80 likes | 403 Views
JSON Web Token (JWT) JWT Bearer Token Profiles for OAuth 2.0. Mike Jones August 2, 2012. JSON Web Token (JWT). Specification quite stable Signature functionality unchanged since January 2011 Well over a dozen (known) implementations Some in production use
E N D
JSON Web Token (JWT)JWT Bearer Token Profiles for OAuth 2.0 Mike Jones August 2, 2012
JSON Web Token (JWT) • Specification quite stable • Signature functionality unchanged since January 2011 • Well over a dozen (known) implementations • Some in production use • Significant interop testing has already occurred • Encryption still being tweaked by JOSE • Hopefully outstanding issues to be resolved based upon yesterday’s decisions • JOSE wants to take specs to WGLC soon • No open issues – no changes anticipated
JWT Bearer Token Profiles • Fully parallel to SAML profile (by design) • Only differences due to token formats • Will be ready to go to WGLC once JWT is • Gated on JOSE specs going to WGLC