| draft-reschke-http-jfv-00.txt | draft-reschke-http-jfv-01.txt | |||
|---|---|---|---|---|
| Network Working Group J. Reschke | Network Working Group J. Reschke | |||
| Internet-Draft greenbytes | Internet-Draft greenbytes | |||
| Intended status: Standards Track July 2, 2014 | Intended status: Standards Track March 9, 2015 | |||
| Expires: January 3, 2015 | Expires: September 10, 2015 | |||
| A JSON Encoding for HTTP Header Field Values | A JSON Encoding for HTTP Header Field Values | |||
| draft-reschke-http-jfv-00 | draft-reschke-http-jfv-01 | |||
| Abstract | Abstract | |||
| This document establishes a convention for use of JSON-encoded field | This document establishes a convention for use of JSON-encoded field | |||
| values in HTTP header fields. | values in HTTP header fields. | |||
| Editorial Note (To be removed by RFC Editor before publication) | Editorial Note (To be removed by RFC Editor before publication) | |||
| Distribution of this document is unlimited. Although this is not a | Distribution of this document is unlimited. Although this is not a | |||
| work item of the HTTPbis Working Group, comments should be sent to | work item of the HTTPbis Working Group, comments should be sent to | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 3, 2015. | This Internet-Draft will expire on September 10, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 27 ¶ | skipping to change at page 2, line 27 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Data Model and Format . . . . . . . . . . . . . . . . . . . . . 3 | 2. Data Model and Format . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Sender Requirements . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Sender Requirements . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Recipient Requirements . . . . . . . . . . . . . . . . . . . . 5 | 4. Recipient Requirements . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Using this Format in Header Field Definitions . . . . . . . . . 5 | 5. Using this Format in Header Field Definitions . . . . . . . . . 5 | |||
| 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.1. Content-Length . . . . . . . . . . . . . . . . . . . . . . 5 | 6.1. Content-Length . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.2. Content-Disposition . . . . . . . . . . . . . . . . . . . . 6 | 6.2. Content-Disposition . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.3. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | 6.3. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 7. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8. Deployment Considerations . . . . . . . . . . . . . . . . . . . 8 | 8. Deployment Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. Internationalization Considerations . . . . . . . . . . . . . . 8 | 9. Internationalization Considerations . . . . . . . . . . . . . . 8 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . . 8 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 8 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . . 9 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 9 | |||
| Appendix A. Sample Code and Test Cases . . . . . . . . . . . . . . 9 | Appendix A. Change Log (to be removed by RFC Editor before | |||
| publication) . . . . . . . . . . . . . . . . . . . . . 9 | ||||
| A.1. draft-reschke-http-jfv-00 . . . . . . . . . . . . . . . . . 9 | ||||
| 1. Introduction | 1. Introduction | |||
| Defining syntax for new HTTP header fields ([RFC7230], Section 3.2) | Defining syntax for new HTTP header fields ([RFC7230], Section 3.2) | |||
| is non-trivial. Among the commonly encountered problems are: | is non-trivial. Among the commonly encountered problems are: | |||
| o There is no common syntax for complex field values. Several well- | o There is no common syntax for complex field values. Several well- | |||
| known header fields do use a similarly looking syntax, but it is | known header fields do use a similarly looking syntax, but it is | |||
| hard to write generic parsing code that will both correctly handle | hard to write generic parsing code that will both correctly handle | |||
| valid field values but also fail on invalid ones. | valid field values but also reject invalid ones. | |||
| o The HTTP message format allows header fields to repeat, so field | o The HTTP message format allows header fields to repeat, so field | |||
| syntax needs to be designed in a way that these cases are either | syntax needs to be designed in a way that these cases are either | |||
| meaningful, or can be unambiguously detected and rejected. | meaningful, or can be unambiguously detected and rejected. | |||
| o HTTP/1.1 does not define a character encoding scheme ([RFC6365], | o HTTP/1.1 does not define a character encoding scheme ([RFC6365], | |||
