There are a number of problems with embedding the signature inside the data structure being signed. There has been a lot of fallout in the XML communities (especially SAML) about this and the JSON communities are just starting to rediscover the issues.