Re: [OAUTH-WG] [Openid-specs-ab] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs

Mon, 28 Mar 2011 14:59:53 -0700 

Mike in JWT 6.7 if the alg is none.

Otherwise, if the "alg" value
       is ""none"", the JWT Claim Segment is the empty string.
I may be missing something.  If the Alg is none then the Claim segment is still 
the claim segment.   It is the Crypto segment that would just be padding to 
maintain the format.

In 8 10 the decoding has it correct.

So in the event the signature alg is none do we make the cripto segment a pad 
character?

So normally it would be 
xxxxxxx.xxxxxxxx.xxxxx

Dropping the cripto segment looks like
xxxxxxx.xxxxxxxx.

Or with a pad char to be ignored 
xxxxxxx.xxxxxxxxx.0

Or something like that.

John B.
On 2011-03-28, at 5:28 AM, Mike Jones wrote:

> These are now published as IETF drafts.  The IETF .txt version links are:
>                http://www.ietf.org/id/draft-jones-json-web-token-03.txt
>                http://www.ietf.org/id/draft-jones-json-web-signature-01.txt
>  
>                                                             -- Mike
>  
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of 
> Mike Jones
> Sent: Friday, March 25, 2011 10:26 PM
> To: oauth@ietf.org; w...@ietf.org; openid-specs...@lists.openid.net
> Cc: openid-sp...@lists.openid.net
> Subject: [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in 
> separate specs
>  
> As promised, I have split the contents of the JWT spec 
> draft-jones-json-web-token-01 into two simpler specs:
>                 draft-jones-json-web-token-02
>                 draft-jones-json-web-signature-00
> These should have introduced no semantic changes from the previous spec.
>  
> I then applied the feedback that I received since JWT -01 and created revised 
> versions of the split specs:
>                 draft-jones-json-web-token-03
>                 draft-jones-json-web-signature-01
> The only breaking change introduced was that x5t (X.509 Certificate 
> Thumbprint) is now a SHA-1 hash of the DER-encoded certificate, rather than a 
> SHA-256 has, as SHA-1 is the prevailing existing practice for certificate 
> thumbprint calculations.  See the Document History sections for details on 
> each change made.
>  
> .txt and .xml versions are also available.  I plan to publish these as IETF 
> drafts once the submission window re-opens on Monday.  Feedback welcome!
>  
>                                                             -- Mike
>  
> P.S.  Yes, work on the companion encryption spec is now under way…
>  
> _______________________________________________
> Openid-specs-ab mailing list
> openid-specs...@lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to