Follow-up to Db2 and JWT: What is JOSE...?

JWT: Encoded or decoded security claims

Last week, I wrote about Db2 support for JSON Web Tokens (JWT). Today, I have a small follow-up with some reading material on JWT and related topics like JOSE, JWS, JWK as well as OAuth and OpenID Connect.

Some JWT history and standards

The first draft for JSON Web Tokens, JWTs, is already 10 years old. It is from December 2010. The early draft states:

Db2 Security: Configure JSON Web Token (JWT) authentication

Db2 login utilizing a JWT

Since V11.5.4, Db2 allows to consume JWT (JSON Web Token). The business case is to support SSO (single sign-on). You can configure Db2 to accept access tokens issued by external Identity Provider (IDPs), including the IBM solutions or open source projects like gluu. V11.5.5 brought some JWT improvements, e.g., support for multiple labels. On a recent Friday, I set up my Db2 Docker container to accept JWTs, not those issued by an external identity service, but my own.