Thanks..! That implies JWS/JWE do not support partial patload encryption / signature..? Any thoughts why it was not considered...?
Thanks & regards, -Prabath On Sat, Jun 7, 2014 at 12:16 PM, Mike Jones <[email protected]> wrote: > The whole payload is signed - the whole plaintext is encrypted. > ------------------------------ > From: Prabath Siriwardena <[email protected]> > Sent: 6/6/2014 11:09 PM > To: [email protected]; Mike Jones <[email protected]> > Subject: [jose] Can we do partial encryption/signing of the message > payload...? > > Going through the JWS specification I found that we can sign different > parts of the JWS header... and kept some unsigned.. > > Going through the JWE specification I found that we can encrypt the > content encryption key for different recipients using different keys... > > Something not clear to me is.. can we sign/encrypt just parts of the > JSON payload ? (this is analogous to the partial encryption/signature in > WS-Security)... > > Appreciate a lot your thoughts... > > > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
