Going through the JWS specification I found that we can sign different parts of the JWS header... and kept some unsigned..
Going through the JWE specification I found that we can encrypt the content encryption key for different recipients using different keys... Something not clear to me is.. can we sign/encrypt just parts of the JSON payload ? (this is analogous to the partial encryption/signature in WS-Security)... Appreciate a lot your thoughts... Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
