self-issued.info
Open in
urlscan Pro
208.113.188.11
Public Scan
Submitted URL: http://self-issued.info/
Effective URL: https://self-issued.info/
Submission: On May 01 via api from US — Scanned from DE
Effective URL: https://self-issued.info/
Submission: On May 01 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://self-issued.info/
<form method="get" class="search-form" id="search-form-663202e623650" action="https://self-issued.info/">
<input type="search" class="search-field" placeholder="Search form" name="s" id="s-663202e623651">
<button type="submit" class="search-button">
<div class="genericon genericon-search"></div><span class="screen-reader-text">Search</span>
</button>
</form>GET https://self-issued.info/
<form method="get" class="search-form" id="search-form-663202e6281b2" action="https://self-issued.info/">
<input type="search" class="search-field" placeholder="Search form" name="s" id="s-663202e6281b3">
<button type="submit" class="search-button">
<div class="genericon genericon-search"></div><span class="screen-reader-text">Search</span>
</button>
</form>Text Content
Skip to the content MIKE JONES: SELF-ISSUED MUSINGS ON DIGITAL IDENTITY Toggle the mobile menu Toggle the search field * About Search * About SECURING VERIFIABLE CREDENTIALS USING JOSE AND COSE IS NOW A W3C CANDIDATE RECOMMENDATION By Mike Jones On April 28, 2024 In CBOR, Claims, Cryptography, JSON, Specifications, W3C The Securing Verifiable Credentials using JOSE and COSE specification (a.k.a. VC-JOSE-COSE) has reached W3C Candidate Recommendation status. The Candidate Recommendation milestone is described in the W3C Process document. Please review the Candidate Recommendation of VC-JOSE-COSE. Thanks especially to Gabe Cohen, Orie Steele, and Brent Zundel for doing the hard work of getting us to this point! Since I last wrote about this work, the W3C Verifiable Credentials Data Model (VCDM), which is also at Candidate Recommendation stage, has been narrowed to only use JSON-LD to represent credentials. VC-JOSE-COSE secures VCDM payloads with JOSE, SD-JWT, or COSE signatures. While I’m admittedly not a fan of JSON-LD, to the extent that Verifiable Credentials using the VCDM are in use, I’m committed to finishing a solid VC-JOSE-COSE specification so there is a simple, secure, standards-based way to sign these credentials. Of course, there are lots of Verifiable Credential formats to choose from, and more on the way. Choices already existing include ISO mDoc, IETF SD-JWT, IETF JSON Web Proof (JWP), and W3C VCDM. The IETF is also planning to create a CBOR-based selective disclosure representation in the newly formed SPICE working group. It will be interesting to see how these all shake out in the marketplace! OPENID FEDERATION SESSION AT APRIL 2024 IIW By Mike Jones On April 18, 2024 In Events, Federation, OpenID John Bradley and I convened a session on Trust Establishment with OpenID Federation at the Internet Identity Workshop (IIW) on Thursday, April 18, 2024. The material used to drive the discussion was: * Trust Establishment with OpenID Federation (PowerPoint) (PDF) The session was well attended and the discussion lively. Numerous people with trust establishment problems to solve contributed, including experts from the SAML federation world, people involved in digital wallet projects, and several people already using or considering using OpenID Federation. Thanks to all who participated! OPENID PRESENTATIONS AT APRIL 2024 OPENID WORKSHOP AND IIW By Mike Jones On April 16, 2024 In Events, OpenID As has become traditional, I gave the following presentation at the Monday, April 15, 2024 OpenID Workshop at Google: * OpenID Connect Working Group Update (PowerPoint) (PDF) I also gave this invited “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, April 16, 2024: * Introduction to OpenID Connect (PowerPoint) (PDF) FULLY-SPECIFIED ALGORITHMS PRESENTATION AT 2024 OAUTH SECURITY WORKSHOP By Mike Jones On April 12, 2024 In Cryptography, Events, IETF, Specifications I gave a presentation on Fully-Specified Algorithms for JOSE and COSE at the 2024 OAuth Security Workshop in Rome. The slides used to update participants on the progress of the work are available as PowerPoint and PDF. Thanks to the organizers for another great OAuth Security Workshop! And special thanks to the colleagues from