Content-type: text/html Downes.ca ~ Stephen's Web ~ No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid

Stephen Downes

Knowledge, Learning, Community

I have no position on the issue described in this post because it's all new to me. But because it's all new to me it's inherently interesting, and the discussion perhaps points the way to the future of signing and encrypting Javascript objects (such as data or executable code). The argument here against Javascript Object Signing and Encryption (JOSE) is that it is often abused, and that it makes forgery trivial. The options allowed for JSON encryption have security issues, according to the article. More. From my own work recoding gRSShopper I can see that this will be directly relevant to learning systems in the near future that intend to exchange data and executable code. 

Today: 1 Total: 20 [Direct link] [Share]


Stephen Downes Stephen Downes, Casselman, Canada
stephen@downes.ca

Copyright 2024
Last Updated: Dec 25, 2024 08:44 a.m.

Canadian Flag Creative Commons License.

Force:yes