[Openid-specs-fapi] #OBEDocument: OBE JWS Profile [revised draft for review]

Anders Rundgren anders.rundgren.net at gmail.com
Sat Feb 1 07:48:03 UTC 2020


On 2020-01-29 15:48, Ralph Bragg via Openid-specs-fapi wrote:
> Hi All,
> 
> Please see the proposed initial draft for JWS signatures, comments back to me if you’d like to influence the standard.

Thanx Ralph!

I have no intention influencing the standard [*] but I'm always curious about developments in this space so I did a brief study.

 From what I can deduct this is essentially the Cavage draft where the original crypto solution has been replaced by JWS.

For Open Banking APIs in their current state that is probably entirely sufficient.

For the Saturn/Open Banking Wallet it doesn't fit though because Saturn presumes that JSON messages (irrespective of transport) can be:
- Serialized
- Embedded
- Hashed
- Signed
This for example enable Counter-Signature arrangements like: https://cyberphone.github.io/doc/saturn/bank2bank-payment.html#6 which can simplify system design since it reduces the need to reference/store previous messages. Embedding and counter-signing serves that purpose, albeit at the expense of message size.

Thanx,
Anders

*] I don't know anything about PRETA's standing standards-wise.
> 
> Kind Regards,
> 
> Ralph
> 




More information about the Openid-specs-fapi mailing list