Re: [dispatch] draft-goessner-dispatch-jsonpath-00.txt
Kévin Dunglas <kevin@dunglas.fr> Wed, 15 July 2020 13:35 UTC
Return-Path: <kevin@dunglas.fr>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F37C23A088A for <dispatch@ietfa.amsl.com>; Wed, 15 Jul 2020 06:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dunglas-fr.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id okzkGlD95xPi for <dispatch@ietfa.amsl.com>; Wed, 15 Jul 2020 06:35:19 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 823913A0888 for <dispatch@ietf.org>; Wed, 15 Jul 2020 06:35:19 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id e64so2188881iof.12 for <dispatch@ietf.org>; Wed, 15 Jul 2020 06:35:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dunglas-fr.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MUm7PB1iWyUOlop2AlYT9CyXVNRI3I6Ep75Vf1LA23E=; b=G03VgvRFAyGJjq+YJNIuzMfScETlTUAlmjZQECo40/3kHMiLbpqPZ4pGGK7XPN5Nm4 REIRnjjuLsDWmZWCCjKoVaThFjfhQFLPUBaOo+MW2DRt2rf20AbiP14Slz/EnJpHupp/ yyViROKpSC47RPZ9ufjqKT149ml7PotjX8K29OQ/XlJhbHTyul5QCEIquXiikodXlkof vkN4sXQmf/t206pZpAfWYUFInXgGLbjRH5lmfKiYdVZ7R2rqzPKJrTDrawndsKNZ3eT3 XCBN+Fs+cQqv4ebBTgfGSvSCF4IJ8S5ktf0YtiTC7BjE39NZRdsOV9Xbey6lCPwGc1hP GT9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MUm7PB1iWyUOlop2AlYT9CyXVNRI3I6Ep75Vf1LA23E=; b=mvqRD5H95++49MMos/6b8ir/wWb81b5MygxOQ50e29VtQQ2PCl7he8ZWosnfjCwfKS rNYyuiAnNS5YNg2OZB1fGIlWCSyXUpeIjfcAyZPx23xp0eEoqL6y83wEgRScAhBC5kvf fP6W6YHHdQeT0wgvkR05aP3Vyg5rHqkkhyeiQH0M1NHr7WUALnMy65C5VaNKdPsNOmuT +fXJW3mCYlDdf1dw8PIAbrPFkOkY+u6s93DLP0FYjLxg9KqOcEaG4AWRCO3olUr8GPm1 NGu9er5LFkIq2rd31aUrCR0sN3R05EMPpEfGTYWOxW7dvIQ/xDvh0RAuWDuwl7gX1g/r gqUg==
X-Gm-Message-State: AOAM531TJXXZ2El5yDMfFNipwEEB9keO8uGlB0rD23K3QydQaPMTHA7e rE2qb+JlsFEV/rMJ0XwMRglceF1/iMDSNl9/J9FojQ==
X-Google-Smtp-Source: ABdhPJw3zhTK/gJdBCCQgykPWtp8ghRkFHLWFfQjwP4x3mM13P/f4masBWp4+GzX5eLddTx/bZHxIRZgVlgS+O0RY/Y=
X-Received: by 2002:a6b:7210:: with SMTP id n16mr10170654ioc.177.1594820118604; Wed, 15 Jul 2020 06:35:18 -0700 (PDT)
MIME-Version: 1.0
References: <159467093010.19477.7181341398452455173@ietfa.amsl.com> <77B617C1-2148-4AE6-8428-DAD43D01FBC5@tzi.org> <d2ab505d-bc99-482d-a8e5-694f67ce932b@www.fastmail.com> <1C9B201D-7DB6-4A8D-8750-475981DB5863@brianrosen.net>
In-Reply-To: <1C9B201D-7DB6-4A8D-8750-475981DB5863@brianrosen.net>
From: Kévin Dunglas <kevin@dunglas.fr>
Date: Wed, 15 Jul 2020 15:35:07 +0200
Message-ID: <CADU7aovozOiayeDV8PVduAZQsoBuZYbPxOSFpxU2S0JvyhcgVg@mail.gmail.com>
To: Brian Rosen <br@brianrosen.net>
Cc: Martin Thomson <mt@lowentropy.net>, dispatch@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a684aa05aa7afe46"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/4aLQxo-JNsde4-N0--KWWm3ldb4>
Subject: Re: [dispatch] draft-goessner-dispatch-jsonpath-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 15:14:25 -0000
Hi, In the Vulcain Internet-Draft we also have the need to select multiple values. To do so I proposed a very simple extension to JSON Pointer (by adding a new token: `*`): https://tools.ietf.org/html/draft-dunglas-vulcain-00#section-4.1 The Vulcain draft also allows the negotiation of the selector format to use. This feature has been added to support more document formats (such as XML using XPath), but also to allow the use of JSONPath which is indeed popular and more powerful. However we have voluntarily decided to not recommend JSONPath and to not implement it in the reference implementation because of the security considerations