[Openid-specs-ab] Draft 04 candidate

John Bradley jbradley at mac.com
Wed May 5 00:09:06 UTC 2010


When you use Magic signature you wind up with a JSON object as the result.  

The nice thing about doing it Key-Value is that the OP can sign it on spec and the RP can ignore it.

If we go with JSON the OP needs to be sure the RP can take the JSON wrapped Key-Value form.

The other downside of Magic signature is that they chose a signature padding method as the default that is not optimal for some Government uses.
It may be deprecated in the standards eventually.   We would create a profile to extend the supported algorithms,  not a big deal.

It also seems to be designed for raw keys.   I don't think the certificate is included in the signature.

I am OK with using it but it seems not to have a huge advantage.

John B.
On 2010-05-04, at 7:25 PM, Nat Sakimura wrote:

> Hi. 
> 
> I have finally done the editing for draft 04. 
> Hopefully, I have captured the comments made by you guys. 
> 
> As usual, the repository is http:/bitbucket.org/openid/ab/ 
> 
> Browser readable version without downloading the repository is here: 
> 
> http://www.sakimura.org/specs/ab/
> 
> Several Questions still remains. 
> 
> 1. Should we be using Key-Value form encoding when we are signing the assertion by Magic Signature, 
>     or should we standardize on JSON? 
> 2. Is Magic Signature OK as a signature format? 
> 
> Other comments are welcome. 
> 
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100504/daa681bc/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100504/daa681bc/attachment.bin>


More information about the Openid-specs-ab mailing list