Sources
edit- https://datatracker.ietf.org/wg/jose/documents/
- Fontana, John "Developers getting JSON-based options for enterprise authentication" January 21, 2013, Identity Matters, ZDnet, CBS Interactive
Among the important work going on at the IETF are protocols leveraging JSON, including JavaScript Object Signing and Encryption (JOSE), a secure object format that ensures confidentiality and integrity, much like S/MIME does for email. JOSE can incorporate a number of features, including JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Token (JWT), and JSON Web Key (JWK). "On the bleeding edge, there has been a shift of resources and investment," said Brian Campbell, the former co-chair of the SAML technical committee at the Organization for the Advancement of Structured Information Standards (OASIS).
- https://bitbucket.org/b_c/jose4j/wiki/Home
- "JOSE Can You See – A Technical Overview of JWT" Internet Identity Workshop, a Working Group of IdentityCommons, May 7, 2014, http://iiw.idcommons.net/JOSE_Can_You_See_%E2%80%93_A_Technical_Overview_of_JWT
- OpenID.net, Java > Jose4J ... "Open source implementation of JWT and the full JOSE suite. Developed by Brian Campbell."
- Campbell, Brian, “I Left My JWT in San JOSE” Slide presentation about JavaScript Object Signing and Encryption (JOSE), presented at Cloud Identity Summit 2014 http://www.slideshare.net/briandavidcampbell/i-left-my-jwt-in-san-jose ... http://openid.net/developers/libraries/
- "RSA-OAEP-256 encryption added to the Nimbus JOSE+JWT library" Connect2id, May 23, 2013 http://connect2id.com/blog/nimbus-jose-jwt-adds-rsa-oaep-256-encryption
"Thanks to Justin Richer, Brian Campbell and other members of the JOSE WG you can now make use of RSA-OAEP-256 encryption. The algorithm was added about a month ago to the latest JWA draft (version 26)."
- Apache CXF > JOSE ... Third-Party Alternatives
"Jose4J is a top project from Brian Campbell. CXF users are encouraged to experiment with Jose4J (or indeed with other 3rd party implementations) if they prefer."
- (Spec) "JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants" M.Jones (Microsoft), B.Campbell(PingIdentity), C.Mortimore (Salesforce)