Explicitly state what is being signed in an identity assertion #62
Assignees
Labels
Milestone
Comments
|
A more future-proof method might be to define an identity-assertions-tbs (to be signed) map that contains referenced_assertions so that it's less disruptive if we ever want to add new data to the stuff signed by an identity signer. See, for example, #65 |
|
Related to #68 |
scouten-adobe
added
pending-pr-review
|
I believe this was addressed by #75. Closing as completed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Presumably something like "The signature is formed over the canonical CBOR serialization of the referenced_assertions field"
Also: Should we call the envelope "identity-map" for uniformity?
The text was updated successfully, but these errors were encountered: