On Jul 5, 2012, at 9:31 AM, Jim Klo wrote: > That's one area where I think your proposal is lacking is that there's not > really a method to exclude fields from the signature except via underscore > fields. The key thing to note is we had a document model before object > signing requirement; so we had to design a signature solution that was > additive in order to not change object model field names for risk of blowing > backwards compatibility.
It's definitely possible to do this, at the cost of complicating the spec. Two possibilities: (a) Add optional (mutually exclusive) 'include' and 'exclude' properties of the 'signature' property; they would contain arrays of strings naming top-level properties. If 'include' is present, only the named properties are signed; if 'exclude', the named properties are not signed. or (b) Allow the 'signature' property to appear below the top level of a document. If it's in a nested object, the signature applies only to that object. (This is nice in that it allows multiple signed objects to be combined in a document; but it requires validation to search recursively through the whole document for 'signature' properties.) > If you haven't been following IETF's JOSE, you should take a look at it > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/?include_text=1 > It's not very CouchDB friendly I looked at it briefly; it seems pretty lame. The major flaw is that it doesn't specify how to canonicalize JSON, so it's really only useful for signing strings. (Of course you can encode the JSON as a string, but then it's 'dead' and not part of the document. This may be what you mean by 'not very CouchDB friendly'.) The other weird thing I noticed is that they insist on base64 encoding data before signing it, which is totally pointless and makes me wonder how much these people understand about cryptography. > FWIW canonical JSON is very difficult to make portable (ordered maps aren't > supported across many languages) You just need to define an ordering for the keys in a dictionary, as I did. Then you write a simple JSON encoder that sorts the keys before writing them out. —Jens
