在使用JWS JSON序列化的JWS中具有多个签名的用例是什么? [英] What is a use case for having multiple signatures in a JWS that uses JWS JSON Serialization?

问题描述

我阅读了此处找到的JSON Web签名规范.该规范为JSON Web签名定义了两种序列化表示形式.一种是JWS Compact序列化，另一种是JWS JSON序列化方法. JWS JSON序列化表示允许一个拥有多个签名.使用JWS JSON序列化的JWS的示例是:

I read the JSON Web Signature specification that can be found here. The spec defines two serialization representations for JSON Web Signatures. One is the JWS Compact Serialization and the other is JWS JSON Serialization method. The JWS JSON Serialization representation allows one to have multiple signatures. An example of a JWS that uses JWS JSON Serialization is:

{
        "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
        "signatures": [
            {
                "protected": "eyJhbGciOiJSUzI1NiJ9",
                "header": {
                    "kid": "2010-12-29"
                },
                "signature": "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh
                -0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB
                --f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO
                --xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6Lbg
                GY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"
            },
            {
                "protected": "eyJhbGciOiJFUzI1NiJ9",
                "header": {
                    "kid": "e9bc097a-ce51-4036-9562-d2ade882db0d"
                },
                "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
            }
        ]
    }

该规范暗示有时具有多个签名可能会很有用.但是，我一生都无法想到一个原因，您需要拥有多个以上的原因.

The spec implies that it can be beneficial at times to have multiple signatures. However, I can't for the life of me think of a reason you'd need to have more than one.

那么，话虽如此，在JWS中具有多个签名的用例是什么?

So, with that being said what is a use case of having more than one signature in a JWS?

推荐答案

根据

According to Florent Morselli's comment, there are at least 2 use cases:

1. 您可以使用几种签名算法(例如，RS256，ES384和PS512)对令牌进行签名.根据观众的能力(仅支持ES384算法)，它将能够验证令牌.

1. You sign a token with several signature algorithms (let say RS256, ES384 and PS512). depending on the audience capabilities (only supports ES384 algorithm), it will be able to verify the token.

几个方面都同意一个共同的有效载荷.各方用其密钥对有效载荷进行签名，并且签名合并为单个令牌.

Several parties agree for a common payload. Each party sign the payload with its key and signatures are merged into a single token.

这篇关于在使用JWS JSON序列化的JWS中具有多个签名的用例是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！