Hi
It's not clear to me how a signature is calculated in [1].
Specifically, given Protected and Unprotected headers, the text
recommends that the union of the values referred to as JWS Header is
signed:
"The Header Parameter values used when creating or validating individual
signature or MAC values are the union of the two sets of Header
Parameter values that may be present".
but if so why differentiate between Protected and Unprotected headers in
a given signature element ?
How do the unprotected header values affect the signature/MAC calculation ?
Thanks, Sergey
[1]
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-23#section-7.2
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
