[Openid-specs-fapi] Yet another take on FAPI signatures

Anders Rundgren anders.rundgren.net at gmail.com
Fri May 25 05:19:40 UTC 2018


Documentation: https://github.com/cyberphone/jws-jcs#combining-detached-jws-with-jcs-json-canonicalization-scheme
On-line demo: https://mobilepki.org/jws-jcs/home

On 2018-05-20 05:43, Anders Rundgren wrote:
> As some of you know, I'm not overly convinced that shrouding your precious business data in Base64Url is a great solution.
> 
> However, there seems to be a cool way combining Detached JWS with a pretty simple JSON canonicalization scheme:
> 
> https://github.com/w3c/payment-request/issues/714
> 
> Is this better than using HTTP headers?  I think so because messages remain signed even when stored.   As the example above shows, it also works in non-HTTP contexts.
> 
> Anders
> 



More information about the Openid-specs-fapi mailing list