Skip to content
@ietf-wg-jose

Javascript Object Signing and Encryption (JOSE) WG

Overview

The original JSON Object Signing and Encryption (JOSE) working group standardized JSON-based representations for: Integrity-protected objects (JSON Web Signatures/JWS, RFC 7515), Encrypted objects (JSON Web Encryption/JWE, RFC7516), Key representations (JSON Web Key/JWK, RFC7517), Algorithm definitions (JSON Web Algorithms/JWA, RFC7518), and Test vectors for the above (Examples of Protecting Content Using JSON Object Signing and Encryption, RFC7520).

These were used to define the JSON Web Token (JWT) (RFC7519), which in turn, has seen widespread deployment in areas as diverse as digital identity and secure telephony.

As adoption of these standards to express and communicate sensitive data has grown, so too has an increasing societal focus on privacy. User consent, minimal disclosure, and unlinkability are common privacy themes in identity solutions.

A multi-decade research activity for a sizeable academic and applied cryptography community has focused on these privacy and knowledge mechanisms (often referred to as anonymous credentials). Certain cryptographic techniques developed in this space involve pairing-friendly curves and zero-knowledge proofs (ZKPs) (to name just a few). Some of the benefits of ZKP algorithms include unlinkability, selective disclosure, and the ability to use predicate proofs.

The current container formats defined by JOSE and JWT are not able to represent data using ZKP algorithms. Among the reasons are that most require an additional transform or finalize step, many are designed to operate on sets and not single messages, and the interface to ZKP algorithms has more inputs than conventional signing algorithms. The reconstituted JOSE working group will address these new needs, while reusing aspects of JOSE and JWT, where applicable.

The JOSE working group will also maintain the JOSE standard and facilitate discussion of clarifications, improvements, and extensions to JWS, JWE, JWA, and JWK. The WG will evaluate, and potentially adopt, proposed standard documents dealing with algorithms that would fit the criteria of being IETF consensus algorithms. Potential candidates would include those algorithms that have been evaluated by the CFRG and algorithms which have gone through a public review and evaluation process such as was done for the NIST SHA-3 algorithms. Potential candidates would not include national-standards-based algorithms that have not gone through a similar public review process. The WG may also publish informational and BCP documents describing the proper use of these algorithms in JOSE.

An informal goal of the working group is close coordination with the rechartered W3C Verifiable Credentials WG, which has taken a dependency on this work for the second version of its Verifiable Credentials specification. The working group will also coordinate with the Selective Disclosure JWT work in the OAuth working group, the Privacy Pass working group, the CBOR working group, the COSE working group, and the CFRG.

Contributing

Learn about the IETF process.

Reporting protocol vulnerabilities to the IETF.

Mailing List

Popular repositories Loading

  1. json-web-proof json-web-proof Public

    Specification work for JSON Web Proof

    JavaScript 97 9

  2. draft-ietf-jose-fully-specified-algorithms draft-ietf-jose-fully-specified-algorithms Public

    Fully-Specified Algorithms for JOSE and COSE

    Makefile 1 1

  3. draft-ietf-jose-hpke-encrypt draft-ietf-jose-hpke-encrypt Public

    Use of Hybrid Public Key Encryption (HPKE) with JSON Object Signing and Encryption (JOSE)

    Makefile 1 3

  4. .github .github Public

Repositories

Showing 4 of 4 repositories
  • draft-ietf-jose-hpke-encrypt Public

    Use of Hybrid Public Key Encryption (HPKE) with JSON Object Signing and Encryption (JOSE)

    ietf-wg-jose/draft-ietf-jose-hpke-encrypt’s past year of commit activity
    Makefile 1 3 3 1 Updated Dec 26, 2024
  • json-web-proof Public

    Specification work for JSON Web Proof

    ietf-wg-jose/json-web-proof’s past year of commit activity
    JavaScript 97 9 14 0 Updated Dec 26, 2024
  • draft-ietf-jose-fully-specified-algorithms Public

    Fully-Specified Algorithms for JOSE and COSE

    ietf-wg-jose/draft-ietf-jose-fully-specified-algorithms’s past year of commit activity
    Makefile 1 1 0 0 Updated Dec 26, 2024
  • .github Public
    ietf-wg-jose/.github’s past year of commit activity
    0 0 0 0 Updated Aug 2, 2024

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…