W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

RFC 8785 - JSON Canonicalization Scheme

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 30 Jun 2020 07:11:02 +0200
To: Web Payments Working Group <public-payments-wg@w3.org>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <a348bc32-023e-05d0-ed1b-a88f8379086e@gmail.com>
https://www.rfc-editor.org/rfc/rfc8785

In case you would like to test what you can do with JSON canonicalization, there are two public Web applications at your disposal:
Using JWS: https://mobilepki.org/jws-jcs
Using an "unwrapped" JWS called Java Signature Format (JSF): https://mobilepki.org/jsf-lab

A real-world implementation from OWASP using JSF: https://cyclonedx.org/use-cases/#authenticity

In Saturn JSF is not only a security solution, it is also used for counter-signatures to simplify state-holding in payment systems.  That is, a two-phase payment works as follows:
Merchant - Bank

1. Signed request for a RESERVATION ->  Create and store a unique identifier in a reservation-record
2. <- Return signed authorization embedding the request as well as the unique identifier.
3. Signed request for a TRANSACTION embedding the previous message -> Bank verifies that it was the signer in #2, find the record associated with the unique identifier and that's about it.

https://cyberphone.github.io/doc/saturn/hybrid-payment.html#6

By securely embedding related messages in each other (aka "Russian doll"), there is no need for external references to previous messages.

Enjoy!

Anders
Received on Tuesday, 30 June 2020 05:11:21 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 30 June 2020 05:11:23 UTC