| Section 2), so header fields are either stuck with US-ASCII | Section 2), so header fields are either stuck with US-ASCII | |||
| ([USASCII]), or need out-of-band information to decide what | ([RFC0020]), or need out-of-band information to decide what | |||
| encoding scheme is used. Furthermore, APIs usually assume a | encoding scheme is used. Furthermore, APIs usually assume a | |||
| default encoding scheme in order to map from octet sequences to | default encoding scheme in order to map from octet sequences to | |||
| strings (for instance, [XMLHttpRequest] uses the IDL type | strings (for instance, [XMLHttpRequest] uses the IDL type | |||
| "ByteString", effectively resulting in the ISO-8859-1 character | "ByteString", effectively resulting in the ISO-8859-1 character | |||
| encoding scheme [ISO-8859-1] being used). | encoding scheme [ISO-8859-1] being used). | |||
| (See Section 8.3.1 of [RFC7231] for a summary of considerations for | (See Section 8.3.1 of [RFC7231] for a summary of considerations for | |||
| new header fields.) | new header fields.) | |||
| This specification addresses the issues listed above by defining both | This specification addresses the issues listed above by defining both | |||
| skipping to change at page 3, line 45 ¶ | skipping to change at page 3, line 45 ¶ | |||
| 2. Data Model and Format | 2. Data Model and Format | |||
| In HTTP, header fields with the same field name can occur multiple | In HTTP, header fields with the same field name can occur multiple | |||
| times within a single message (Section 3.2.2 of [RFC7230]). When | times within a single message (Section 3.2.2 of [RFC7230]). When | |||
| this happens, recipients are allowed to combine the field values | this happens, recipients are allowed to combine the field values | |||
| using commas as delimiter. This rule matches nicely JSON's array | using commas as delimiter. This rule matches nicely JSON's array | |||
| format (Section 5 of [RFC7159]). Thus, the basic data model used | format (Section 5 of [RFC7159]). Thus, the basic data model used | |||
| here is the JSON array. | here is the JSON array. | |||
| Header field definitions that need only a single value can restrict | Header field definitions that need only a single value can restrict | |||
| themselves to arrays of lenght 1, and are encouraged to define error | themselves to arrays of length 1, and are encouraged to define error | |||
| handling in case more values are received (such as "first wins", | handling in case more values are received (such as "first wins", | |||
| "last wins", or "abort with fatal error message"). | "last wins", or "abort with fatal error message"). | |||
| JSON arrays are mapped to field values by creating a sequence of | JSON arrays are mapped to field values by creating a sequence of | |||
| serialized member elements, separated by commas and optionally | serialized member elements, separated by commas and optionally | |||
| whitespace. This is equivalent to using the full JSON array format, | whitespace. This is equivalent to using the full JSON array format, | |||
| while leaving out the "begin-array" ('[') and "end-array" (']') | while leaving out the "begin-array" ('[') and "end-array" (']') | |||
| delimiters. | delimiters. | |||
| The ABNF character names and classes below are used (copied from | The ABNF character names and classes below are used (copied from | |||
| skipping to change at page 4, line 22 ¶ | skipping to change at page 4, line 22 ¶ | |||
| SP = %x20 ; space | SP = %x20 ; space | |||
| VCHAR = %x21-7E ; visible (printing) characters | VCHAR = %x21-7E ; visible (printing) characters | |||
| Characters in JSON strings that are not allowed or discouraged in | Characters in JSON strings that are not allowed or discouraged in | |||
| HTTP header field values -- that is, not in the "VCHAR" definition -- | HTTP header field values -- that is, not in the "VCHAR" definition -- | |||
| need to be represented using JSON's "backslash" escaping mechanism | need to be represented using JSON's "backslash" escaping mechanism | |||
| ([RFC7159], Section 7). | ([RFC7159], Section 7). | |||
| The control characters CR, LF, and HTAB do not appear inside JSON | The control characters CR, LF, and HTAB do not appear inside JSON | |||
| strings, but can be used outside (line breaks, indentation etc). | strings, but can be used outside (line breaks, indentation etc). | |||
| These characters can be either stripped or replaced by space | These characters need to be either stripped or replaced by space | |||
| characters (ABNF "SP"). | characters (ABNF "SP"). | |||
| Formally, using the HTTP specification's ABNF extensions defined in | Formally, using the HTTP specification's ABNF extensions defined in | |||
| Section 7 of [RFC7230]: | Section 7 of [RFC7230]: | |||
| json-field-value = #json-field-item | json-field-value = #json-field-item | |||
| json-field-item = JSON-Text | json-field-item = JSON-Text | |||
| ; see [RFC7159], Section 2, | ; see [RFC7159], Section 2, | |||
| ; post-processed so that only VCHAR characters | ; post-processed so that only VCHAR characters | |||
| ; are used | ; are used | |||
| 3. Sender Requirements | 3. Sender Requirements | |||
| [[anchor3: The text below assumes we're starting with a JSON- | To map a JSON array to an HTTP header field value, process each array | |||
| formatted sequence of characters, not octets; need to clarify.]] To | ||||
| map a JSON array to an HTTP header field value, process each array | ||||
| element separately by: | element separately by: | |||
| 1. generating the JSON representation, | 1. generating the JSON representation, | |||
| 2. stripping all JSON control characters (CR, HTAB, LF), or | 2. stripping all JSON control characters (CR, HTAB, LF), or | |||
| replacing them by space ("SP") characters, | replacing them by space ("SP") characters, | |||
| 3. replacing all remaining non-VSPACE characters by the equivalent | 3. replacing all remaining non-VSPACE characters by the equivalent | |||
| backslash-escape sequence ([RFC7159], Section 7). | backslash-escape sequence ([RFC7159], Section 7). | |||
| The resulting list of strings is transformed into an HTTP field value | The resulting list of strings is transformed into an HTTP field value | |||
| by combining them using comma (%x2C) plus optional SP as delimiter, | by combining them using comma (%x2C) plus optional SP as delimiter, | |||
| and encoding the resulting string into an octet sequence using the | and encoding the resulting string into an octet sequence using the | |||
| US-ASCII character encoding scheme. | US-ASCII character encoding scheme ([RFC0020]). | |||
| 4. Recipient Requirements | 4. Recipient Requirements | |||
| To map a set of HTTP header field instances to a JSON array: | To map a set of HTTP header field instances to a JSON array: | |||
| 1. remove all header field instances that only contain whitespace | 1. combine all header field instances into a single field as per | |||
| (SP / HTAB) and "comma" characters [[anchor5: either drop this or | ||||
| make it more precise]], | ||||
| 2. combine all header field instances into a single field as per | ||||
| Section 3.2.2 of [RFC7230], | Section 3.2.2 of [RFC7230], | |||
| 3. add a leading begin-array ("[") octet and a trailing end-array | 2. add a leading begin-array ("[") octet and a trailing end-array | |||
| ("]") octet, then | ("]") octet, then | |||
| 4. run the resulting octet sequence through a JSON parser. | 3. run the resulting octet sequence through a JSON parser. | |||
| The result of the parsing operation is either an error (in which case | The result of the parsing operation is either an error (in which case | |||
| the header field values needs to be considered invalid), or a JSON | the header field values needs to be considered invalid), or a JSON | |||
| array. | array. | |||
| 5. Using this Format in Header Field Definitions | 5. Using this Format in Header Field Definitions | |||
| [[anchor7: Explain what a definition of a new header field needs to | [[anchor5: Explain what a definition of a new header field needs to | |||
| do precisely to use this format]] | do precisely to use this format]] | |||
| 6. Examples | 6. Examples | |||
| This section shows how some of the existing HTTP header fields would | This section shows how some of the existing HTTP header fields would | |||
| look like if they would use the format defined by this specification. | look like if they would use the format defined by this specification. | |||
| 6.1. Content-Length | 6.1. Content-Length | |||
| "Content-Length" is defined in Section 3.3.2 of [RFC7230], with the | "Content-Length" is defined in Section 3.3.2 of [RFC7230], with the | |||
| skipping to change at page 8, line 14 ¶ | skipping to change at page 8, line 8 ¶ | |||
| 7. Discussion | 7. Discussion | |||
| This approach uses a default of "JSON array", using implicit array | This approach uses a default of "JSON array", using implicit array | |||
| markers. An alternative would be a default of "JSON object". This | markers. An alternative would be a default of "JSON object". This | |||
| would simplify the syntax for non-list-typed haeders, but all the | would simplify the syntax for non-list-typed haeders, but all the | |||
| benefits of having the same data model for both types of header | benefits of having the same data model for both types of header | |||
| fields would be gone. A hybrid approach might make sense, as long as | fields would be gone. A hybrid approach might make sense, as long as | |||
| it doesn't require any heuristics on the recipient's side. | it doesn't require any heuristics on the recipient's side. | |||
| [[anchor9: Use of generic libs vs compactness of field values..]] | [[anchor7: Use of generic libs vs compactness of field values..]] | |||
| 8. Deployment Considerations | 8. Deployment Considerations | |||
| [[anchor11: Mention that some code might be refused by double quotes | This JSON-based syntax will only apply to newly introduced header | |||
| not being used for quoted-string.]] | fields, thus backwards compatibility is not a problem. That being | |||
| said, it is conceivable that there is existing code that might trip | ||||
| over double quotes not being used for HTTP's quoted-string syntax | ||||
| (Section 3.2.6 of [RFC7230]). | ||||
| 9. Internationalization Considerations | 9. Internationalization Considerations | |||
| [[anchor13: TBD, mention migration path to message format that is | [[anchor10: TBD, mention migration path to message format that is | |||
| robust wrt UTF-8, or other binary encodings of JSON]] | robust wrt UTF-8, or other binary encodings of JSON]] | |||
| 10. Security Considerations | 10. Security Considerations | |||
| [[anchor15: TBD]] | [[anchor12: TBD]] | |||
| 11. References | 11. References | |||
| 11.1. Normative References | 11.1. Normative References | |||
| [RFC0020] Cerf, V., "ASCII format for network interchange", | ||||
| STD 80, RFC 20, October 1969. | ||||
| [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for | [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for | |||
| Syntax Specifications: ABNF", STD 68, RFC 5234, | Syntax Specifications: ABNF", STD 68, RFC 5234, | |||
| January 2008. | January 2008. | |||
| [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) | [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) | |||
| Data Interchange Format", RFC 7159, March 2014. | Data Interchange Format", RFC 7159, March 2014. | |||
| [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext | [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext | |||
| Transfer Protocol (HTTP/1.1): Message Syntax and | Transfer Protocol (HTTP/1.1): Message Syntax and | |||
| Routing", RFC 7230, June 2014. | Routing", RFC 7230, June 2014. | |||
| [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext | [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext | |||
| Transfer Protocol (HTTP/1.1): Semantics and | Transfer Protocol (HTTP/1.1): Semantics and | |||
| Content", RFC 7231, June 2014. | Content", RFC 7231, June 2014. | |||
| [USASCII] American National Standards Institute, "Coded | ||||
| Character Set -- 7-bit American Standard Code for | ||||
| Information Interchange", ANSI X3.4, 1986. | ||||
| 11.2. Informative References | 11.2. Informative References | |||
| [ISO-8859-1] International Organization for Standardization, | [ISO-8859-1] International Organization for Standardization, | |||
| "Information technology -- 8-bit single-byte coded | "Information technology -- 8-bit single-byte coded | |||
| graphic character sets -- Part 1: Latin alphabet | graphic character sets -- Part 1: Latin alphabet | |||
| No. 1", ISO/IEC 8859-1:1998, 1998. | No. 1", ISO/IEC 8859-1:1998, 1998. | |||
| [RFC5987] Reschke, J., "Character Set and Language Encoding | [RFC5987] Reschke, J., "Character Set and Language Encoding | |||
| for Hypertext Transfer Protocol (HTTP) Header Field | for Hypertext Transfer Protocol (HTTP) Header Field | |||
| Parameters", RFC 5987, August 2010. | Parameters", RFC 5987, August 2010. | |||
| skipping to change at page 9, line 43 ¶ | skipping to change at page 9, line 43 ¶ | |||
| Latest version available at | Latest version available at | |||
| <http://www.w3.org/TR/XMLHttpRequest/>. | <http://www.w3.org/TR/XMLHttpRequest/>. | |||
| URIs | URIs | |||
| [1] <mailto:ietf-http-wg@w3.org> | [1] <mailto:ietf-http-wg@w3.org> | |||
| [2] <mailto:ietf-http-wg-request@w3.org?subject=subscribe> | [2] <mailto:ietf-http-wg-request@w3.org?subject=subscribe> | |||
| Appendix A. Sample Code and Test Cases | Appendix A. Change Log (to be removed by RFC Editor before publication) | |||
| [[anchor19: TBD]] | A.1. draft-reschke-http-jfv-00 | |||
| Editorial fixes + working on the TODOs. | ||||
| Author's Address | Author's Address | |||
| Julian F. Reschke | Julian F. Reschke | |||
| greenbytes GmbH | greenbytes GmbH | |||
| Hafenweg 16 | Hafenweg 16 | |||
| Muenster, NW 48155 | Muenster, NW 48155 | |||
| Germany | Germany | |||
| EMail: julian.reschke@greenbytes.de | EMail: julian.reschke@greenbytes.de | |||
| End of changes. 24 change blocks. | ||||
| 34 lines changed or deleted | 34 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||