Re: JSON Signatures in OpenBanking (UK) from Manu Sporny on 2017-07-17 (public-webpayments-ig@w3.org from July 2017)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 17 Jul 2017 09:48:44 -0400
To: public-webpayments-ig@w3.org
Message-ID: <17077149-ec68-e272-813e-a1c190974bc5@digitalbazaar.com>

On 07/09/2017 12:30 AM, Anders Rundgren wrote:
> LDS primarily targets Linked Data, while JCS only targets 
> plain-vanilla JSON/JavaScript.

We're going to be releasing a plain-vanilla JSON/JavaScript
canonicalization algorithm later this  year that mirrors exactly what's
happening in JCS, so expect further alignment there.

I should also note that there is also the Signing HTTP Signatures spec
here (originated by Mark Cavage at Joyent, now Oracle):

https://tools.ietf.org/html/draft-cavage-http-signatures-06

... which is implemented and deployed by BBC and other large players.
Mastadon (1 million users) looks like they are going to be deploying
HTTP Signatures as well. Needless to say, a number of Verifiable Claims
implementations and Digital Bazaar have had this deployed in production
for years.

So, as far as signing HTTP Headers, there is another approach in
addition to the ones you mentioned, Anders.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Rebalancing How the Web is Built
http://manu.sporny.org/2016/rebalancing/

Received on Monday, 17 July 2017 13:49:12 UTC