The Rise of Regular JSON in Security-Sensitive Applications

For better or worse, depending on your perspective, JSON has become a dominant data format and shows no signs of being replaced any time soon. There are good reasons for that: on the face of it, it…

The text discusses the growing use of JSON in security-sensitive applications, particularly in the context of JSON Web Tokens (JWTs). It introduces the concept of "Regular JSON," which is a restricted subset of JSON defined by the maximum nesting depth. This subset aims to simplify the language and reduce complexity, making it suitable for security-sensitive applications such as JWTs. The text proposes different ranks of Regular JSON, each with specific constraints on the nesting depth of arrays and objects, and suggests that specifying a particular rank of Regular JSON in application designs could benefit implementors.