search

RustCrypto / JOSE

Pure Rust implementation of Javascript Object Signing and Encryption (JOSE)
52 stars 12 forks source link

JWS: Protected vs. Unprotected #26

Open tgross35 opened 1 year ago

tgross35 commented 1 year ago

Currently, Unprotected has https://www.rfc-editor.org/rfc/rfc7515#section-4.1 claims, and Protected just wraps these claims.

pub struct Protected {
    pub crit: Option<Vec<String>>,
    pub nonce: Option<Bytes>,
    pub b64: bool,
    pub oth: Unprotected,
}

pub struct Unprotected {
    pub alg: Option<Signing>,
    pub jwk: Option<Jwk>,
    pub kid: Option<String>,
    pub x5c: Option<Vec<Bytes<Box<[u8]>, Base64>>>,
    pub x5t: Thumbprint,
    pub typ: Option<String>,
    pub cty: Option<String>,
}

I think the naming is somewhat confusing, at least to my understanding since Unprotected data may be protected. Maybe it would be better to move the Unprotected contents to a Common struct and reference it from both Protected and Unprotected?

Also not sure how this should interact with JWEs since they have the same headers. Would jose_alg be better named jose_common or something like that?

tgross35 commented 1 year ago

I actually think biscuit does a nice job here https://docs.rs/biscuit/latest/biscuit/jws/index.html but their structure is pretty different