<t>
-01
<list style='symbols'>
<t>
Corrected the Magic Signatures reference.
</t>
</list>
</t>
<t>
-00
<list style='symbols'>
<t>
Created the initial version incorporating JOSE working
group input and drawing from the JSON Serialization
previously proposed in draft-jones-json-web-token-01.
</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-22 21:59:49 |