Support for JSON serialisation
JSON objects can be serialised (encoded) in two ways:
Compact encoding -- the most widely used encoding, saves space, is URL safe, and is used by JWTs.
JSON encoding -- less frequently used, permits multiple signatures.
Synthetic IV (SIV) encryption modes for JWE
New draft porting AES/SIV mode to JOSE. Provides deterministic authenticated encryption and key-wrapping, as well as nonce-based misuse- resistant authenticated encryption, depending on how the cipher is set up.
Public Key Authenticated Encryption for JOSE: ECDH-1PU
New draft for ECDH-1PU public key authenticated encryption algorithm for JWE.
Java 8 upgrade
Upgrading the library to make use of language features and classes in Java 8 where that makes sense. The super ticket for suggestions and tracking the work is here.
Annotations would be good to have. For example, a
@JWTClaim annotation to
turn a Java object into a JWT claims set.
Create a benchmark suite to test the relative performance of the supported JWS and JWE algorithms.