[security-dev] Implementing JSON Security

Anil Saldhana Anil.Saldhana at redhat.com
Thu Aug 2 12:20:46 EDT 2012


The German Researcher Axel Nennker created a separate project 
http://code.google.com/p/jsoncrypto/. He has given me commit rights so I 
can mavenize his project.

On 07/31/2012 10:15 AM, Anil Saldhana wrote:
> I created a wiki article.
> https://docs.jboss.org/author/display/SECURITY/JSON+Security
>
> Will be adding more examples to this article.
>
> On 07/30/2012 11:22 AM, Anil Saldhana wrote:
>> Hi All,
>>      as you know currently IETF is working on securing JSON.  The drafts
>> are all available here:
>> http://datatracker.ietf.org/wg/jose/
>>
>> So last week, I implemented at least the bare minimum we require to
>> secure JSON.  But encryption is tricky given that there are a lot of
>> algorithms that are not yet available in the JDK implementation but are
>> available via the BouncyCastle project.
>>
>> Look at the supported table:
>> http://www.ietf.org/mail-archive/web/jose/current/msg00928.html
>>
>> While I was doing my implementation, I found out that there is a German
>> researcher working on a project called xmldap.org and has implemented
>> the drafts fully. He has been doing this for months. His license is MIT
>> style.  I have requested him to create a separate independent project
>> for JOSE so everybody can reuse his work, rather than create umpteen
>> implementations.  He has agreed to work with me.
>> http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html
>>
>> Regards,
>> Anil
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list