Fondazione Bruno Kessler who did a great job with local arrangements in Rome! COSE “TYP” (TYPE) HEADER PARAMETER SPECIFICATION IN RFC EDITOR QUEUE By Mike Jones On April 12, 2024 In CBOR, Claims, IETF, Specifications I’m pleased to report that the COSE “typ” (type) Header Parameter Specification has been approved by the IESG and is now in the RFC Editor queue. The version approved by the IESG and sent to the RFC Editor is: * https://www.ietf.org/archive/id/draft-ietf-cose-typ-header-parameter-05.html It joins CBOR Web Token (CWT) Claims in COSE Headers in the RFC Editor queue. Because of the reference to this spec by CWT Claims in Headers, they form a cluster, and therefore will become RFCs at the same time. EIGHT SPECIFICATIONS PUBLISHED IN PREPARATION FOR IETF 119 By Mike Jones On March 20, 2024 In CBOR, Claims, Cryptography, Events, IETF, JSON, Specifications My co-authors and I published updated versions of eight specifications in preparation for IETF 119 in Brisbane. The specifications span three working groups: JOSE, COSE, and OAuth. The updated specifications and outcomes when discussed at IETF 119 are as follows. 1, 2, & 3: JSON Web Proof, JSON Proof Algorithms, and JSON Proof Token. Updates were: * Normatively defined header parameters used * Populated IANA Considerations sections * Allowed proof representations to contain multiple base64url-encoded parts * Specified representation of zero-length disclosed payloads * Added Terminology sections * Updated to use draft-irtf-cfrg-bbs-signatures-05 * Updated to use draft-ietf-cose-bls-key-representations-04 * More and better examples * Improvements resulting from a full proofreading Continued reviews and feedback from implementations are requested. 4: Fully-Specified Algorithms for JOSE and COSE. Updates were: * Published initial working group document following adoption * Added text on fully-specified computations using multiple algorithms * Added text on KEMs and encapsulated keys * Updated instructions to the designated experts It was agreed during the JOSE meeting to describe what fully-specified algorithms for ECDH would look like, for consideration by the working group. 5: OAuth 2.0 Protected Resource Metadata. Updates were: * Switched from concatenating .well-known to the end of the resource identifier to inserting it between the host and path components of it * Have WWW-Authenticate return resource_metadata URL rather than resource identifier It was decided to start working group last call during the OAuth meeting. 6: COSE “typ” (type) Header Parameter. Updates were: * Added language about media type parameters * Addressed working group last call comments * Changed requested assignment from 14 to 16 due to conflict with a new assignment * Addressed GENART, OPSDIR, and SECDIR review comments This document is scheduled for the April 4, 2024 IESG telechat. 7: Barreto-Lynn-Scott Elliptic Curve Key Representations for JOSE and COSE. Updates were: * Changed to use key type EC for JOSE and equivalent EC2 for COSE for uncompressed key representations * Changed identifier spellings from “Bls” to “BLS”, since these letters are people’s initials We received feedback to not add compressed key representations to the draft. 8: Use of Hybrid Public-Key Encryption (HPKE) with JavaScript Object Signing and Encryption (JOSE). Updates were: * Use existing "alg": "dir" value for HPKE Direct Encryption mode * Aligned choices more closely with those of Use of Hybrid Public-Key Encryption (HPKE) with CBOR Object Signing and Encryption (COSE) * Defined both Integrated Encryption mode and Key Encryption mode * Added IANA Considerations section * Removed Post-Quantum Considerations It was decided to start a working group call for adoption during the JOSE meeting. Thanks to all who contributed to the progress made on these specifications, both before and during IETF 119! COSE “TYP” (TYPE) HEADER PARAMETER SPECIFICATION ADDRESSING IETF LAST CALL FEEDBACK By Mike Jones On February 26, 2024 In CBOR, Claims, IETF, Specifications Orie Steele and I have updated the COSE “typ” (type) Header Parameter Specification to address feedback received during IETF Last Call. No normative changes were made. Thanks to those that reviewed the specification! The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-cose-typ-header-parameter-03.html Besides the