Keys shall be delivered within an JWS according to mts4 but with the following content:
The JWS Protected Header shall contain the following fields:
{
"alg": 'JWA',
"kid": string <kid defined from the AB>,
"authid": string <your PID> ,
"notvalidafter": integer (unix timestamp),
"serial": integer (serialNumber),
}
The JWS Payload shall contain the following fields:
{
'mtbPublicKeys' [ JWK Object, JWK Object .. JWK Object ],
}The JWS shall be formated as JWS compact serialization according to https://tools.ietf.org/html/rfc7515#section-3.1
BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature)