Joined August 2018
- Tweets 261
- Following 2
- Followers 193
- Likes 0
8 Photos and videos
22 May 2020
"To address this, this memo defines a path prefix in HTTP(S) URIs for these "well-known locations", "/.well-known/"."
In tools.ietf.org/html/rfc5785
(2/2)
22 May 2020
"It is increasingly common for Web-based protocols to require the discovery of policy or other information about a host ("site-wide metadata") before making a request."
(1/2)
21 May 2020
"The immutable HTTP response Cache-Control extension allows servers to identify resources that will not be updated during their freshness lifetime. This ensures that a client never needs to revalidate a cached fresh resource (...)"
In tools.ietf.org/html/rfc8246
8 May 2020
"The Link header field provides a means for serialising one or more links into HTTP headers."
In tools.ietf.org/html/rfc8288#…
7 May 2020
Early hints example from tools.ietf.org/html/rfc8297
HTTP/1.1 103 Early Hints
Link: </style.css>; rel=preload; as=style
Link: </script.js>; rel=preload; as=script
HTTP/1.1 200 OK
Date: Fri, 26 May 2017 10:02:11 GMT
(...)
2
2
6 May 2020
"This memo introduces an informational HTTP status code that can be used to convey hints that help a client make preparations for processing the final response."
In tools.ietf.org/html/rfc8297
1
5 May 2020
"acr - Authentication Context Class Reference - String specifying an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied"
In openid.net/specs/openid-conn…
4 May 2020
"azp - Authorized Party - the party to which the ID Token was issued. (...) This Claim is only needed when the ID Token has a single audience value and that audience is different than the authorized party"
In openid.net/specs/openid-conn…
1 May 2020
"The "aud" (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim."
In tools.ietf.org/html/rfc7519#…
1
30 Apr 2020
"The "sub" (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject."
in tools.ietf.org/html/rfc7519#…
29 Apr 2020
"The "iss" (issuer) claim identifies the principal that issued the JWT."
In tools.ietf.org/html/rfc7519#…
HTTP APIs retweeted
26 Oct 2018
"What makes HTTP significantly different from RPC is that the requests are directed to resources using a generic interface with standard semantics that can be interpreted by intermediaries (..) "
In "HTTP is not RPC" by @fielding ics.uci.edu/~fielding/pubs/d…
4
2
2 Mar 2020
"The Web is based on numerous standards that together make up the surface of the Web: By knowing and supporting those standards, problems can be solved in well-known ways."
By @dret, in dret.net/netdret/docs/wilde-…
3
3
28 Feb 2020
"If the same issuer can issue JWTs that are intended for use by more than one relying party or application, the JWT MUST contain an "aud" (audience) claim that can be used to determine whether the JWT is being used by an intended party (...)"
In rfc-editor.org/rfc/rfc8725.h…
1
27 Feb 2020
"Sometimes, one kind of JWT can be confused for another. If a particular kind of JWT is subject to such confusion, that JWT can include an explicit JWT type value, and the validation rules can specify checking the type."
In rfc-editor.org/rfc/rfc8725.h…
2
26 Feb 2020
"JSON Web Tokens (...) are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted.This (...) document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs."
In rfc-editor.org/rfc/rfc8725.h…
1
25 Feb 2020
"The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained"
In "OAuth 2.0 Device Authorization Grant" tools.ietf.org/html/rfc8628
1