|
Hi Folks,
Ø
while JSON’s “simplicity is a virtue” approach led to widespread adoption,
Ø
under-specification has led to a proliferation of interoperability problems
Ø
and ambiguities. From a strictly software engineering perspective these
Ø
ambiguities can lead to annoying bugs and reliability problems, but in a
Ø
security context such as
JOSE they can be fodder for attackers to exploit. So it would seem that a standard that is completely specified is a good thing. But completely specifying anything is complex. And lengthy.
Who has time to read (and understand) lengthy, complex specifications? A solution: narrow the focus/scope of the standard. That reigns in its length and complexity. But then multiple standards are needed to accomplish anything. And perhaps those standards are contradictory
and/or overlapping in places. If there was one large specification, we could ensure that inconsistencies and duplications are eliminated. Sigh … many small standards (simple individually, but collectively complex) versus one large, complex standard. I don’t see a winning strategy. Do you? /Roger |