<html><head><base href="x-msg://270/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Mike in JWT 6.7 if the alg is none.<div><br></div><div><span class="Apple-style-span" style="font-family: Times; "><pre style="word-wrap: break-word; white-space: pre-wrap; ">Otherwise, if the "alg" value
is ""none"", the JWT Claim Segment is the empty string.
</pre><div>I may be missing something. If the Alg is none then the Claim segment is still the claim segment. It is the Crypto segment that would just be padding to maintain the format.</div><div><br></div><div>In 8 10 the decoding has it correct.</div><div><br></div><div>So in the event the signature alg is none do we make the cripto segment a pad character?</div><div><br></div><div>So normally it would be </div><div>xxxxxxx.xxxxxxxx.xxxxx</div><div><br></div><div>Dropping the cripto segment looks like</div><div>xxxxxxx.xxxxxxxx.</div><div><br></div><div>Or with a pad char to be ignored </div><div>xxxxxxx.xxxxxxxxx.0</div><div><br></div><div>Or something like that.</div><div><br></div><div>John B.</div></span><div><div>On 2011-03-28, at 5:28 AM, Mike Jones wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1" style="page: WordSection1; "><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="color: rgb(0, 32, 96); ">These are now published as IETF drafts. The IETF .txt version links are:<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="color: rgb(0, 32, 96); "> <span class="Apple-converted-space"> </span><a href="http://www.ietf.org/id/draft-jones-json-web-token-03.txt" style="color: blue; text-decoration: underline; ">http://www.ietf.org/id/draft-jones-json-web-token-03.txt</a><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="color: rgb(0, 32, 96); "> <span class="Apple-converted-space"> </span><a href="http://www.ietf.org/id/draft-jones-json-web-signature-01.txt" style="color: blue; text-decoration: underline; ">http://www.ietf.org/id/draft-jones-json-web-signature-01.txt</a><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="color: rgb(0, 32, 96); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="color: rgb(0, 32, 96); "> -- Mike<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="color: rgb(0, 32, 96); "><o:p> </o:p></span></div><div><div style="border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; border-top-style: solid; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding-top: 3pt; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span><a href="mailto:oauth-bounces@ietf.org" style="color: blue; text-decoration: underline; ">oauth-bounces@ietf.org</a><span class="Apple-converted-space"> </span>[mailto:oauth-bounces@ietf.org]<span class="Apple-converted-space"> </span><b>On Behalf Of<span class="Apple-converted-space"> </span></b>Mike Jones<br><b>Sent:</b><span class="Apple-converted-space"> </span>Friday, March 25, 2011 10:26 PM<br><b>To:</b><span class="Apple-converted-space"> </span><a href="mailto:oauth@ietf.org" style="color: blue; text-decoration: underline; ">oauth@ietf.org</a>;<span class="Apple-converted-space"> </span><a href="mailto:woes@ietf.org" style="color: blue; text-decoration: underline; ">woes@ietf.org</a>;<span class="Apple-converted-space"> </span><a href="mailto:openid-specs-ab@lists.openid.net" style="color: blue; text-decoration: underline; ">openid-specs-ab@lists.openid.net</a><br><b>Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:openid-specs@lists.openid.net" style="color: blue; text-decoration: underline; ">openid-specs@lists.openid.net</a><br><b>Subject:</b><span class="Apple-converted-space"> </span>[OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs<o:p></o:p></span></div></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; ">As promised, I have split the contents of the JWT spec<span class="Apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-token-01.html" style="color: blue; text-decoration: underline; ">draft-jones-json-web-token-01</a><span class="Apple-converted-space"> </span>into two simpler specs:<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "> <span class="Apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-token-02.html" style="color: blue; text-decoration: underline; ">draft-jones-json-web-token-02</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "> <span class="Apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-signature-00.html" style="color: blue; text-decoration: underline; ">draft-jones-json-web-signature-00</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; ">These should have introduced no semantic changes from the previous spec.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; ">I then applied the feedback that I received since JWT -01 and created revised versions of the split specs:<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "> <span class="Apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-token-03.html" style="color: blue; text-decoration: underline; ">draft-jones-json-web-token-03</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "> <span class="Apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-signature-01.html" style="color: blue; text-decoration: underline; ">draft-jones-json-web-signature-01</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; ">The only breaking change introduced was that x5t (X.509 Certificate Thumbprint) is now a SHA-1 hash of the DER-encoded certificate, rather than a SHA-256 has, as SHA-1 is the prevailing existing practice for certificate thumbprint calculations. See the Document History sections for details on each change made.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; ">.txt and .xml versions are also available. I plan to publish these as IETF drafts once the submission window re-opens on Monday. Feedback welcome!<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "> -- Mike<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; ">P.S. Yes, work on the companion encryption spec is now under way…<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div></div>_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" style="color: blue; text-decoration: underline; ">Openid-specs-ab@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color: blue; text-decoration: underline; ">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br></div></span></blockquote></div><br></div></body></html>