{"draft":"draft-ietf-jose-jws-signing-input-options-09","doc_id":"RFC7797","title":"JSON Web Signature (JWS) Unencoded Payload Option","authors":["M. Jones"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Javascript Object Signing and Encryption","abstract":"JSON Web Signature (JWS) represents the payload of a JWS as a\r\nbase64url-encoded value and uses this value in the JWS Signature\r\ncomputation.  While this enables arbitrary payloads to be integrity\r\nprotected, some have described use cases in which the base64url\r\nencoding is unnecessary and\/or an impediment to adoption, especially\r\nwhen the payload is large and\/or detached.  This specification\r\ndefines a means of accommodating these use cases by defining an\r\noption to change the JWS Signing Input computation to not base64url-\r\nencode the payload.  This option is intended to broaden the set of\r\nuse cases for which the use of JWS is a good fit.\r\n\r\nThis specification updates RFC 7519 by stating that JSON Web Tokens\r\n(JWTs) MUST NOT use the unencoded payload option defined by this\r\nspecification.","pub_date":"February 2016","keywords":["JavaScript Object Notation","JSON","JSON Object Signing and Encryption","JOSE","JSON Web Signature","JWS","Digital Signature","Message Authentication Code","MAC","Unencoded Payload"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC7519"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7797","errata_url":null}