Re: [security-dev] Implementing JSON Security

I created a wiki article. https://docs.jboss.org/author/display/SECURITY/JSON+Security Will be adding more examples to this article. On 07/30/2012 11:22 AM, Anil Saldhana wrote: > Hi All, > as you know currently IETF is working on securing JSON. The drafts > are all available here: > http://datatracker.ietf.org/wg/jose/ > > So last week, I implemented at least the bare minimum we require to > secure JSON. But encryption is tricky given that there are a lot of > algorithms that are not yet available in the JDK implementation but are > available via the BouncyCastle project. > > Look at the supported table: > http://www.ietf.org/mail-archive/web/jose/current/msg00928.html > > While I was doing my implementation, I found out that there is a German > researcher working on a project called xmldap.org and has implemented > the drafts fully. He has been doing this for months. His license is MIT > style. I have requested him to create a separate independent project > for JOSE so everybody can reuse his work, rather than create umpteen > implementations. He has agreed to work with me. > http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html > > Regards, > Anil _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev