Updated: Re: Giving up on XML DSig => JSON

Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.

Canonicalization:
- Remove whitespace
- Unescape "strings"
- Sort properties

Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.

That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)

   {
    "@context": "http://example.com/test-signature",
    "Now": "2013-08-30T07:56:08+02:00",
    "ID": "lADU_sO067Wlgoo52-9L",
    "STRINGS": ["One","Two","Three"],
    "EscapeMe": "A\\\n\"",
    "Intra": 78,
    "Signature":
      {
        "SignatureInfo":
          {
            "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
            "KeyInfo":
              {
                "SignatureCertificate":
                  {
                    "Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
                    "SerialNumber": 1377713637130,
                    "Subject": "CN=example.com,O=Example Organization,C=US"
                  },
                "X509CertificatePath":
                  [
                    "MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
                  ]
              }
          },
        "SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
      },
  }

The sample shows the new KeyGen2 message structure which has been derived from JSON-LD (@context)

Cheers
Anders

Received on Saturday, 31 August 2013 03:23:38 UTC