Re: [jose] For WG DISCUSSION: #50 - "cty" (content type) should hold a media type
Nat Sakimura <sakimura@gmail.com> Thu, 19 September 2013 16:32 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D60521F92C2 for <jose@ietfa.amsl.com>; Thu, 19 Sep 2013 09:32:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OhMVjG0cJQ-g for <jose@ietfa.amsl.com>; Thu, 19 Sep 2013 09:32:14 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 953C321F9473 for <jose@ietf.org>; Thu, 19 Sep 2013 09:32:13 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id er20so6979871lab.7 for <jose@ietf.org>; Thu, 19 Sep 2013 09:32:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=A1l3TS+ubV8BU8dNHLnRDoUKhfIh2ltVJtEKvR0GKOQ=; b=i9UlG6vFpp6ZIcln/f/Fci/gZAPMpM/znXmtbeipkxWxv5yN/tZYNgy/smJSSMXacu OIVm2yuk3tKePs9NZamlCpN55u0Z2OvlcIIZIc2eTzsGzxNBUqyOZLV5jpcarKxWB1PH 9raVACq4JdpMsKqp1t0SWMf53Z8CBOv21e7GtAEZUI2Go6PctMTnSF7hNuudhT5YuKO+ mAPDMX2GAvvqM51/ReDqoIUOoKdZPdixvyU9mVnZm5nmACVMVQYp7xzQ5IVHERVvg+P+ quDdBzpwdNc1q4t4vDQBroafiZyOoHvLtsXjFef4ffthUQoQHLdxYK9Y7jhxSMzEOmun 9oIw==
MIME-Version: 1.0
X-Received: by 10.152.115.242 with SMTP id jr18mr1927886lab.40.1379608332417; Thu, 19 Sep 2013 09:32:12 -0700 (PDT)
Received: by 10.112.134.38 with HTTP; Thu, 19 Sep 2013 09:32:12 -0700 (PDT)
In-Reply-To: <CA+k3eCQJG8O9gn2bz1nCzyq09rC26ao0gcNRxGeemg1zS8s5-g@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B168042967394371FDA44A@TK5EX14MBXC289.redmond.corp.microsoft.com> <CA+k3eCQJG8O9gn2bz1nCzyq09rC26ao0gcNRxGeemg1zS8s5-g@mail.gmail.com>
Date: Fri, 20 Sep 2013 01:32:12 +0900
Message-ID: <CABzCy2CHaJ0ThTSaEr4yT-aBS4PEmMi+rGCe-Vnz2m4-9hZO7g@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: multipart/alternative; boundary="001a11c3327a953ffa04e6bf1868"
Cc: Mike Jones <Michael.Jones@microsoft.com>, James H Manger <James.H.Manger@team.telstra.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] For WG DISCUSSION: #50 - "cty" (content type) should hold a media type
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2013 16:32:15 -0000
I prefer #2. #1 has certain appeal if there is a right use case, but I cannot think of one easily. 2013/9/20 Brian Campbell <bcampbell@pingidentity.com> > #2 seems like a reasonable path forward. > > > On Wed, Sep 18, 2013 at 5:04 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > >> We discussed issue #50 on Monday’s call and it seems like there are two >> viable choices before us:**** >> >> ** ** >> >> 1. Continue to have “cty” values come from a JOSE registry, while >> allowing MIME Media Type values to also be used, if desired.**** >> >> ADVANTAGES:**** >> >> + Keeps values compact**** >> >> + Uses case-sensitive value comparison (like all other JOSE >> parameters), avoiding internationalization issues**** >> >> + Already working in production deployments**** >> >> DISADVANTAGES:**** >> >> - Creates a content type value space distinct from the widely used >> IANA Media Type Registry (http://www.iana.org/assignments/media-types).** >> ** >> >> - Requires a convention to consistently spell media type names so >> they can be matched case sensitively, when used.**** >> >> - Names can come from one of two registries, rather than just one >> (possibly being disambiguated by the presence of a “/” in the name).**** >> >> ** ** >> >> 2. Accept a form of James’ proposal described in >> http://trac.tools.ietf.org/wg/jose/trac/ticket/50, in which “cty” values >> are defined to hold MIME Media Type values, also specifying that the >> “application/” prefix may be omitted for compactness purposes. (MIME Media >> Type values are not case sensitive and are limited to ASCII.) Furthermore, >> we could keep this from being a breaking change for JWTs by RECOMMENDING >> that the value “cty”:”JWT” continue to be used for nested JWTs (rather than >> “application/jwt” or “jwt”, which would break existing deployments).**** >> >> ADVANTAGES:**** >> >> + Retains the ability to have compact values for application/* media >> types**** >> >> + Uses only the widely used IANA Media Type Registry**** >> >> + Can be deployed without breaking changes, provided people use the >> existing spellings “JWT”, “JWK”, and “JWK-SET” when creating content for >> those media types**** >> >> DISADVANTAGES:**** >> >> - Uses case-insensitive value comparison, which can lead to >> interoperability problems**** >> >> - Implementations have to be aware of the need to prefix values not >> containing a “/” with “application/” to get normal media type names**** >> >> ** ** >> >> New text for “cty” under option 2 would look something like this:**** >> >> ** ** >> >> *4.1.9. "cty" (Content Type) Header Parameter* >> >> The cty (content type) header parameter is used to declare the MIME >> Media Type [IANA.MediaTypes] of the secured content (the payload) in >> contexts where this is useful to the application. This parameter has no >> effect upon the JWS processing. Use of this header parameter is OPTIONAL. >> **** >> >> Per [RFC 2045], all media type values, subtype values, and parameter >> names are case-insensitive. However, parameter values are case-sensitive >> unless otherwise specified for the specific parameter.**** >> >> To keep messages compact in common situations, a sender MAY omit an >> "application/" prefix of a media type from a "cty" value when no other '/' >> appears in the media type. A recipient reconstructing the media type MUST >> prepend "application/" to a "cty" value that does not contain a '/'.**** >> >> ** ** >> >> As background, see >> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-16#section-4.1.9for the current “cty” text, see >> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-16#section-4.1.8for the related “typ” text, and see >> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-16#section-8.2for the Type Values Registry. >> **** >> >> ** ** >> >> I’m curious what people’s preferences are between the two choices. I can >> personally live with either outcome, since both can be deployed without >> breaking existing deployments. At this point, it seems to come down to a >> question of personal taste. Your thoughts…?**** >> >> ** ** >> >> -- Mike** >> ** >> >> ** ** >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> >> > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
- [jose] For WG DISCUSSION: #50 - "cty" (content ty… Mike Jones
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Brian Campbell
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Nat Sakimura
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Jim Schaad
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Manger, James H
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Mike Jones
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Manger, James H
- Re: [jose] For WG DISCUSSION: #50 - "cty" (conten… Mike Jones