Story (Required)

Secure JSON Web Token (JWT) with JavaScript Object Signing and Encryption (JOSE). Use proper JOSE cryptographic function that serves your purpose:

• HMAC (Hashed Message Authentication Code): is an efficient hash that requires a secret key and provides authenticity as well as integrity.
• Digital Signature: is similar to HMAC but also adds cryptographic non-repudiation. It requires a public/private key pair, where the private key is used by the signer to create the signature and the public key is used by others to check if the signature is valid.
• Authenticated Encryption: adds confidentiality requirements to JWT as well as the authenticity and integrity requirements (just like HMAC). JOSE supports public/private key, secret key as well as password-based encryptions

Background (Required)

Refer to the Epic description.

Out of scope

Any previous counter measures.

Approach (Required)

- Discuss this issue in the bug triage or cabal.

Dependencies

NA

Acceptance Criteria (Mandatory)

• Bring this issue to the bug triage call and take a decision on the counter measure.
• If further discussion is needed, bring this issue to the cabal.

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met