what is an example of a zcap http header?

[gobengo]

S1.5.2 says:

When invoking a delegated zcap using an HTTP signature, a capability-invocation header must be included that includes the full delegated zcap in a capability parameter by serializing it to JSON, gzipping the result, and then base64url-encoding the gzipped JSON.

When I read this, I expected that meant that the header is like:

capability-invocation: {base64url(gzip(json({capability: theCapability}))}

However, it would appear that some implementations expect something different, e.g. ezcap appears to parse the header value in the same way it would parse an HTTP Signautre header value, i.e. it expects

capability-invocation: zcap capability="{base64url(gzip(json(theCapability}))}"

Which is correct per the spec?

If the latter, the spec text could be improved and an example in an appendix would be invaluable

[dlongley]

The latter is correct. The spec should be improved in the way you state.