Dear List, Several efforts have been initiated in order to create a more JSON-friendly signature scheme where the data to be signed would remain in JSON format rather than being Base64Url-encoded. However, it turns out that there is no real interest within the IETF to pursue such ideas, effectively leaving the payment WG with a single standardized solution: JWS (https://tools.ietf.org/html/rfc7515) object supplied in a dedicated property containing the API data to be signed encoded in Base64Url (since the API cannot be Base64Url-encoded the data has to be repeated). Signature validation will thus requires an additional step; verification that the actual API data and the data embedded in the JWS object is identical. Exactly how that (non-standard) comparison is to be carried out will be a bit of a challenge since there is no guaranteed property order in JSON or exact serialization of data like strings and numbers. Cheers, AndersReceived on Thursday, 7 June 2018 06:06:43 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:29 UTC