Da Capo: JSON "clear text" signatures
Anders Rundgren
anders.rundgren.net at gmail.com
Sun Jan 28 09:48:17 UTC 2018
The JSON "clear text" signature initiative seems to (finally) be headed for IETF standardization. The plan is having a BOF session at the next IETF in London.
This scheme builds on EcmaScript JSON processing rules for data normalization which only rely on JSON.parse() and JSON.stringify().
A thorny issue for implementers is though serializing the JSON "Number" type.
An with Node.js, Chrome, Firefox, Safari (unfortunately not entirely compatible...) solution is currently available in "Nashorn":
http://hg.openjdk.java.net/jdk8/jdk8/nashorn/file/096dc407d310/src/jdk/nashorn/internal/objects/NativeNumber.java
It would be great if such support could for example be included as a static method in java.lang.Double, making Java and EcmaScript/JavaScript 100% interoperable with respect to this feature, the rest is actually close to trivial.
thanx,
Anders
https://github.com/OAI/OpenAPI-Specification/issues/1464#issue-291622705
More information about the security-dev
mailing list