| draft-reschke-http-jfv-02.txt | draft-reschke-http-jfv-03.txt | |||
|---|---|---|---|---|
| Network Working Group J. Reschke | Network Working Group J. Reschke | |||
| Internet-Draft greenbytes | Internet-Draft greenbytes | |||
| Intended status: Standards Track October 5, 2015 | Intended status: Standards Track March 15, 2016 | |||
| Expires: April 7, 2016 | Expires: September 16, 2016 | |||
| A JSON Encoding for HTTP Header Field Values | A JSON Encoding for HTTP Header Field Values | |||
| draft-reschke-http-jfv-02 | draft-reschke-http-jfv-03 | |||
| Abstract | Abstract | |||
| This document establishes a convention for use of JSON-encoded field | This document establishes a convention for use of JSON-encoded field | |||
| values in HTTP header fields. | values in HTTP header fields. | |||
| Editorial Note (To be removed by RFC Editor before publication) | Editorial Note (To be removed by RFC Editor before publication) | |||
| Distribution of this document is unlimited. Although this is not a | Distribution of this document is unlimited. Although this is not a | |||
| work item of the HTTPbis Working Group, comments should be sent to | work item of the HTTPbis Working Group, comments should be sent to | |||
| the Hypertext Transfer Protocol (HTTP) mailing list at | the Hypertext Transfer Protocol (HTTP) mailing list at | |||
| ietf-http-wg@w3.org [1], which may be joined by sending a message | ietf-http-wg@w3.org [1], which may be joined by sending a message | |||
| with subject "subscribe" to ietf-http-wg-request@w3.org [2]. | with subject "subscribe" to ietf-http-wg-request@w3.org [2]. | |||
| Discussions of the HTTPbis Working Group are archived at | Discussions of the HTTPbis Working Group are archived at | |||
| <http://lists.w3.org/Archives/Public/ietf-http-wg/>. | <http://lists.w3.org/Archives/Public/ietf-http-wg/>. | |||
| XML versions and latest edits for this document are available from | XML versions and latest edits for this document are available from | |||
| <http://greenbytes.de/tech/webdav/#draft-reschke-http-jfv>. | <http://greenbytes.de/tech/webdav/#draft-reschke-http-jfv>. | |||
| The changes in this draft are summarized in Appendix A.2. | The changes in this draft are summarized in Appendix A.3. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 7, 2016. | This Internet-Draft will expire on September 16, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 28 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Data Model and Format . . . . . . . . . . . . . . . . . . . . 3 | 2. Data Model and Format . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Sender Requirements . . . . . . . . . . . . . . . . . . . . . 4 | 3. Sender Requirements . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Recipient Requirements . . . . . . . . . . . . . . . . . . . . 5 | 4. Recipient Requirements . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Using this Format in Header Field Definitions . . . . . . . . 5 | 5. Using this Format in Header Field Definitions . . . . . . . . 5 | |||
| 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.1. Content-Length . . . . . . . . . . . . . . . . . . . . . . 5 | 6.1. Content-Length . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.2. Content-Disposition . . . . . . . . . . . . . . . . . . . 6 | 6.2. Content-Disposition . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.3. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | 6.3. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. Deployment Considerations . . . . . . . . . . . . . . . . . . 8 | 8. Deployment Considerations . . . . . . . . . . . . . . . . . . 8 | |||
| 9. Internationalization Considerations . . . . . . . . . . . . . 8 | 9. Internationalization Considerations . . . . . . . . . . . . . 8 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . . 8 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . . 9 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 9 | |||
| Appendix A. Change Log (to be removed by RFC Editor before | Appendix A. Change Log (to be removed by RFC Editor before | |||
| publication) . . . . . . . . . . . . . . . . . . . . 10 | publication) . . . . . . . . . . . . . . . . . . . . 10 | |||
| A.1. Since draft-reschke-http-jfv-00 . . . . . . . . . . . . . 10 | A.1. Since draft-reschke-http-jfv-00 . . . . . . . . . . . . . 10 | |||
| A.2. Since draft-reschke-http-jfv-01 . . . . . . . . . . . . . 10 | A.2. Since draft-reschke-http-jfv-01 . . . . . . . . . . . . . 10 | |||
| A.3. Since draft-reschke-http-jfv-02 . . . . . . . . . . . . . 10 | ||||
| Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 11 | ||||
| 1. Introduction | 1. Introduction | |||
| Defining syntax for new HTTP header fields ([RFC7230], Section 3.2) | Defining syntax for new HTTP header fields ([RFC7230], Section 3.2) | |||
| is non-trivial. Among the commonly encountered problems are: | is non-trivial. Among the commonly encountered problems are: | |||
| o There is no common syntax for complex field values. Several well- | o There is no common syntax for complex field values. Several well- | |||
| known header fields do use a similarly looking syntax, but it is | known header fields do use a similarly looking syntax, but it is | |||
| hard to write generic parsing code that will both correctly handle | hard to write generic parsing code that will both correctly handle | |||
| valid field values but also reject invalid ones. | valid field values but also reject invalid ones. | |||
| skipping to change at page 3, line 33 ¶ | skipping to change at page 3, line 33 ¶ | |||
| default encoding scheme in order to map from octet sequences to | default encoding scheme in order to map from octet sequences to | |||
| strings (for instance, [XMLHttpRequest] uses the IDL type | strings (for instance, [XMLHttpRequest] uses the IDL type | |||
| "ByteString", effectively resulting in the ISO-8859-1 character | "ByteString", effectively resulting in the ISO-8859-1 character | |||
| encoding scheme [ISO-8859-1] being used). | encoding scheme [ISO-8859-1] being used). | |||
| (See Section 8.3.1 of [RFC7231] for a summary of considerations for | (See Section 8.3.1 of [RFC7231] for a summary of considerations for | |||
| new header fields.) | new header fields.) | |||
| This specification addresses the issues listed above by defining both | This specification addresses the issues listed above by defining both | |||
| a generic JSON-based ([RFC7159]) data model and a concrete wire | a generic JSON-based ([RFC7159]) data model and a concrete wire | |||
| format that can be used in definitions of new header fields. | format that can be used in definitions of new header fields, where | |||
| the goals were: | ||||
| o to be compatible with header field recombination when fields occur | ||||
| multiple times in a single message (Section 3.2.2 of [RFC7230]), | ||||
| and | ||||
| o not to use any problematic characters in the field value (non- | ||||
| ASCII characters and certain whitespace characters). | ||||
| 2. Data Model and Format | 2. Data Model and Format | |||
| In HTTP, header fields with the same field name can occur multiple | In HTTP, header fields with the same field name can occur multiple | |||
| times within a single message (Section 3.2.2 of [RFC7230]). When | times within a single message (Section 3.2.2 of [RFC7230]). When | |||
| this happens, recipients are allowed to combine the field values | this happens, recipients are allowed to combine the field values | |||
| using commas as delimiter. This rule matches nicely JSON's array | using commas as delimiter. This rule matches nicely JSON's array | |||
| format (Section 5 of [RFC7159]). Thus, the basic data model used | format (Section 5 of [RFC7159]). Thus, the basic data model used | |||
| here is the JSON array. | here is the JSON array. | |||
| skipping to change at page 5, line 38 ¶ | skipping to change at page 5, line 46 ¶ | |||
| This section shows how some of the existing HTTP header fields would | This section shows how some of the existing HTTP header fields would | |||
| look like if they would use the format defined by this specification. | look like if they would use the format defined by this specification. | |||
| 6.1. Content-Length | 6.1. Content-Length | |||
| "Content-Length" is defined in Section 3.3.2 of [RFC7230], with the | "Content-Length" is defined in Section 3.3.2 of [RFC7230], with the | |||
| field value's ABNF being: | field value's ABNF being: | |||
| Content-Length = 1*DIGIT | Content-Length = 1*DIGIT | |||
| So the field value is similar to a JSON number ([RFC7230], Section | So the field value is similar to a JSON number ([RFC7159], Section | |||
| 6). | 6). | |||
| Content-Length is restricted to a single field instance, as it | Content-Length is restricted to a single field instance, as it | |||
| doesn't use the list production (as per Section 3.2.2 of [RFC7230]). | doesn't use the list production (as per Section 3.2.2 of [RFC7230]). | |||
| However, in practice multiple instances do occur, and the definition | However, in practice multiple instances do occur, and the definition | |||
| of the header field does indeed discuss how to handle these cases. | of the header field does indeed discuss how to handle these cases. | |||
| If Content-Length was defined using the JSON format discussed here, | If Content-Length was defined using the JSON format discussed here, | |||
| the ABNF would be something like: | the ABNF would be something like: | |||
| skipping to change at page 8, line 8 ¶ | skipping to change at page 8, line 14 ¶ | |||
| 7. Discussion | 7. Discussion | |||
| This approach uses a default of "JSON array", using implicit array | This approach uses a default of "JSON array", using implicit array | |||
| markers. An alternative would be a default of "JSON object". This | markers. An alternative would be a default of "JSON object". This | |||
| would simplify the syntax for non-list-typed header fields, but all | would simplify the syntax for non-list-typed header fields, but all | |||
| the benefits of having the same data model for both types of header | the benefits of having the same data model for both types of header | |||
| fields would be gone. A hybrid approach might make sense, as long as | fields would be gone. A hybrid approach might make sense, as long as | |||
| it doesn't require any heuristics on the recipient's side. | it doesn't require any heuristics on the recipient's side. | |||
| Note: a concrete proposal was made by Kazuho Oku in <https:// | ||||
| lists.w3.org/Archives/Public/ietf-http-wg/2016JanMar/0155.html>. | ||||
| [[anchor7: Use of generic libs vs compactness of field values..]] | [[anchor7: Use of generic libs vs compactness of field values..]] | |||
| 8. Deployment Considerations | 8. Deployment Considerations | |||
| This JSON-based syntax will only apply to newly introduced header | This JSON-based syntax will only apply to newly introduced header | |||
| fields, thus backwards compatibility is not a problem. That being | fields, thus backwards compatibility is not a problem. That being | |||
| said, it is conceivable that there is existing code that might trip | said, it is conceivable that there is existing code that might trip | |||
| over double quotes not being used for HTTP's quoted-string syntax | over double quotes not being used for HTTP's quoted-string syntax | |||
| (Section 3.2.6 of [RFC7230]). | (Section 3.2.6 of [RFC7230]). | |||
| 9. Internationalization Considerations | 9. Internationalization Considerations | |||
| [[anchor10: TBD, mention migration path to message format that is | In HTTP/1.1, header field values are represented by octet sequences, | |||
| robust wrt UTF-8, or other binary encodings of JSON]] | usually used to transmit ASCII characters, with restrictions on the | |||
| use of certain control characters, and no associated default | ||||
| character encoding, nor a way to describe it ([RFC7230], Section | ||||
| 3.2). HTTP/2 does not change this. | ||||
| This specification maps all characters which can cause problems to | ||||
| JSON escape sequences, thereby solving the HTTP header field | ||||
| internationalization problem. | ||||
| Future specifications of HTTP might change to allow non-ASCII | ||||
| characters natively. In that case, header fields using the syntax | ||||
| defined by this specification would have a simple migration path (by | ||||
| just stopping to require escaping of non-ASCII characters). | ||||
| 10. Security Considerations | 10. Security Considerations | |||
| Using JSON-shaped field values is believed to not introduce any new | Using JSON-shaped field values is believed to not introduce any new | |||
| threads beyond those described in Section 12 of [RFC7159], namely the | threads beyond those described in Section 12 of [RFC7159], namely the | |||
| risk of recipients using the wrong tools to parse them. | risk of recipients using the wrong tools to parse them. | |||
| Other than that, any syntax that makes extensions easy can be used to | Other than that, any syntax that makes extensions easy can be used to | |||
| smuggle information through field values; however, this concern is | smuggle information through field values; however, this concern is | |||
| shared with other widely used formats, such as those using parameters | shared with other widely used formats, such as those using parameters | |||
| skipping to change at page 10, line 22 ¶ | skipping to change at page 10, line 42 ¶ | |||
| A.1. Since draft-reschke-http-jfv-00 | A.1. Since draft-reschke-http-jfv-00 | |||
| Editorial fixes + working on the TODOs. | Editorial fixes + working on the TODOs. | |||
| A.2. Since draft-reschke-http-jfv-01 | A.2. Since draft-reschke-http-jfv-01 | |||
| Mention slightly increased risk of smuggling information in header | Mention slightly increased risk of smuggling information in header | |||
| field values. | field values. | |||
| A.3. Since draft-reschke-http-jfv-02 | ||||
| Mention Kazuho Oku's proposal for abbreviated forms. | ||||
| Added a bit of text about the motivation for a concrete JSON subset | ||||
| (ack Cory Benfield). | ||||
| Expand I18N section. | ||||
| Appendix B. Acknowledgements | ||||
| Thanks go to the Hypertext Transfer Protocol Working Group | ||||
| participants. | ||||
| Author's Address | Author's Address | |||
| Julian F. Reschke | Julian F. Reschke | |||
| greenbytes GmbH | greenbytes GmbH | |||
| Hafenweg 16 | Hafenweg 16 | |||
| Muenster, NW 48155 | Muenster, NW 48155 | |||
| Germany | Germany | |||
| EMail: julian.reschke@greenbytes.de | EMail: julian.reschke@greenbytes.de | |||
| URI: http://greenbytes.de/tech/webdav/ | URI: http://greenbytes.de/tech/webdav/ | |||
| End of changes. 13 change blocks. | ||||
| 13 lines changed or deleted | 52 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||