Magic Signatures, Salmon, and JSON Web Tokens

[John Panzer]

All,

At IIW 2 weeks ago, there were a series of meetings to talk about the implementation of JSON Web Token signing for OAuth2 tokens.  This is relevant as we were discussing using Magic Signatures as a basis for JWT as well.  During the discussions (summarized at http://self-issued.info/?p=361), various additional requirements were added to the JWT use cases & it became clear that while there was a lot of commonality and sharing of primitives, there was a divergence of use cases between Salmon (and the simple Magic Signatures spec) and the needs of the JSON Token community.  At the same time, the Magic Signature/Salmon specs have benefitted greatly from the discussions.

So, I'm going to wrap up a few loose ends & then propose moving the Experimental Magic Signatures spec to the baseline, finish implementing Java, Ruby, and Python libraries in parallel, and start doing interop testing with the proposed 1.0 spec versions.

Thanks for bearing with us as we try to nail down these specs.  I also promise that when we lock this down, I'll make sure the examples in the specs are correct and up to date :).

--
John Panzer / Google
jpa...@google.com / abstractioneer.org / @jpanzer