How to signal JCS?

[dret]

Have you considered defining a profile URI (a la RFC 6906) for JCS? That way, it would be possible for services to signal that they expect/produce JCS by using either profile links in the HTTP Link header, or by using a Prefer preference in HTTP (this is planned to be added in the revised version of RFC 6906, see https://github.com/dret/I-D/issues/92 for details).

[cyberphone]

No, I have not but it sounds like useful thing to do.

Right now, I'm pretty occupied with establishing JCS and even more JCS's use in cryptographic contexts which the targeted use-case. The alternative to date has been to dress JSON objects in Base64Url but that pretty much removes the advantage of a text based scheme.

Canonicalization is though a touchy subject; there are hordes of people claiming that "it will never work". I have to prove them wrong :-)

[dret]

On 2018-03-18 13:55, Anders Rundgren wrote:

No, I have not but it sounds like useful thing to do.

thanks for the quick feedback. let me know if you're interested to add this to the draft. if so, i'd be more than happy to contribute some text about the profile URI, the rationale behind it, and the ways to use it.

this might also be a good motivation to keep pushing the update of RFC 6906, so that using the Prefer header preference becomes official (it is not part of the current RFC 6906).

[cyberphone]

I close this because I don't think JSON-based applications would benefit from having a specific MIME type for signed JSON. The JWS specification (https://tools.ietf.org/html/rfc7515) already has a MIME-type (application/jose+json) but that's more reasonable since JWS indeed is a unique format.