A new IETF working group has been formed in the Security Area.  
For additional information, please contact the Area Directors or the WG Chairs.

Javascript Object Signing and Encryption (jose)
=================================================
Status: Active Working Group

Chairs
    Tony Hansen (tony@att.com)
    Jim Schaad (ietf@augustcellars.com)

Security Area Directors:
    Stephen Farrell (stephen.farrell@cs.tcd.ie)
    Sean Turner (turners@ieca.com)

Security Area Advisor:
    Sean Turner (turners@ieca.com)

Mailing Lists:
   General Discussion: jose@ietf.org
   To Subscribe: <https://www.ietf.org/mailman/listinfo/jose>
   Archive: <http://www.ietf.org/mail-archive/web/jose/>


Description of Working Group
----------------------------

Javascript Object Notation (JSON) is a text format for the serialization 
of structured data described in RFC 4627. The JSON format is often used 
for serializing and transmitting structured data over a network 
connection. With the increased usage of JSON in protocols in the IETF 
and elsewhere, there is now a desire to offer security services such as 
encryption, digital signatures, and message authentication codes (MACs) 
for data that is being carried in JSON format.

Different proposals for providing such security services have already 
been defined and implemented. This Working Group's task is to 
standardize two security services, integrity protection (signature and 
MAC) and encryption, in order to increase interoperability of security 
features between protocols that use JSON.  The Working Group will base 
its work on well-known message security primitives (e.g., CMS), and will 
solicit input from the rest of the IETF Security Area to be sure that 
the security functionality in the JSON format is correct.

This group is chartered to work on four documents:

1) A Standards Track document specifying how to apply JSON-structured 
integrity protection to data, including (but not limited to) JSON data 
structures.  "Integrity protection" includes public-key digital 
signatures as well as symmetric-key MACs.

2) A Standards Track document specifying how to apply a JSON-structured 
encryption to data, including (but not limited to) JSON data structures.

3) A Standards Track document specifying how to encode public keys as 
JSON-structured objects.

4) A Standards Track document specifying mandatory-to-implement 
algorithms for the other three documents.

The working group may decide to address one or more of these goals in a 
single document, in which case the concrete milestones for 
signing/encryption below will both be satisfied by the single document.

Goals and Milestones
--------------------

Jan 2012    Submit JSON object integrity document as a WG item.

Jan 2012    Submit JSON object encryption document as a WG item.

Jan 2012    Submit JSON key format document as a WG item.

Jan 2012    Submit JSON algorithm document as a WG item.

Jun 2012    Start Working Group Last Call on JSON object integrity 
            document.

Jun 2012    Start Working Group Last Call on JSON object encryption 
            document.

Jun 2012    Start Working Group Last Call on JSON key format document.

Jun 2012    Start Working Group Last Call on JSON algorithm document.

Jul 2012    Submit JSON object integrity document to IESG for 
            consideration as Standards Track document.

Jul 2012    Submit JSON object encryption document to IESG for 
            consideration as Standards Track document.

Jul 2012    Submit JSON key format document to IESG for consideration
            as Standards Track document.

Jul 2012    Submit JSON algorithm document to IESG for consideration
            as Standards Track document.