Sure, I thought JWS JSON objects were more restrictive. The order shown
in the JWS spec allows for streaming, on the -out and possibly -in side.
Is it really important to go pure JSON as far as the order of JWS JSOn
object properties is concerned ?
Cheers, Sergey
On 21/08/15 17:07, Mike Jones wrote:
JSON does not specify the order of the fields, so any order is legal. Per
http://rfc7159.net/rfc7159#rfc.section.1 "An object is an unordered collection of
zero or more name/value pairs, where a name is a string and a value is a string, number,
boolean, null, object, or array.".
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Friday, August 21, 2015 6:09 AM
To: Mike Jones; [email protected]
Subject: Re: [jose] JWS Signing Input Options initial working group draft
Hi Mike
The JWS JSON example at
https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-01#section-4.2
shows elements in the wrong order, according to
https://tools.ietf.org/html/rfc7515#section-7.2.2
the 'payload' should go first...
thanks, Sergey
On 10/08/15 21:01, Sergey Beryozkin wrote:
Hi Mike
Thanks for the clarification, indeed it all makes sense now (I would
like to think a bit more about JWT as JWS JSON, will send a separate
email if anything relevant comes to mind).
Cheers, Sergey
On 10/08/15 16:40, Mike Jones wrote:
Hi Sergey,
Actually, the JWT restriction to only using the compact serialization
is already in the JWT spec itself. The last sentence of the first
paragraph of the introduction at
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools
.ietf.org%2fhtml%2frfc7519%23section-1&data=01%7c01%7cMichael.Jones%4
0microsoft.com%7cc0fa460926a84bb9ab2308d2aa29b0d7%7c72f988bf86f141af9
1ab2d7cd011db47%7c1&sdata=ntR%2fTNYZsAub8dOSyIKLN5%2blHNtKExYCzBj%2fT
M1T4QE%3d says "JWTs are always represented using the JWS Compact
Serialization or the JWE Compact Serialization". The new text in the JWS
Unsigned Payload Option spec just adds the restriction that JWTs are to continue to
use RFC7515 as written - base64url encoding the JWT claims as they always have been
- for interop purposes.
That doesn't mean that other applications can't use JWS to sign
detached unencoded JSON payloads with the "b64":false option using
either JWS serialization.
Does that address what you were thinking about or do you still have
concerns?
-- Mike
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Monday, August 10, 2015 2:39 AM
To: Mike Jones; [email protected]
Subject: Re: [jose] JWS Signing Input Options initial working group
draft
Hi, thanks for adding the JWS JSON (flattened serialization) example,
I thought the earlier text was also clear about having to use the
detached payloads in case of JWS Compact.
Re the new JWT restriction.
I know JWT is meant to be used primarily in OAuth2 contexts as a
token or grant (or as one of token or grant property) representation
and hence it is JWS Compact.
But I wonder, should this particular text effectively block the
possible future use of JWT in (JWS JSON) message payloads...
Cheers, Sergey
On 10/08/15 05:21, Mike Jones wrote:
You can't use an unencoded non-detached JSON payload using the JWS
Compact Serialization because it uses characters that aren't
URL-safe, such as "{". For that reason, the spec now makes it clear
that JWTs cannot use the "b64":false option.
You *can* use JSON payloads with the JWS JSON Serialization. Any
double-quote characters in the JSON would have to be quoted -
typically using \" - so that the double-quotes don't terminate the
"payload" value. See the new section
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftoo
ls.ietf.org%2fhtml%2fdraft-ietf-jose-jws-signing-input-options-01%23
section-5&data=01%7c01%7cMichael.Jones%40microsoft.com%7c634a8171fb8
74a34dbe908d2a1678cfb%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=F
dTmmqFjXX9LBw56a1%2bk2K3dPmhp89ZqEec%2bgbAcRZA%3d
for more on character restrictions in unencoded payloads.
