Menu
▾
▴
Re: [Resteasy-developers] JWT & JWS implementation on RESTEasy
|
From: Bill B. <bb...@re...> - 2013-07-10 17:27:52
|
You still have to create and share keys and know how to use JWT. Might as well do SSL. On 7/10/2013 1:04 PM, Bruno Oliveira wrote: > It's ok, the argument is for scenarios where SSL is not configured and > this layer just doesn't exist. > > Two-way SSL is a great solution if we believe that most of our devs > knows how to properly configure it. > > Either way it's fine. > > Bill Burke wrote: >> Why reinvent two-way SSL? Just use two-way SSL. >> >> On 7/2/2013 10:57 AM, Bruno Oliveira wrote: >>> Hi Bill only the "exp" attribute from >>> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11 >>> >>> I'm not sure if makes some sense, but I would like to make use of your >>> lib on the client side (Android - extracting bits or the whole jose-jwt >>> module) and into the server side. >>> >>> Each application would have its own signature, for non repudiation >>> against the server and prevent replay attacks. >>> >>> Makes some sense? If not it's ok, I can dig more into the API. >>> >>> >>> Bill Burke wrote: >>>> You want timestamp and exp in the JWS? IMO, this is not needed, its up >>>> to the entity embedded/encoded in the JWS to provide this information. >>> >> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com |