- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 23 Nov 2014 14:08:22 +0100
- To: Harry Halpin <hhalpin@w3.org>, Melvin Carvalho <melvincarvalho@gmail.com>
- CC: Dave Longley <dlongley@digitalbazaar.com>, ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org>, W3C Credentials Community Group <public-credentials@w3.org>, Stéphane Boyera <boyera@w3.org>
The topic can also be expressed as this...
IETF/W3C's view on the matter:
eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlFUkRDQ0FpeWdBd0lCQWdJR0FVbXRwcWwyTUEwR0NTcUdTSWIzRF
FFQkRRVUFNQ1l4Q3pBSkJnTlZCQVlUQWxWVE1SY3dGUVlEVlFRREV3NU5lVUpoYm1zZ1VtOXZkQ0JEUVRBZUZ3
MHhOREEzTVRBeE1EQXdNREJhRncweE9UQTNNVEF3T1RVNU5UbGFNQ3d4RVRBUEJnTlZCQVVUQ0RrMU5qY3pOVE
l5TVJjd0ZRWURWUVFERXc1TWRXdGxJRk5yZVhkaGJHdGxjakNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dF
UEFEQ0NBUW9DZ2dFQkFJTnJaUEhienhSSFBZSVRKM0NZNTRwV2x5N1NTL1lzb25NeEZtMy9QMzNVaUQ1VlVoaX
pzL3JsNkM2TC9NUlhLeENiY3hlSUpMQ3hObENLbHBpdk1MUExndExJVGYwYTNtZTBBek1md3lrRUxLbEF4OFJM
dUlBTzV1YWxkeEl4cVc5Y2pQejY2VVdpTjI5dTM4c1RVaUZ6ZWFUZmYzKzQ1VjNiMXluQVZURFdpUzJlZnRDNT
hKQW5Qbjg4b09QTXpER1FGRzd2cWxQSlJYRy9waC9tNnpUWWw0YVpwOGlQbUFqRUttcGxyVDlDWWc2bW1HdEN2
bmtmZ1ZNUVh4aTdqbmlSM1JxdCtLbHhWbWdHSmlVYVlQemMzanQzaFNDUXVxQ0l6OWxmNHpDdlJwRHV1UElmVU
taOEVBTlVZRHNmd1BFcUlFZjBza1I0T0FTRzN0WE5BVE1DQXdFQUFhTnlNSEF3Q1FZRFZSMFRCQUl3QURBT0Jn
TlZIUThCQWY4RUJBTUNBL2d3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0hRWURWUjBPQkJZRUZHMFZSTn
JqeXBsdDczWGhTcFFLQ0J2cmJEU2xNQjhHQTFVZEl3UVlNQmFBRlBzV1NKRGNNTm9YbXptcTdMQS9jWE1IMHZH
ck1BMEdDU3FHU0liM0RRRUJEUVVBQTRJQ0FRQ2VMSmxnbWpZNXhpR0pRSXg5bHhLS1YxR2V5TU5BSkVCNjBjT0
ZzV1VMbUlMZGpiWGxZdjRDVytRTTJxaGlEWXpxaEMrTm5kWWtkdlZOdXRRMy9IT0hJNHcwendxUk5iYjYyWXR4
NEh3aDFaY05HN2VwVGZxOUxRVTVqQ3BFd0hoQkxIOUdDRTlKbVlXQkhMVmlHOFhxZzVFdmF3anAxcjB3eVU4VU
UyWkpTT3Y0RHg2dGFqOHFZa0EvYWZBMU9tdHhaQytjWHBBMkNJL2h4eW1uY1V2OXhaTlpJZG5tdTFRdEx5WGZO
dm9zdi9aYjFEMEw0VVBIcXNObHpZUWFlbjU1YTdVNGFydExMOWZ3M2xpbVViUWYxNGJhcXUrd1p0cmQ0K1ZvbX
liOVV0YlBTN3pUakNRRkE2b3RJUjJ5NmZDQnJhTzg2VHNvdERsWXdsUkVGdXRBSGJPQlh3N3dvQnVuVFdqZmxJ
NW5LRG5ya0NoM0E4QUpERWpkd0luWWNkMENRaCtrd3QrWjMwVmZJTG5VbFJRNG9EUDA3U045ajRkMWduaDJRcV
