draft-reschke-http-jfv-12.txt   draft-reschke-http-jfv-latest.txt 
Network Working Group J. F. Reschke Network Working Group J. F. Reschke
Internet-Draft greenbytes Internet-Draft greenbytes
Intended status: Informational September 1, 2020 Intended status: Informational January 15, 2021
Expires: March 5, 2021 Expires: July 19, 2021
A JSON Encoding for HTTP Field Values A JSON Encoding for HTTP Field Values
draft-reschke-http-jfv-12 draft-reschke-http-jfv-latest
Abstract Abstract
This document establishes a convention for use of JSON-encoded field This document establishes a convention for use of JSON-encoded field
values in HTTP fields. values in HTTP fields.
Editorial Note Editorial Note
This note is to be removed before publishing as an RFC. This note is to be removed before publishing as an RFC.
skipping to change at page 1, line 34 skipping to change at page 1, line 34
sending a message with subject "subscribe" to ietf-http-wg- sending a message with subject "subscribe" to ietf-http-wg-
request@w3.org (mailto:ietf-http-wg- request@w3.org (mailto:ietf-http-wg-
request@w3.org?subject=subscribe). request@w3.org?subject=subscribe).
Discussions of the HTTPbis Working Group are archived at Discussions of the HTTPbis Working Group are archived at
<http://lists.w3.org/Archives/Public/ietf-http-wg/>. <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
XML versions and latest edits for this document are available from XML versions and latest edits for this document are available from
<http://greenbytes.de/tech/webdav/#draft-reschke-http-jfv>. <http://greenbytes.de/tech/webdav/#draft-reschke-http-jfv>.
The changes in this draft are summarized in Appendix B.15. The changes in this draft are summarized in Appendix B.16.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 5, 2021. This Internet-Draft will expire on July 19, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
skipping to change at page 3, line 11 skipping to change at page 3, line 11
B.6. Since draft-ietf-httpbis-jfv-00 . . . . . . . . . . . . . 10 B.6. Since draft-ietf-httpbis-jfv-00 . . . . . . . . . . . . . 10
B.7. Since draft-ietf-httpbis-jfv-01 . . . . . . . . . . . . . 11 B.7. Since draft-ietf-httpbis-jfv-01 . . . . . . . . . . . . . 11
B.8. Since draft-ietf-httpbis-jfv-02 . . . . . . . . . . . . . 11 B.8. Since draft-ietf-httpbis-jfv-02 . . . . . . . . . . . . . 11
B.9. Since draft-reschke-http-jfv-05 . . . . . . . . . . . . . 11 B.9. Since draft-reschke-http-jfv-05 . . . . . . . . . . . . . 11
B.10. Since draft-reschke-http-jfv-06 . . . . . . . . . . . . . 11 B.10. Since draft-reschke-http-jfv-06 . . . . . . . . . . . . . 11
B.11. Since draft-reschke-http-jfv-07 . . . . . . . . . . . . . 11 B.11. Since draft-reschke-http-jfv-07 . . . . . . . . . . . . . 11
B.12. Since draft-reschke-http-jfv-08 . . . . . . . . . . . . . 11 B.12. Since draft-reschke-http-jfv-08 . . . . . . . . . . . . . 11
B.13. Since draft-reschke-http-jfv-09 . . . . . . . . . . . . . 11 B.13. Since draft-reschke-http-jfv-09 . . . . . . . . . . . . . 11
B.14. Since draft-reschke-http-jfv-10 . . . . . . . . . . . . . 12 B.14. Since draft-reschke-http-jfv-10 . . . . . . . . . . . . . 12
B.15. Since draft-reschke-http-jfv-11 . . . . . . . . . . . . . 12 B.15. Since draft-reschke-http-jfv-11 . . . . . . . . . . . . . 12
B.16. Since draft-reschke-http-jfv-12 . . . . . . . . . . . . . 12
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
Defining syntax for new HTTP fields ([HTTP], Section 5) is non- Defining syntax for new HTTP fields ([HTTP], Section 5) is non-
trivial. Among the commonly encountered problems are: trivial. Among the commonly encountered problems are:
o There is no common syntax for complex field values. Several well- o There is no common syntax for complex field values. Several well-
known fields do use a similarly looking syntax, but it is hard to known fields do use a similarly looking syntax, but it is hard to
write generic parsing code that will both correctly handle valid write generic parsing code that will both correctly handle valid
field values but also reject invalid ones. field values but also reject invalid ones.
