diff --git a/jose.cabal b/jose.cabal
--- a/jose.cabal
+++ b/jose.cabal
@@ -1,5 +1,5 @@
 name:                jose
-version:             0.5.0.0
+version:             0.5.0.1
 synopsis:
   Javascript Object Signing and Encryption and JSON Web Token library
 description:
diff --git a/src/Crypto/JOSE/JWS/Internal.hs b/src/Crypto/JOSE/JWS/Internal.hs
--- a/src/Crypto/JOSE/JWS/Internal.hs
+++ b/src/Crypto/JOSE/JWS/Internal.hs
@@ -21,6 +21,7 @@
 module Crypto.JOSE.JWS.Internal where
 
 import Control.Applicative ((<|>))
+import Data.Foldable (toList)
 import Data.Maybe (catMaybes, fromMaybe)
 import Data.Monoid ((<>))
 
@@ -290,13 +291,11 @@
 
 -- | Verify a JWS.
 --
--- Verification succeeds if any signature on the JWS is successfully
--- validated with the given 'Key'.
---
--- If only specific signatures need to be validated, and the
--- 'ValidationPolicy' argument is not enough to express this,
--- the caller is responsible for removing irrelevant signatures
--- prior to calling 'verifyJWS'.
+-- Signatures made with an unsupported algorithms are ignored.
+-- If the validation policy is 'AnyValidated', a single successfully
+-- validated signature is sufficient.  If the validation policy is
+-- 'AllValidated' then all remaining signatures (there must be at least one)
+-- must be valid.
 --
 verifyJWS
   ::  ( HasAlgorithms a, HasValidationPolicy a, AsError e, MonadError e m
@@ -319,7 +318,7 @@
       if and xs then pure () else throwError (review _JWSInvalidSignature ())
     validate = (== Right True) . verifySig k p
   in
-    applyPolicy policy $ map validate $ filter shouldValidateSig sigs
+    applyPolicy policy $ map validate $ filter shouldValidateSig $ toList sigs
 
 verifySig
   :: (HasJWSHeader a, HasParams a)
diff --git a/src/Crypto/JWT.hs b/src/Crypto/JWT.hs
--- a/src/Crypto/JWT.hs
+++ b/src/Crypto/JWT.hs
@@ -171,6 +171,7 @@
   parseJSON v = Audience <$> (parseJSON v <|> fmap (:[]) (parseJSON v))
 
 instance ToJSON Audience where
+  toJSON (Audience [aud]) = toJSON aud
   toJSON (Audience auds) = toJSON auds
 
 
diff --git a/test/JWT.hs b/test/JWT.hs
--- a/test/JWT.hs
+++ b/test/JWT.hs
@@ -192,6 +192,11 @@
           runReaderT (validateClaimsSet conf'' claims) now
             `shouldBe` Left JWTNotInAudience
 
+      describe "when claim has one value" $ do
+        let claims = emptyClaimsSet & set claimAud (Just (Audience ["foo"]))
+        it "serialises to string" $ encode claims `shouldBe` "{\"aud\":\"foo\"}"
+        it "round trips" $ decode (encode claims) `shouldBe` Just claims
+
   describe "StringOrURI" $
     it "parses from JSON correctly" $ do
       (decode "[\"foo\"]" >>= headMay >>= getString) `shouldBe` Just "foo"
