Açıklaması şöyle
PASETO (Platform-Agnostic SEcurity TOken) is a specification and reference implementation for secure stateless tokens. It is pronounced paw-set-oh (pɔːsɛtəʊ).PASETO encodes claims to be transmitted in a JSON (RFC8259) object and is either encrypted symmetrically or signed using public-key cryptography.
JPaseto için bir yazı burada
PASETO Vs JOSE (JWS, JWE and JWT)
Açıklaması şöyle. Yani sadece tanımlı olan şifreleme algoritması kullanılabilir
The key difference between PASETO and the JOSE family of standards (JWS [RFC7516], JWE [RFC7517], JWK [RFC7518], JWA [RFC7518], and JWT [RFC7519]) is that JOSE allows implementors and users to mix and match their own choice of cryptographic algorithms (specified by the “alg” header in JWT), while PASETO has clearly defined protocol versions to prevent unsafe configurations from being selected.
PASETO token format
version.purpose.payloadveyaversion.purpose.payload.footer
Hiç yorum yok:
Yorum Gönder