[security-dev] Implementing JSON Security

[Anil Saldhana]

If Jackson needs to implement JSON security, they will have to code it. 
The pragmatic thing for Jackson would be to just incorporate this teeny 
library via maven dependency.

On 08/02/2012 11:24 AM, Bill Burke wrote:
> FYI, again, unless this works with Jackson, the de facto JSON parser,
> you're probably not going to have many people taking advantage of this
> work...
>
> On 8/2/12 12:20 PM, Anil Saldhana wrote:
>> The German Researcher Axel Nennker created a separate project
>> http://code.google.com/p/jsoncrypto/. He has given me commit rights so I
>> can mavenize his project.
>>
>> On 07/31/2012 10:15 AM, Anil Saldhana wrote:
>>> I created a wiki article.
>>> https://docs.jboss.org/author/display/SECURITY/JSON+Security
>>>
>>> Will be adding more examples to this article.
>>>
>>> On 07/30/2012 11:22 AM, Anil Saldhana wrote:
>>>> Hi All,
>>>>        as you know currently IETF is working on securing JSON.  The drafts
>>>> are all available here:
>>>> http://datatracker.ietf.org/wg/jose/
>>>>
>>>> So last week, I implemented at least the bare minimum we require to
>>>> secure JSON.  But encryption is tricky given that there are a lot of
>>>> algorithms that are not yet available in the JDK implementation but are
>>>> available via the BouncyCastle project.
>>>>
>>>> Look at the supported table:
>>>> http://www.ietf.org/mail-archive/web/jose/current/msg00928.html
>>>>
>>>> While I was doing my implementation, I found out that there is a German
>>>> researcher working on a project called xmldap.org and has implemented
>>>> the drafts fully. He has been doing this for months. His license is MIT
>>>> style.  I have requested him to create a separate independent project
>>>> for JOSE so everybody can reuse his work, rather than create umpteen
>>>> implementations.  He has agreed to work with me.
>>>> http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html
>>>>
>>>> Regards,
>>>> Anil
>>>>