Menu
▾
▴
Re: [Resteasy-developers] JWT & JWS implementation on RESTEasy
|
From: Bill B. <bb...@re...> - 2013-07-04 14:10:51
|
Why reinvent two-way SSL? Just use two-way SSL. On 7/2/2013 10:57 AM, Bruno Oliveira wrote: > Hi Bill only the "exp" attribute from > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11 > > I'm not sure if makes some sense, but I would like to make use of your > lib on the client side (Android - extracting bits or the whole jose-jwt > module) and into the server side. > > Each application would have its own signature, for non repudiation > against the server and prevent replay attacks. > > Makes some sense? If not it's ok, I can dig more into the API. > > > Bill Burke wrote: >> You want timestamp and exp in the JWS? IMO, this is not needed, its up >> to the entity embedded/encoded in the JWS to provide this information. > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com |
