Michael B. Jones

About:

Michael B. Jones is an independent consultant focused on digital identity, security, and interoperability.

Website:

self-issued.info

Specializations:

Independent Consultant

Interests:

Digital identity Security Interoperability

Incoming Links:

Heather Flanagan
Subscribe to RSS:
Link

6.5The Journey to OpenID Federation 1.0 is Complete

2026-02-18 security openid identity and access management protocols

The completion of OpenID Federation 1.0 marks a significant milestone in enabling multi-lateral federation across various protocols, driven by community collaboration and real-world applications.

6.3Fully-Specified Algorithms for JOSE and COSE is now RFC 9864

2025-10-30 cryptography rfc ietf jose cose

The RFC 9864 specification for Fully-Specified Algorithms for JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) has been published. It introduces fully-specified algorithm identifiers that eli...

5.5Initial Drafts of 1.1 OpenID Federation Specs

2026-01-03 federation standards openid authentication specification

The OpenID Federation 1.0 has been divided into two drafts to improve clarity while maintaining existing functionality, inviting community feedback for enhancements.

5.5More SPICEyness

2025-07-09 spice standards ietf openid cwt

The author discusses recent contributions to the IETF Secure Patterns for Internet Credentials (SPICE) working group, highlighting advancements in several specifications, including the Selective Disclosure CWT (SD-CWT) and OpenID ...

5.4My Unplanned Multi-Platform Passkey Adventure

2025-12-05 technology amazon interoperability passkey authentication

The author recounts his experience of logging into his wife Becky's Amazon account using a passkey saved on her iPhone while using Firefox on Windows 11. After encountering an invalid password message, he successfully navigates th...

5.4Why I Joined Hawcx

2025-08-27 authentication passwordless authentication fido web standards hawx

Dr. Michael B. Jones discusses his decision to join Hawcx, a company focused on secure, passwordless authentication. He highlights his extensive work with WebAuthn and FIDO2 standards, noting both successes and ongoing challenges ...

5.4Major updates to JSON Web Proof specifications in preparation for IETF 123

2025-07-09 json ietf technical specifications web proof

The blog post discusses significant updates made to the JSON Web Proof, JSON Proof Algorithms, and JSON Proof Token specifications in preparation for the JOSE working group at IETF 123 in Madrid. Key updates include changes to alg...

5.3OpenID Federation Interop Event at TIIME 2026 in Amsterdam

2026-02-17 federation openid identity and access management interop tiimo

The TIIME 2026 event in Amsterdam facilitated collaborative testing of OpenID Federation implementations among international participants, enhancing interoperability in identity management.

5.3Updates to Audience Values for OAuth 2.0 Authorization Servers

2025-07-22 security ietf openid jwt authentication

The post discusses the publication of a new version of the Updates to Audience Values for OAuth 2.0 Authorization Servers specification, which incorporates feedback from the OAuth working group during IETF 122. It addresses a secu...

5.2Design Team Decisions Applied to JOSE HPKE Specification

2025-11-30 encryption ietf technical specifications jose hpke

A design team convened after the JOSE working group meeting at IETF 124 to discuss the JOSE HPKE specification. They made several recommendations, including not using 'enc' for Integrated Encryption, defining a new Key Management ...

5.1OpenID Federation Discussion at 2025 TechEx

2025-12-12 federation openid identity and access management technology conference internet2

Mike Jones facilitated discussions on OpenID Federation at the 2025 Internet2 Technology Exchange, engaging experts and sharing valuable insights from the sessions.

5“Split Signing Algorithms for COSE” and “ARKG” updated in preparation for IETF 123

2025-07-09 cryptography ietf cose two-party signing arkg

Emil Lundberg and Mike Jones have updated the Split Signing Algorithms for COSE specification, previously known as COSE Algorithms for Two-Party Signing. The new draft reflects feedback from IETF 122 and prepares for discussions a...

4.9Working Group Last Call for OpenID Federation

2025-11-21 security federation openid working group

The OpenID Connect Working Group has initiated a two-week Working Group Last Call (WGLC) for the OpenID Federation 1.0 specification, allowing members to identify issues before finalization. The draft includes two new features: th...

4.8OpenID Connect RP Metadata Choices is an Implementer’s Draft

2025-07-09 metadata openid specification implementer's draft

The OpenID Connect Relying Party Metadata Choices specification has been approved as an Implementer’s Draft by the OpenID Foundation. This draft provides intellectual property protections for implementers and extends the Dynamic C...

0Final OpenID Connect EAP ACR Values Specification

2025-06-17 openid eap acr values

The OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0 specification has been approved as a Final Specification by the OpenID Foundation membership. It ties together OpenID Connect, W3C Web Authentication, and FID...

0WGLC for JOSE and COSE HPKE Specifications

2025-06-05 encryption ietf jose cose hpke

The text discusses the standardization of Hybrid Public Key Encryption (HPKE) and the efforts to bring HPKE encryption to applications using JSON Web Encryption (JWE) and COSE encryption. It mentions the registries for Key Encapsu...

0OpenID Federation draft 43 Incorporating Feedback from Interop Event

2025-06-03

...

0Ten Years of JSON Web Token (JWT) and Preparing for the Future

2025-05-25 security cryptography openid jwt authentication

The JSON Web Token (JWT) became RFC 7519 ten years ago, and it has been widely adopted. Efforts are underway to keep JWTs and their use secure for the next decade, with updates to the Best Current Practices specification and the J...

0Essential Moments in the OAuth and OpenID Timeline

2025-05-20

...

0OpenID Federation Interop Event at SUNET in Stockholm

2025-05-17 openid interop stockholm justin sun

The text describes an OpenID Federation Interop Event at SUNET in Stockholm, where 30 participants from 15 countries performed interoperability testing among 14 different OpenID Federation implementations. The event included testi...

0W3C Verifiable Credentials 2.0 Specifications are Now Standards

2025-05-15 standards verifiable credentials json-ld web standards vc-jose-cose

The Verifiable Credentials 2.0 family of specifications is now a W3C Recommendation, including the Verifiable Credentials Data Model v2.0, Securing Verifiable Credentials using JOSE and COSE, and Controlled Identifiers v1.0. Mike ...

0Fully-Specified Algorithms are now the Law of the Land

2025-05-13 security cryptography iana ietf algorithms

Fully-specified algorithms are now the law of the land for JOSE and COSE, replacing previously registered polymorphic algorithms. The IANA JOSE and COSE registrations have been updated, and only fully-specified algorithms will be ...

0So you want to use Digital Credentials? You’re now facing a myriad of choices!

2025-05-09 digital identity keynote speaking standards eic

The text is a keynote talk by Mike Jones at EIC 2025 about the use of digital credentials, discussing various engineering choices, usability, building ecosystems, and the importance of standards.

0Fully-Specified Algorithms Specification Addressing IESG Feedback

2025-05-06 internet studies algorithms specification jose cose

The 'Fully-Specified Algorithms for JOSE and COSE' specification has been updated to address feedback from IESG members and directorate reviews. The changes made include deprecating some polymorphic algorithm identifiers, providin...