This also covers issue #176 for encryption
The current document says that the serialization that must be implemented is the compact serialization. I don't think that this is going to be a position that passes the smell test with the IESG. There was a large amount of push back from various members of the IESG the last time that we went through the re-chartering process about how what it mean to be a JSON based specification. I think that if we don't have a JSON serialization as part of the MTI features, then we are going to get clobbered by the people who were not in love with the last set of charter text. I would note that this requirement does not change the ability of an application, for example JWT, to mandate that either the compact or JSON serialization is what is required for that application. This is basically a requirement that specific abilities be available from library implementations of the JOSE specifications. A minimum level that I would consider to be even passable would be to make the statement that the set of features to support the syntactic conversion between the compact and JOSE serialization needs to be supported. This allows for simplistic conversions that work. A minimum level of support that I would consider to be reasonable, is to say that JOSE needs to support single signer and/or single recipient cases and would also support all of the unprotected header things that are not supported by the compact serialization case. I worry that we are making the mandatory serialization be that which is supported by JWT and not that which will be required by future applications which are not JWT and want to use JSON rather than the compact serialization that is used by JWT. The library that I put together focused on the JSON serializations as the core implementation, and it will only produce the compact serializations if specific conditions are met. Jim
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