already pointed out by Martin and because it would allow (as GraphQL) a bad client to run easily very complex queries (which may be a DOS/DDOS attack vector). Kévin, Le mer. 15 juil. 2020 à 14:38, Brian Rosen <br@brianrosen.net> a écrit : > I haven’t seen json pointer in the wild, pretty much ever. I’ve seen A > LOT of jsonpath. > But I’m not exactly doing mainstream interfaces. > > Brian > > > On Jul 15, 2020, at 5:40 AM, Martin Thomson <mt@lowentropy.net> wrote: > > > > I see three major differences here from JSON pointer: > > > > 1. this selects multiple values in the same way that XPath does, so this > includes // and * and other such things > > 2. predicates (the execution of script is a major concern and really > begs for a security model), which is largely a consequence of having > multiple values but not strictly > > 3. syntax > > > > Of these, the syntax difference seems gratuitous. JSON pointer isn't > exactly awesome~1but it has fewer variants and it isn't inclined toward > implementation by eval(), which is an anti-feature. > > > > Personally, I would much rather see a new JSON pointer developed, which > would be evolutionary rather than revolutionary; more version 2 than > competition. It would be relatively simple to add multi-value and relative > evaluation to JSON pointer if those are the key use cases. That said, I > don't have a lot of insight into what the implementation landscape is. If > JSON pointer is moribund, then we might want to acknowledge that. My sense > is that it has some relatively wide support, including modifications for > relative references ( > https://json-schema.org/draft/2019-09/relative-json-pointer.html). > > > > Predicates are where this gets tricky, but I would suggest that you need > to decide the question of whether they are included from the outset. > Personally, these seem like they could be a big risk and I would defer > their addition if not cut them out, but I don't know what sort of use cases > are driving this. > > > > This seems big enough to be a working group (particularly if you put the > predicate stuff in scope). > > > > > > On Tue, Jul 14, 2020, at 15:14, Carsten Bormann wrote: > >> (Reply-To set to dispatch@ietf.org) > >> > >> I would like to initiate discussion for > draft-goessner-dispatch-jsonpath: > >> > >> https://www.ietf.org/id/draft-goessner-dispatch-jsonpath-00.html > >> > >> It says: > >> > >>> This document picks up the popular JSONPath specification dated > >>> 2007-02-21 and provides a more normative definition for it. > >>> It is intended as a submission to the IETF DISPATCH WG, in order to > >>> find the right way to complete standardization of this specification. > >>> In its current state, it is a strawman document showing what needs to > >>> be covered. > >> > >> (For some reason the abstract landed in the Contributing note; typical > >> Internet-Draft deadline day botch.) > >> > >> This is a widely implemented specification that has been around for > >> more than a decade; now may be a good opportunity to finally go ahead > >> and turn it into a proper Internet standards document. The immediate > >> cause for writing this up now is that some IoT discovery work (some of > >> which happens in W3C) can make good use of JSONPath. Clearly, we > >> already have JSON Pointer (RFC 6901) for a more limited set of > >> applications; the specification would do good in defining how these two > >> fit together. > >> > >> There is no active