spec being useful on its own, it’s worth noting that the CBOR Web Token (CWT) Claims in COSE Headers specification references this spec, and so won’t exit the RFC Editor queue as an RFC until this one also does. CONTINUED REFINEMENT: OPENID FEDERATION DRAFT 33 PUBLISHED By Mike Jones On February 23, 2024 In Federation, OpenID, Specifications OpenID Federation draft 33 has been published at https://openid.net/specs/openid-federation-1_0-33.html and https://openid.net/specs/openid-federation-1_0.html. The working group continues refining the specification to make it more consistent and easier to read and implement. We published draft 33 now to get these improvements out to implementers. Per the history entries at https://openid.net/specs/openid-federation-1_0-33.html#name-document-history, a summary of changes made in -32 and -33 is: -33: * Addressed #2111: The metadata_policy_crit claim MAY only appear in Subordinate Statements and its values apply to all metadata_policies found in the Trust Chain. * Fixed #2096: Authorization Signed Request Object may contain trust_chain in its payload and should not in its JWS header parameters. * Strengthen language requiring client verification with automatic registration. * Fixed #2076: Promoted Trust Marks to be a top-level section. * Added General-Purpose JWT Claims section. * Moved Federation Endpoints section before Obtaining Federation Entity Configuration Information section. * Fixed #2110: Explanation text when multiple entity_type parameters are provided in the Subordinate Listing endpoint. * Fixed #2112, #2113, and #2114: Defined that client authentication is not used by default and that the default client authentication method, when used, is private_key_jwt. Specified that requests using client authentication use HTTP POST. * Fixed #2104: Allow trust marks in Subordinate Statements for implementation profiles that might want this. * Fixed #2103: Addressed ambiguities in the definition of constraints. -32: * Tightened OpenID Connect Client Registration section. * Tightened appendix examples. * Fixed #2075: Trust Mark endpoint for the provisioning of the Trust Marks. * Fixed #2085: Trust Marked Entities Listing, added sub URL query parameter. * Made fetch issuer unambiguous by making the iss parameter REQUIRED. * Introduced the term “Subordinate Statement” and applied it throughout the specification. Also consistently use the term “registration Entity Statement” for Explicit Client Registration results. * Clarified where Entity Statement claims can and cannot occur. * Renamed policy_language_crit to metadata_policy_crit. * Fixed #2093: Numbered the list defining the order policy operators are applied in. Special thanks to Stefan Santesson for his thorough review of the specification in the context of the Swedish Federation deployment! INVITED OPENID FEDERATION PRESENTATION AT 2024 FIM4R WORKSHOP By Mike Jones On January 31, 2024 In Events, Federation, OpenID, Specifications The OpenID Federation editors were invited to give a presentation on OpenID Federation at the 18th FIM4R Workshop, which was held at the 2024 TIIME Unconference. Giuseppe De Marco, Roland Hedberg, John Bradley, and I tag-teamed the presentation, with Vladimir Dzhuvinov also participating in the Q&A. Topics covered included motivations, architecture, design decisions, capabilities, use cases, history, status, implementations, and people. Here’s the material we used: * OpenID Federation 1.0: Shaping The Advanced Infrastructure of Trust It was the perfect audience – chock full of people with practical federation deployment experience! FULLY-SPECIFIED ALGORITHMS ADOPTED BY JOSE WORKING GROUP By Mike Jones On January 31, 2024 In CBOR, Cryptography, IETF, JSON, Specifications The “Fully-Specified Algorithms for JOSE and COSE” specification has been adopted by the JOSE working group. See my original post about the spec for why fully-specified algorithms matter. Thanks to all who supported adoption and also thanks to those who provided useful detailed feedback that we can address in future working group drafts. The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-00.html OAUTH 2.0 PROTECTED RESOURCE METADATA DRAFT ADDRESSING ALL KNOWN ISSUES By Mike Jones On January 24, 2024 In Uncategorized Aaron Parecki and I have published a draft of the “OAuth 2.0 Protected