Re: [httpapi] OpenAPI media type
Henry Andrews <andrews_henry@yahoo.com> Fri, 14 July 2023 16:18 UTC
Return-Path: <andrews_henry@yahoo.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51FBBC14CE36 for <httpapi@ietfa.amsl.com>; Fri, 14 Jul 2023 09:18:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KdXQ2_G_YA5 for <httpapi@ietfa.amsl.com>; Fri, 14 Jul 2023 09:18:14 -0700 (PDT)
Received: from sonic321-26.consmr.mail.bf2.yahoo.com (sonic321-26.consmr.mail.bf2.yahoo.com [74.6.133.81]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 937FAC14CF1F for <httpapi@ietf.org>; Fri, 14 Jul 2023 09:18:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1689351493; bh=fnikls4yIlMWm1gzfRy1PolCQU9k9HPTKrVCzWkaZGg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=mJqhperJEgTHb2VvvJgBEA9ktLlgGw0X52eG8WkB6qJarw6q99f+GJgnErT5Tq2E4GKidt2QV5XAGyGhNheI6Wl2YTdAGuZkS618Um1zxRy1ljwcl6KDd50khaoWV2CqEqEnebE03WqurUStcexFBKAl8Bqzr18e5sloRQ/8Y6QtmCWbFfDO3wDkjOdqVubk7P5XypR0da8feisSN9AVkP+9t3g+o+As9RIQG4ZiZr1KZFM0MeQ5eEgJDYk3Hyi9OcVEH0rWflhojrclKEhHUq5rZtSNM0TEjyWEInZGn29/T6h9yjXI3muq3xBSt0Ns5d6CmEiiDtRXZ0IphkIILA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1689351493; bh=V2C6+njZKVUbc17Is3HEVWUNND+GtU3XxfKdwvXIQOZ=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=N1QhxkvKKezhT+CHvfJXtApw9ASWxyTr0Epiay1pot2fWFVP5l/U7mmlllqilTaBDCnzX1iQGPESAHGMJG0is7tJ2x++TmN59Y4YPfxWN4FrcdzCdkUxZqL8/c5ZaDKA3/h5Cm3C+WU0cqEm3J3MGs6hqgNLB+HJsHHz6kmYi24kSXDZWvqNK4tkuZKT2BEGga7ExVHwjg5WwZzY/5lSBNuPwdcvhKn9PAcF17OhZhp1PIKbdW5WTp8TbEDcgB/GXVYHpJCzqBxhywqV5jNsk2kMpa7fki7MSGttP9yHl27/+sX1CwbGHquWzf1pRhuJ2nZbn6FbR1mhrtg94XEkJQ==
X-YMail-OSG: 7fRu4AgVM1mnbvoq2r4BAt7nTd4UBB58UN2xfKul3Z2ziwboEgUrUNrW0tyyTsE zLkFsB8EecUq4TWGm0ZkceGhO6LFxbRmcZbQKAGwZxsOX.n6i7_X_vhZ2wzgyrIIW8G6xCMem9SL KQT2Df1VKFZSvlsYsp6.urSjB0rywp.7uXwcLSfcyUEhifRTMyPt3VorVeiS2043WF_4WAN9xDrV P9dWbzH5n_0ohR19hrg2JEXckQDYkPpG7J_S4Coj11W.2s8j_Dyp6VxSumpf8GvYbbKwgk7IT5AP y7qdAwr6IxHThrvujrCxXa6LTs_O4cM5zUQ9bx9rH6j_9wVfKZdwo0TW_p1Mjnmtp0iLRnmgMWUl 3FQ_yLtydhSdJqdFfYeIxZfXqb6x7j6IUAdaqYOpVsLoUaBXy0Rk1mqu9_Wkm4r1iKYDuZh6yB5J daYpZizQpoB_aTDJUUVUe9rcKT1s.GSXgSfc8V_DuLqiyBcw0XrGhZtfwUwmqo8khMZLLQaRRgmy p2R0YYYgZ9Uns9TprsfukJB2rDhq8nusw70_eBV7_KOHN2fGYZtQShKtBgLz9gdmYBbHQK0AJzmF O_jIy58nlgYaR.33glZ1EmsUxYsH662GPUIH5wD6S7aWNAQooQaQz27psOKtQ.2aO29DsAvc.YdP whqSDvkcJSlfGqryhlK6vebfWkxbT1FvZmUC7VjhPS43IEtoWzleGKmfDFOadKCns35FRXMcG0QD m27YfxM_b9gM7hyI__wMfOjIB8OigH9w5nhe6RwIYWlLNSsWIjzsFg6NCsj6GcGw5Kt7zyK4iub2 ba_FGfVxXKc_xBPyuMKrgS8ZogfwkoKjNsvTQ2S_DxMCluR4g74qfQE9ZRGB9_UCKZG2JpS12wDm QFiF3AzR5PKnv0.b_ay1INexpw1K0M6SD1t4._BA1bBeConPL4VHft33pfmv8nq70e.ltZ.jMpP4 dwVL1gMIbyOisQL.7CTYMnK8n3h1uowF9wC03wPIY0etg9Hwd8QXoiy7rMHvrms3vBXOjSYkxiNC