[security-dev] Implementing JSON Security

Anil Saldhana Anil.Saldhana at redhat.com
Mon Jul 30 12:22:55 EDT 2012

Hi All,
   as you know currently IETF is working on securing JSON.  The drafts 
are all available here:

So last week, I implemented at least the bare minimum we require to 
secure JSON.  But encryption is tricky given that there are a lot of 
algorithms that are not yet available in the JDK implementation but are 
available via the BouncyCastle project.

Look at the supported table: 

While I was doing my implementation, I found out that there is a German 
researcher working on a project called xmldap.org and has implemented 
the drafts fully. He has been doing this for months. His license is MIT 
style.  I have requested him to create a separate independent project 
for JOSE so everybody can reuse his work, rather than create umpteen 
implementations.  He has agreed to work with me.


More information about the security-dev mailing list