<div dir="ltr"><div>If I understand this spec correctly the intent is to place a signature as an inline attribute to the original payload (ie. add a `signature` key)?<br></div><div><br></div><div>I'm not so sure I'm onboard with inline modification of the original payload for a signature of the payload itself. I raise this because parsing then modifying a payload to return it back to it's original state before being able to verify it in the first place seems counter intuitive.</div><div><br></div><div>Have you considered a "JWS/JWE like" envelope instead? ie:</div><div><br></div><div>{</div><div> "signature": "abc"</div><div>},</div><div>{</div><div> "payload1": "x"</div><div> "payload2": "y"</div><div>}</div><div><br></div><div>Thanks,</div><div><br></div><div>Stuart</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Nov 20, 2020 at 10:42 PM Anders Rundgren via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><a href="https://www.ietf.org/archive/id/draft-jordan-jws-ct-00.html" rel="noreferrer" target="_blank">https://www.ietf.org/archive/id/draft-jordan-jws-ct-00.html</a><br>
<br>
Abstract:<br>
This document describes a method for extending the scope of the JSON<br>
Web Signature (JWS) standard, called JWS/CT. By combining the<br>
detached mode of JWS with the JSON Canonicalization Scheme (JCS),<br>
JWS/CT enables JSON objects to remain in the JSON format after being<br>
signed (aka "Clear Text" signing).<br>
<br>
On-line service for testing/evaluation: <a href="https://mobilepki.org/jws-ct" rel="noreferrer" target="_blank">https://mobilepki.org/jws-ct</a><br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div>