JSON Web Signature Unencoded Payload Option
RFC 7797, “JSON Web Signature Unencoded Payload Option”, is a Proposed Standard document published in February 2016 by M. Jones. It updates RFC 7519. The canonical text is published by the RFC Editor.
Abstract
JSON Web Signature (JWS) represents the payload of a JWS as a base64url-encoded value and uses this value in the JWS Signature computation. While this enables arbitrary payloads to be integrity protected, some have described use cases in which the base64url encoding is unnecessary and/or an impediment to adoption, especially when the payload is large and/or detached. This specification defines a means of accommodating these use cases by defining an option to change the JWS Signing Input computation to not base64url- encode the payload. This option is intended to broaden the set of use cases for which the use of JWS is a good fit.
This specification updates RFC 7519 by stating that JSON Web Tokens (JWTs) MUST NOT use the unencoded payload option defined by this specification.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7797 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7796 Ethernet-Tree Support in Virtual Private LAN Service
- RFC 7798 RTP Payload Format for High Efficiency Video Coding
- RFC 7795 Pseudowire Redundancy on the Switching Provider Edge
- RFC 7799 Active and Passive Metrics and Methods
- RFC 7794 IS-IS Prefix Attributes for Extended IPv4 and IPv6 Reachability
- RFC 7800 Proof-of-Possession Key Semantics for JSON Web Tokens
- RFC 7793 Adding 100.64.0.0/10 Prefixes to the IPv4 Locally-Served DNS Zones Registry
- RFC 7801 GOST R 34.12-2015: Block Cipher "Kuznyechik"