Canonicalization of valid-ish tokens 

There are/can be scenarios where there are UCAN tokens that are *almost* valid (*validish*), and can be reasonably interpreted as such. Canonicalization of these tokens (`x = serialize(deserialize(x))`)  is at odds with encoding valid tokens and being lenient in what we parse.

Examples of validish tokens:
* An unexpected field, either irrelevant or from a different implementation or spec/version flux
* An empty value for an optional field `"prf": []` (which "MUST be omitted")
* UCAN with missing `exp`, re-encoded as `"exp": null` (https://github.com/ucan-wg/rs-ucan/pull/95 currently will trigger this scenario if given a validish token without extra handling)
* Capabilities/proofs reordered to a canonicalized order (not in spec currently, but https://github.com/ucan-wg/canonicalization/pull/2 and [JSON Canonicalization ordering](https://www.rfc-editor.org/rfc/rfc8785#section-3.2.3) could be in play)

Some options forward:

1) Strictly reject validish tokens.
2) Allow validish tokens. Retain canonicalization and encode validish tokens.
3) Allow validish tokens. Encode as valid tokens, break canonicalization.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Canonicalization of valid-ish tokens #100

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Canonicalization of valid-ish tokens #100

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions