- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 22 Jul 2025 10:46:53 +0000
- To: Brian Campbell <bcampbell@pingidentity.com>
- cc: Mark Nottingham <mnot@mnot.net>, Atul Tulshibagwale <atul@sgnl.ai>, ietf-http-wg@w3.org
--------
Brian Campbell writes:
> RFC 7519 defines JWT but for the purpose of this conversation a JWT is text
> that is composed of three base64url segments separated by the dot/period
> "." character.
> There doesn't seem to be a natural fit of an HTTP Structured Field Values
> to carry a JWT.
I'm not sure what your criteria is for "a natural fit", but I can see several
ways that are neither inefficient nor (too) offensive to the eye:
A) As a sf-string
B) As three sf-strings in a sf-list
C) Prepend a 'J' and call it a sf-token
(base64url fits in tchar, right ?)
D) As three sf-binary in a sf-list.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 22 July 2025 10:47:00 UTC