Kathleen, From your comments I take it is okay then to do a draft proposal in another WG and then have this mailing list review it? Would we then restart JOSE if the draft was good to have it standardized in JOSE or just some other WG?
I just want to be sensitive to the work that has already been done and build on it. I also do not want to do things that are “bad form”. We are all in this boat together, and I just want to work with everyone to row in the same direction. BTW, I have spoken with a few other vendors and service providers and they are also very interested in this work as it would solve a lot of problems they have or are seeing. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Oct 10, 2018, at 7:47 PM, Kathleen Moriarty > <[email protected]> wrote: > > Bret, > > You could define it within a draft in a different working group other than > JOSE and ask for reviewers from JOSE to review and comment to catch problems. > Although already described above, there are issues with this and JSON, which > is why the WG didn't want to do canonicalization. > > I'm assuming you want to do basically what was done for RID in XML using > JSON. You may want to look at the set of possibilities to replicate as they > are all likely needed with what you are trying to do or just as part of your > gap analysis. > > https://tools.ietf.org/html/rfc6545#section-9.1 > <https://tools.ietf.org/html/rfc6545#section-9.1> > Also look at 9.3.1 and 9.3.2 as you're likely to also need multi-hop > authentication too. > > To David's point in the message that follows this (came in while typing), RID > signed portions of the message to enable interoperability and you are likely > to need to do very similar things that are described in RID related to the > policy work I had previously mentioned for your gap analysis as being similar > functionality. If you haven't looked at that part of the document, I think > it will be helpful. > > Best regards, > Kathleen > > > > On Wed, Oct 10, 2018 at 8:29 PM Manger, James > <[email protected] <mailto:[email protected]>> > wrote: > https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme > <https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme> > is a decent attempt at JSON canonicalization (and an appendix lists a few > other attempts). > > This one sorts object members based on their UTF-16 encoding (without > escapes), and assumes double precision floats is the model for numbers. > > > > -- > > James Manger > > > > From: jose [mailto:[email protected] <mailto:[email protected]>] On > Behalf Of Bret Jordan > Sent: Thursday, 11 October 2018 11:02 AM > To: Jim Schaad <[email protected] <mailto:[email protected]>> > Cc: Nathaniel McCallum <[email protected] > <mailto:[email protected]>>; [email protected] <mailto:[email protected]> > Subject: Re: [jose] Canonical JSON form > > > > > Other implementations say that you should preserver the order of the fields > you read when serialized which is part of JSON for the browser > implementations but not necessarily elsewhere. > > > > Preserving order is hard. Depending on your programming language you might > be deserializing the content in to a struct or you may be using a map. > > > > What I need is a way for individuals and organizations to be able to pass > around and share JSON data and collaboratively work on that JSON data and > sign the parts that they have done. > > > > > > > > Thanks, > > Bret > > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can > not be unscrambled is an egg." > > > > > > _______________________________________________ > jose mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/jose > <https://www.ietf.org/mailman/listinfo/jose> > > > -- > > Best regards, > Kathleen
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
