Internet Engineering Task Force (IETF) T. Bray, Ed.
Request for Comments: 7493 Textuality Services
Category: Standards Track March 2015
The I-JSON Message Format
I-JSON (short for "Internet JSON") is a restricted profile of JSON
designed to maximize interoperability and increase confidence that
software can process it successfully with predictable results.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
2. I-JSON Messages
An I-JSON message is a JSON text, as defined by RFC 7159.
2.1. Encoding and Characters
I-JSON messages MUST be encoded using UTF-8 [RFC3629].
Object member names, and string values in arrays and object members,
MUST NOT include code points that identify Surrogates or
Noncharacters as defined by [UNICODE].
This applies both to characters encoded directly in UTF-8 and to
those which are escaped; thus, "\uDEAD" is invalid because it is an
unpaired surrogate, while "\uD800\uDEAD" would be legal.
Software that implements IEEE 754-2008 binary64 (double precision)
numbers [IEEE754] is generally available and widely used.
Implementations that generate I-JSON messages cannot assume that
receiving implementations can process numeric values with greater
magnitude or precision than provided by those numbers. I-JSON
messages SHOULD NOT include numbers that express greater magnitude or
precision than an IEEE 754 double precision number provides, for
example, 1E400 or 3.141592653589793238462643383279.
An I-JSON sender cannot expect a receiver to treat an integer whose
absolute value is greater than 9007199254740991 (i.e., that is
outside the range [-(2**53)+1, (2**53)-1]) as an exact value.
For applications that require the exact interchange of numbers with
greater magnitude or precision, it is RECOMMENDED to encode them in
JSON string values. This requires that the receiving program
understand the intended semantic of the value. An example would be
64-bit integers, even though modern hardware can deal with them,
2.3. Object Constraints
Objects in I-JSON messages MUST NOT have members with duplicate
names. In this context, "duplicate" means that the names, after
processing any escaped characters, are identical sequences of Unicode
The order of object members in an I-JSON message does not change the
meaning of an I-JSON message. A receiving implementation MAY treat
two I-JSON messages as equivalent if they differ only in the order of
the object members.
3. Software Behavior
A major advantage of using I-JSON is that receivers can avoid
ambiguous semantics in the JSON messages they receive. This allows
receivers to reject or otherwise disregard messages that do not
conform to the requirements in this document for I-JSON messages.
Protocols that use I-JSON messages can be written so that receiving
implementations are required to reject (or, as in the case of
security protocols, not trust) messages that do not satisfy the
constraints of I-JSON.
Designers of protocols that use I-JSON messages SHOULD provide a way,
in this case, for the receiver of the erroneous data to signal the
problem to the sender.
4. Recommendations for Protocol Design
I-JSON is designed for use in Internet protocols. The following
recommendations apply to the use of I-JSON in such protocols.
4.1. Top-Level Constructs
An I-JSON message can be any JSON value. However, there are software
implementations, coded to the older specification [RFC4627], which
only accept JSON objects or JSON arrays at the top level of JSON
texts. For maximum interoperability with such implementations,
protocol designers SHOULD NOT use top-level JSON texts that are
neither objects nor arrays.
4.2. Must-Ignore Policy
It is frequently the case that changes to protocols are required
after they have been put in production. Protocols that allow the
introduction of new protocol elements in a way that does not disrupt
the operation of existing software have proven advantageous in
This can be referred to as a "Must-Ignore" policy, meaning that when
an implementation encounters a protocol element that it does not
recognize, it should treat the rest of the protocol transaction as if
the new element simply did not appear, and in particular, the
implementation MUST NOT treat this as an error condition. The
converse "Must-Understand" policy does not tolerate the introduction
of new protocol elements, and while this has proven necessary in
certain protocol designs, in general it has been found to be overly
restrictive and brittle.
A good way to support the use of Must-Ignore in I-JSON protocol
designs is to require that top-level protocol elements must be JSON
objects, and to specify that members whose names are unrecognized
MUST be ignored.
4.3. Time and Date Handling
Protocols often contain data items that are designed to contain
timestamps or time durations. It is RECOMMENDED that all such data
items be expressed as string values in ISO 8601 format, as specified
in [RFC3339], with the additional restrictions that uppercase rather
than lowercase letters be used, that the timezone be included not
defaulted, and that optional trailing seconds be included even when
their value is "00". It is also RECOMMENDED that all data items
containing time durations conform to the "duration" production in
Appendix A of RFC 3339, with the same additional restrictions.
4.4. Binary Data
When it is required that an I-JSON protocol element contain arbitrary
binary data, it is RECOMMENDED that this data be encoded in a string
value in base64url; see Section 5 of [RFC4648].
5. Security Considerations
All the security considerations that apply to JSON (see RFC 7159)
apply to I-JSON. There are no additional security considerations
specific to I-JSON.
Since I-JSON forbids the use of certain JSON idioms that can lead to
unpredictable behavior in receiving software, it may prove a more
secure basis for Internet protocols and may be a good choice for
protocol designers with special security needs.
6. Normative References
[IEEE754] IEEE, "IEEE Standard for Floating-Point Arithmetic", IEEE
754-2008, 2008, <http://grouper.ieee.org/groups/754/>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997,