[Jmap] Review of draft-ietf-jmap-essential-01

Lisa Dusseault <lisa.dusseault@gmail.com> Thu, 07 November 2024 22:34 UTC

Return-Path: <lisa.dusseault@gmail.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3858C151991 for <jmap@ietfa.amsl.com>; Thu, 7 Nov 2024 14:34:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvYa-a5_cwMF for <jmap@ietfa.amsl.com>; Thu, 7 Nov 2024 14:34:31 -0800 (PST)
Received: from mail-vk1-xa36.google.com (mail-vk1-xa36.google.com [IPv6:2607:f8b0:4864:20::a36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC4B1C1D52ED for <jmap@ietf.org>; Thu, 7 Nov 2024 14:34:31 -0800 (PST)
Received: by mail-vk1-xa36.google.com with SMTP id 71dfb90a1353d-513e583c173so573892e0c.2 for <jmap@ietf.org>; Thu, 07 Nov 2024 14:34:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731018866; x=1731623666; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=S7TgV5jAWg2r/L/eqOudHZdimITtj/8Gc+wz65XCrOo=; b=Kj7N9EU5iJoPXphzt4sRLiSONAO9K/s43yorzjPmXRW/E7EqxLc7E7JiuG+gVPVbZV ecJ2+f1TnJddv+8fs7JZ8hF9NJL8Fhmx+m9EsYF9rNr4N4hGRwtkF7Fswlozjqb6sZjj 1yjCDSzxfho8EwJk4bLk3zfkt4xdXbByqa8T7BXeo+8zPsjuQukC8Px0nxIrfm8PJwt1 f4/kuwug8b++oWJjsxUq0FyGDsbR+S2d4RnEe6k+Vkjw2Is4/0FvI7NT7uhybac4/5wa 5Pj7+4IHg6/RRuoB08AKUEHX+tao3q4WmNcDIsDYsHywcukNpj9f5A5mUdTp3EoBUTiv /EHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731018866; x=1731623666; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=S7TgV5jAWg2r/L/eqOudHZdimITtj/8Gc+wz65XCrOo=; b=n4ldddILMy7mhiuw8JZbKwnktO5KOEsN7i12vcRbImeeaSRkhHPPmLSpLoI32OAEKL KalAl6ayVZriZoyGzDJ/NQSoqIlQK2kG6/7phM5P82By7ph5s1sYCC66EidzcLpyDRGQ bLzQq7z7oZHDwudlZ0EoHtHgY06E2L9wZ09LlX48r4OGdEv5URnfCUkdRHVR+fMuJlNi pNa1M23ubgl6a2piu6opKWy3Q6qd898itedttWSAANTdx8DVz/oob1zOTip7Z3lm0wxQ rV2t5EiTMmEUtlDxi+DvT4oEJjeCdOn4XIxwk0mMYAJiS7fYNZnxKJEtqDdIXYFyBnFJ uy2A==
X-Gm-Message-State: AOJu0YzTfhaaWDbv0DQ4E4H2S04HGUg/nPclvogrxV7F0GkD3ljs9aid NSwa1issm3mKT7zIpg+8uRFLuWN9Ra4/hbt4QpquzI1Unq6tbA+nwDs/rWgLcPtdHrAkf3LH2mJ uGCeSGhypAl1Yj8WfK5niHHPeZ4yabHY+
X-Google-Smtp-Source: AGHT+IEM4uiy5YvPQJxgfzvSydpoqaqdCBpod+hUOkJ+TWmTlLbHDyfA01wb+mnOAtytPMXniJfF81jDWBln9+5RQzI=
X-Received: by 2002:a05:6102:944:b0:4a4:6fde:d1c5 with SMTP id ada2fe7eead31-4aae138dc53mr874742137.12.1731018865601; Thu, 07 Nov 2024 14:34:25 -0800 (PST)
MIME-Version: 1.0
From: Lisa Dusseault <lisa.dusseault@gmail.com>
Date: Thu, 07 Nov 2024 14:34:14 -0800
Message-ID: <CAEi+uC5WnX68H+sktK+d=KwaTiiaA1ojynAzCysD2mD+2QXOkA@mail.gmail.com>
To: jmap@ietf.org
Content-Type: multipart/alternative; boundary="00000000000095748f06265a3ce3"
Message-ID-Hash: 3OZXKUBOTPRDEJ7FTKYMGRFDBXV54TDV
X-Message-ID-Hash: 3OZXKUBOTPRDEJ7FTKYMGRFDBXV54TDV
X-MailFrom: lisa.dusseault@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jmap.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Jmap] Review of draft-ietf-jmap-essential-01
List-Id: JSON Message Access Protocol <jmap.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/vCM7WV7Hi4qE7kqoGXXvv9YVoZ4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Owner: <mailto:jmap-owner@ietf.org>
List-Post: <mailto:jmap@ietf.org>
List-Subscribe: <mailto:jmap-join@ietf.org>
List-Unsubscribe: <mailto:jmap-leave@ietf.org>

I did a partial review of draft-ietf-jmap-essential-01.  I will later
continue taking notes and drawing connections and going back to reread with
new understanding, but I thought it would be more useful for me and for the
authors to send what I've got so far (so I don't rathole about something I
misunderstand, or about something that is going to change).


