- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 31 Aug 2013 10:59:18 +0200
- To: public-webpayments@w3.org
Although an array of signatures a la JWS is doable it severely complicates canonicalization.
I believe the following approach is more reasonable:
{
{
"@context": "http://example.com/test-multiple-signatures",
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"Signature":
{
}
},
"Signature":
{
}
}
That is, there wouldn't be multiple signatures signing _exactly_ the same content.
IMO signatures _wrapping_ each other does the same thing (or better) except in theoretic
use-cases like multiple human attesters. The latter have considerably better solutions
using a server-based system collecting individual attestant's response _separately_.
The scheme above also copes with countersignatures like when you have filled a shopping-
basket with stuff and perform a B2B checkout. The merchant could sign the shopping-
basket with its "Merchant key" which would transform it into a non-forgable "Quote".
The purchaser could if accepting the quote just put the shopping-basket object in an empty
PO object and counter-sign it with its "Buyer-key". Signatures can be pretty cool, right :-)
Cheers
Anders
Received on Saturday, 31 August 2013 08:59:59 UTC