Skip to main content

9. IANA Considerations

9. IANA Considerations

The following registration procedure is used for all the registries established by this specification.

Values are registered on a Specification Required [RFC5226] basis after a three-week review period on the [email protected] mailing list, on the advice of one or more Designated Experts. However, to allow for the allocation of values prior to publication, the Designated Experts may approve registration once they are satisfied that such a specification will be published.

Registration requests sent to the mailing list for review should use an appropriate subject (e.g., "Request to register header parameter: example").

Within the review period, the Designated Experts will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful. Registration requests that are undetermined for a period longer than 21 days can be brought to the IESG's attention (using the [email protected] mailing list) for resolution.

Criteria that should be applied by the Designated Experts includes determining whether the proposed registration duplicates existing functionality, whether it is likely to be of general applicability or useful only for a single application, and whether the registration description is clear.

IANA must only accept registry updates from the Designated Experts and should direct all requests for registration to the review mailing list.

It is suggested that multiple Designated Experts be appointed who are able to represent the perspectives of different applications using this specification, in order to enable broadly informed review of registration decisions. In cases where a registration decision could be perceived as creating a conflict of interest for a particular Expert, that Expert should defer to the judgment of the other Experts.

9.1 JSON Web Signature and Encryption Header Parameters Registry

This specification establishes the IANA "JSON Web Signature and Encryption Header Parameters" registry for Header Parameter names. The registry records the Header Parameter name and a reference to the specification that defines it. The same Header Parameter name can be registered multiple times, provided that the parameter usage is compatible between the specifications. Different registrations of the same Header Parameter name will typically use different Header Parameter Usage Locations values.

9.1.1 Registration Template

Header Parameter Name: : The name requested (e.g., "kid"). Because a core goal of this specification is for the resulting representations to be compact, it is RECOMMENDED that the name be short -- not to exceed 8 characters without a compelling reason to do so. This name is case sensitive. Names may not match other registered names in a case-insensitive manner unless the Designated Experts state that there is a compelling reason to allow an exception.

Header Parameter Description: : Brief description of the Header Parameter (e.g., "Key ID").

Header Parameter Usage Location(s): : The Header Parameter usage locations, which should be one or more of the values "JWS" or "JWE".

Change Controller: : For Standards Track RFCs, list the "IESG". For others, give the name of the responsible party. Other details (e.g., postal address, email address, home page URI) may also be included.

Specification Document(s): : Reference to the document or documents that specify the parameter, preferably including URIs that can be used to retrieve copies of the documents. An indication of the relevant sections may also be included but is not required.

9.1.2 Initial Registry Contents

This section registers the Header Parameter names defined in Section 4.1 in this registry.

  • Header Parameter Name: "alg"
  • Header Parameter Description: Algorithm
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.1 of RFC 7515
  • Header Parameter Name: "jku"
  • Header Parameter Description: JWK Set URL
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.2 of RFC 7515
  • Header Parameter Name: "jwk"
  • Header Parameter Description: JSON Web Key
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.3 of RFC 7515
  • Header Parameter Name: "kid"
  • Header Parameter Description: Key ID
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.4 of RFC 7515
  • Header Parameter Name: "x5u"
  • Header Parameter Description: X.509 URL
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.5 of RFC 7515
  • Header Parameter Name: "x5c"
  • Header Parameter Description: X.509 Certificate Chain
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.6 of RFC 7515
  • Header Parameter Name: "x5t"
  • Header Parameter Description: X.509 Certificate SHA-1 Thumbprint
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.7 of RFC 7515
  • Header Parameter Name: "x5t#S256"
  • Header Parameter Description: X.509 Certificate SHA-256 Thumbprint
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.8 of RFC 7515
  • Header Parameter Name: "typ"
  • Header Parameter Description: Type
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.9 of RFC 7515
  • Header Parameter Name: "cty"
  • Header Parameter Description: Content Type
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.10 of RFC 7515
  • Header Parameter Name: "crit"
  • Header Parameter Description: Critical
  • Header Parameter Usage Location(s): JWS
  • Change Controller: IESG
  • Specification Document(s): Section 4.1.11 of RFC 7515

9.2 Media Type Registration

9.2.1 Registry Contents

This section registers the "application/jose" media type [RFC2046] in the "Media Types" registry [IANA.MediaTypes] in the manner described in RFC 6838 [RFC6838], which can be used to indicate that the content is a JWS or JWE using the JWS Compact Serialization or the JWE Compact Serialization. This section also registers the "application/jose+json" media type in the "Media Types" registry, which can be used to indicate that the content is a JWS or JWE using the JWS JSON Serialization or the JWE JSON Serialization.

application/jose:

  • Type name: application
  • Subtype name: jose
  • Required parameters: n/a
  • Optional parameters: n/a
  • Encoding considerations: 8bit; application/jose values are encoded as a series of base64url-encoded values (some of which may be the empty string), each separated from the next by a single period ('.') character.
  • Security considerations: See the Security Considerations section of RFC 7515.
  • Interoperability considerations: n/a
  • Published specification: RFC 7515
  • Applications that use this media type: OpenID Connect, Mozilla Persona, Salesforce, Google, Android, Windows Azure, Xbox One, Amazon Web Services, and numerous others that use JWTs
  • Fragment identifier considerations: n/a
  • Additional information:
    • Magic number(s): n/a
    • File extension(s): n/a
    • Macintosh file type code(s): n/a
  • Person & email address to contact for further information: Michael B. Jones, [email protected]
  • Intended usage: COMMON
  • Restrictions on usage: none
  • Author: Michael B. Jones, [email protected]
  • Change Controller: IESG
  • Provisional registration? No

application/jose+json:

  • Type name: application
  • Subtype name: jose+json
  • Required parameters: n/a
  • Optional parameters: n/a
  • Encoding considerations: 8bit; application/jose+json values are represented as a JSON Object; UTF-8 encoding SHOULD be employed for the JSON object.
  • Security considerations: See the Security Considerations section of RFC 7515
  • Interoperability considerations: n/a
  • Published specification: RFC 7515
  • Applications that use this media type: Nimbus JOSE + JWT library
  • Fragment identifier considerations: n/a
  • Additional information:
    • Magic number(s): n/a
    • File extension(s): n/a
    • Macintosh file type code(s): n/a
  • Person & email address to contact for further information: Michael B. Jones, [email protected]
  • Intended usage: COMMON
  • Restrictions on usage: none
  • Author: Michael B. Jones, [email protected]
  • Change Controller: IESG
  • Provisional registration? No
Last updated on