- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Thu, 03 Feb 2011 13:47:32 -0800
- To: W3C Web Security Interest Group <public-web-security@w3.org>
Gerv said.. > > JSON is designed for arbitrary values and nesting; it has the usual > standard primitives (number, string, array, hash). It's the less verbose > and far easier to understand alternative to XML, and it's becoming the > web's data interchange format. > > If we are going with an already-standard syntax, it's the clear front > runner IMO. While JSON (RFC4627) has some attractiveness (to me) in its simplicity and expressivity, I wonder about whether there's any other presently-deployed and browser-supported HTTP header field that's expressed in JSON-based syntax? Also, a key thing to remember is that the CSP spec (and whatever it morphs into and/or gets combined with) will need to specify a "schema" / "grammar" for the policy expressions. If one leverages ABNF (RFC4234), which is used by the HTTPbis spec set to specify header fields (or uses RFC2616's ABNF), then one is directly defining the policy expression "schema" / "grammar", in the same fashion as the present CSP spec has done. If one uses JSON, there's a need to somehow define the policy expression "schema" / "grammar" in JSON terms. <http://tools.ietf.org/html/draft-zyp-json-schema> defines one approach one approach to JSON schemas. Are there others? =JeffH
Received on Thursday, 3 February 2011 21:48:01 UTC