- From: Atul Tulshibagwale <atul@sgnl.ai>
- Date: Mon, 21 Jul 2025 13:10:23 -0700
- To: ietf-http-wg@w3.org
- Message-ID: <CANtBS9dirMkvTEdOAfw3KGGx_ZGC6WvoXyXiuaVNe71xmx4xVQ@mail.gmail.com>
I posted this a few hours ago, but it hasn't shown up in the archives <https://lists.w3.org/Archives/Public/ietf-http-wg/2025JulSep/> yet, so posting again: Hello, We are currently working on a draft for Transaction Tokens <https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/>, which envisions a new HTTP Request Header called "Txn-Token" <https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-05.html#name-txn-token-http-header>. The header value is expected to be a JWT. We were debating (see comments here <https://github.com/oauth-wg/oauth-transaction-tokens/pull/176> and the attached screenshot) which HTTP Structured Header Type <https://www.rfc-editor.org/rfc/rfc8941.html> would be appropriate for such a value. We do not want to enclose the value in quotes, so the STRING type cannot be used. The JWTs also might be a bit long (> 1024 bytes). What is this group's guidance for proposals that want to add HTTP Headers that have JWT as their values? Thanks, Atul -- Atul Tulshibagwale CTO <https://www.linkedin.com/in/tulshi/> <atul@sgnl.ai> PS: It's possible that the attachment caused it to go into spam, so I'm trying without the screenshot.
Received on Tuesday, 22 July 2025 08:35:12 UTC