…his document, with references to pre-existing definitions as appropriate. As in RFC4949 ], each entry is preceded by a dollar sign ($) and a space for automated searching. Note that this document does not try to attempt to define the term 'privacy' with a brief definition. Instea…

…his document, with references to pre-existing definitions as appropriate. As in RFC4949 ], each entry is preceded by a dollar sign ($) and a space for automated searching. Note that this document does not try to attempt to define the term 'privacy' with a brief definition. Instea…

…uthorized changes to data by ensuring that changes to the data are detectable [ RFC4949 ]. Data confidentiality: The property that data is not disclosed to system entities unless they have been authorized to know the data [ RFC4949 ]. 1.3 . Conventions Used in This Document The k…

…dversary is able to alter data communication to affect its operation (see also [RFC4949]). passive adversary: A passive adversary is able to learn information from data communication, but not alter that data communication (see also [RFC4949]). signaling path: The signaling path i…

…er of security-related terms in this document are used in the sense defined in [RFC4949]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC21…

…ogy Various security-related terms are to be understood in the sense defined in RFC4949 Some may also be defined in NISTSP63-3 Appendix A.1 and in NISTSP132 section 3.1. Throughout this document the term "password" is used to mean any password, passphrase, PIN, or other memorized…

…)", and "Plaintext" are defined by the "Internet Security Glossary, Version 2" [RFC4949]. This term is defined by this specification: Base64urlUInt The representation of a positive or zero integer value as the base64url encoding of the value's unsigned big-endian representation a…

…y Various security-related terms are to be understood in the sense defined in [ RFC4949 ]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as…

…", and "Plaintext" are defined by the "Internet Security Glossary, Version 2" [ RFC4949 ]. This term is defined by this specification: Base64urlUInt The representation of a positive or zero integer value as the base64url encoding of the value's unsigned big-endian representation …

…cation Code (MAC)" are defined by the "Internet Security Glossary, Version 2" [ RFC4949 ]. 3 . JSON Web Signature (JWS) Overview JWS represents digitally signed or MACed content using JSON data structures and base64url encoding. These JSON data structures MAY contain whitespace a…

…", and "Plaintext" are defined by the "Internet Security Glossary, Version 2" [ RFC4949 ]. Jones, et al. Standards Track [Page 4] RFC 7519 JSON Web Token (JWT) May 2015 These terms are defined by this specification: JSON Web Token (JWT) A string representing a set of claims as a …

…", and "Plaintext" are defined by the "Internet Security Glossary, Version 2" [ RFC4949 ]. Jones, et al. Standards Track [Page 4] RFC 7519 JSON Web Token (JWT) May 2015 These terms are defined by this specification: JSON Web Token (JWT) A string representing a set of claims as a …

…tocol exchange. 2.1 . Terminology This document uses several terms defined in [ RFC4949 ] ("Internet Security Glossary") including the following: authentication, authentication exchange, authentication information, brute force, challenge-response, cryptographic hash function, dic…

…promise the confidentiality or integrity of the data. Downgrade attack: (From [ RFC4949 ].) A type of MITM attack in which the attacker can cause two parties, at the time they negotiate a security association, to agree on a lower level of protection than the highest level that co…

…)", and "Plaintext" are defined by the "Internet Security Glossary, Version 2" [RFC4949]. These terms are defined by this specification: JSON Web Token (JWT) A string representing a set of claims as a JSON object that is encoded in a JWS or JWE, enabling the claims to be digitall…