WG that immediately fits this work. > >> > >> Eventually CDDL may pick JSONPath up in the form of a predicate > >> operator; this might make the CBOR WG the right group (which probably > >> would then go ahead and write up another specification that makes > >> JSONPath useful for querying CBOR instances that go beyond the JSON > >> generic data model). > >> > >> Reopening the JSON WG may be another approach, as may be creating a > >> short-lived targeted WG. > >> > >> Please discuss! > >> > >> Grüße, Carsten > >> > >> > >> > >>> Begin forwarded message: > >>> > >>> From: internet-drafts@ietf.org > >>> Subject: New Version Notification for > draft-goessner-dispatch-jsonpath-00.txt > >>> Date: 2020-07-13 at 22:08:50 CEST > >>> To: "Stefan Gössner" <stefan.goessner@fh-dortmund.de>, "Stefan > Gossner" <stefan.goessner@fh-dortmund.de>, "Carsten Bormann" <cabo@tzi.org > > > >>> > >>> > >>> A new version of I-D, draft-goessner-dispatch-jsonpath-00.txt > >>> has been successfully submitted by Carsten Bormann and posted to the > >>> IETF repository. > >>> > >>> Name: draft-goessner-dispatch-jsonpath > >>> Revision: 00 > >>> Title: JSONPath -- XPath for JSON > >>> Document date: 2020-07-12 > >>> Group: Individual Submission > >>> Pages: 14 > >>> URL: > https://www.ietf.org/internet-drafts/draft-goessner-dispatch-jsonpath-00.txt > >>> Status: > https://datatracker.ietf.org/doc/draft-goessner-dispatch-jsonpath/ > >>> Htmlized: > https://tools.ietf.org/html/draft-goessner-dispatch-jsonpath-00 > >>> Htmlized: > https://datatracker.ietf.org/doc/html/draft-goessner-dispatch-jsonpath > >>> > >>> > >>> Abstract: > >>> insert abstract here > >>> > >>> > >>> > >>> > >>> Please note that it may take a couple of minutes from the time of > submission > >>> until the htmlized version and diff are available at tools.ietf.org. > >>> > >>> The IETF Secretariat > >>> > >>> > >> > >> _______________________________________________ > >> dispatch mailing list > >> dispatch@ietf.org > >> https://www.ietf.org/mailman/listinfo/dispatch > >> > > > > _______________________________________________ > > dispatch mailing list > > dispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/dispatch > > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch >
- [dispatch] draft-goessner-dispatch-jsonpath-00.txt Carsten Bormann
- Re: [dispatch] [Json] draft-goessner-dispatch-jso… Tim Bray
- Re: [dispatch] [Json] draft-goessner-dispatch-jso… Mario Loffredo
- Re: [dispatch] [Json] draft-goessner-dispatch-jso… Brian Rosen
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Martin Thomson
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Brian Rosen
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Kévin Dunglas
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Carsten Bormann
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Brian Rosen
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Glyn Normington
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Davide Bettio
- Re: [dispatch] draft-goessner-dispatch-jsonpath-0… Carsten Bormann
- Re: [dispatch] [Jsonpath] draft-goessner-dispatch… Murray S. Kucherawy
- Re: [dispatch] [Jsonpath] draft-goessner-dispatch… Mark Nottingham
- Re: [dispatch] [Jsonpath] draft-goessner-dispatch… Murray S. Kucherawy
- Re: [dispatch] [Jsonpath] draft-goessner-dispatch… Mark Nottingham
- Re: [dispatch] [Jsonpath] draft-goessner-dispatch… Tim Bray
- Re: [dispatch] [Jsonpath] draft-goessner-dispatch… Murray S. Kucherawy