[Openid-specs-fapi] CBORizing FAPI
Anders Rundgren
anders.rundgren.net at gmail.com
Mon Feb 14 06:13:26 UTC 2022
Why would anybody consider a CBORized FAPI?
There are two reasons:
- More compact.
- Relieving you from yucky signature solutions using header parameters or dressing everything in Base64Url.
Deterministic serialization working at the *binary* level makes "ASCII-armoring" a blast from the past.
If you have 1 minute to spare you may try CBOR signatures on-line:
https://test.webpki.org/csf-lab/home
Note: signing CBOR diagnostic notation is NOT something you would do in real-world applications, although it works surprisingly well.
FWIW, I'm trying to make an "Apple Pay" using FIDO (not WebAuthn), where the user authorization part is based on CBOR.
thanx,
Anders
More information about the Openid-specs-fapi
mailing list