Resource Metadata” specification that addresses all the issues that we’re aware of. In particular, the updates address the comments received during the discussions at IETF 118. As described in the History entry for -02, the changes were: * Switched from concatenating .well-known to the end of the resource identifier to inserting it between the host and path components of it. * Have WWW-Authenticate return resource_metadata rather than resource. The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-02.html CELEBRATING TEN YEARS OF OPENID CONNECT AT THE OPENID SUMMIT TOKYO 2024 By Mike Jones On January 20, 2024 In Claims, Events, Federation, History, JSON, OAuth, OpenID, Specifications We held the first of three planned tenth anniversary celebrations for the completion of OpenID Connect at the OpenID Summit Tokyo 2024. The four panelists were Nov Matake, Ryo Ito, Nat Sakimura, and myself. We shared our perspectives on what led to OpenID Connect, why it succeeded, and what lessons we learned along the way. The most common refrain throughout our descriptions was the design philosophy to “Keep simple things simple”. I believe that three of the four of us cited it. I recounted that we even had a thought experiment used to make the “Keep simple things simple” principle actionable in real time: the “Nov Matake Test”. As we considered new features, we’d ask ourselves “Would Nov want to add it to his implementation?” And “Is it simple enough that he could build it in a few hours?” The other common thread was the criticality of interop testing and certification. We held five rounds of interop testing before finishing the specifications, with the specs being refined after each round based on the feedback received. The early developer feedback was priceless – much of it from Japan! Our OpenID Connect 10th anniversary presentations were: * Remarks by Mike Jones * Remarks by Nov Matake * Remarks by Ryo Ito * Remarks by Nat Sakimura Thanks to the OpenID Foundation Japan for the thought-provoking and enjoyable OpenID Summit Tokyo 2024! 2024 OPENID FOUNDATION BOARD ELECTION RESULTS By Mike Jones On January 19, 2024 In OpenID, People Thanks to those of you who elected me to a two-year term on the OpenID Foundation board of directors. This is an incredibly exciting time for the OpenID Foundation and for digital identity, and I’m thrilled to be able to contribute via the OpenID board. Thanks for placing your trust in me! I’d like to also take this opportunity to congratulate my fellow board members who were also elected: George Fletcher, Atul Tulshibagwale, and Mark Verstege. See the OpenID Foundation’s announcement of the 2024 election results. My candidate statement was: -------------------------------------------------------------------------------- I am on a mission to build the Internet’s missing identity layer. OpenID specifications and initiatives are key to realizing that vision. Widespread deployment of OpenID specifications has the potential to make people’s online interactions more seamless, secure, and valuable. I have been actively working since 2007 to make that an everyday reality. 2024 has huge potential for advances in digital identity. People are starting to have identity wallets holding digital credentials that they control. National and international federations are being established. Open Banking and Open Finance deployments are ongoing. Adoption of OpenID Connect (which we created a decade ago!) continues going strong. We’re on track to have OpenID Connect be published as ISO standards. OpenID specifications and programs are essential to all these outcomes. While many of you know me and my work, here’s a few highlights of my contributions to the digital identity space and the OpenID community: – I was primary editor of OpenID Connect, primary editor of the OAuth 2.0 bearer token specification [RFC 6750], and primary editor of the JSON Web Token (JWT) specification [RFC 7519] and the JSON Object Signing and Encryption (JOSE) specifications [RFCs 7515-7518], which are used by OpenID Connect. I was an editor of the Security Event Token specification [RFC 8417], which is used by Shared Signals and OpenID Connect. I’m an editor of the SIOPv2 specification and a contributor to the other OpenID for Verifiable Credentials specifications. I’m an editor of the OpenID Federation