[security-dev] securing JSON

Anil Saldhana Anil.Saldhana at redhat.com
Tue Jul 31 17:48:41 EDT 2012


On 07/31/2012 04:00 PM, Bill Burke wrote:
> I think you should contribute to the Jackson project to implement JSON
> security.  I'm assuming JSON security means encrypting various pieces of
> a json document? all the stuff we have in XML land?
The idea is to encrypt content (arbitrary bytes) and send it as part
of a json construct.  Unlike the xml document scenarios, where you
want to encrypt parts.  There is currently a BSD style implementation
of json security drafts by a German researcher, that I have requested
to be made into an independent project.  Then Jackson or any other
project that intends to have json signature/encryption can get this
functionality via this independent library.

>
> Also, I still never understood why somebody would want a partial
> encryption of a document.  Why not just send it via S/MIME?
>
Bill,  time for you to submit a IETF draft to datatracker.ietf.org/wg/jose/


More information about the security-dev mailing list