pFpwj2maDiGDkMnPlazJJuJr3egovjzyJyaaL47r5nI2O7Mfj.1gnVSv8u1zO5P53fFy.aa4FUpE Z3nLhwkLfsQTjvmVTBxI.HtBSdAZEfe2Wx7o9LESNaFt0o0utuS7avX4EblvcMUPWtkolDencIJE i5iu0Sjys36WAmB3TR4M.KWFLQia1nMjI9KcLsICzxOfG2opcfP59OOCn3RZfKDJpwgs3h3k48I3 yeCEozXGReJKXFj7WcW0fDXMgnQezxtCcR2uFPu2Qov7yD10zcS.T4am718sMOjed2UdCpVSgwIB TxV6eLBlDnu1Ma2Y7SBjpRLFFAGCZixLFO.qjfXmXpljBkh0i8ZYm_LFf7saRkllymLwTP.NB_MZ G23hUPypYTAgmLkVuB_dZSjCA6_CImw0vjQtc9kdjqYPR9N75pbxl2VJWX2qO_ooHwI_dUD09RCi 28knnJxFK2TU8EjjtAh5eb3xdS373vG68wfbumwPrxl4cz4e.peaFPyrha4Ji1_DBiSPGQzBM34G tY_1147quQ.Vba1c71MbYTAcY.1k09qtGlIRCTfwA4X6v9Y.3x.rY7X3pjbe.hbvUDO_NcrrYOC5 aF_sjio5BWg2HXNfno1xRE29xZEJWS_eiqxNS55MF7cIgr0ptYRDLEdOd3XZGSIovApWAfE_8hos gIQvr.vstM4oP8g5Ot1_1DJTuoG5FVum51zW8musDMajCg7Hl8eEn4u1ULYcBk9OT.z74fjdPMkO B5WJU40ehOAuuWw09CCt6_pGgeR_mCgozKPjGlzAqXNZqEHfAiBWfzpGH4SkSEwsAP6Sw9olf9Y4 x3tw_zkwdVBZPEskGcaOmyHqSYndAdRg5U9MKj1hapCLzpMdCEEqMpkatNHC7CGv29tOx4s0ZU7O Ge5w3R_TOkWP8Fnw2hOmQ_x89yMe1ihXmN9RgXMzmvchj8TobZNeG_wtcQkLmMWsY9fJDlF0nkZW 5Xs9jYXNnXY2_krtlrlQCm_1zveqThIAEhlb_NXgA24Hp_e5x25quQzk5ebVt2YSeVUIuYGWJxau fWhb9IuPLkGWavvHVgLH_yibTGcaal_vLXlVEIQKr.0Lhr6R_CAyl6VdDn7FQYHZ4_frbuP8LxIl Wave2dbg5BWh5mA.RPq6gx9ms8Nc3T8Gnho.C7l9bHFIZ29f2xyfvaLCu8xWXfkyL0JeWEWPAoNl VKdA_.nX_6d0Gi9zYAivtgMfx_EvASd1ea8WPnZmH2e__U3PKeeT.Qt3DImK7IvJmW4uvmRBkySk LF96iMsWJT7o8aF_uwhosy3SJfQ75AEX.oBE1e5xxjA--
X-Sonic-MF: <andrews_henry@yahoo.com>
X-Sonic-ID: 69c78ec2-00fc-4153-aaf4-2b9206c085d9
Received: from sonic.gate.mail.ne1.yahoo.com by sonic321.consmr.mail.bf2.yahoo.com with HTTP; Fri, 14 Jul 2023 16:18:13 +0000
Date: Fri, 14 Jul 2023 16:18:09 +0000
From: Henry Andrews <andrews_henry@yahoo.com>
Reply-To: Henry Andrews <andrews_henry@yahoo.com>
To: Darrel Miller <darrel@tavis.ca>, Roberto Polli <robipolli@gmail.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "httpapi@ietf.org" <httpapi@ietf.org>
Message-ID: <1269883769.190438.1689351489181@mail.yahoo.com>
In-Reply-To: <CAP9qbHWS7+zMc9XkjnduDoR6FBAXgLqw0dMWdraW2t66=Kk0ZQ@mail.gmail.com>
References: <DM6PR01MB59649684F8CC6F6432D6990EA334A@DM6PR01MB5964.prod.exchangelabs.com> <CAP9qbHWS7+zMc9XkjnduDoR6FBAXgLqw0dMWdraW2t66=Kk0ZQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_190437_1190656639.1689351489179"
X-Mailer: WebService/1.1.21647 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/ZFFYDCQTFVdApLtR4wuFWspbkJU>
Subject: Re: [httpapi] OpenAPI media type
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2023 16:18:17 -0000
I would think that as long as the OpenAPI media type describes the "handoff" to the schema format (whether that is OAS 3.0's modified JSON Schema, or OAS 3.1's fully compatible usage), that should be sufficient for the full stack to be interoperable if/when a JSON Schema media type is registered.
