[security-dev] Implementing JSON Security
Anil Saldhana
Anil.Saldhana at redhat.com
Tue Jul 31 11:15:13 EDT 2012
I created a wiki article.
https://docs.jboss.org/author/display/SECURITY/JSON+Security
Will be adding more examples to this article.
On 07/30/2012 11:22 AM, Anil Saldhana wrote:
> Hi All,
> as you know currently IETF is working on securing JSON. The drafts
> are all available here:
> http://datatracker.ietf.org/wg/jose/
>
> So last week, I implemented at least the bare minimum we require to
> secure JSON. But encryption is tricky given that there are a lot of
> algorithms that are not yet available in the JDK implementation but are
> available via the BouncyCastle project.
>
> Look at the supported table:
> http://www.ietf.org/mail-archive/web/jose/current/msg00928.html
>
> While I was doing my implementation, I found out that there is a German
> researcher working on a project called xmldap.org and has implemented
> the drafts fully. He has been doing this for months. His license is MIT
> style. I have requested him to create a separate independent project
> for JOSE so everybody can reuse his work, rather than create umpteen
> implementations. He has agreed to work with me.
> http://ignisvulpis.blogspot.com/2012/06/ecdh-es-for-json-web-encryption.html
>
> Regards,
> Anil
More information about the security-dev
mailing list