<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<b>Current OB signature solution in a request scenario:</b><br>
<font size="-2" face="Courier New, Courier, monospace">POST
/payments HTTP/1.1<br>
x-jws-signature:
TGlmZSdzIGEg5hdGlvbiA=..T2ggZ25bGVyIGdvaW5nIGRvd24gPw==<br>
Content-Type: application/json<br>
<br>
{<br>
"Data": {<br>
...OB specific data..<br>
},<br>
"Risk": {<br>
...OB specific data..<br>
}<br>
}</font><br>
<br>
<br>
<b>Enhanced JWS + JCS solution:</b><br>
<font size="-2" face="Courier New, Courier, monospace">POST
/payments HTTP/1.1<br>
Content-Type: application/json<br>
<br>
{<br>
"Data": {<br>
...OB specific data..<br>
},<br>
"Risk": {<br>
...OB specific data..<br>
},<br>
"x-jws-signature":
"TGlmZSdzIGEg5hdGlvbiA=..T2ggZ25bGVyIGdvaW5nIGRvd24gPw"<br>
}</font><br>
<br>
What's the advantage with that you may [rightfully] wonder? Well,
signed data becomes a<i> self-contained object</i> which can<br>
- pass arbitrary proxies<br>
- be stored in a database<br>
- be embedded in another JSON object to for example support <i>countersigning</i><br>
etc. without losing its edge.<br>
<br>
Anders<br>
<a class="moz-txt-link-freetext" href="https://mobilepki.org/jws-jcs">https://mobilepki.org/jws-jcs</a><br>
<br>
</body>
</html>