specification. The OAuth DPoP specification [RFC 9449] was my latest RFC. I’m an author of 32 RFCs and 17 final OpenID specifications, with more of each in the pipeline. – I spearheaded creation of the successful OpenID Connect certification program and continue actively contributing to its success. Over 2,800 certifications have been performed and the pace keeps increasing! Certification furthers the Foundation’s goals of promoting interoperation and increasing the quality of implementations. It’s also become an important revenue stream for the Foundation. – My contributions to the Foundation have included serving on the board since 2008, serving as board secretary during most of my tenure. I’ve helped organize numerous OpenID summits and working group meetings and regularly present there. I chaired the election committee that developed the Foundation’s election procedures and software. I co-chaired the local chapters committee that developed the policies governing the relationships with local OpenID chapters around the world. I serve on the liaison committee, facilitating our cooperation with other organizations. And way back in 2007, I worked with the community to create the legal framework for the OpenID Foundation, enabling both individuals and corporations to be full participants in developing OpenID specifications and ensuring that they can be freely used by all. I’d like to continue serving on the OpenID board, because while the OpenID community is having notable successes, our work is far from done. Taking it to the next level will involve both additional specifications work and strategic initiatives by the Foundation. We need to continue building a broad base of supporters and deployers of OpenID specifications around the world. We need to continue fostering close working relationships with partner organizations. And we need to continue safeguarding OpenID’s intellectual property and trademarks, so they remain freely available for all to use. I have a demonstrated track record of energetically serving the OpenID community and producing results that people actually use. I plan to continue taking an active role in making open identity solutions even more successful and ubiquitous. That’s why I’m running for a community board seat in 2024. Mike Jones michael_b_jones@hotmail.com Blog: https://self-issued.info/ Professional Website: https://self-issued.consulting/ TEN YEARS OF OPENID CONNECT AND LOOKING TO THE FUTURE By Mike Jones On December 19, 2023 In Claims, Federation, History, JSON, OAuth, OpenID, Specifications Ten years ago today the drafts that would be approved as the final OpenID Connect specifications were published, as announced in my post Fourth and possibly last Release Candidates for final OpenID Connect specifications and Notice of 24 hour review period. The adoption of OpenID Connect has exceeded our wildest expectations. The vast majority of federated signins to sites and applications today use OpenID Connect. Android, AOL, Apple, AT&T, Auth0, Deutsche Telekom, ForgeRock, Google, GrabTaxi, GSMA Mobile Connect, IBM, KDDI, Microsoft, NEC, NRI, NTT, Okta, Oracle, Orange, Ping Identity, Red Hat, Salesforce, Softbank, Symantec, T-Mobile, Telefónica, Verizon, Yahoo, and Yahoo! Japan, all use OpenID Connect, and that’s just the tip of the iceberg. While OpenID Connect is “plumbing” and not a consumer brand, it’s filling a need and doing it well. It’s fitting that the second set of errata corrections to the OpenID Connect specifications were just approved, as described in the post Second Errata Set for OpenID Connect Specifications Approved. While we are proud of the quality of the final specifications, with 9 3/4 years of thousands of developers using and deploying the specifications, it’s unsurprising that issues would be found that needed clarification and correction. The updated OpenID Connect specifications have just been submitted to the International Organization for Standardization (ISO) for Publicly Available Submission (PAS) status. Approved PAS submissions are published as ISO specifications. This will foster adoption in jurisdictions that require using standards that are published by organizations with international treaty status. Celebrations of the tenth anniversary of the approval of OpenID Connect will occur worldwide in 2024. The first will be in Asia at the OpenID Summit Tokyo in January. The second will be in the Americas at Identiverse in May. The third will be in Europe at the European Identity and Cloud Conference in June. Join us at these events for the celebrations! I can’t wait to see what the next decade brings for OpenID Connect! ON THE JOURNEY TO AN IMPLEMENTER’S DRAFT: OPENID FEDERATION DRAFT 31 PUBLISHED By Mike Jones On November 8, 2023 In Federation, OpenID, Specifications OpenID Federation draft 31 has been published at https://openid.net/specs/openid-federation-1_0-31.html and https://openid.net/specs/openid-federation-1_0.html. It’s the result of concerted efforts to make the specification straightforward to read, understand, and implement for developers. Many sections have been rewritten and simplified. Some content has been reorganized to make its structure and relationships more approachable. Many inconsistencies were addressed. Some inconsistencies fixed resulted in a small number of breaking changes. For instance, the name “trust_mark_owners” is now consistently used throughout, whereas an alternate spelling was formerly also used. The editors tried to make all known such changes in this version, so hopefully this will be the last set of breaking changes. We published draft 31 now in part to get these changes out to implementers. See the history entries at https://openid.net/specs/openid-federation-1_0-31.html#name-document-history for a detailed description of the changes made. A comprehensive review of the specification is still ongoing. Expect more improvements in the exposition in draft 32. With any luck, -32 will be the basis of the next proposed Implementer’s Draft. We’re definitely grateful for all the useful feedback we’re receiving from developers. Developer feedback is gold! HYBRID PUBLIC KEY ENCRYPTION (HPKE) FOR JOSE By Mike Jones On October 31, 2023 In Cryptography, IETF, JSON, Specifications The new “Use of Hybrid Public-Key Encryption (HPKE) with Javascript Object Signing and Encryption (JOSE)” specification has been published. Its abstract is: > This specification defines Hybrid public-key encryption (HPKE) for use with > Javascript Object Signing and Encryption (JOSE). HPKE offers a variant of > public-key encryption of arbitrary-sized plaintexts for a recipient public > key. > > HPKE works for any combination of an asymmetric key encapsulation mechanism > (KEM), key derivation function (KDF), and authenticated encryption with > additional data (AEAD) function. Authentication for HPKE in JOSE is provided > by JOSE-native security mechanisms or by one of the authenticated variants of > HPKE. > > This document defines the use of the HPKE with JOSE. Hybrid Public Key Encryption (HPKE) is defined by RFC 9180. There’s a whole new generation of specifications using it for encryption. The Messaging Layer Security (MLS) Protocol [RFC 9420] uses it. TLS Encrypted Client Hello uses it. Use of Hybrid Public-Key Encryption (HPKE) with CBOR Object Signing and Encryption (COSE) brings it to COSE. And this specification brings it to JOSE. One of our goals for the JOSE HPKE specification is to keep it closely aligned with the COSE HPKE specification. That should be facilitated by having multiple authors in common, with Hannes Tschofenig and Orie Steele being authors of both, and me being a COSE co-chair. Aritra Banerjee will be presenting the draft to the JOSE working group at IETF 118 in Prague. I’m hoping to see many of you there! The specification is available at: * https://www.ietf.org/archive/id/draft-rha-jose-hpke-encrypt-01.html ON THE CLOSING STRETCH FOR ERRATA CORRECTIONS TO OPENID CONNECT By Mike Jones On October 30, 2023 In OpenID, Specifications The initial OpenID Connect specifications became final on February 25, 2014. While the working group is rightfully proud of the quality of the work and the widespread adoption it has attained, specification writing is a human endeavor and mistakes will inevitably be made. That’s why the OpenID Foundation has a process for publishing Errata corrections to specifications. Eight issues were identified and corrected that year, with the first set of errata corrections being published on November 8, 2014. Since that time, suggestions for improvements have continued to trickle in, but with a 9+ year trickle, a total of 95 errata issues