GLUECOSE provides an interoperability framework for various CBOR Object Signing and Encryption (COSE) libraries. Additionally, it provides a single place where developers can view the features of various COSE libraries, and thus select a library that is best suited for a project's specific needs.
The COSE signing envelope format, which is broadly applicable from small devices to large-scale server environments, attempts to keep the flavor of Javascript Object Signing and Encryption (JOSE) specifications (JWS, JWE, JWK, JWA) while providing additional features and flexibility. To meet the requirements for a broad range of use cases (devices, edge or servers) and flexibility, COSE offers a wide feature set and is quite complex. This makes it difficult for library implementers to test and verify their libraries. Also, many implementers choose to implement a subset of the full COSE specification. This makes it difficult for application developers to know which COSE library to select given their project needs.
Have a clear view of tables that express the support of features by a certain COSE library, so that a user that needs to decide whether to use a certain crypto primitive for their software project can clearly identify the level of support for that feature in the open-source software ecosystem.
-
A way to query feature support for a specific COSE implementation in an automated fashion.
-
Comprehensive set of COSE tests which can be used by developers in their projects.
-
Published results of the glucose tests against a specific COSE implementation.
-
Compatibility Matrix of COSE libraries in the ecosystem.
gluecose is an emerging project. Activities are tracked via github issues and progress tracked via the project board