JavaScript Object Signing and Encryption
JavaScript Object Signing and Encryption (JOSE) is the IETF Working Group.[1], that developed several specifications related to security and the JSON data format[2].
Sometimes JOSE is also used to reference the suite of standards created by the working group - e.g. in names of implementing libraries like jose4j and cjose.
The standards can, for example, be used to implement access control for a Web API like a RESTful Web service.
JOSE includes standards like[3][4]:
- JSON Web Signature (JWS)[5]: For signing data thus providing integrity and non-repudiation.
- JSON Web Encryption (JWE)[6]: For encrypting data so only authorized parties can read it and those who are not authorized cannot.
- JSON Web Key (JWK): For standardized representation of public keys - e.g. if an authorization server wants to expose the public key that matches the private key with which it signs tokens[7].
- JSON Web Algorithms (JWA): Lists the actual cryptographic algorithms used in JWS, JWE, and JWK[2][8].
The JOSE standards can be used together with JSON Web Token (JWT), which provides self-contained proof of authentication (who you are) and authorization (what you are allowed to do).
Implementations[edit]
The OpenID site has a page containing a list of libraries written in different programming languages, that implements JWT and the JOSE standards.
Relation to other standards[edit]
OpenID Connect uses JWT, JWS, and JWE[9], and is build on top of OAuth 2[10]
References[edit]
- ↑ "Javascript Object Signing and Encryption (jose) -". datatracker.ietf.org. Retrieved 2019-12-01.
- ↑ 2.0 2.1 "b_c / jose4j / wiki / Home — Bitbucket". bitbucket.org. Retrieved 2019-12-01.
- ↑ "JOSE + JWT library for Java | Connect2id". connect2id.com. Retrieved 2019-12-01.
- ↑ Fontana, John. "Developers getting JSON-based options for enterprise authentication". ZDNet. Retrieved 2019-12-01.
- ↑ Bradley, John; Sakimura, Nat; Jones, Michael. "JSON Web Signature (JWS)". tools.ietf.org. Retrieved 2019-12-01.
- ↑ Hildebrand, Joe; Jones, Michael. "JSON Web Encryption (JWE)". tools.ietf.org. Retrieved 2019-12-01.
- ↑ Auth0. "JSON Web Key Set". Auth0 Docs. Retrieved 2019-12-01.
- ↑ Jones <mbj@microsoft.com>, Michael. "JSON Web Algorithms (JWA)". tools.ietf.org. Retrieved 2019-12-01.
- ↑ "JWT, JWS, JWE, JWK, and JWA Implementations | OpenID". Retrieved 2019-12-01.
- ↑ "End User Authentication with OAuth 2.0 — OAuth". oauth.net. Retrieved 2019-12-01.
This article "JavaScript Object Signing and Encryption" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:JavaScript Object Signing and Encryption. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.