[Openid-specs-ab] JWT: Segment Order

Mike Jones Michael.Jones at microsoft.com
Tue Dec 21 21:25:39 UTC 2010

Hi Hideki,

This was discussed at IIW, with notes being posted at http://self-issued.info/?p=361.  In particular, the field ordering conclusions were recorded as follows:

Ordering of the fields
By a vote of 8 to 1, people preferred the ordering envelope.payload.signature over the ordering signature.envelope.payload. Two reasons were cited: First, this allows for stream-mode operations, where consumers can begin operations based upon the contents of the envelope before the signature has arrived without having to buffer the signature, and where producers can compute the signature in parallel with the transmission of the envelope and payload. The counter-argument advanced by Paul Tarjan of Facebook (in abstentia) is that all languages have a string operation to split a string on the first occurrence of a character.

				Best wishes,
				-- Mike

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of hideki nara
Sent: Tuesday, December 21, 2010 1:15 PM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] JWT: Segment Order


I'm afraid that I may miss the previous discussion.

Current draft defines the segment sequence of Header,Payload and Crypto in order.
I think that  the order of Payload,Header and Crypto could be better when we think of multiple signature because easy to add extra signature set to the end.
I mean a token with three signature look like this:


Otherwise with keeping the order in current draft:


Clarification would be a good X'mas present from you to me.

Best regards!

hideki nara
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net

More information about the Openid-specs-ab mailing list