Integration

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive a notification on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.

If you encounter any issues accessing the Ideas portal, please send email describing the issue to ideasibm@us.ibm.com for resolution. For more information about IBM's Ideas program visit ibm.com/ideas.

Status Future consideration
Workspace DataPower Gateway
Created by Guest
Created on Jan 21, 2020

Support numeric value in Registered claim 'iat' in JOSE DataPower library

The IBM DataPower JOSE library does not support numeric values for registered claim ‘iat' according to the spec.
We are required to use ‘iat' during Message encryption which uses a JSON Web Token (this must be a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in GMT until the date/time) for encrypting the message during the external communication. There are various claims in the JWT protected header and one of them is ‘iat' and it needs to be set to numeric value and JWT spec clearly mention that as well . https://tools.ietf.org/html/rfc7519#section-4.1.6 Unfortunately, DataPower does not support numeric value in ‘iat.

If a numeric value is supplied - the JOSE library throws an error when parsing it : mpgw (JWS-Encryption): request POC0JWS_Encrypt_JWE #2 gatewayscript: Transforming the content of INPUT. The transformation local:///JWE_Encrypt.js is applied. The results are stored in PIPE. failed: jwe-encrypt error: TypeError: Invalid type 'number (1579623770)' detected on method invocation. Method name: setProtected; Parameter index: 1; Expected type: string): jwe-encrypt error: TypeError: Invalid type 'number (1578983321)' detected on method invocation. Method name: setProtected; Parameter index: 1; Expected type: string (from client).

Similar issue with other element called http://openbanking.org.uk/iat was fixed under the RFE https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=131757
We request the similar fix for ‘iat' claim as well, so that we can continue to use IBM DataPower gateway for all encryption and decryption requirements.

Idea Priority Urgent
Use Case
let dt = new Date(); let iat = Math.round(dt.getTime()/1000); // Time in seconds when JWE got created jweHdr.setProtected('iat', iat); While execution, below error is thrown TypeError: Invalid type 'number (1578983321)' detected on method invocation. Method name: setProtected; Parameter index: 1; Expected type: string (from client) This works fine if 'iat' claim is a string value (i.e. enclosed in quotes), but requirement is to have this in number to support encryption and description with external partners. As per spec, “4.1.6. "iat" (Issued At) Claim The "iat" (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value.
RFE ID 139583
RFE URL
RFE Product IBM DataPower Gateways