[security-dev] Implementing JSON Security
Anil Saldhana
Anil.Saldhana at redhat.com
Mon Jul 30 12:22:55 EDT 2012
Hi All,
as you know currently IETF is working on securing JSON. The drafts
are all available here:
http://datatracker.ietf.org/wg/jose/
So last week, I implemented at least the bare minimum we require to
secure JSON. But encryption is tricky given that there are a lot of
algorithms that are not yet available in the JDK implementation but are
available via the BouncyCastle project.
Look at the supported table:
http://www.ietf.org/mail-archive/web/jose/current/msg00928.html
While I was doing my implementation, I found out that there is a German
researcher working on a project called xmldap.org and has implemented
the drafts fully. He has been doing this for months. His license is MIT
style. I have requested him to create a separate independent project
for JOSE so everybody can reuse his work, rather than create umpteen
implementations. He has agreed to work with me.
http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html
Regards,
Anil
More information about the security-dev
mailing list