[Openid-specs-ab] The other JSS envelope structure
Nat Sakimura
sakimura at gmail.com
Tue Oct 5 16:36:58 UTC 2010
There actually was another reason for having "payload" as a parameter.
As a generic signature mechanism, we may want to sign arbitrary binary
data.
In such a case, we can base64url encode it and put it into "payload"
parameter.
=nat
On Wed, Oct 6, 2010 at 12:56 AM, Nat Sakimura <sakimura at gmail.com> wrote:
> In this example:
>
> {
> "oauth_token": "asdfjklsdfjwoIjfk",
> "not_after": 12345678,
> "user_id": 1223,
> "profile_id": 1223 ,
> "env" :
> {
> "type": "http://jsonenc.info/jss/",
> "sig_params": [
> {
> "key_id": "example.com",
> "algorithm": "HMAC-SHA256"
> }
> ]
> }
> }
>
> I do not think we need env. That would simplify.
>
> The reason why we put everything inside the payload was that we thought it
> would be easier to process. I am open to both ways.
>
> What do others think?
>
> =nat
>
> On Wed, Oct 6, 2010 at 12:40 AM, nara hideki <hdknr at ic-tact.co.jp> wrote:
>
>> Hi, Nat,
>>
>> This revision of envelope is literally "envelope" in which parameters
>> in concern are held as JSON object in "payload".
>> But it looks more simpler to me if all signing parameters are held as
>> a JSON object in the concerned data. I mean that the following sample
>> :
>>
>> {
>> "type": "http://jsonenc.info/jss/",
>> "sig_params": [
>> {
>> "key_id": "example.com",
>> "algorithm": "HMAC-SHA256"
>> }
>> ],
>> "payload": {
>> "oauth_token": "asdfjklsdfjwoIjfk",
>> "not_after": 12345678,
>> "user_id": 1223,
>> "profile_id": 1223
>> }
>> }
>>
>> can be simplified in this JSON:
>>
>> {
>> "oauth_token": "asdfjklsdfjwoIjfk",
>> "not_after": 12345678,
>> "user_id": 1223,
>> "profile_id": 1223 ,
>> "env" :
>> {
>> "type": "http://jsonenc.info/jss/",
>> "sig_params": [
>> {
>> "key_id": "example.com",
>> "algorithm": "HMAC-SHA256"
>> }
>> ]
>> }
>> }
>>
>> because if the original parameters without a signature can be following :
>>
>> {
>> "oauth_token": "asdfjklsdfjwoIjfk",
>> "not_after": 12345678,
>> "user_id": 1223,
>> "profile_id": 1223
>> }
>>
>> >From the programming effort's point of view, it doesn't make any
>> difference.
>> But JSON text looks simpler.
>>
>> We don't have to define holding parameter name as "env" because JSS
>> JSON object MUST have
>> "type". In Python, this code can be tell whether a JSON is JSS-envloped or
>> not:
>>
>> >>> j=simplejson.loads( source_json_text )
>> >>> True in [ type(v)==dict and v.has_key('type') and v['type'] == "
>> http://jsonenc.info/jss/" for k,v in j.iteritems()]
>> True
>>
>> A drawback is a fact that "env" dosen't look literally an envelope.
>>
>> ---
>> hideki
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20101006/2f7768d2/attachment.html>
More information about the Openid-specs-ab
mailing list