You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Zach Lym <za...@indolering.com> on 2014/02/15 02:29:01 UTC
Document Signing
I have reviewed the document signing wiki article, the google doc proposal,
as well as the mailing list thread, and even glanced over JimKo's code (
http://goo.gl/xlHkRW) and wanted to checkin on the right way to do this.
It looks like this subject has popped up occasionally but died for lack of
interest. One of the identified sticking points was the lack of a good
spec on how to handle signed JSON. However, the IETF JSON Web
Signature draft (http://goo.gl/i5aoWV) has gone through some 20
revisions, it has object serialization but I don't see any canonical
default ordering. Perhaps I am missing something, however the status
changed to "last call" status about a month ago. If you have any input,
now would be the time to do so : )
As far as actually implementing it I haven't run into any code which uses
it in validate_doc_update. There are, however, at least two libraries that
should work as part of a CouchApp:
* Mozilla's jwcrypto which is uses for BrowserID/Personas but it looks
rather large https://github.com/mozilla/jwcrypto
* jsrsasign from an indie developer but it comes with ready-to-use minified
versions https://github.com/kjur/jsrsasign
It appears that it would be pretty easy to require('path/to/jsrasign') in
validate_doc_update, unless I'm missing something?
Thank you,
-Zach Lym
Fwd: Document Signing
Posted by Zach Lym <in...@gmail.com>.
I have reviewed the document signing wiki article, the google doc proposal,
as well as the mailing list thread, and even glanced over JimKo's code (
http://goo.gl/xlHkRW) and wanted to checkin on the right way to do this.
It looks like this subject has popped up occasionally but died for lack of
interest. One of the identified sticking points was the lack of a good
spec on how to handle signed JSON. However, the IETF JSON Web
Signature draft (http://goo.gl/i5aoWV) has gone through some 20
revisions, it has object serialization but I don't see any canonical
default ordering. Perhaps I am missing something, however the status
changed to "last call" status about a month ago. If you have any input,
now would be the time to do so : )
As far as actually implementing it I haven't run into any code which uses
it in validate_doc_update. There are, however, at least two libraries that
should work as part of a CouchApp:
* Mozilla's jwcrypto which is uses for BrowserID/Personas but it looks
rather large https://github.com/mozilla/jwcrypto
* jsrsasign from an indie developer but it comes with ready-to-use minified
versions https://github.com/kjur/jsrsasign
It appears that it would be pretty easy to require('path/to/jsrasign') in
validate_doc_update, unless I'm missing something?
Thank you,
-Zach Lym