How (not) to Sign a JSON Object
TLDR: Blog discusses signing JSON objects, emphasizing using symmetric signing (HMAC) over asymmetric signatures. It outlines steps to sign JSON, potential issues with in-band signing, and approaches like canonicalization, including examples from AWS signing versions and Flickr's API vulnerabilities. Recommendations encourage using external signatures, enforcing TLS, and recognizing the complexity of canonicalization in JSON.