Re: [security-dev] Implementing JSON Security

Last few hours, I prototyped the outgoing json payload encryption that is described here: https://docs.jboss.org/author/display/SECURITY/Securing+JAX-RS+Payload On 08/02/2012 11:28 AM, Bill Burke wrote: > So why are you wasting your time with this? > > On 8/2/12 12:26 PM, Anil Saldhana wrote: >> If Jackson needs to implement JSON security, they will have to code it. >> The pragmatic thing for Jackson would be to just incorporate this teeny >> library via maven dependency. >> >> On 08/02/2012 11:24 AM, Bill Burke wrote: >>> FYI, again, unless this works with Jackson, the de facto JSON parser, >>> you're probably not going to have many people taking advantage of this >>> work... >>> >>> On 8/2/12 12:20 PM, Anil Saldhana wrote: >>>> The German Researcher Axel Nennker created a separate project >>>> http://code.google.com/p/jsoncrypto/. He has given me commit rights so I >>>> can mavenize his project. >>>> >>>> On 07/31/2012 10:15 AM, Anil Saldhana wrote: >>>>> I created a wiki article. >>>>> https://docs.jboss.org/author/display/SECURITY/JSON+Security >>>>> >>>>> Will be adding more examples to this article. >>>>> >>>>> On 07/30/2012 11:22 AM, Anil Saldhana wrote: >>>>>> Hi All, >>>>>> as you know currently IETF is working on securing JSON. The drafts >>>>>> are all available here: >>>>>> http://datatracker.ietf.org/wg/jose/ >>>>>> >>>>>> So last week, I implemented at least the bare minimum we require to >>>>>> secure JSON. But encryption is tricky given that there are a lot of >>>>>> algorithms that are not yet available in the JDK implementation but are >>>>>> available via the BouncyCastle project. >>>>>> >>>>>> Look at the supported table: >>>>>> http://www.ietf.org/mail-archive/web/jose/current/msg00928.html >>>>>> >>>>>> While I was doing my implementation, I found out that there is a German >>>>>> researcher working on a project called xmldap.org and has implemented >>>>>> the drafts fully. He has been doing this for months. His license is MIT >>>>>> style. I have requested him to create a separate independent project >>>>>> for JOSE so everybody can reuse his work, rather than create umpteen >>>>>> implementations. He has agreed to work with me. >>>>>> http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html >>>>>> >>>>>> Regards, >>>>>> Anil >>>>>> >>>>>> _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev