All,
Currently, the JWK "use" attribute effectively distinguishes between JWE
("enc") and JWA ("sign").
However, additional uses can be added to the registry and the W3C WebCrypto
group is planning to register use values corresponding to the KeyUsage
values defined for WebCrypto Key objects. These KeyUsage values include,
for example, encrypt, decrypt, sign, verify, wrap, unwrap etc.
A WebCrypto Key object may have multiple KeyUsages and so we have a
question as to how to represent that in JWK.
One proposal is to allow the use string to contain a comma-separated list
of values. We could register such a scheme directly with IANA.
It would be cleaner, though, since this is JSON, to allow this attribute to
have Array type where two or more usages are to be represented (it would
remain a string for the single-usage case). I've also had some negative
feedback from implemetors about the comma-separated-value idea along
yet-another-string-parser lines.
Would it be possible to modify the Registry for JWK use values to allow
data types other than String to be registered ?
...Mark
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
