Spurred by James Manger's intelligent observations regarding JCS, I began to do some research on the state of \/ in JSON these days.
>From an extract of >http://tools.ietf.org/id/draft-ietf-oauth-json-web-token-11.html The following is an example of a JWT Claims Set: {"iss":"joe", "exp":1300819380, "http://example.com/is_root":true} Base64url encoding the bytes of the UTF-8 representation of the JSON Claims Set yields this Encoded JWS Payload, which is used as the JWT Second Part (with line breaks for display purposes only): eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ AFAICT the serialized output doesn't perform the expected (?) escaping of /. Although I think this just fine, I'm still puzzled by the lack of stringency that seems to be plaguing th JSON world. In JCS I made it simple by claiming that \/ is not only unnecessary; it actually forbidden! The JOSE WG probably need to specify which particular "camp" you belong to since a "standard" JSON serializer presumably wouldn't be compliant with your sample code. Cheers Anders _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
