Re: [jose] Extensibility (was "Criticality")

Mike Jones <> Tue, 11 December 2012 02:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5C4621F8735 for <>; Mon, 10 Dec 2012 18:30:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id p6sPZCzVmLQJ for <>; Mon, 10 Dec 2012 18:30:35 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 4336B21F86BE for <>; Mon, 10 Dec 2012 18:30:34 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.578.12; Tue, 11 Dec 2012 02:30:27 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.578.12 via Frontend Transport; Tue, 11 Dec 2012 02:30:27 +0000
Received: from ([]) by ([]) with mapi id 14.02.0318.003; Tue, 11 Dec 2012 02:30:25 +0000
From: Mike Jones <>
To: Hannes Tschofenig <>, "" <>
Thread-Topic: [jose] Extensibility (was "Criticality")
Thread-Index: AQHNy8Za1POjZo7ZrECvrKwCKF1CXpgS9lHw
Date: Tue, 11 Dec 2012 02:30:24 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(43784002)(13464002)(377454001)(59766001)(56776001)(46102001)(44976002)(53806001)(76482001)(54316002)(31966008)(54356001)(47776002)(51856001)(56816002)(33656001)(55846006)(47976001)(4396001)(16406001)(47736001)(46406002)(74662001)(50986001)(50466001)(23726001)(47446002)(77982001)(74502001)(49866001)(5343655001); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB027; LANG:en;
X-Forefront-PRVS: 069255B8B8
Subject: Re: [jose] Extensibility (was "Criticality")
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Dec 2012 02:30:37 -0000

As I think you know, there's an open issue in the JOSE working group about whether all header fields must be understood or whether a mechanism should be defined to specify which header fields may be safely ignored if not understood.  John Bradley and Richard Barnes and I have been drafting a note about these choices to the JOSE working group, which I expect should go out any day now.

Per my reply to your note on the OAuth list, the intended meaning is "The use of this header parameter is OPTIONAL."  I'll plan to clarify this in the next version of the specifications.

				Thanks again,
				-- Mike

-----Original Message-----
From: [] On Behalf Of Hannes Tschofenig
Sent: Monday, November 26, 2012 3:07 AM
Cc: Hannes Tschofenig
Subject: [jose] Extensibility (was "Criticality")

Hi all, 

doing my shepherd writeup of some of the OAuth WG documents I was wondering how the extensibility story for these JSON-based documents should look like given a statement like this:  "Implementations MUST understand the entire contents of the header; otherwise, the JWS MUST be rejected."

Absent a "feature discovery" mechanism I am curious whether any extension is actually possible. 

(Funny enough then all individual parameters then say "This header parameter is OPTIONAL.") 

Since this type of extensibility feature does not seem to a be a new concept I am curious how it has been handled (successfully) in other specifications. 


PS: I remember that this has been discussed during the meeting but I do not know what the outcome of the discussion was. The meeting minutes do not seem to be available yet.  
jose mailing list