.Nat Zone

Digital Identity et al.

JWS, JWT, and others now RFC!

      2015/05/21

ietf-logoIt has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track RFC[2] now. They are [RFC7515] and [RFC7519] respectively.

For those of you who are not familiar with JWS and JWT: JWS is a digital signature standard for JSON, a JSON version of XML Signature so to speak. It has JSON Serialization and Compact Serialization, of which the later is used often as Token in REST context.

JWT introduces several parameters into the compact serialization so that it can be used as a token that conveys authentication and authorization information. It is primarily intended for REST environment but can obviously be used in other contexts. It has been heavily used by such tech giants like Google and Microsoft. If you have a modern Android device, you are likely to be using it. It is simply awesome that these guys started using the specs even before they became RFCs. Kudos to them.

So, it has been battle field tested for sometime now. Now, it is your turn to use them!

[1] JSON Simple Sign was first drafted in 2010, so it took 5 years. The first meeting of IETFでJOSE WG was November 2011, so it took almost 4 years even from then.
[2] There are three tracks in RFC: Informational, Experimental, and Standard. An RFC that counts as a standard is a standard track one.  There are many RFCs that are just Informational so you may want to take note of which track the spec is when you are reading them.
[RFC7515] http://www.rfc-editor.org/info/rfc7515
[RFC7519] http://www.rfc-editor.org/info/rfc7519

 - identity, OAuth , , , ,