JWS (JSON Web Signature) policies are used to verify and generate digital signatures (using JSON-based data structures) to secure the content.
JWS represents signed content using JSON data structures and base64url encoding consisting of three parts - the JWS Header that describes the signature method and parameters employed, the JWS Payload being the message content to be secured and lastly the JWS Signature to ensure the integrity of these two.
- JWS Header: The members of the JSON object represented by the JWS Header describe the signature applied to the Encoded JWS Header and the Encoded JWS Payload. The JWS Header contains an alg parameter, the value of which is a string that explicitly identifies the algorithm used to sign the JWS Header and the JWS Payload to produce the JWS Signature in the JWS header which also contain the exp time.
JWS Claims: The JSON object that can be used as a JWS Payload.
- JWS Signature: Concatenation of Header and Payload, signed with HS256 or RSA algorithm Signature.
These three attributes above are base64url-encoded for transmission and typically represented as the concatenation of the encoded strings in that order, with the three strings being separated by period ('.') characters.
The policies that enable JSON Web Signature policy are: