Skip to main content

Binding Object (Assertion)

The binding object, nested within an Assertion Object, contains a cryptographic signature binding the assertion to the TDF context, ensuring its integrity and preventing replay on other TDFs.

Example

"binding": {
"method": "jws",
"signature": "eyJhbGciOiJSUzI1NiJ9..." // Base64URL encoded JWS string
}

Fields

ParameterTypeDescriptionRequired?
methodStringThe cryptographic method used for the signature. jws (JSON Web Signature) is commonly used, implying standard JWS processing rules apply.Yes
signatureStringThe Base64URL encoded signature value (e.g., a JWS Compact Serialization string). The signature calculation MUST include the assertion content and sufficient TDF context (like policy or key info hash) to prevent replay.Yes