W3C home > Mailing lists > Public > public-interledger@w3.org > March 2016

Re: Note on JSON signing

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 15 Mar 2016 05:20:08 +0100
To: Melvin Carvalho <melvincarvalho@gmail.com>, Stefan Thomas <stefan@ripple.com>
Cc: Dave Longley <dlongley@digitalbazaar.com>, Shane McCarron <shane@spec-ops.io>, Adrian Hope-Bailie <adrian@hopebailie.com>, Jehan Tremback <jehan.tremback@gmail.com>, Interledger Community Group <public-interledger@w3.org>
Message-ID: <56E78D78.4010303@gmail.com>
On 2016-03-14 21:27, Melvin Carvalho wrote:
>
<snip>
>
> Normalization is really easy, its in the json ld npm library:
>
> // normalize a document using the RDF Dataset Normalization Algorithm
> // (URDNA2015), see: http://json-ld.github.io/normalization/spec/
> jsonld.normalize(doc,{
>    algorithm:'URDNA2015',
>    format:'application/nquads'
> },function(err, normalized){
> // normalized is a string that is a canonical representation of the document
> // that can be used for hashing, comparison, etc.
> });
>
> https://www.npmjs.com/package/jsonld

If you do all the steps yourself you have effectively built your own JSON tools (at least the serializer).

If not, you will most likely be affected by the same quirks as any other system that does not simply
wrap the whole text "as is" like the JOSE folks did.

The Go serializer for example escapes '<','>', '&' which is fine JSON-wise but fails in a signature
scheme that doesn't follow the JOSE method.  However, there are of course workarounds like running
an "unescaper" pass after serialization.  Not exactly rocket science but slightly ugly.
https://github.com/golang/go/issues/14749

Anders
Received on Tuesday, 15 March 2016 04:21:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 15 March 2016 04:21:19 UTC