Awesome advise. Thanks.
Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Oct 10, 2018, at 7:47 PM, Kathleen Moriarty > <[email protected]> wrote: > > Bret, > > You could define it within a draft in a different working group other than > JOSE and ask for reviewers from JOSE to review and comment to catch problems. > Although already described above, there are issues with this and JSON, which > is why the WG didn't want to do canonicalization. > > I'm assuming you want to do basically what was done for RID in XML using > JSON. You may want to look at the set of possibilities to replicate as they > are all likely needed with what you are trying to do or just as part of your > gap analysis. > > https://tools.ietf.org/html/rfc6545#section-9.1 > <https://tools.ietf.org/html/rfc6545#section-9.1> > Also look at 9.3.1 and 9.3.2 as you're likely to also need multi-hop > authentication too. > > To David's point in the message that follows this (came in while typing), RID > signed portions of the message to enable interoperability and you are likely > to need to do very similar things that are described in RID related to the > policy work I had previously mentioned for your gap analysis as being similar > functionality. If you haven't looked at that part of the document, I think > it will be helpful. > > Best regards, > Kathleen > > > > On Wed, Oct 10, 2018 at 8:29 PM Manger, James > <[email protected] <mailto:[email protected]>> > wrote: > https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme > <https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme> > is a decent attempt at JSON canonicalization (and an appendix lists a few > other attempts). > > This one sorts object members based on their UTF-16 encoding (without > escapes), and assumes double precision floats is the model for numbers. > > > > -- > > James Manger > > > > From: jose [mailto:[email protected] <mailto:[email protected]>] On > Behalf Of Bret Jordan > Sent: Thursday, 11 October 2018 11:02 AM > To: Jim Schaad <[email protected] <mailto:[email protected]>> > Cc: Nathaniel McCallum <[email protected] > <mailto:[email protected]>>; [email protected] <mailto:[email protected]> > Subject: Re: [jose] Canonical JSON form > > > > > Other implementations say that you should preserver the order of the fields > you read when serialized which is part of JSON for the browser > implementations but not necessarily elsewhere. > > > > Preserving order is hard. Depending on your programming language you might > be deserializing the content in to a struct or you may be using a map. > > > > What I need is a way for individuals and organizations to be able to pass > around and share JSON data and collaboratively work on that JSON data and > sign the parts that they have done. > > > > > > > > Thanks, > > Bret > > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can > not be unscrambled is an egg." > > > > > > _______________________________________________ > jose mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/jose > <https://www.ietf.org/mailman/listinfo/jose> > > > -- > > Best regards, > Kathleen
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
