JWS and JWE to secure tokens, messages and channels
Hard work pays off. The positive and encouraging feedback that we started receiving from early adopters of Nimbus JOSE + JWT for Java was a great inspiration and at same time motivation to continue refinement of the library.
Developers cited the new JSON-based formats for message signing and encryption, JWS and JWE, being a significant improvement in terms of simplicity and programming, particularly in comparison with the existing XML digital signature standard. A lot of effort was put to ensure this simplicity was also carried in the library, by making its application facing calls and class structures as simple and intuitive as possible. The same approach was applied to the API for plugging crypto algorithms in, which should make tracking draft changes to JOSE algorithms easier too.
Our main intended use of JWS/JWE/JWT is for generating and processing tokens in OpenID Connect. Last week we found a neat use case for JWE to protect identity data that is exchanged between Connect2id LdapAuth agents and the SaaS apps of customers. Other users have reported success in using JWS/JWE to exchange patient records between hospitals, sign transactions and encrypt message channels between web services.
Huge thanks to the JOSE WG for crafting this specification as well as to all developers who contributed to the library and continue to do so.