[Openid-specs-fapi] Prerelease of JWS/CT (Clear Text)

Anders Rundgren anders.rundgren.net at gmail.com
Sun Nov 8 09:31:34 UTC 2020

On 2020-11-07 11:34, Filip Skokan wrote:
> Hi Anders,

Hi Filip,

> I believe i've posted this question elsewhere a while back as well.
> Why doesn't the draft utilize a "crit" extension parameter so that this canonicalization handling could be built into and consumed directly from general JOSE libraries?

I understand the rationale but but I don't understand how it could actually work :-(

"just for fun" I took https://connect2id.com/products/nimbus-jose-jwt as an example:

// Verify a JWS compact object.  Input is a string like:
// eyJhbGciOiJIUzI1NiJ9.eyJoaSI6InRoZXJlISJ9.hu7zlBdI9MjBx5WxiezZ9qAjubwgMzVpBg5pfbzfTe0

jwsObject = JWSObject.parse(s);

// Verify a JWS/CT object having the same content.  Input is a JSON object like:
// {
//   "hi": "there",
//   "signature": "eyJhbGciOiJIUzI1NiJ9..hu7zlBdI9MjBx5WxiezZ9qAjubwgMzVpBg5pfbzfTe0"
// }
// as well as an application-specific signature property holding the detached JWS

// The following hypothetical addition to Nimbus could perform the steps needed
// for transforming a JWS/CT object into a regular JWS compact object:
jwsObject = JWSObject.parse(jwsCtJsonObject, "signature");

It seems like adding JWS/CT support should be fairly simple to an API along these lines.


> Best,
> Filip
> Odesláno z iPhonu
>> 7. 11. 2020 v 8:54, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
>> F.Y.I.
>> https://github.com/cyberphone/Internet-Drafts
>> Note: this document has not yet been submitted to the IETF.
>> Anders
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

More information about the Openid-specs-fapi mailing list