have been filed! They range from the nearly trivial, such as an instance of http that should have been https, to the more consequential, such as language that could be interpreted in different ways. I’m pleased to report that, with a substantial investment by the working group, I’ve managed to work through all the 87 additional errata issues filed since the first errata set and incorporate corrections for them into published specification drafts. They are currently undergoing OpenID Foundation-wide review in preparation for a vote to approve the second set of errata corrections. As a bonus, the OpenID Foundation plans to submit the newly minted corrected drafts for publication by ISO as Publicly Available Specifications. This should foster even broader adoption of OpenID Connect by enabling deployments in some jurisdictions around the world that have legal requirements to use specifications from standards bodies recognized by international treaties, of which ISO is one. Just in time for OpenID Connect’s 10th anniversary! OPENID SUMMIT TOKYO 2024 AND THE 10TH ANNIVERSARY OF OPENID CONNECT By Mike Jones On October 30, 2023 In Events, OpenID I’m pleased to bring your attention to the upcoming OpenID Summit Tokyo 2024, which will be held on Friday, January 19, 2024. Join us there for a stellar line-up of speakers and consequential conversations! This builds on the successes of past summits organized by the OpenID Foundation Japan. For instance, I found the OpenID Summit Tokyo 2020 and associated activities and discussions both very useful and very enjoyable. A special feature of the 2024 summit will be celebrating the 10th anniversary of the OpenID Connect specifications, which were approved on February 25, 2014. Speakers who were there for its creation, interop testing, and early deployments will share their experiences and lessons learned, including several key participants from Japan. As I recounted at EIC 2023, building ecosystems is hard. And yet we achieved that for OpenID Connect! We are working to create new identity ecosystems as we speak. I believe that the lessons learned from OpenID Connect are very applicable today. Come join the conversation! Finally, as a teaser, I’m also helping the OpenID Foundation to plan two additional 10th anniversary celebrations at prominent 2024 identity events – one in Europe and one in the Americas. Watch this space for further news about these as it develops! BLS KEY REPRESENTATIONS FOR JOSE AND COSE UPDATED FOR IETF 118 By Mike Jones On October 24, 2023 In CBOR, Claims, IETF, JSON, Privacy, Specifications Tobias Looker and I have published an updated Barreto-Lynn-Scott Elliptic Curve Key Representations for JOSE and COSE specification in preparation for IETF 118 in Prague. This one of suite of IETF and IRTF specifications, including BLS Signatures and JSON Web Proofs that are coming together to enable standards for the use of JSON-based and CBOR-based tokens utilizing zero-knowledge proofs. The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-cose-bls-key-representations-03.html CBOR WEB TOKEN (CWT) CLAIMS IN COSE HEADERS DRAFT ADDRESSING IETF LAST CALL COMMENTS By Mike Jones On October 24, 2023 In CBOR, Claims, IETF, Specifications Tobias Looker and I have published an updated CBOR Web Token (CWT) Claims in COSE Headers specification that addresses the IETF Last Call (WGLC) comments received. Changes made were: * Added Privacy Consideration about unencrypted claims in header parameters. * Added Security Consideration about detached content. * Added Security Consideration about claims that are present both in the payload and the header of a CWT. * Changed requested IANA COSE Header Parameter assignment number from 13 to 15 due to subsequent assignments of 13 and 14. * Acknowledged last call reviewers. The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-cose-cwt-claims-in-headers-07.html The specification is scheduled for the IESG telechat on November 30, 2023. Page 1 of 32 Next Search RECENT POSTS * Securing Verifiable Credentials using JOSE and COSE is now a W3C Candidate Recommendation April 28, 2024 * OpenID Federation Session at April 2024 IIW April 18, 2024 * OpenID Presentations at April 2024 OpenID Workshop and IIW April 16, 2024 * Fully-Specified Algorithms Presentation at 2024 OAuth Security Workshop April 12, 