Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redesign JWS JSON Serialization #403

Closed
danielfett opened this issue Feb 20, 2024 · 2 comments
Closed

Redesign JWS JSON Serialization #403

danielfett opened this issue Feb 20, 2024 · 2 comments
Labels
has-PR

Comments

@danielfett
Copy link
Member

Through discussions in the EUDI context, we found that the current JSON Serialization design is not well-suited for existing implementations. We now also better understand the original use cases that lead us to include this section into the spec in the first place and we agreed that we should update it as follows:

  • The disclosures should go into the unprotected header (to be defined: What happens when there are multiple signatures and therefore multiple unprotected headers with disclosures?)
  • There should be a way to put the key binding JWT into the unprotected header (to be defined: What happens when there are multiple signatures and therefore multiple places where a KB JWT could go?). The way the hash is built could remain unchanged, but the order of disclosures needs to be clearly defined if they can show up in multiple headers. This would also solve JSON serialization doesn't cover key binding #392.

The new flattened format could be:

{
  "payload":"eyJfc2QiOiBbIjR...Aic2hhLTI1NiJ9",
  "protected":"eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
  "signature":"oL5lornrs6CFBMu...4HQby6OaaLqAw",
  "header":{
    "disclosures":[
      "WyI2SWo3dE0tYTVpVlBH...W1lIiwgIkRvZSJd",
      "WyJBSngtMDk1VlBycFR...ImFkZHJlc3MiLCB7InN0cmVldF9",
      "WyJlbHVWNU9nM2dTT...VuX25hbWUiLCAiSm9obiJd"
    ],
    "kb_jwt":"eyJhbGciOiAiRVMyNTYiLCAidHlwIjogI...bGUrc2Qtand0In0"
  }
}

And the new general format could be:

{
  "payload":"eyJfc2QiOiBbIjR...Aic2hhLTI1NiJ9",
  "signatures":[
    {
      "protected":"eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
      "signature":"oL5lornrs6CFBMu...4HQby6OaaLqAw",
      "header":{
        "disclosures":[
          "WyI2SWo3dE0tYTVpVlBH...W1lIiwgIkRvZSJd",
          "WyJBSngtMDk1VlBycFR...ImFkZHJlc3MiLCB7InN0cmVldF9",
          "WyJlbHVWNU9nM2dTT...VuX25hbWUiLCAiSm9obiJd"
        ],
        "kb_jwt":"eyJhbGciOiAiRVMyNTYiLCAidHlwIjogI...bGUrc2Qtand0In0"
      }
    },
    {
      "protected":"eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
      "signature":"oL5lornrs6CFBMu...4HQby6OaaLqAw"
    }
  ]
}
@danielfett danielfett mentioned this issue Feb 20, 2024
Closed
@bc-pi bc-pi mentioned this issue Feb 25, 2024
Closed
@danielfett danielfett mentioned this issue Mar 8, 2024
Merged
@danielfett
Copy link
Member Author

Here is a first draft, it would be great to get some feedback: https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/414/files

I'll update the code for the Python library later on.

@danielfett danielfett mentioned this issue Mar 8, 2024
Merged
@bc-pi
Copy link
Collaborator

bc-pi commented May 15, 2024

PR #414 has been merged and this can be closed, no?

@bc-pi bc-pi closed this as completed May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has-PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielfett @bc-pi