Managing request format extensibility without sacrificing security

[marcoscaceres]

We need to figure out how to allow extensions to the .request object without sacrificing security and putting users at risk by passing any random data to wallets or an OS. This may be a technical solution or standards solution.

It would be good to enumerate the risks, challenges, requirements, and different possible solutions.

[OR13]

By default in JSON, properties that are not understood are ignored (and preserved).

You could use JSON Schema to define an object structure where additional properties that are not recognized cause an error to be raised.

You could use normative text to say that for this specific object, any properties not defined in WebIDL, will cause an error to be raised, and name the error.

In case you want to remove a required property in the future, you might need to consider versioning the object structure.

[RByers]

As now stated in our explainer, I think it's important that we find a solution which doesn't block the rapidly evolving identity ecosystem (especially EUDI) on browser updates.

Maybe our protocol registry could point to JSON schema definitions which the browser could fetch and use to validate the request format?

[tplooker]

Just cross linking #100 which is one possible solution to this particular problem.