Sources

edit
  Among the important work going on at the IETF are protocols leveraging JSON, including JavaScript Object Signing and Encryption (JOSE), a secure object format that ensures confidentiality and integrity, much like S/MIME does for email. JOSE can incorporate a number of features, including JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Token (JWT), and JSON Web Key (JWK).
  "On the bleeding edge, there has been a shift of resources and investment," said Brian Campbell, the former co-chair of the SAML technical committee at the Organization for the Advancement of Structured Information Standards (OASIS).
  "Thanks to Justin Richer, Brian Campbell and other members of the JOSE WG you can now make use of RSA-OAEP-256 encryption. The algorithm was added about a month ago to the latest JWA draft (version 26)."
  • Apache CXF > JOSE ... Third-Party Alternatives
  "Jose4J is a top project from Brian Campbell.  CXF users are encouraged to experiment with Jose4J (or indeed with other 3rd party implementations) if they prefer."
  • (Spec) "JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants" M.Jones (Microsoft), B.Campbell(PingIdentity), C.Mortimore (Salesforce)