311 private links
[Summary generated by ChatGPT]
The article provides an overview of the JOSE (JSON Object Signing and Encryption) framework, a family of standards for securing JSON-based data and communications. It explains the major JOSE components and how they work together.
Key Components
-
JWS (JSON Web Signature): Adds a digital signature to JSON data to ensure integrity (the data wasn't altered) and authenticity (it came from the expected sender). A JWS contains a header, payload, and signature. It does not encrypt the content, so anyone can read it.
-
JWE (JSON Web Encryption): Encrypts JSON content to provide confidentiality. The article describes the typical process: generate an encryption key, encrypt the payload, encrypt the key for the recipient, and package everything into a JWE structure containing metadata, encrypted key, initialization vector, ciphertext, and authentication information.
-
JWK (JSON Web Key): A standardized JSON representation of cryptographic keys. JWKs can represent RSA, EC, symmetric, and other key types, and include metadata such as key type, algorithm, usage, and key ID. They are used by JWS and JWE for signing, verification, encryption, and decryption. ([Medium][1])
-
JWT (JSON Web Token): A compact token format commonly used for authentication and authorization. A JWT consists of:
- Header (algorithm and token type)
- Payload (claims/data)
- Signature (verification data)
JWTs allow systems to securely transmit user identity and permissions without repeatedly querying a database. The article emphasizes that JWTs should still be used over secure channels such as HTTPS.
-
JWA (JSON Web Algorithms): Defines the cryptographic algorithms used by JWS and JWE for signing, encryption, and key management.
Security Goals Addressed by JOSE
The framework is designed to support four common security objectives:
| Objective | Provided By |
|---|---|
| Integrity | JWS |
| Authenticity | JWS |
| Confidentiality | JWE |
| Non-repudiation | Primarily via digital signatures |
([Medium][1])
JWE vs. HSM
The article briefly compares JWE with Hardware Security Modules (HSMs):
- JWE protects data in transit through encryption.
- HSMs are physical devices that securely store and manage cryptographic keys and perform cryptographic operations.
They solve different security problems and are often complementary.
Main Takeaways
- Use JWS when you need proof that data has not been modified.
- Use JWE when the data must remain secret.
- Use JWK to exchange and manage cryptographic keys in a standardized format.
- Use JWT to package claims or identity information in a compact, signed (and optionally encrypted) token.
- JOSE provides interoperable, language-agnostic standards that are widely adopted across industries for secure API and application communication.
In one sentence: JOSE is a toolkit of standards that lets developers sign, encrypt, manage keys, and securely transmit JSON-based information in a consistent and interoperable way.
I don't understand some things here
A transition to open or close a modal
Width and height in CSS does not work properly, The parent height takes priority over the child height.
In order for something like height: 50% to work, the parent’s height can’t depend on the child’s height.
A fixed height works just fine. There is one thing to consider though
when we tell
to have height: 50%, that percentage isn’t based on the parent element’s total size, it’s based on the parent’s “content box”. This is the space inside the element, within its border and padding.
It doesn't work with min-height because the size of the element is dynamic.
CSS Grid's children will grow to fill their grid cell as if they have a height: 100%. Another approach is to use flexbox with flex: 1 on the child.
Layouts are mini-languages indeed. See https://shaarli.lyokolux.space/shaare/TPKfkQ
- gen blocks: similar to python generators as far as I understand. They are lightweight compared to the classic Iterator pattern
- default field values (and avoid new() for it)
- inner structs
- never type
- try expressions
The ability to run scripts is also a great feature imho.
Create a type similar to another existing type :O
The integer used by the Django data model is an Int, but the database used BigInt. The discrepancy occured for the row IDs greater than the maximum value of the int.
Specifically, several tables—including this one—were specified as using an int for their primary key in Django, but used bigint in the real database.
There’s a taste of “commercial frontend development” being less interested in shipping HTML that is valid and error-free than is our community of frontend developers.
There is few talks about HTML conformance, valid HTML, HTML validation or standards compliance.
A programming task implemented in multiple languages
A framework similar to Express (JS) in API design
Nothing new for me, but the explanations are great. I came down to follow the same path to learn!
Utility types are useful to provide intent: Partial
Vibe coding does not mean “using AI tools to help write code”. It means “generating code with AI without caring about the code that is produced”.