[Openid-specs-ab] [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs
John Bradley
ve7jtb at ve7jtb.com
Mon Mar 28 22:04:49 UTC 2011
I just spotted that further down.
I am OK with no pad character as long as that isn't going to mess up string parsing in some situations.
The empty string is arguably more compact.
John B.
On 2011-03-28, at 6:02 PM, Mike Jones wrote:
> Correct – good catch. I’ll update the draft. The intent was for there to be no pad character in that case.
>
> -- Mike
>
> From: John Bradley [mailto:ve7jtb at ve7jtb.com]
> Sent: Monday, March 28, 2011 3:00 PM
> To: Mike Jones
> Cc: oauth at ietf.org; woes at ietf.org; openid-specs-ab at lists.openid.net; openid-specs at lists.openid.net
> Subject: Re: [Openid-specs-ab] [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs
>
> Mike in JWT 6.7 if the alg is none.
>
> Otherwise, if the "alg" value
> is ""none"", the JWT Claim Segment is the empty string.
> I may be missing something. If the Alg is none then the Claim segment is still the claim segment. It is the Crypto segment that would just be padding to maintain the format.
>
> In 8 10 the decoding has it correct.
>
> So in the event the signature alg is none do we make the cripto segment a pad character?
>
> So normally it would be
> xxxxxxx.xxxxxxxx.xxxxx
>
> Dropping the cripto segment looks like
> xxxxxxx.xxxxxxxx.
>
> Or with a pad char to be ignored
> xxxxxxx.xxxxxxxxx.0
>
> Or something like that.
>
> John B.
> On 2011-03-28, at 5:28 AM, Mike Jones wrote:
>
>
> These are now published as IETF drafts. The IETF .txt version links are:
> http://www.ietf.org/id/draft-jones-json-web-token-03.txt
> http://www.ietf.org/id/draft-jones-json-web-signature-01.txt
>
> -- Mike
>
> From: oauth-bounces at ietf.org [mailto:oauth-bounces at ietf.org] On Behalf Of Mike Jones
> Sent: Friday, March 25, 2011 10:26 PM
> To: oauth at ietf.org; woes at ietf.org; openid-specs-ab at lists.openid.net
> Cc: openid-specs at lists.openid.net
> Subject: [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs
>
> As promised, I have split the contents of the JWT spec draft-jones-json-web-token-01 into two simpler specs:
> draft-jones-json-web-token-02
> draft-jones-json-web-signature-00
> These should have introduced no semantic changes from the previous spec.
>
> I then applied the feedback that I received since JWT -01 and created revised versions of the split specs:
> draft-jones-json-web-token-03
> draft-jones-json-web-signature-01
> The only breaking change introduced was that x5t (X.509 Certificate Thumbprint) is now a SHA-1 hash of the DER-encoded certificate, rather than a SHA-256 has, as SHA-1 is the prevailing existing practice for certificate thumbprint calculations. See the Document History sections for details on each change made.
>
> .txt and .xml versions are also available. I plan to publish these as IETF drafts once the submission window re-opens on Monday. Feedback welcome!
>
> -- Mike
>
> P.S. Yes, work on the companion encryption spec is now under way…
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110328/53bbd785/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110328/53bbd785/attachment.p7s>
More information about the Openid-specs-ab
mailing list