Section 2.2 “Shared data shall not be exposed over the API”.  Does "the
API" mean this protocol? Is "shall" descriptive? If this is meant to be an
explanation of a necessary fact, I would need more explanation to
understand because I don't see why shared data would necessarily not be
exposed. If it’s meant to be requirements language, that’s not clear.

Section 2.2, “Each user has the same set of capabilities” — what set of
users are we talking about ?  How does this relate to a session?  If it’s
THE user of the session, I wouldn’t think it matters. Does a session
resource have multiple users in some way?

Section 2.2 is referenced via footnote [1]  anywhere footnote [1] is
referenced in the table, e..g.  for /query method Request (accountId) and
/query method Response (accountId) .  That footnote says “Can be modeled as
a JSON file with only constant values."  How would an accountId be modeled
as a JSON file?  Or does this mean that the query method Response (all of
it) can be modeled as a JSON file with constant values?  I’m sure you know
what you mean here, I’m just not getting it, nor do I understand how that
relates to session resources which are the subject of section 2.2.

Section 3.2.2 The accountId in the /query method “Can therefore be ignored
on the server side”.  I don’t like the idea of ignoring the accountId.  If
it’s a wrong accountID or access is forbidden, that should be a bad
request.  Why is it different from regular JMAP use anyway?  Don't regular
JMAP use cases (not just those profiled for export/import) specify the
accountId?

Section 3: I fail to understand the organization of the nested sections in
section 3.  Is section 3.2.2 about Listing resources only required for
Exporting Data (but Exporting data is a subsection of 3.1.2 but not 3.2.2 ?
?? )


I’m trying to understand the various items with footnote [2].  Footnote [2]
comes on text with several variants
* “required for listing/paging[2]” e.g. /query method Request
* “error response for listing/paging[2]”
* “error response, required for listing/paging [2]” e.g. /get method
Request (ids)
* “constant value for listing/paging[2]”
* “error response for listing, required for paging[2]”
Then footnote 2 says “maxObjectsInGet might not be sufficiently high in
some products. In this case, /query is required. Similarly, paging might be
required in case a query might exceed the limit for the maximum amount of
results for /query”
I don’t understand how to put all this together.  The “in some products”
here leads me to believe the requirements are in fact not nailed down as
much as they appear.  Who gets to decide whether /query support is required
or not for a given server trying to support the export profile?

Also I have trouble understanding what the “error response, required for
listing/paging” and other variations mean.  I think this table format isn’t
clear enough to be normative, and I’m really twisted up by having several
parts of the requirements for supporting “/get method Request … “ split
into several rows.  It feels like combining “what is required’ along with
information that means something other than “what is required” in the same
table. I’d really love if there were one table with “Things that can be
replied to with only an error response  (but should not make the server
blow up)” and another with “Things that actually need to be implemented”.

Part of my problem with understanding section 3 is the sections called
“Listing” and “Paging”.  How do we know if Listing is required?  How do we
know if paging is required?

ISTM that to really apply draft-ietf-jmap-essential-01.html to define how
to do export for a given application, we would need to say more about that
given application. For example, if we want to use one of these profiles for
better interoperability of exporting one’s Contact data, I think there’s
hints in this document that it might be fine for the server with Contacts
data not to support paging functionality because all of my Contacts can be
downloaded at once.  But for better interoperability of exporting a user’s
email data, we’d better have quite solid reliable support for paging
through vast numbers of results.

I’m also putting together my mental model which involves RFC8620, RFC8621,
draft-ietf-jmap-contacts-10 and this draft.  Client access to server-held
email/contacts may have different pressures on ID immutability than
export/synch use cases. How does a client tell if a particular draft
message with id “Md45b47b4877521042cec0938” is a more recent version of
“Mf40b5f831efa7233b9eb1c7f” if the replacement of one by another was
originally not requested by this client?  How does a client tell if “Joe
Bloggs” is the same contact card that was previously “Joseph Bloggs” ? I
assume RFC8620 has been used for synch use cases because many full clients
are effectively synch engines, but I’d love to fill in my understanding
here. I looked in RFC8620 and draft-ietf-jmap-contacts-10 and may have
missed explanations there, but adding export/import use cases sharpens the
need to understand how a client can replace one contact or draft with a new
contact or draft, since these use cases lead to potentially more clients
than just the user's primary software application for a given domain.

Thanks
Lisa