JSON does not specify the order of the fields, so any order is legal. Per http://rfc7159.net/rfc7159#rfc.section.1 "An object is an unordered collection of zero or more name/value pairs, where a name is a string and a value is a string, number, boolean, null, object, or array.".
-----Original Message----- From: Sergey Beryozkin [mailto:[email protected]] Sent: Friday, August 21, 2015 6:09 AM To: Mike Jones; [email protected] Subject: Re: [jose] JWS Signing Input Options initial working group draft Hi Mike The JWS JSON example at https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-01#section-4.2 shows elements in the wrong order, according to https://tools.ietf.org/html/rfc7515#section-7.2.2 the 'payload' should go first... thanks, Sergey On 10/08/15 21:01, Sergey Beryozkin wrote: > Hi Mike > Thanks for the clarification, indeed it all makes sense now (I would > like to think a bit more about JWT as JWS JSON, will send a separate > email if anything relevant comes to mind). > > Cheers, Sergey > On 10/08/15 16:40, Mike Jones wrote: >> Hi Sergey, >> >> Actually, the JWT restriction to only using the compact serialization >> is already in the JWT spec itself. The last sentence of the first >> paragraph of the introduction at >> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools >> .ietf.org%2fhtml%2frfc7519%23section-1&data=01%7c01%7cMichael.Jones%4 >> 0microsoft.com%7cc0fa460926a84bb9ab2308d2aa29b0d7%7c72f988bf86f141af9 >> 1ab2d7cd011db47%7c1&sdata=ntR%2fTNYZsAub8dOSyIKLN5%2blHNtKExYCzBj%2fT >> M1T4QE%3d says "JWTs are always represented using the JWS Compact >> Serialization or the JWE Compact Serialization". The new text in the JWS >> Unsigned Payload Option spec just adds the restriction that JWTs are to >> continue to use RFC7515 as written - base64url encoding the JWT claims as >> they always have been - for interop purposes. >> >> That doesn't mean that other applications can't use JWS to sign >> detached unencoded JSON payloads with the "b64":false option using >> either JWS serialization. >> >> Does that address what you were thinking about or do you still have >> concerns? >> >> -- Mike >> >> -----Original Message----- >> From: Sergey Beryozkin [mailto:[email protected]] >> Sent: Monday, August 10, 2015 2:39 AM >> To: Mike Jones; [email protected] >> Subject: Re: [jose] JWS Signing Input Options initial working group >> draft >> >> Hi, thanks for adding the JWS JSON (flattened serialization) example, >> >> I thought the earlier text was also clear about having to use the >> detached payloads in case of JWS Compact. >> >> Re the new JWT restriction. >> >> I know JWT is meant to be used primarily in OAuth2 contexts as a >> token or grant (or as one of token or grant property) representation >> and hence it is JWS Compact. >> >> But I wonder, should this particular text effectively block the >> possible future use of JWT in (JWS JSON) message payloads... >> >> Cheers, Sergey >> On 10/08/15 05:21, Mike Jones wrote: >>> You can't use an unencoded non-detached JSON payload using the JWS >>> Compact Serialization because it uses characters that aren't >>> URL-safe, such as "{". For that reason, the spec now makes it clear >>> that JWTs cannot use the "b64":false option. >>> >>> You *can* use JSON payloads with the JWS JSON Serialization. Any >>> double-quote characters in the JSON would have to be quoted - >>> typically using \" - so that the double-quotes don't terminate the >>> "payload" value. See the new section >>> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftoo >>> ls.ietf.org%2fhtml%2fdraft-ietf-jose-jws-signing-input-options-01%23 >>> section-5&data=01%7c01%7cMichael.Jones%40microsoft.com%7c634a8171fb8 >>> 74a34dbe908d2a1678cfb%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=F >>> dTmmqFjXX9LBw56a1%2bk2K3dPmhp89ZqEec%2bgbAcRZA%3d >>> for more on character restrictions in unencoded payloads. >>> >>> -- Mike >>> >>> -----Original Message----- >>> From: jose [mailto:[email protected]] On Behalf Of Sergey >>> Beryozkin >>> Sent: Saturday, July 25, 2015 3:01 AM >>> To: [email protected] >>> Subject: Re: [jose] JWS Signing Input Options initial working group >>> draft >>> >>> Hi, can you please add an example showing a b64 header affecting JWS >>> JSON payload ? I can imagine how it will look