o The HTTP message format allows fields to repeat, so field syntax o The HTTP message format allows field lines to repeat, so field
needs to be designed in a way that these cases are either syntax needs to be designed in a way that these cases are either
meaningful, or can be unambiguously detected and rejected. meaningful, or can be unambiguously detected and rejected.
o HTTP does not define a character encoding scheme ([RFC6365], o HTTP does not define a character encoding scheme ([RFC6365],
Section 2), so fields are either stuck with US-ASCII ([RFC0020]), Section 2), so fields are either stuck with US-ASCII ([RFC0020]),
or need out-of-band information to decide what encoding scheme is or need out-of-band information to decide what encoding scheme is
used. Furthermore, APIs usually assume a default encoding scheme used. Furthermore, APIs usually assume a default encoding scheme
in order to map from octet sequences to strings (for instance, in order to map from octet sequences to strings (for instance,
[XMLHttpRequest] uses the IDL type "ByteString", effectively [XMLHttpRequest] uses the IDL type "ByteString", effectively
resulting in the ISO-8859-1 character encoding scheme [ISO-8859-1] resulting in the ISO-8859-1 character encoding scheme [ISO-8859-1]
being used). being used).
(See Section 5.7 of [HTTP] for a summary of considerations for new (See Section 16.3 of [HTTP] for a summary of considerations for new
fields.) fields.)
This specification addresses the issues listed above by defining both This specification addresses the issues listed above by defining both
a generic JSON-based ([RFC8259]) data model and a concrete wire a generic JSON-based ([RFC8259]) data model and a concrete wire
format that can be used in definitions of new fields, where the goals format that can be used in definitions of new fields, where the goals
were: were:
o to be compatible with field recombination when fields occur o to be compatible with field recombination when field lines occur
multiple times in a single message (Section 5.1 of [HTTP]), and multiple times in a single message (Section 5.3 of [HTTP]), and
o not to use any problematic characters in the field value (non- o not to use any problematic characters in the field value (non-
ASCII characters and certain whitespace characters). ASCII characters and certain whitespace characters).
| *Note:* [HSTRUCT], a work item of the IETF HTTP Working Group, | *Note:* [HSTRUCT], a work item of the IETF HTTP Working Group,
| is a different attempt to address this set of problems - it | is a different attempt to address this set of problems - it
| tries to identify and formalize common field structures in | tries to identify and formalize common field structures in
| existing fields; the syntax defined over there would usually | existing fields; the syntax defined over there would usually
| lead to a more compact notation. | lead to a more compact notation.
2. Data Model and Format 2. Data Model and Format
In HTTP, fields with the same field name can occur multiple times In HTTP, field lines with the same field name can occur multiple
within a single message (Section 5.1 of [HTTP]). When this happens, times within a single message (Section 5.3 of [HTTP]). When this
recipients are allowed to combine the field values using commas as happens, recipients are allowed to combine the field line values
delimiter. This rule matches nicely JSON's array format (Section 5 using commas as delimiter, forming a combined "field value". This
of [RFC8259]). Thus, the basic data model used here is the JSON rule matches nicely JSON's array format (Section 5 of [RFC8259]).
array. Thus, the basic data model used here is the JSON array.
Field definitions that need only a single value can restrict Field definitions that need only a single value can restrict
themselves to arrays of length 1, and are encouraged to define error themselves to arrays of length 1, and are encouraged to define error
handling in case more values are received (such as "first wins", handling in case more values are received (such as "first wins",
"last wins", or "abort with fatal error message"). "last wins", or "abort with fatal error message").
JSON arrays are mapped to field values by creating a sequence of JSON arrays are mapped to field values by creating a sequence of
serialized member elements, separated by commas and optionally serialized member elements, separated by commas and optionally
whitespace. This is equivalent to using the full JSON array format, whitespace. This is equivalent to using the full JSON array format,
while leaving out the "begin-array" ('[') and "end-array" (']') while leaving out the "begin-array" ('[') and "end-array" (']')
skipping to change at page 4, line 51 skipping to change at page 4, line 51
HTTP field values - that is, not in the "VCHAR" definition - need to HTTP field values - that is, not in the "VCHAR" definition - need to
be represented using JSON's "backslash" escaping mechanism be represented using JSON's "backslash" escaping mechanism
([RFC8259], Section 7). ([RFC8259], Section 7).
