W3C home > Mailing lists > Public > public-sysapps@w3.org > December 2013

Advice on Invoking JSON Based Protocols

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 23 Dec 2013 18:54:42 +0100
Message-ID: <52B878E2.2020901@gmail.com>
To: sysapps <public-sysapps@w3.org>
Dear List,
I hope you don't mind if I exploit the huge competence this group have on browsers and JavaScript.

Anyway, I have developed a family of security-protocols that instead of exposing an API, build on
the idea invoking a specific application (anticipated being a part of a future browser) through a
call to a generic dispatcher JS function with a JSON object as the sole argument.

A simple request/response protocol:
http://webpki.org/papers/PKI/webauth.pdf#page=2

A pretty complex 5+5 pass protocol:
https://openkeystore.googlecode.com/svn/resources/trunk/docs/keygen2.html

There are two possible methods for expressing the JSON argument:
1.  as JavaScript string:  '{"a":2}'
2. as a JavaScript object {"a":2}

Now to my question...

Both methods should work but maybe there are reasons for selecting one of them?
Variant #1 requires the use of a JSON parser which variant two does not
but OTOH doing message parsing on an arbitrary JS object doesn't seem trivial
and for multi-pass systems like KeyGen2 you would need JSON parsing anyway
since the other messages are using direct communication.

A reason for not using an API for each application is that these applications are supposed to be
packaged in such a way that only the invocation would be public, a little bit like TLS works.

There is also a huge variation in input parameters which makes an API quite awkward.
In fact you would have to have arguments like "parm1=[6,79]" which means that you
end-up with some kind of JSON no matter what you do!

Recognizing protocols/application by the dispatcher is done through a simple registration system:
http://webpki.org/papers/keygen2/doc/org/webpki/json/JSONDecoderCache.html

Cheers,
Anders
Received on Monday, 23 December 2013 17:55:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:18 UTC