JicDlVSjZXcnVoZkJ3aytrTnM5UVhNOGxUQVlEM2dIZEFhT094WVp1bEpKMElYTUlCdGJUWE0ybTNJM0FJQkZo
ZW5HRENrY2xaS2FlQTg0RHpXVnhPeU9DM1o4WEFiU3hMamU5Y2hIcFN2UG1wVG5SdWJvNWg2ZU1kcW1tYjVsZj
JUbFlnMFlxQllSMjNkMFp2Q3krdXc1VFpHZ25tQlNybGI4UG1oNEFCT3pHWUlSSGUyaU1NLzBwYTRIbWUvajJo
eDlJN2Jjem9mTm1ZaGNRaWNWRVdLeWttK0F5ajdydGtEVWpoNzB1YnkzbUxLK0dYeVBNc0lzRSsrYUVDeFNWM2
ZnPT0iXX0.eyJAY29udGV4dCI6Imh0dHA6Ly94bWxucy53ZWJwa2kub3JnL3djcHAtc2lnbmF0dXJlLWRlbW8i
LCJAcXVhbGlmaWVyIjoiU2lnbmF0dXJlUmVzcG9uc2UiLCJSZXF1ZXN0RGF0YSI6eyJPcmlnaW4iOiJodHRwcz
ovL2xvY2FsaG9zdDo4NDQyL1dDUFBTaWduYXR1cmVEZW1vL3NpZ25jbWQiLCJSZWZlcmVuY2VJRCI6IiMxMDAw
MDEyIiwiRGF0ZVRpbWUiOiIyMDE0LTExLTIzVDEyOjQ2OjIxWiJ9LCJEb2N1bWVudERhdGEiOnsiTUlNRVR5cG
UiOiJ0ZXh0L2h0bWwiLCJEb2N1bWVudEhhc2giOnsiQWxnb3JpdGhtIjoiaHR0cDovL3d3dy53My5vcmcvMjAw
MS8wNC94bWxlbmMjc2hhMjU2IiwiVmFsdWUiOiJYNGxfTzJfUVFWcXZyMkp3Vm5TVHlzdTU4RzdkTVkxOVBjVT
YzZ0VsMGVJIn19LCJEYXRlVGltZSI6IjIwMTQtMTEtMjNUMTI6NDY6MjdaIn0.HC8IWzV4F6UUbZ1OzSyshmgo
SVeRm6CsPl0Irwtat5KP_Hs0ndR0USqHmTVjBNqsd5Sj_AT7wF6tlPiUxLlYSGZj213Zju8-UTk6lQevsSa0At
_iBPjBPIth-ONb0qvDYGSLVsc8OBGi7LbhL9yZ6ejnI64uyOP5nrpulJNinui_rgcJNv01DJfIUnqsCby57ETa
xvb_YlrEhlUxfhDS_iQmaronmkM6-qUkVhJ_zvKtj2bmfsINHlX-xJaGMOA9doJk_I77RzE-7W0DVrSMVxPj29
4aCiMHxX7BxE0tX65m_ZaAE7UI0k6t1rsorqtll1mCFtmVN-Eifiv0Ric6GQ
Another view of the same thing:
{
"@context": "http://xmlns.webpki.org/wcpp-signature-demo",
"@qualifier": "SignatureResponse",
"RequestData":
{
"Origin": "https://localhost:8442/WCPPSignatureDemo/signcmd",
"ReferenceID": "#1000013",
"DateTime": "2014-11-23T12:51:52Z"
},
"DocumentData":
{
"MIMEType": "text/html",
"DocumentHash":
{
"Algorithm": "http://www.w3.org/2001/04/xmlenc#sha256",
"Value": "X4l_O2_QQVqvr2JwVnSTysu58G7dMY19PcU63gEl0eI"
}
},
"DateTime": "2014-11-23T12:51:58Z",
"Signature":
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"KeyInfo":
{
"SignatureCertificate":
{
"Issuer": "CN=MyBank Root CA,C=US",
"SerialNumber": "1415957621110",
"Subject": "CN=Luke Skywalker,2.5.4.5=#13083935363733353232"
},
"X509CertificatePath":
[
