EcmaScript V6 and JSON Signatures from Anders Rundgren on 2015-10-25 (public-credentials@w3.org from October 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 25 Oct 2015 17:23:46 +0100
To: Web Payments CG <public-webpayments@w3.org>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <562D0212.9090605@gmail.com>

Hi Everybody,
It seems (fingers crossed) that my quest for clear-text JSON signatures finally have gotten a reasonable solution.

Actually it was always reasonable but some people expressed doubts on the adoption since it required improved/modified/bastardized JSON parsers.

By pure accident (and Google search...) I just found that the most recent version of EcmaScript (=JavaScript) addresses the two core problems:
- Property ordering => Creation order *
- Number canonicalization => Defined to the very last bit

http://www.ecma-international.org/ecma-262/6.0/index.html#sec-ordinary-object-internal-methods-and-internal-slots-ownpropertykeys
http://www.ecma-international.org/ecma-262/6.0/index.html#sec-tostring-applied-to-the-number-type

Converted into developer lingo it means that ES V6 makes clear-text signatures securely transferable between browsers and JS-servers with no extra code at all like I already do:
https://github.com/cyberphone/web2native-bridge/blob/master/webpayment.client/test/test.html#L23

Creating a signature in a browser using WebCrypto would require some 20 lines of JS-code assuming a base64URL library is available.

Anders

* Well, numeric properties ("1":"hi there") doesn't follow this scheme but I think the world can live without that...

Received on Sunday, 25 October 2015 16:24:19 UTC