[Openid-specs-ab] Signature

Nat Sakimura sakimura at gmail.com
Sat Sep 18 15:59:26 UTC 2010


Using JWT for the authentication of the client/rp would be good choice to
upgrade it from password.

>From the point of view of the signed document as a long term evidence, Magic
Signatures style would be more pleasing as it has the metadata about itself.
It can also easily extend to incorporate time stamping etc.

Downside of having separate signature scheme for the documents are the
developer cost, though, it is very small. It is just the matter of printf
template...

=nat

On Fri, Sep 17, 2010 at 9:26 AM, John Bradley <jbradley at mac.com> wrote:

> I can see a advantage to using the Web Token vs Magic signature.
>
> Do you have a pointer to the new work that is being done on it?
>
> John B.
>
> On 2010-09-16, at 5:13 PM, Nat wrote:
>
> > There has not been any feedback/updates to draft 13 for a month apart
> from spelling mistakes.
> >
> > There is one more consideration left though. That is signature. We are
> using modified form of Magic Signature. Should we convert to JSON Web Token
> or something?
> >
> > =nat @ Tokyo via iPhone
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100919/9741f58e/attachment.html>


More information about the Openid-specs-ab mailing list