http://www.ietf.org/id/draft-ietf-jose-use-cases-04.txt
"In practice, however, XML-based secure object formats introduce similar levels of complexity to ASN.1, so developers that lack the tools or motivation to handle ASN.1 aren't likely to use XML security either" This may be correct although the analysis is somewhat limited. However, JOSE in its current incarnation doesn't address complex messaging applications due to its incompatibility with XSDL-like methods (JWS _obscures_ the message content). IMHO there is a middle-ground where JOSE may be a bit too primitive and XML Security is unnecessary complex (not to mention poorly supported on most platforms except Windows). Although probably of no interest to the JOSE WG, I believe enveloped signatures like featured in http://webpki.org/papers/keygen2/doc/org/webpki/json/package-summary.html#package_description will become popular; the canonicalization issues compared with XML DSig are virtually zero if you use encoders and decoders that _preserve_ the textual information. </Anders> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
