Photo by Shubham Dhage on Unsplash

Towards The Tokenization of Data

We live in a 20th Century world of data, and where we just gather it and care little about its trustworthiness. But, there is a better way, and that’s to use signed tokens to protect and/or define trustworthiness. To protect, we can encrypt our data, and for the trustworthiness, we can use a digital signature. One of the most widely used methods for this is JSON Web Tokens (JWT).

With this we have:

• A header. This defines the token type (such as JWT) and the signing method that we will use.
• A payload. This defines the main payload data, and is defined in a simple JSON format. This might include the user’s ID, their email address, and so on. The fields are flexible and can be created for any purpose.
• A signature. This is either a public key signature (with RSA or ECDSA) or an HMAC signature (and which uses a given hashing method and a secret password).

The registered claim names are:

• “iss” (Issuer). This identifies the issuer of the token.
• “sub” (Subject). This defines the subject of the token.
• “aud” (Audience). This defines the general audience…