Correct - good catch. I'll update the draft. The intent was for there to be
no pad character in that case.
--
Mike
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Monday, March 28, 2011 3:00 PM
To: Mike Jones
Cc: oauth@ietf.org; w...@ietf.org; openid-specs...@lists.openid.net;
openid-sp...@lists.openid.net
Subject: Re: [Openid-specs-ab] [OAUTH-WG] JSON Web Token (JWT) and JSON Web
Signature (JWS) now in separate specs
Mike in JWT 6.7 if the alg is none.
Otherwise, if the "alg" value
is ""none"", the JWT Claim Segment is the empty string.
I may be missing something. If the Alg is none then the Claim segment is still
the claim segment. It is the Crypto segment that would just be padding to
maintain the format.
In 8 10 the decoding has it correct.
So in the event the signature alg is none do we make the cripto segment a pad
character?
So normally it would be
xxxxxxx.xxxxxxxx.xxxxx
Dropping the cripto segment looks like
xxxxxxx.xxxxxxxx.
Or with a pad char to be ignored
xxxxxxx.xxxxxxxxx.0
Or something like that.
John B.
On 2011-03-28, at 5:28 AM, Mike Jones wrote:
These are now published as IETF drafts. The IETF .txt version links are:
http://www.ietf.org/id/draft-jones-json-web-token-03.txt
http://www.ietf.org/id/draft-jones-json-web-signature-01.txt
-- Mike
From: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>
[mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones
Sent: Friday, March 25, 2011 10:26 PM
To: oauth@ietf.org<mailto:oauth@ietf.org>; w...@ietf.org<mailto:w...@ietf.org>;
openid-specs...@lists.openid.net<mailto:openid-specs...@lists.openid.net>
Cc: openid-sp...@lists.openid.net<mailto:openid-sp...@lists.openid.net>
Subject: [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in
separate specs
As promised, I have split the contents of the JWT spec
draft-jones-json-web-token-01<http://self-issued.info/docs/draft-jones-json-web-token-01.html>
into two simpler specs:
draft-jones-json-web-token-02<http://self-issued.info/docs/draft-jones-json-web-token-02.html>
draft-jones-json-web-signature-00<http://self-issued.info/docs/draft-jones-json-web-signature-00.html>
These should have introduced no semantic changes from the previous spec.
I then applied the feedback that I received since JWT -01 and created revised
versions of the split specs:
draft-jones-json-web-token-03<http://self-issued.info/docs/draft-jones-json-web-token-03.html>
draft-jones-json-web-signature-01<http://self-issued.info/docs/draft-jones-json-web-signature-01.html>
The only breaking change introduced was that x5t (X.509 Certificate Thumbprint)
is now a SHA-1 hash of the DER-encoded certificate, rather than a SHA-256 has,
as SHA-1 is the prevailing existing practice for certificate thumbprint
calculations. See the Document History sections for details on each change
made.
.txt and .xml versions are also available. I plan to publish these as IETF
drafts once the submission window re-opens on Monday. Feedback welcome!
-- Mike
P.S. Yes, work on the companion encryption spec is now under way...
_______________________________________________
Openid-specs-ab mailing list
openid-specs...@lists.openid.net<mailto:openid-specs...@lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
