My recent investigations on using OAuth for IoT use cases (see http://www.ietf.org/mail-archive/web/ace/current/msg00677.html) indicates that there is not that much JSON. There are three places where JSON may show up:
* C->AS Request * C<-AS Response (including access token) * C->RS Request (including access token) The access token may indeed be the biggest part of that JSON related content and that could be avoided. Of course, there is the actual data communication. It is not clear whether there is any need for JOSE there since current work focuses on the use of DTLS. Of course, it would have been nice if the JOSE specs would have separated the encoding from the rest of the spec to make it re-usable in non-HTTP-based Web contexts. Ciao Hannes On 07/07/2014 12:49 PM, Sergey Beryozkin wrote: > I've recently realized that JSON Web Signature and Encryption can sign > and encrypt arbitrary payloads. Only the metadata (headers) are in JSON > format. > While I do not appreciate/understand how constrained some devices can be > but I wonder if there could be any significant win by replacing the JSON > metadata with the binary equivalent, it is likely in 80% there will be > two/three headers max with some of those headers are the hints on how to > process the payloads thus bearing no memory requirements...
signature.asc
Description: OpenPGP digital signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