like but it is good to >>> see an example that can be tested locally... >>> >>> Cheers, Sergey >>> On 23/07/15 19:17, Mike Jones wrote: >>>> The initial working group version of JWS Signing Input Options has >>>> been posted. It contains no normative changes from >>>> draft-jones-jose-jws-signing-input-options-00 >>>> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fself-issued.info%2f%3fp%3d1398&data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zQrvoO4fBOa1nUomMVoBT862ELgRpuIQ%2fBaV17ijH7Y%3d>. >>>> >>>> >>>> Let the working group discussions begin! I particularly call your >>>> attention to Martin Thomson's review at >>>> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww >>>> .i >>>> e >>>> tf.org%2fmail-archive%2fweb%2fjose%2fcurrent%2fmsg05158.html%2c&dat >>>> a= >>>> 0 >>>> 1%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d294 >>>> d7 >>>> e >>>> 6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=2mVSuUk74d8ZGB9gxW >>>> Ry b f%2bUz5pxOXmLiUcAqL%2bVvNk%3d Nat Sakimura's review at >>>> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww >>>> .ietf.org%2fmail-archive%2fweb%2fjose%2fcurrent%2fmsg05189.html%2c& >>>> data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a42493 >>>> 08d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zdSucPmd5 >>>> z%2b5Q5Zi%2fB61FmoUn9bhxmvatIl3R9WOdhQ%3d >>>> and Matias Woloski's review at >>>> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww >>>> .ietf.org%2fmail-archive%2fweb%2fjose%2fcurrent%2fmsg05191.html&dat >>>> a=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d >>>> 294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=raojbpPQjvnj >>>> NDynLSzSydtnVe%2fnfmWvIRTD9oXoKqA%3d >>>> to start things off. >>>> >>>> The specification is available at: >>>> >>>> *https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ft >>>> oo >>>> l >>>> s.ietf.org%2fhtml%2fdraft-ietf-jose-jws-signing-input-options-00&da >>>> ta >>>> = >>>> 01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d29 >>>> 4d >>>> 7 >>>> e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=B7CCBZSw%2f9mJ354 >>>> xj >>>> 1 >>>> Vplr0CKN3KjSDXHeFuUbWYx%2fs%3d >>>> >>>> An HTML formatted version is also available at: >>>> >>>> *https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fse >>>> lf >>>> - >>>> issued.info%2fdocs%2fdraft-ietf-jose-jws-signing-input-options-00.h >>>> tm >>>> l >>>> &data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249 >>>> 30 >>>> 8 >>>> d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=H0jHGZqOrts >>>> xM >>>> B >>>> EY3W7lFx2agz8V54RDoALY%2bxcjWV0%3d >>>> >>>> -- >>>> Mike >>>> >>>> P.S. This note is also posted at >>>> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsel >>>> f-issued.info%2f%3fp%3d1432&data=01%7c01%7cmichael.jones%40microsof >>>> t.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab2d7c >>>> d011db47%7c1&sdata=Ehd0PdoNA2rZx9b%2bTrPOgO5G2Nxkp1FutbTnL7cD9dg%3d >>>> and as @selfissued >>>> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=54dOa%2fD75zbVVpfbjYFAq4yL9zmJ7q9p2qIbJRY%2flIA%3d>. >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> jose mailing list >>>> [email protected] >>>> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww. >>>> i >>>> etf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cmichael.jones%40 >>>> mi >>>> c >>>> rosoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91a >>>> b2 >>>> d >>>> 7cd011db47%7c1&sdata=fOZrXA8pnh4Z5XsMQw5ro6Fc0%2bECj%2bKjeEziSJ5V5x >>>> M% >>>> 3 >>>> d >>>> >>> >>> _______________________________________________ >>> jose mailing list >>> [email protected] >>> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww >>> .i >>> etf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cmichael.jones%40m >>> ic >>> rosoft.com%7cf40ec174fcc442a4249308d294d7e6e0%7c72f988bf86f141af91ab >>> 2d >>> 7cd011db47%7c1&sdata=fOZrXA8pnh4Z5XsMQw5ro6Fc0%2bECj%2bKjeEziSJ5V5xM >>> %3 >>> d >>> >> > > -- Sergey Beryozkin Talend Community Coders https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fcoders.talend.com%2f&data=01%7c01%7cMichael.Jones%40microsoft.com%7cc0fa460926a84bb9ab2308d2aa29b0d7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=dGSc1zm0PKO21SYGNF%2b1l38fV3B1R7W%2f7g5efuJuzpQ%3d _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
