Draft -10<http://self-issued.info/docs/draft-jones-json-web-token-10.html> of the JSON Web Token (JWT)<http://self-issued.info/docs/draft-jones-json-web-token.html> specification has been published. It uses the -02 versions of the JOSE specifications and contains parallel editorial changes to those applied to the JOSE specs. Changes were:
* Clarified the relationship between typ header parameter values, typ claim values, and MIME types. * Clarified that JWTs with duplicate Header Parameter Names or Duplicate Claim names MUST be rejected. * Required implementation of AES-128-KW and AES-256-KW when the implementation provides encryption capabilities. * Registered "JWT" typ header parameter value. * Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs) unless in a context specific to HMAC algorithms. * Reformatted to give each claim definition and header parameter its own section heading. The specification is available at: * http://tools.ietf.org/html/draft-jones-json-web-token-10 An HTML formatted version is available at: * http://self-issued.info/docs/draft-jones-json-web-token-10.html -- Mike
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
