JCS - JSON Clear Text Signature Was: Updated: Re: Giving up on XML DSig => JSON from Anders Rundgren on 2013-09-02 (public-identity@w3.org from September 2013)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Mon, 02 Sep 2013 11:18:24 +0200
To: David Chadwick <d.w.chadwick@kent.ac.uk>
CC: Anders Rundgren <anders.rundgren@telia.com>, "public-identity@w3.org" <public-identity@w3.org>
Message-ID: <522457E0.7000301@telia.com>

On 2013-09-02 10:08, David Chadwick wrote:
> Hi Anders
> 
> I am interested in the contents of the  "X509CertificatePath" element. 
> Which certificates does it contain in which order? Does it contain 
> multiple paths? Is it taken from any standard definition (such as the 
> OASIS J2ME Code-Signing Profile of the OASIS Digital Signature Services
> Standard of 11 April 2007)

Hi David,

Thank you for pointing out this glaring hole in the documentation !
It has been fixed now (update 0.44):

https://openkeystore.googlecode.com/svn/resources/trunk/docs/JSON-Clear-Text-Signature-Scheme.pdf

I think JCS should be regarded as an _extremely_ scaled-down and simplified version of XML DSig.
The primary target for JCS are security protocols with KeyGen2 as the first "victim".

Regards
Anders


> 
> regards
> 
> David
> 
> 
> On 31/08/2013 04:22, Anders Rundgren wrote:
>> Hi,
>> Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
>>
>> Canonicalization:
>> - Remove whitespace
>> - Unescape "strings"
>> - Sort properties
>>
>> Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
>>
>> That is, the final XML DSig "leftover", the awkward Reference has been shelved.
>> I expect the resulting code to be even shorter than today :-)
>>
>>     {
>>      "@context": "http://example.com/test-signature",
>>      "Now": "2013-08-30T07:56:08+02:00",
>>      "ID": "lADU_sO067Wlgoo52-9L",
>>      "STRINGS": ["One","Two","Three"],
>>      "EscapeMe": "A\\\n\"",
>>      "Intra": 78,
>>      "Signature":
>>        {
>>          "SignatureInfo":
>>            {
>>              "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
>>              "KeyInfo":
>>                {
>>                  "SignatureCertificate":
>>                    {
>>                      "Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
>>                      "SerialNumber": 1377713637130,
>>                      "Subject": "CN=example.com,O=Example Organization,C=US"
>>                    },
>>                  "X509CertificatePath":
>>                    [
>>                      "MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
>>                    ]
>>                }
>>            },
>>          "SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
>>        },
>>    }
>>
>> The sample shows the new KeyGen2 message structure which has been derived from JSON-LD (@context)
>>
>> Cheers
>> Anders
>>

Received on Monday, 2 September 2013 09:19:06 UTC