HOME

TheInfoList



Click Here for Items Related To - JSON Web Signature
OR:
JSON Web Signature on:   [Wikipedia]   [Google]   [Amazon]

A JSON Web Signature (abbreviated JWS) is an
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
-proposed standard () for signing arbitrary data. This is used as the basis for a variety of web-based technologies including
JSON Web Token JSON Web Token (JWT, suggested pronunciation , same as the word "jot") is a Internet Standard#Proposed Standard, proposed Internet standard for creating data with optional Signature (cryptography), signature and/or optional encryption whose Payl ...
.


Purpose

JWS is a way to ensure integrity of information in a highly serializable, machine-readable format. That means that it is information, along with proof that the information hasn't changed since being signed. It can be used for sending information from one web site to another, and is especially aimed at communications on the web. It even contains a compact form optimized for applications like
URI Uri may refer to: Places * Canton of Uri, a canton in Switzerland * Úri, a village and commune in Hungary * Uri, Iran, a village in East Azerbaijan Province * Uri, Jammu and Kashmir, a town in India * Uri (island), off Malakula Island in V ...
query parameters.


Examples


Web commerce

JWS can be used for applications in which digitally signed information must be sent in a machine-readable format, such as
e-commerce E-commerce (electronic commerce) refers to commercial activities including the electronic buying or selling products and services which are conducted on online platforms or over the Internet. E-commerce draws on technologies such as mobile co ...
. For example, say a user named Bob is browsing widget prices on a web site (widgets.com), and wishes to get a quote on one of them. Then widgets.com could provide Bob with a JWS object containing all relevant information about the widget, including the price, then sign it using their private key. Then Bob would have a non-repudiable price quote for the product.


Access to third-party resources

Maybe Widgets.com and WidgetStorage.com have a deal in which WidgetStorage.com will accept coupons from Widgets.com in exchange for traffic. Widgets.com could issue JWS giving Bob a 10% discount on the WidgetStorage.com site. Again, because the data is signed, WidgetStorage can know that Widgets.com emitted this. If the data was not signed, then Bob could change his discount to 50% and no one would know just from looking at the data.


Limitations

JWS is one of the standards in the JOSE series and is meant to be used in combination with them. For example, for encryption
JSON Web Encryption JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64. It is defined by . Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (J ...
(JWE) is supposed to be used in conjunction. As of 2015, JWS was a proposed standard, and was part of several other IETF proposed standards, and there was code available on the web to implement the proposed standard.


References

{{Data exchange Computer access control Internet Standards JSON