Re: Start of W3C Member review of Secure Web Payments Interest Group charter

On 2018-12-19 15:18, Ian Jacobs wrote:
> Dear Web Payments WG,
> 
> Today we started W3C Member review of a new Interest Group charter:
> 
>   Secure Web Payments Interest Group Charter
>   https://www.w3.org/securepay/charter.html
> 
> The mission of the Secure Web Payments Interest Group is to enhance
> the security and interoperability of Web payments. The group pursues
> its mission by creating a forum for organizations to define areas of
> collaboration and identify gaps between existing technical
> specifications in order to increase compatibility among different
> technologies.

The following may be of interest and could possibly also affect the charter.

As you know (?) signing JSON is currently only standardized [1] through encoding JSON data in Base64Url.
I find that pretty incompatible with business systems' requirements and started a quest a few years ago to see if there could be an alternative.

After carefully testing and evaluating three completely different approaches I consider that done:
https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-02
However, this proposal will most likely never become an IETF standard unless another and credible party like the W3C shows interest.  Naturally you would in that case need to evaluate the proposal first.

You may test the scheme using an on-line service: https://mobilepki.org/jws-jcs/home

I'm not aware of any other mature alternative to these two roads to signed JSON.

Note that the proposal above is 100% compatible with both JWS [1] and existing JSON tools.

Thanx,
Anders

1] https://tools.ietf.org/html/rfc7515



> 
> Please encourage your Advisory Committee representatives to participate
> in the review.
> 
> Thank you,
> 
> Ian
> 
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 718 260 9447
> 
> 
> 
> 
>

Received on Thursday, 20 December 2018 06:36:10 UTC