...
Familiarize yourself with the FedTLS draft specification, available at: FedTLS Draft Specification
Refer to the JWS specification found at: JWS Specification
Explore JSON Schema through the official website: JSON Schema
...
Before proceeding, it's crucial to understand the difference between Base64 and Base64url encoding. The FedTLS metadata uses Base64url encoding for various components, including the JWS header, payload, and signature. The key distinction is that Base64url encoding is URL-safe and does not include characters that are problematic in URLs, such as '+' and '/' in Base64. Instead, it uses '-' and '_' to replace these characters. For example, in Base64 encoding, the character '+' is used, while in Base64url encoding, it's replaced with '-'. Similarly, '/' in Base64 is replaced with '_'. Be sure to use Base64url encoding when working with JWS components.
...
In addition to the cache_ttl claim, it's vital to understand the significance of the exp claim, short for "Expiration Time". " The exp claim specifies the timestamp after which the data contained within the JWS is no longer considered valid. Beyond this timestamp, the data should not be considered reliable or usable.
...
Sign the JWS using the recommended algorithm, ECDSA with P-256 and SHA-256 ("ES256"). Ensure that you include the required headers in the JWS, such as alg and x5t#S256iss, as specified in the specification.
...