2024 * COSE “typ” (type) Header Parameter Specification in RFC Editor Queue April 12, 2024 CATEGORIES * Bandit Project (13) * CBOR (70) * Claims (239) * Cryptography (202) * Documentation (39) * Events (85) * Federation (58) * FIDO (20) * Firefox (8) * Higgins Project (9) * History (5) * Humor (1) * I-names (5) * IETF (129) * Information Cards (98) * Interoperability (56) * JanRain (7) * JSON (239) * LiveID (6) * OAuth (208) * OpenID (185) * Pamela Project (9) * People (42) * Phishing Resistance (44) * Privacy (22) * Safety (14) * Shibboleth (7) * Software (56) * Specifications (439) * Token Binding (5) * U-Prove (2) * Uncategorized (1) * W3C (30) * Windows CardSpace (58) ARCHIVES * April 2024 (5) * March 2024 (1) * February 2024 (2) * January 2024 (5) * December 2023 (1) * November 2023 (1) * October 2023 (11) * September 2023 (3) * August 2023 (4) * July 2023 (3) * June 2023 (1) * May 2023 (7) * April 2023 (1) * March 2023 (1) * February 2023 (1) * January 2023 (1) * December 2022 (1) * November 2022 (1) * September 2022 (1) * August 2022 (2) * July 2022 (1) * June 2022 (1) * May 2022 (2) * April 2022 (1) * March 2022 (2) * February 2022 (2) * January 2022 (3) * December 2021 (3) * November 2021 (1) * October 2021 (4) * September 2021 (1) * August 2021 (1) * June 2021 (1) * May 2021 (1) * April 2021 (5) * March 2021 (2) * February 2021 (1) * January 2021 (1) * December 2020 (2) * November 2020 (1) * October 2020 (2) * August 2020 (5) * July 2020 (1) * June 2020 (5) * May 2020 (6) * April 2020 (2) * March 2020 (4) * February 2020 (4) * January 2020 (2) * December 2019 (1) * November 2019 (2) * October 2019 (7) * September 2019 (1) * August 2019 (1) * July 2019 (3) * June 2019 (1) * May 2019 (3) * April 2019 (2) * March 2019 (6) * February 2019 (1) * January 2019 (1) * December 2018 (1) * November 2018 (3) * October 2018 (3) * September 2018 (1) * August 2018 (3) * July 2018 (3) * June 2018 (4) * May 2018 (10) * April 2018 (5) * March 2018 (10) * February 2018 (4) * January 2018 (3) * December 2017 (2) * November 2017 (2) * October 2017 (4) * September 2017 (3) * August 2017 (2) * July 2017 (2) * June 2017 (8) * May 2017 (4) * April 2017 (2) * March 2017 (7) * February 2017 (3) * January 2017 (4) * December 2016 (1) * November 2016 (2) * October 2016 (1) * September 2016 (4) * August 2016 (3) * July 2016 (5) * June 2016 (1) * May 2016 (3) * April 2016 (2) * March 2016 (2) * February 2016 (6) * January 2016 (4) * December 2015 (9) * November 2015 (8) * October 2015 (3) * September 2015 (3) * August 2015 (4) * July 2015 (8) * June 2015 (1) * May 2015 (5) * April 2015 (3) * March 2015 (4) * February 2015 (3) * January 2015 (4) * December 2014 (2) * November 2014 (3) * October 2014 (3) * September 2014 (3) * August 2014 (4) * July 2014 (7) * June 2014 (3) * May 2014 (3) * April 2014 (3) * March 2014 (6) * February 2014 (5) * January 2014 (2) * December 2013 (5) * November 2013 (1) * October 2013 (3) * September 2013 (3) * August 2013 (1) * July 2013 (10) * June 2013 (2) * May 2013 (4) * April 2013 (3) * March 2013 (5) * February 2013 (2) * January 2013 (4) * December 2012 (4) * November 2012 (4) * October 2012 (3) * September 2012 (3) * August 2012 (2) * July 2012 (9) * June 2012 (2) * May 2012 (3) * April 2012 (4) * March 2012 (4) * February 2012 (5) * January 2012 (3) * December 2011 (3) * November 2011 (2) * October 2011 (6) * September 2011 (2) * July 2011 (4) * June 2011 (1) * May 2011 (1) * April 2011 (3) * March 2011 (5) * February 2011 (2) * January 2011 (2) * December 2010 (4) * November 2010 (5) * October 2010 (3) * September 2010 (1) * August 2010 (2) * July 2010 (3) * May 2010 (4) * April 2010 (1) * March 2010 (1) * January 2010 (1) * December 2009 (1) * November 2009 (2) * October 2009 (1) * September 2009 (4) * August 2009 (3) * July 2009 (1) * June 2009 (1) * May 2009 (2) * April 2009 (2) * March 2009 (2) * February 2009 (1) * January 2009 (5) * December 2008 (4) * November 2008 (2) * October 2008 (7) * September 2008 (2) * August 2008 (4) * July 2008 (2) * June 2008 (3) * May 2008 (5) * April 2008 (2) * March 2008 (7) * February 2008 (6) * January 2008 (1) * December 2007 (8) * November 2007 (3) * October 2007 (7) * September 2007 (4) * August 2007 (4) * July 2007 (5) * June 2007 (7) * May 2007 (6) * April 2007 (4) Powered by WordPress & Theme by Anders Norén