Java API for JSON Binding - Introduction and update
Your SlideShare is downloading.
×
Check these out next
More Related Content
Similar to Overview of JSON Object Signing and Encryption (20)
More from Masaru Kurahayashi (12)
Recently uploaded (20)
Overview of JSON Object Signing and Encryption
- 1. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. February 20, 2018 Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Masaru Kurahayashi WebHack #11 Overview of JSON Object Signing and Encryption
- 2. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Profile 2 Masaru Kurahayashi (kura) Yahoo Japan Corporation CISO-Board Authentication Technology Kuro-obi OpenID Foundation Japan Evangelist @kura_lab
- 3. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Kuro-obi system 3 Kuro-obi is a title given to an individual who is a leading expert that holds outstanding expertise and skills in a certain field Kuro-obi system http://hr.yahoo.co.jp/workplace/culture.html
- 4. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Agenda 1. Overview 2. Use cases 3. JWS (JWT) & Demonstration 4. JWE 5. JWK 6. JWA 7. Conclusion 4
- 5. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. 5 JOSE
- 6. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JOSE • JOSE = JSON Object Signing and Encryption • Working Group in IETF • Integrity protection (signature and MAC) and encryption • 9 RFCs (and more) defined by the WG 6
- 7. JOSE JWA JWK JWT Reference Reference JWEJWS
- 8. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Use cases • Security Tokens • OAuth • OpenID Connect • Web Cryptography • Constrained Devices (IoT), etc. 8
- 9. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWS • JSON Web Signature (RFC 7515) • Content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based integrity protection 10
- 10. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWS Compact Serialization BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) 11
- 11. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWT • JSON Web Token (RFC 7519) • This specification was defined by OAuth WG • The suggested pronunciation of JWT is the same as the English word "jot” • JWTs represent a set of claims as a JSON object that is encoded in a JWS and/or JWE structure 12
- 12. https://jwt.io
- 13. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWE • JSON Web Encryption (RFC 7516) • JWE Compact Serialization • JWE JSON Serialization 14
- 14. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWE Compact Serialization BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication Tag) 15
- 15. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWK • JSON Web Key (RFC 7517) • JSON data structure that represents a cryptographic key • JWKs and JWK Sets are used in the JWS and JWE specifications 16
- 16. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. JWA • JSON Web Algorithms (RFC 7518) • Cryptographic algorithms and identifiers to be used with JWS, JWE, and JWK specifications • HMAC-SHA256, RSA-SHA256, ECDSA- SHA256 and RSASSA-PSS SHA256, etc. 17
- 17. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Conclusion 1. JOSE WG in IETF 2. JOSE are used with OpenID Connect and OAuth, etc. 3. Overview of 5 RFCs • JWS (JWT), JWE, JWK, JWA 18
- 18. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. 19 Letʼs see JOSE !! https://datatracker.ietf.org/wg/jose/
- 19. Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved.Copyright © 2018 Yahoo Japan Corporation. All Rights Reserved. Thank you for your kind attention!
