[security-dev] Implementing JSON Security

Anil Saldhana Anil.Saldhana at redhat.com
Mon Jul 30 12:22:55 EDT 2012


Hi All,
   as you know currently IETF is working on securing JSON.  The drafts 
are all available here:
http://datatracker.ietf.org/wg/jose/

So last week, I implemented at least the bare minimum we require to 
secure JSON.  But encryption is tricky given that there are a lot of 
algorithms that are not yet available in the JDK implementation but are 
available via the BouncyCastle project.

Look at the supported table: 
http://www.ietf.org/mail-archive/web/jose/current/msg00928.html

While I was doing my implementation, I found out that there is a German 
researcher working on a project called xmldap.org and has implemented 
the drafts fully. He has been doing this for months. His license is MIT 
style.  I have requested him to create a separate independent project 
for JOSE so everybody can reuse his work, rather than create umpteen 
implementations.  He has agreed to work with me.
http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html

Regards,
Anil


More information about the security-dev mailing list