The control characters CR, LF, and HTAB do not appear inside JSON The control characters CR, LF, and HTAB do not appear inside JSON
strings, but can be used outside (line breaks, indentation etc.). strings, but can be used outside (line breaks, indentation etc.).
These characters need to be either stripped or replaced by space These characters need to be either stripped or replaced by space
characters (ABNF "SP"). characters (ABNF "SP").
Formally, using the HTTP specification's ABNF extensions defined in Formally, using the HTTP specification's ABNF extensions defined in
Section 5.5 of [HTTP]: Section 5.6.1 of [HTTP]:
json-field-value = #json-field-item json-field-value = #json-field-item
json-field-item = JSON-Text json-field-item = JSON-Text
; see [RFC8259], Section 2, ; see [RFC8259], Section 2,
; post-processed so that only VCHAR characters ; post-processed so that only VCHAR characters
; are used ; are used
3. Sender Requirements 3. Sender Requirements
To map a JSON array to an HTTP field value, process each array To map a JSON array to an HTTP field value, process each array
skipping to change at page 5, line 31 skipping to change at page 5, line 31
3. replacing all remaining non-VSPACE characters by the equivalent 3. replacing all remaining non-VSPACE characters by the equivalent
backslash-escape sequence ([RFC8259], Section 7). backslash-escape sequence ([RFC8259], Section 7).
The resulting list of strings is transformed into an HTTP field value The resulting list of strings is transformed into an HTTP field value
by combining them using comma (%x2C) plus optional SP as delimiter, by combining them using comma (%x2C) plus optional SP as delimiter,
and encoding the resulting string into an octet sequence using the and encoding the resulting string into an octet sequence using the
US-ASCII character encoding scheme ([RFC0020]). US-ASCII character encoding scheme ([RFC0020]).
4. Recipient Requirements 4. Recipient Requirements
To map a set of HTTP field instances to a JSON array: To map a set of HTTP field line values to a JSON array:
1. combine all field instances into a single field as per 1. combine all field line values into a single field value as per
Section 5.1 of [HTTP], Section 5.3 of [HTTP],
2. add a leading begin-array ("[") octet and a trailing end-array 2. add a leading begin-array ("[") octet and a trailing end-array
("]") octet, then ("]") octet, then
3. run the resulting octet sequence through a JSON parser. 3. run the resulting octet sequence through a JSON parser.
The result of the parsing operation is either an error (in which case The result of the parsing operation is either an error (in which case
the field values needs to be considered invalid), or a JSON array. the field values needs to be considered invalid), or a JSON array.
5. Using this Format in Field Definitions 5. Using this Format in Field Definitions
Specifications defining new HTTP fields need to take the Specifications defining new HTTP fields need to take the
considerations listed in Section 5.7 of [HTTP] into account. Many of considerations listed in Section 16.3 of [HTTP] into account. Many
these will already be accounted for by using the format defined in of these will already be accounted for by using the format defined in
this specification. this specification.
Readers of HTTP-related specifications frequently expect an ABNF Readers of HTTP-related specifications frequently expect an ABNF
definition of the field value syntax. This is not really needed definition of the field value syntax. This is not really needed
here, as the actual syntax is JSON text, as defined in Section 2 of here, as the actual syntax is JSON text, as defined in Section 2 of
[RFC8259]. [RFC8259].
A very simple way to use this JSON encoding thus is just to cite this A very simple way to use this JSON encoding thus is just to cite this
specification - specifically the "json-field-value" ABNF production specification - specifically the "json-field-value" ABNF production
defined in Section 2 - and otherwise not to talk about the details of defined in Section 2 - and otherwise not to talk about the details of
skipping to change at page 6, line 31 skipping to change at page 6, line 31
how recipients ought to treat unknown field names. In general, a how recipients ought to treat unknown field names. In general, a
"must ignore" approach will allow protocols to evolve without "must ignore" approach will allow protocols to evolve without
versioning or even using entire new field names. versioning or even using entire new field names.
6. Deployment Considerations 6. Deployment Considerations
This JSON-based syntax will only apply to newly introduced fields, This JSON-based syntax will only apply to newly introduced fields,
thus backwards compatibility is not a problem. That being said, it thus backwards compatibility is not a problem. That being said, it
is conceivable that there is existing code that might trip over is conceivable that there is existing code that might trip over
double quotes not being used for HTTP's quoted-string syntax double quotes not being used for HTTP's quoted-string syntax
(Section 5.4.1 of [HTTP]). (Section 5.6.4 of [HTTP]).
