[Openid-specs-fapi] Signatures in FAPI and W3C's PaymentRequest
anders.rundgren.net at gmail.com
Fri Dec 21 04:41:53 UTC 2018
There are multiple issues here but let me focus on a subject which I have spent considerable time and effort on, namely "Signed JSON".
That is, the W3C have to come up with another model for https://www.w3.org/securepay/charter.html which is a pity since it means that JSON signature solutions (possibly even within a single application), will be different.
Effectively W3C's at this stage only known choices are:
- JWS 
- JWS-JCS [2, 3]
- Starting from scratch
Personally, I would be very surprised if the W3C settles on JWS because it pretty much destroys the API concept.
2] Underpinning Internet-Draft: https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-02
3] On-line testing: https://mobilepki.org/jws-jcs/home
More information about the Openid-specs-fapi