Stream: smart/health-cards
Topic: JWS Zip Header
Richard Braman (FLY.HEALTH) (Apr 27 2021 at 01:38):
I noticed while reading the JWS spec that any headers outside the standard must be registered in order to avoid collisions. Has the "zip" header been registered?
Josh Mandel (Apr 27 2021 at 02:38):
Just to be clear, the JWS spec explicitly allows for private headers (https://tools.ietf.org/html/rfc7515#section-4.3) --- but in our case we're leveraging a zip parameter that's already defined in the public "JSON Web Signature and Encryption Header Parameters" registry at https://www.iana.org/assignments/jose/jose.xhtml (we could perhaps apply to have "JWS" included in the usage location, but in any event there seems to be no real risk of a name collision given that this parameter is present in the registry already for "JWE".)
Last updated: Apr 12 2022 at 19:14 UTC