7. Interoperability Considerations 7. Interoperability Considerations
The "I-JSON Message Format" specification ([RFC7493]) addresses known The "I-JSON Message Format" specification ([RFC7493]) addresses known
JSON interoperability pain points. This specification borrows from JSON interoperability pain points. This specification borrows from
the requirements made over there: the requirements made over there:
7.1. Encoding and Characters 7.1. Encoding and Characters
This specification requires that field values use only US-ASCII This specification requires that field values use only US-ASCII
skipping to change at page 7, line 23 skipping to change at page 7, line 23
Furthermore, ordering of object members is not significant and can Furthermore, ordering of object members is not significant and can
not be relied upon. not be relied upon.
8. Internationalization Considerations 8. Internationalization Considerations
In current versions of HTTP, field values are represented by octet In current versions of HTTP, field values are represented by octet
sequences, usually used to transmit ASCII characters, with sequences, usually used to transmit ASCII characters, with
restrictions on the use of certain control characters, and no restrictions on the use of certain control characters, and no
associated default character encoding, nor a way to describe it associated default character encoding, nor a way to describe it
([HTTP], Section 5). HTTP/2 does not change this. ([HTTP], Section 5).
This specification maps all characters which can cause problems to This specification maps all characters which can cause problems to
JSON escape sequences, thereby solving the HTTP field JSON escape sequences, thereby solving the HTTP field
internationalization problem. internationalization problem.
Future specifications of HTTP might change to allow non-ASCII Future specifications of HTTP might change to allow non-ASCII
characters natively. In that case, fields using the syntax defined characters natively. In that case, fields using the syntax defined
by this specification would have a simple migration path (by just by this specification would have a simple migration path (by just
stopping to require escaping of non-ASCII characters). stopping to require escaping of non-ASCII characters).
skipping to change at page 8, line 5 skipping to change at page 8, line 5
Other than that, any syntax that makes extensions easy can be used to Other than that, any syntax that makes extensions easy can be used to
smuggle information through field values; however, this concern is smuggle information through field values; however, this concern is
shared with other widely used formats, such as those using parameters shared with other widely used formats, such as those using parameters
in the form of name/value pairs. in the form of name/value pairs.
10. References 10. References
10.1. Normative References 10.1. Normative References
[HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. F. Reschke, [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP Semantics", Work in Progress, Internet-Draft, Ed., "HTTP Semantics", Work in Progress, Internet-Draft,
draft-ietf-httpbis-semantics-11, August 27, 2020, draft-ietf-httpbis-semantics-13, December 14, 2020,
<https://tools.ietf.org/html/draft-ietf-httpbis-semantics- <https://tools.ietf.org/html/draft-ietf-httpbis-semantics-
11>. 13>.
[RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80,
RFC 20, DOI 10.17487/RFC0020, October 1969, RFC 20, DOI 10.17487/RFC0020, October 1969,
<https://www.rfc-editor.org/info/rfc20>. <https://www.rfc-editor.org/info/rfc20>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>. <https://www.rfc-editor.org/info/rfc5234>.
skipping to change at page 12, line 26 skipping to change at page 12, line 26
terminology accordingly. terminology accordingly.
Remove discussion about the relation to KEY (as that spec is dormant: Remove discussion about the relation to KEY (as that spec is dormant:
<https://datatracker.ietf.org/doc/draft-ietf-httpbis-key/>). <https://datatracker.ietf.org/doc/draft-ietf-httpbis-key/>).
Remove appendices "Examples" and "Discussion". Remove appendices "Examples" and "Discussion".
Mark "Use of JSON Field Value Encoding in the Wild" for removal in Mark "Use of JSON Field Value Encoding in the Wild" for removal in
RFC. RFC.
B.16. Since draft-reschke-http-jfv-12
Update HTTP reference and update terminology some more.
Acknowledgements Acknowledgements
Thanks go to the Hypertext Transfer Protocol Working Group Thanks go to the Hypertext Transfer Protocol Working Group
participants. participants.
Author's Address Author's Address
Julian F. Reschke Julian F. Reschke
greenbytes GmbH greenbytes GmbH
Hafenweg 16 Hafenweg 16
 End of changes. 20 change blocks. 
28 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/