"MIIERDCCAiygAwIBAgIGAUmtpql2MA0GCSqGSIb3DQEBDQUAMCYxCzAJBgNVBAYTAlVTMRcwFQYDVQQDEw5NeUJhbmsgUm9vdCBDQTAeFw0xNDA3MTAxMDAwMDBaFw0xOTA3MTAwOTU5NTlaMCwxETAPBgNVBAUTCDk1NjczNTIyMRcwFQYDVQQDEw5MdWtlIFNreXdhbGtlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAINrZPHbzxRHPYITJ3CY54pWly7SS_YsonMxFm3_P33UiD5VUhizs_rl6C6L_MRXKxCbcxeIJLCxNlCKlpivMLPLgtLITf0a3me0AzMfwykELKlAx8RLuIAO5ualdxIxqW9cjPz66UWiN29u38sTUiFzeaTff3-45V3b1ynAVTDWiS2eftC58JAnPn88oOPMzDGQFG7vqlPJRXG_ph_m6zTYl4aZp8iPmAjEKmplrT9CYg6mmGtCvnkfgVMQXxi7jniR3Rqt-KlxVmgGJiUaYPzc3jt3hSCQuqCIz9lf4zCvRpDuuPIfUKZ8EANUYDsfwPEqIEf0skR4OASG3tXNATMCAwEAAaNyMHAwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCA_gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFG0VRNrjyplt73XhSpQKCBvrbDSlMB8GA1UdIwQYMBaAFPsWSJDcMNoXmzmq7LA_cXMH0vGrMA0GCSqGSIb3DQEBDQUAA4ICAQCeLJlgmjY5xiGJQIx9lxKKV1GeyMNAJEB60cOFsWULmILdjbXlYv4CW-QM2qhiDYzqhC-NndYkdvVNutQ3_HOHI4w0zwqRNbb62Ytx4Hwh1ZcNG7epTfq9LQU5jCpEwHhBLH9GCE9JmYWBHLViG8Xqg5Evawjp1r0wyU8UE2ZJSOv4Dx6taj8qYkA_afA1OmtxZC-cXpA2C
I_hxymncUv9xZNZIdnmu1QtLyXfNvosv_Zb1D0L4UPHqsNlzYQaen55a7U4artLL9fw3limUbQf14baqu-wZtrd4-Vomyb9UtbPS7zTjCQFA6otIR2y6fCBraO86TsotDlYwlREFutAHbOBXw7woBunTWjflI5nKDnrkCh3A8AJDEjdwInYcd0CQh-kwt-Z30VfILnUlRQ4oDP07SN9j4d1gnh2QqRbp9UJ6WruhfBwk-kNs9QXM8lTAYD3gHdAaOOxYZulJJ0IXMIBtbTXM2m3I3AIBFhenGDCkclZKaeA84DzWVxOyOC3Z8XAbSxLje9chHpSvPmpTnRubo5h6eMdqmmb5lf2TlYg0YqBYR23d0ZvCy-uw5TZGgnmBSrlb8Pmh4ABOzGYIRHe2iMM_0pa4Hme_j2hx9I7bczofNmYhcQicVEWKykm-Ayj7rtkDUjh70uby3mLK-GXyPMsIsE--aECxSV3fg"
]
},
"SignatureValue": "TrMCint_oVcY1Nuz8gcINOpT0SV2MRXzISDt1nHBaWiZToHUbB3Vg94xv95ApiEH4l5YaU-7W1F18QPvQC9rsOL9bsrrIdVPbw3mXWQxlf8FSv9FiitD0Qu1LeGm-YKBb0ZBnMS__fq8Ne8vYk6HvrgDVE64RPvNvGeK8seodX-Vdek-UU9OaGA6YqYocl5B1XWtSwgs0Wv971cayJYm7yQ-IMsylF5IbZcKXwt1WLkyy66LkV9x-FI3PbDqJBOC7Uz5XkEpW831O6XRon708KLRsm3E9awYDDgOo9ndPrztFrfVNatWVUAFepR39Ysfy7QiqrQO9OBFv-mIRzLQDQ"
}
}
Why would you settle on Base64 unless it was proved that it was absolutely necessary?
For the OpenID use-case "URL-friendly" signatures are needed but there are other use-cases.
Both signatures are authentic and generated by Chrome using WebCrypto and some trivial amounts of supporting code.
Anders
Received on Sunday, 23 November 2014 13:08:54 UTC