-- Mike
-----Original Message-----
From: jose [mailto:[email protected]] On Behalf Of Sergey
Beryozkin
Sent: Saturday, July 25, 2015 3:01 AM
To: [email protected]
Subject: Re: [jose] JWS Signing Input Options initial working group
draft
Hi, can you please add an example showing a b64 header affecting JWS
JSON payload ? I can imagine how it will look like but it is good to
see an example that can be tested locally...
Cheers, Sergey
On 23/07/15 19:17, Mike Jones wrote:
The initial working group version of JWS Signing Input Options has
been posted. It contains no normative changes from
draft-jones-jose-jws-signing-input-options-00
<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fself-issued.info%2f%3fp%3d1398&data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zQrvoO4fBOa1nUomMVoBT862ELgRpuIQ%2fBaV17ijH7Y%3d>.
Let the working group discussions begin! I particularly call your
attention to Martin Thomson's review at
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww
.i
e
tf.org%2fmail-archive%2fweb%2fjose%2fcurrent%2fmsg05158.html%2c&dat
a=
0
1%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d294
d7
e
6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=2mVSuUk74d8ZGB9gxW
Ry b f%2bUz5pxOXmLiUcAqL%2bVvNk%3d Nat Sakimura's review at
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww
.ietf.org%2fmail-archive%2fweb%2fjose%2fcurrent%2fmsg05189.html%2c&
data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a42493
08d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zdSucPmd5
z%2b5Q5Zi%2fB61FmoUn9bhxmvatIl3R9WOdhQ%3d
and Matias Woloski's review at
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww
.ietf.org%2fmail-archive%2fweb%2fjose%2fcurrent%2fmsg05191.html&dat
a=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d
294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=raojbpPQjvnj
NDynLSzSydtnVe%2fnfmWvIRTD9oXoKqA%3d
to start things off.
The specification is available at:
*https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ft
oo
l
s.ietf.org%2fhtml%2fdraft-ietf-jose-jws-signing-input-options-00&da
ta
=
01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d29
4d
7
e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=B7CCBZSw%2f9mJ354
xj
1
Vplr0CKN3KjSDXHeFuUbWYx%2fs%3d
An HTML formatted version is also available at:
*https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fse
lf
-
issued.info%2fdocs%2fdraft-ietf-jose-jws-signing-input-options-00.h
tm
l
&data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249
30
8
d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=H0jHGZqOrts
xM
B
EY3W7lFx2agz8V54RDoALY%2bxcjWV0%3d
--
Mike
P.S. This note is also posted at
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsel
f-issued.info%2f%3fp%3d1432&data=01%7c01%7cmichael.jones%40microsof
t.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab2d7c
d011db47%7c1&sdata=Ehd0PdoNA2rZx9b%2bTrPOgO5G2Nxkp1FutbTnL7cD9dg%3d
and as @selfissued
<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=54dOa%2fD75zbVVpfbjYFAq4yL9zmJ7q9p2qIbJRY%2flIA%3d>.
_______________________________________________
jose mailing list
[email protected]
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.
i
etf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cmichael.jones%40
mi
c
rosoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91a
b2
d
7cd011db47%7c1&sdata=fOZrXA8pnh4Z5XsMQw5ro6Fc0%2bECj%2bKjeEziSJ5V5x
M%
3
d
_______________________________________________
jose mailing list
[email protected]
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww
.i
etf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cmichael.jones%40m
ic
rosoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab
2d
7cd011db47%7c1&sdata=fOZrXA8pnh4Z5XsMQw5ro6Fc0%2bECj%2bKjeEziSJ5V5xM
%3
d
--
Sergey Beryozkin
Talend Community Coders
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fcoders.talend.com%2f&data=01%7c01%7cMichael.Jones%40microsoft.com%7cc0fa460926a84bb9ab2308d2aa29b0d7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=dGSc1zm0PKO21SYGNF%2b1l38fV3B1R7W%2f7g5efuJuzpQ%3d
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
