Versions Compared

Old Version 17

changes.mady.by.user Stefan Halen

Saved on

compared with

New Version 18

changes.mady.by.user Stefan Halen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
titleJWS Header
{
  "alg": "ES256",
  "x5t#S256": "f7d2Euxs1UGh0p4-7Lga5sNWNhx25fxDr2WP87bovJU"
}

Example JSON Web Signature (JWS):

Below is an example JSON Web Signature (JWS) structure that adheres to the Group Representative Information Exchange specification. This JWS serves as a practical reference for understanding how to format and structure the metadata while incorporating the necessary claims and encoding.

The JWS consists of the following components:

  • Payload: This section contains the metadata represented as a JSON object. It includes essential claims such as entity IDs, organization details, version information, and timestamps.

  • Signatures: A list of JWS signatures, each consisting of a signature value and protected headers. These signatures are applied to the metadata to ensure its integrity and authenticity during transmission.

  • Protected Headers: The protected headers contain information about the signing algorithm and, crucially, the X.509 certificate's SHA-256 thumbprint (x5t#S256). This thumbprint links the JWS to the certificate used for signing, enhancing trust and security in the metadata exchange process.

Here's an example.

Code Block
languagejs
titleJWS
{
	"payload": "eyJjYWNoZV90dGwiOiAzNjAwLCAiZW50aXRpZXMiOiBbeyJjb25zdGl0dWVudHMiOiBbeyJvcmdhbml6YXRpb25faWQiOiAiU0UxMTIyMzM0NDU1IiwgIm9yZ2FuaXphdGlvbl9uYW1lIjogIkV4YW1wbGUgT3JnIE9uZSJ9LCB7Im9yZ2FuaXphdGlvbl9pZCI6ICJTRTY2Nzc4ODk5MDAiLCAib3JnYW5pemF0aW9uX25hbWUiOiAiRXhhbXBsZSBPcmcgVHdvIn1dLCAiZW50aXR5X2lkIjogImh0dHBzOi8vaWRwMS5leGFtcGxlLmNvbSJ9XSwgImV4cCI6IDIwMTA1NTMwMTUsICJpYXQiOiAxNjk1MTkzMDE1LCAiaXNzIjogImh0dHBzOi8vbXktZG9tYWluLmV4YW1wbGUuY29tIiwgInZlcnNpb24iOiAiMS4wLjAifQ",
	"signatures": [{
		"signature": "vz8VPL0oJG6tw663kNEgCcZJeJ1buEbLaQLFEsb128I-hUb3EiRVXb691L4rk6URUvRLze1cR6myB9HieC_kow",
		"protected": "eyJhbGciOiJFUzI1NiIsIng1dCNTMjU2IjoiZjdkMkV1eHMxVUdoMHA0LTdMZ2E1c05XTmh4MjVmeERyMldQODdib3ZKVSJ9"
	}]
}

Content-Type: application/jose+json

When transmitting or storing JWS objects, use the media type "application/jose+json" in your HTTP headers or content-type declarations to indicate that the content follows the JSON Web Signature (JWS) and JSON Object Signing and Encryption (JOSE) standards.

Publish the Metadata

Publish the JWS, at the URL specified in the GroupRepresentative element within the SAML metadata. Make sure this URL is accessible to entities within the federation.

...