I actually think this goes the wrong way in a different direction. Namely,
we don't need to have the signing instructions cover the multiple-signer
case. The signatures are independent, so we can just write a single-signer
algorithm and say, "do this for each signer".
As I noted in ISSUE-26, the only modification needed here is in how the JWS
Signing Input is determined.
OLD:
"""
5. Compute the JWS Signature in the manner defined for the particular
algorithm being used over the JWS Signing Input (the concatenation of the
Encoded JWS Header, a period ('.') character, and the Encoded JWS Payload).
The alg (algorithm) header parameter MUST be present in the JWS Header,
with the algorithm value accurately representing the algorithm used to
construct the JWS Signature.
"""
NEW:
"""
5. Compute the JWS Signing Input. If there is a JWS Protected Header, then
the JWS Signing Input is the concatenation of the Encoded JWS Header, a
period ('.') character, and the Encoded JWS Payload. If there is no JWS
Protected Header, then the JWS Signing Input is simply the JWS Payload.
6. Compute the JWS Signature in the manner defined for the particular
algorithm being used over the JWS Signing Input. The alg (algorithm) header
parameter MUST be present in the JWS Header, with the algorithm value
accurately representing the algorithm used to construct the JWS Signature.
"""
Note that this is independent of how the JWS Payload is represented in the
JSON representation (base64url encoded or directly).
--Richard
On Sat, Jun 29, 2013 at 12:07 AM, Jim Schaad <[email protected]> wrote:
> I would suggest something along the following lines. It is still missing
> some of the descriptive text that is required, but not a great deal of it.
> ****
>
> ** **
>
> Jim****
>
> ** **
>
> ** **
>
> ** **
>
> 5.1 Message signing or MACing****
>
> ** **
>
> To create a JWS, on performs the following steps. The order of the steps
> is information, however the result of performing the steps is prescriptive.
> ****
>
> ** **
>
> **1. ** Verify the content to be used as the JWS Payload is an
> octet stream. If it is not then the fail.****
>
> **2. ** If a common signature header field exists, then serialize
> the object describing the header using UTF-8 and then base64 URL that
> result. This is now the Encoded JWS Header.****
>
> **3. **For each signature to be created perform the following steps:
> ****
>
> **a. **Obtain the algorithm to be used for the signature
> operation. This may be in the common signature protected header, the
> common signature unprotected header or the signature header objects. If
> this is not a legal and supported signature algorithm then fail.****
>
> **b. **Verify that the key to be used for the signature operation is
> compatible with the signature algorithm.****
>
> **c. **Concatenate the following values for the octet stream to be
> signed:****
>
> ** i. *
> *The Encoded JWS header if it exists,****
>
> ** ii. **One
> period character (‘.’)****
>
> ** iii. **The
> JWS payload****
>
> **d. **Compute the signature value using the key, the signature
> algorithm and the octet stream to be signed.****
>
> **e. **Base64url encode the signature value, this is the Encoded JWS
> signature.****
>
> ** **
>
> Section 8.1 Compact serialization****
>
> ** **
>
> In order for a compact serialization to be created, the following
> conditions must be met:****
>
> **1. **There must be exactly one signer****
>
> **2. **There must not be a common unprotected header field or a
> signer header field. These can be combined before the signature is created
> to form the common protected header field.****
>
> **3. **The JWS payload MUST conform to the character set which is
> used for base64url encoding. This is A-Za-z0-9 (and whatever the rest of
> them are)****
>
> ** **
>
> The compact serialization is formed by concatenating the following items:*
> ***
>
> **1. **The Encoded JWS Header,****
>
> **2. **One period character (‘.’)****
>
> **3. **The JWS Payload****
>
> **4. **One period character (‘.’)****
>
> **5. **The Encoded JWS signature****
>
> ** **
>
> Section 8.2 JSON Serialization****
>
> ** **
>
> The JSON serialization is an object with the following members:****
>
> Protected - a string containing the Encoded JWS Header
> (OPTIONAL)****
>
> Unprotected - an object containing any common unprotected header
> values (OPTINAL)****
>
> Payload - a string containing the JWS Payload (REQUIRED)***
> *
>
> Signatures - an array containing one element for each signature
> created. Each array element consists of an object with the following
> members:****
>
> Header – an object containing any signer specific
> unprotected header values (OPTINAL)****
>
> Signature – a string containing the Encoded JWS Signature
> for that signer.****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
>
>
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
