JSON Web Signature
A JSON Web Signature (abbreviated JWS) is an IETF-proposed standard (RFC 7515) for signing arbitrary data. This is used as the basis for a variety of web-based technologies including JSON Web Token.
JWS is a way to ensure integrity of information in a highly serializable, machine-readable format. That means that it is information, along with proof that the information hasn't changed since being signed. It can be used for sending information from one web site to another, and is especially aimed at communications on the web. It even contains a compact form optimized for applications like URI query parameters.
JWS can be used for applications in which digitally signed information must be sent in a machine-readable format, such as e-commerce. For example, say a user named Bob is browsing widget prices on a web site (widgets.com), and wishes to get a quote on one of them. Then widgets.com could provide Bob with a JWS object containing all relevant information about the widget, including the price, then sign it using their private key. Then Bob would have a non-repudiable price quote for the product.
Access to third-party resources
Maybe Widgets.com and WidgetStorage.com have a deal in which WidgetStorage.com will accept coupons from Widgets.com in exchange for traffic. Widgets.com could issue JWS giving Bob a 10% discount on the WidgetStorage.com site. Again, because the data is signed, WidgetStorage can know that Widgets.com emitted this. If the data was not signed, then Bob could change his discount to 50% and no one could know just from looking at the data.
- "JSON Web Signature (JWS) [RFC7515]".
- "JWS Compact Serialization Overview".
- "JSON Object Signing and Encryption (JOSE)". Internet Assigned Numbers Authority. 2015-01-23. Retrieved 2018-11-19.
- "JSON Web Encryption (JWE) [RFC7516]". ietf.org. Retrieved 13 May 2015. CS1 maint: discouraged parameter (link)
- "JSON Web Key (JWK) [RFC7517]". ietf.org. Retrieved 13 May 2015. CS1 maint: discouraged parameter (link)
- "google/google-oauth-java-client". GitHub. Retrieved 13 May 2015. CS1 maint: discouraged parameter (link)
- "JSON Web Tokens - jwt.io". jwt.io. Retrieved 13 May 2015. CS1 maint: discouraged parameter (link)