search

ietf-wg-jose / json-web-proof

Specification work for JSON Web Proof
https://ietf-wg-jose.github.io/json-web-proof/
Other
98 stars 9 forks source link

Evaluate need for JSON serialization #100

Open dwaite opened 9 months ago

selfissued commented 7 months ago

I will talk to people about this at IETF 119 in Brisbane.

mprorock commented 2 months ago

If coming back over an API as a response it is helpful to get the JSON serialization compared to compact

selfissued commented 2 months ago

If coming back over an API as a response it is helpful to get the JSON serialization compared to compact

Helpful how? I'll make two guesses as to what you may be referring to:

  1. You don't have to extract the fields from the periods separating because you can instead extract them as JSON member values.
  2. You can put extra stuff that's not actually part of the JWP in the top-level JSON structure by adding JSON members not understood or processed by the JWP itself.

I'm a little bit sympathetic to (1). In my view, (2) is a layering violation - mixing protocol features into a data structure that's intended to be used as a protocol element.

Or is there a (3) that I didn't think of?

Our motivation is to have a single JSON serialization, like JWT does, to increase interoperability.