Updated: Re: Giving up on XML DSig => JSON
7 views
Skip to first unread message
Anders Rundgren
Aug 31, 2013, 12:55:07 AM8/31/13
to icf-m...@googlegroups.com
Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
Canonicalization:
- Remove whitespace
- Unescape "strings"
- Sort properties
Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
That is, the final XML DSig "leftovers", the awkward Reference as well the slightly redundant SignatureInfo have been shelved.
I expect the resulting code to be even shorter than today :-)
{
"@context": "http://example.com/test-signature",
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
"Signature":
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
"KeyInfo":
{
"SignatureCertificate":
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
"X509CertificatePath":
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}
The sample shows the new KeyGen2 message structure which has been derived from JSON-LD (@context)
Cheers
Anders
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
Canonicalization:
- Remove whitespace
- Unescape "strings"
- Sort properties
Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
That is, the final XML DSig "leftovers", the awkward Reference as well the slightly redundant SignatureInfo have been shelved.
I expect the resulting code to be even shorter than today :-)
{
"@context": "http://example.com/test-signature",
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
"Signature":
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
"KeyInfo":
{
"SignatureCertificate":
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
"X509CertificatePath":
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}
The sample shows the new KeyGen2 message structure which has been derived from JSON-LD (@context)
Cheers
Anders
Reply all
Reply to author
Forward
0 new messages