[security-dev] Implementing JSON Security
Anil Saldhana
Anil.Saldhana at redhat.com
Thu Aug 2 12:30:05 EDT 2012
Because picketbox-json will incorporate JSON Security (by downloading
this library as dependency) and using org.json parsing. I am not a big
fan of JAXB like functionality in Jackson. I am not a fan of Jackson.
On 08/02/2012 11:28 AM, Bill Burke wrote:
> So why are you wasting your time with this?
>
> On 8/2/12 12:26 PM, Anil Saldhana wrote:
>> If Jackson needs to implement JSON security, they will have to code it.
>> The pragmatic thing for Jackson would be to just incorporate this teeny
>> library via maven dependency.
>>
>> On 08/02/2012 11:24 AM, Bill Burke wrote:
>>> FYI, again, unless this works with Jackson, the de facto JSON parser,
>>> you're probably not going to have many people taking advantage of this
>>> work...
>>>
>>> On 8/2/12 12:20 PM, Anil Saldhana wrote:
>>>> The German Researcher Axel Nennker created a separate project
>>>> http://code.google.com/p/jsoncrypto/. He has given me commit rights so I
>>>> can mavenize his project.
>>>>
>>>> On 07/31/2012 10:15 AM, Anil Saldhana wrote:
>>>>> I created a wiki article.
>>>>> https://docs.jboss.org/author/display/SECURITY/JSON+Security
>>>>>
>>>>> Will be adding more examples to this article.
>>>>>
>>>>> On 07/30/2012 11:22 AM, Anil Saldhana wrote:
>>>>>> Hi All,
>>>>>> as you know currently IETF is working on securing JSON. The drafts
>>>>>> are all available here:
>>>>>> http://datatracker.ietf.org/wg/jose/
>>>>>>
>>>>>> So last week, I implemented at least the bare minimum we require to
>>>>>> secure JSON. But encryption is tricky given that there are a lot of
>>>>>> algorithms that are not yet available in the JDK implementation but are
>>>>>> available via the BouncyCastle project.
>>>>>>
>>>>>> Look at the supported table:
>>>>>> http://www.ietf.org/mail-archive/web/jose/current/msg00928.html
>>>>>>
>>>>>> While I was doing my implementation, I found out that there is a German
>>>>>> researcher working on a project called xmldap.org and has implemented
>>>>>> the drafts fully. He has been doing this for months. His license is MIT
>>>>>> style. I have requested him to create a separate independent project
>>>>>> for JOSE so everybody can reuse his work, rather than create umpteen
>>>>>> implementations. He has agreed to work with me.
>>>>>> http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html
>>>>>>
>>>>>> Regards,
>>>>>> Anil
>>>>>>
>>
More information about the security-dev
mailing list