You can edit almost every page by Creating an account. Otherwise, see the FAQ.

JavaScript Object Signing and Encryption

From EverybodyWiki Bios & Wiki

JavaScript Object Signing and Encryption (JOSE) is the IETF Working Group.[1], that developed several specifications related to security and the JSON data format[2].

Sometimes JOSE is also used to reference the suite of standards created by the working group - e.g. in names of implementing libraries like jose4j and cjose.

The standards can, for example, be used to implement access control for a Web API like a RESTful Web service.

JOSE includes standards like[3][4]:

  • JSON Web Signature (JWS)[5]: For signing data thus providing integrity and non-repudiation.
  • JSON Web Encryption (JWE)[6]: For encrypting data so only authorized parties can read it and those who are not authorized cannot.
  • JSON Web Key (JWK): For standardized representation of public keys - e.g. if an authorization server wants to expose the public key that matches the private key with which it signs tokens[7].
  • JSON Web Algorithms (JWA): Lists the actual cryptographic algorithms used in JWS, JWE, and JWK[2][8].

The JOSE standards can be used together with JSON Web Token (JWT), which provides self-contained proof of authentication (who you are) and authorization (what you are allowed to do).

Implementations[edit]

The OpenID site has a page containing a list of libraries written in different programming languages, that implements JWT and the JOSE standards.

Relation to other standards[edit]

OpenID Connect uses JWT, JWS, and JWE[9], and is build on top of OAuth 2[10]

References[edit]

  1. "Javascript Object Signing and Encryption (jose) -". datatracker.ietf.org. Retrieved 2019-12-01.
  2. 2.0 2.1 "b_c / jose4j / wiki / Home — Bitbucket". bitbucket.org. Retrieved 2019-12-01.
  3. "JOSE + JWT library for Java | Connect2id". connect2id.com. Retrieved 2019-12-01.
  4. Fontana, John. "Developers getting JSON-based options for enterprise authentication". ZDNet. Retrieved 2019-12-01.
  5. Bradley, John; Sakimura, Nat; Jones, Michael. "JSON Web Signature (JWS)". tools.ietf.org. Retrieved 2019-12-01.
  6. Hildebrand, Joe; Jones, Michael. "JSON Web Encryption (JWE)". tools.ietf.org. Retrieved 2019-12-01.
  7. Auth0. "JSON Web Key Set". Auth0 Docs. Retrieved 2019-12-01.
  8. Jones <mbj@microsoft.com>, Michael. "JSON Web Algorithms (JWA)". tools.ietf.org. Retrieved 2019-12-01.
  9. "JWT, JWS, JWE, JWK, and JWA Implementations | OpenID". Retrieved 2019-12-01.
  10. "End User Authentication with OAuth 2.0 — OAuth". oauth.net. Retrieved 2019-12-01.


This article "JavaScript Object Signing and Encryption" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:JavaScript Object Signing and Encryption. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.