Draft -02 of the JWS Unencoded Payload Option specification makes these updates:
- Required that “
b64” be integrity protected.
- Stated that if the JWS has multiple signatures and/or MACs, the “
b64” Header Parameter value MUST be the same for all of them.
- Stated that if applications use content encoding, they MUST specify whether the encoded or unencoded payload is used as the JWS Payload value.
- Reorganized the Unencoded Payload Content Restrictions section.
- Added an “updates” clause for RFC 7519 because this specification prohibits JWTs from using
Thanks for the working group feedback that resulted in these improvements.
The specification is available at:
An HTML formatted version is also available at: