W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

Re: JSON Description Language

From: Ron Garret <ron@flownet.com>
Date: Tue, 6 Dec 2011 00:08:01 -0800
Cc: "public-identity@w3.org" <public-identity@w3.org>
Message-Id: <86D7A091-9CB6-47BA-A5EA-5B12B13CBFE5@flownet.com>
To: Anders Rundgren <anders.rundgren@telia.com>

On Dec 5, 2011, at 7:48 PM, Anders Rundgren wrote:

> On 2011-12-06 04:31, Ron Garret wrote:
>> 
>> On Dec 5, 2011, at 6:51 PM, Anders Rundgren wrote:
>> 
>>> The following is related to DOMCrypt and similar...
>>> 
>>> http://tools.ietf.org/html/rfc4627
>> 
>> It is?  What does JSON have to do with DOMCrypt?
>> 
>>> Having a strong background in XML schema authoring I'm slightly
>>> puzzled by the enthusiasm of using "secure" objects that (seem) to
>>> have no notion of explicit (built-in) name-spaces or a description
>>> language.
>> 
>> I'm puzzled in what sense you think that JSON is "secure".  The only 
>> security claim made for JSON that I know of is that it can be safely
>> parsed by the Javascript eval() function.
>> 
>> Can you please clarify why you think this is relevant to this group?
> 
> DOMCrypt parses and generates JSON-formatted objects, right?

I don't know.  This page:

https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest

claims to be the latest version of the DOMCrypt spec, but it makes no mention of JSON.  This page:

http://mozilla.ddahl.com/domcrypt/demos/demo.html

says "Latest Developments - JSON data persistence for a user's default encryption credentials" but I can't find any more details.

> I suggested that such objects should have a unique name (space).  It costs
> virtually nothing and would open the door to better language bindings
> and simplified validation.
> 
> This need is by no means limited to "security objects" but writing security
> protocols without such mechanisms doesn't IMHO completely feel like 2011.

I'm still confused.  JSON is just a serialization/deserialization standard for numbers, strings, vectors, and associative maps (a.k.a. dictionaries).  What would it even mean for there to be a "namespace" for such a thing?

rg
Received on Tuesday, 6 December 2011 08:08:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 December 2011 08:08:39 GMT