JWS 6 Flashcards
Describe “typ” Header Parameter.
The “typ” (type) Header Parameter is used by JWS applications to declare the media type [IANA.MediaTypes] of this complete JWS (not just JWS Payload).
This is intended for use by the application when more than one kind of object could be present in an application data structure that can contain a JWS; the application can use this value to disambiguate among the different kinds of objects that might be present. It will typically not be used by applications when the kind of object is already known. This parameter is ignored by JWS implementations; any processing of this parameter is performed by the JWS application.
Use of this Header Parameter is OPTIONAL.
The “typ” value “JOSE+JSON” can be used by applications to indicate that this object is a JWS or JWE using the JWS JSON Serialization or the JWE JSON Serialization. Other type values can also be used by applications.
Describe “cty” Header Parameter.
The “cty” (content type) Header Parameter is used by JWS applications to declare the media type [IANA.MediaTypes] of the secured content (the payload).
This is intended for use by the application when more than one kind of object could be present in the JWS Payload; the application can use this value to disambiguate among the different kinds of objects that might be present. It will typically not be used by applications when the kind of object is already known. This parameter is ignored by JWS implementations; any processing of this parameter is performed by the JWS application.
Use of this Header Parameter is OPTIONAL.
Describe the particularity of JWS media types. What is the trick to making media type more compact?
Per RFC 2045, all media type values, subtype values, and parameter names are case insensitive. However, parameter values of JWS are case sensitive unless otherwise specified for the specific parameter.
To keep messages compact in common situations, it is RECOMMENDED that producers omit an “application/” prefix of a media type value when no other ‘/’ appears in the media type value.
A recipient using the media type value MUST treat it as if “application/” were prepended to any value not containing a ‘/’.
For instance, a “cty” or “typ” value of “example” SHOULD be used to represent the “application/example” media type, whereas the media type “application/example;part=”1/2”” cannot be shortened to “example;part=”1/2””.
Describe “crit” Header Parameter.
The “crit” (critical) Header Parameter indicates that extensions to this specification and/or JWA are being used that MUST be understood and processed.
Its value is an array listing the Header Parameter names present in the JOSE Header that use those extensions. If any of the listed extension Header Parameters are not understood and supported by the recipient, then the JWS is invalid.
Producers MUST NOT include in the “crit” list:
- Header Parameter names defined by this specification or JWA for use with JWS
- duplicate names
- names that do not occur as Header Parameter names within the JOSE Header
Producers MUST NOT use the empty list “[]” as the “crit” value.
Recipients MAY consider the JWS to be invalid if the constraints above are violated.
When used, this Header Parameter MUST be integrity protected; therefore, it MUST occur only within the JWS Protected Header.
Use of this Header Parameter is OPTIONAL. This Header Parameter MUST be understood and processed by implementations.