I think there are basically two aspects of the hand-off:
Status of embedded schema objects:
Deciding whether Schema Objects are simply part of the OAS content or are their own resources embedded in the OAS resource, with the base URI determined according to RFC 3986 section 5.1.2 "Base URI from the Encapsulating Entity"; using the 5.1.2 approach provides a clear hand-off to the "initial base URI" section of the JSON Schema spec, and avoids requiring OAS 3.1 and later to get specific about things like the "$id" keyword.
Meta-schema determination:
Ensuring that in OAS 3.1+, the mechanism for determining the meta-schema in the absence of "$schema" (for an embedded schema object) or the absence of both "$schema" and other mechanisms such as media type parameters (for a separate schema resource) is clear. I think there is currently an ambiguity around external schema resources with no meta-schema information. When such resources are reached from an OAS reference.
Regular JSON Schema usage does not have a standards-based overarching context such as OAS that sets a default meta-schema from outside of JSON Schema itself, although IIRC nothing in the spec prevents an enclosing spec from doing so. But the order of precedence needs to be clear (with JSON Schema's mechanisms overriding the OAS mechanisms when both are present) . I think it would make sense for the OAS 3.1+ default meta-schema control to apply to resources reached from OAS references, in the absence of JSON Schema's own meta-schema determination mechanisms (which can be left vague and deferred to future standardization).
There is also the scenario where the OAS 3.1-compliant document has a default meta-schema (either set explicitly, or the default-default), an embedded schema object uses "$id" + "$schema" to change the meta-schema for that object, and then a "$ref" points to an external schema resource without any "$schema" or media type parameters. To summarize with an example:
* the OAS 3.1 document does not override the default metaschema* the embedded schema object has something like "$schema": "https://example.com/my/custom/metaschema" (alongside an "$id" as "$schema" is ignored otherwise)* the embedded object references "$ref": "https://example.com/some/other/schema/document" which does not have a "$schema", and does not come with a media type parameter (if a media type is available at all)
Should /some/other/schema/document be interpreted according to /my/custom/metaschema or the OAS 3.1 default? What if /some/other/schema/document is refrenced from two locations, which would imply different meta-schemas if the meta-schema of the referencing schema is assumed? Is that an error? Would it be better to always use the OAS 3.1-determined default to keep things consistent?
Alternative schemas:
As the topic of alternative schema options within OAS has come up from time to time, and the direction of OAS 4 is still emerging, it might be good to address how to tell whether a given schema object is a JSON Schema or not.
Media type parameters for default meta-schema or alternative schema formats?
Finally, does it make sense to mirror JSON Schema usage and allow setting any of these things with media type parameters (which would be overridden by any settings within the document or schema object). Being able to express "OAS 3.1, but with JSON Schema 2024" might be useful, and having this general extension point to help OAS 4 flexibility might be good future-proofing.
I think those are the ambiguities present in the hand-off, but I think they can all be nailed down from the OAS side up to a clean transition to the schema specification, whatever it ends up being.
cheers,-henry
On Friday, July 14, 2023 at 12:41:10 AM PDT, Roberto Polli <robipolli@gmail.com> wrote:
Hi Darrel,
Il ven 14 lug 2023, 04:49 Darrel Miller <darrel@tavis.ca> ha scritto:
there are still some challenges to resolve for the JSON Schema media type. How would you feel if we were to split the OpenAPI media type registration from the JSON Schema? I believe the only open issue for OpenAPI is the missing security considerations.
That depends on our objectives. If we just want to register a label, I think that's ok.
If we want to ensure the interoperability of all the stack, including the relationship with JSON Schema, I think we need some more discussion.
My 2c,R
Do you think that it would be worth splitting so that we can move forward with the OpenAPI media type?
Darrel
--
httpapi mailing list
httpapi@ietf.org
https://www.ietf.org/mailman/listinfo/httpapi
- [httpapi] OpenAPI media type Darrel Miller
- Re: [httpapi] OpenAPI media type Roberto Polli
- Re: [httpapi] OpenAPI media type Henry Andrews
- Re: [httpapi] OpenAPI media type Kevin Smith, Vodafone