|
From Tony Arcieri: JSON is a bit of a mess. You may have seen
Parsing JSON is a Minefield recently, which did a fantastic job of illustrating that while JSON’s “simplicity is a virtue” approach led to widespread adoption, under-specification has led to a proliferation of
interoperability problems and ambiguities. From a strictly software engineering perspective these ambiguities can lead to annoying bugs and reliability problems, but in a security context such as
JOSE they can be fodder for attackers to exploit. It really feels like JSON could use a well-defined “strict mode”. Introducing TJSON, a stricter, typed form of JSON TJSON is syntax-compatible with JSON, but adds mandatory type annotations. Its primary intended use is in cryptographic authentication contexts, particularly ones where JSON is used as a human-friendly alternative
representation of data in a system which otherwise works natively in a binary format. https://tonyarcieri.com/introducing-tjson-a-stricter-typed-form-of-json
|