W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2013

Re: Updated: Re: Giving up on XML DSig => JSON

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 01 Sep 2013 12:36:45 -0400
Message-ID: <52236D1D.2060405@digitalbazaar.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
CC: public-webpayments@w3.org
On 08/30/2013 11:21 PM, Anders Rundgren wrote:
>         "SignatureInfo":
>           {
>             "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
>             "KeyInfo":
>               {
>                 "SignatureCertificate":
>                   {
>                     "Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
>                     "SerialNumber": 1377713637130,
>                     "Subject": "CN=example.com,O=Example Organization,C=US"
>                   },
>                 "X509CertificatePath":
>                   [
>                     "MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
>                   ]
>               }
>           },

Why don't you just condense the entire KeyInfo object into a URL? Why
not express the key data in PEM format, since you're already depending
on X509? This is what we do for the Web Payments stuff. Look at the
"creator" entry in the "signature":

https://payswarm.com/specs/source/vocabs/security#signature

Do this to get an example of what one of the keys looks like:

curl -H "https://dev.payswarm.com/i/manu/keys/20"

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/
Received on Sunday, 1 September 2013 16:37:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC