Re: [Txauth] Polymorphism (Was: JSON Schema?)

Dick Hardt <> Tue, 07 July 2020 23:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F021D3A0C0E for <>; Tue, 7 Jul 2020 16:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.682
X-Spam-Status: No, score=-0.682 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id w8Sv6S2t5L30 for <>; Tue, 7 Jul 2020 16:31:33 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6A66B3A0C0F for <>; Tue, 7 Jul 2020 16:31:33 -0700 (PDT)
Received: by with SMTP id r19so991596ljn.12 for <>; Tue, 07 Jul 2020 16:31:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Fzgkyc6DOWBNJZ16NldC+afVlAs/SjXcgKh0lTd1Gyw=; b=eKNQG+J9jYztA2BFRMOq8FaqDDnmA8Sz4sU1sn1fCB8Tp2BZbHDc/iLXpd9LipUxIS aOqvnGedQl6O2gwnCf/PAMTvndFqxVmXvQgXEE7w40H9cmmXahaAqY4SP9DvUUbGhrli 6UWvkTuvzwsPrQeRaWqvFpavm1FJ/wkGFYCQRMmRYqggo1zl/xanCYe1T7XJkBuD49Za 7+nBV+lEn5YIX7l8M7VlYFnMdcCUe0jp/Tn/KSn+TVsCoqCrCp5fQbz/wdULsdySX46x DJQTUQQpQA2WZQRkD9bCV59EucFVZD6ddsINjGj9q/ip8uTLrmCnKJ35c0xysuTZHgiL ptLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Fzgkyc6DOWBNJZ16NldC+afVlAs/SjXcgKh0lTd1Gyw=; b=KceNvSw7jRApy4rLpZywOaurdo0j+s4vmM1CbBT88+wFZXHe3thvC+1//wY3WxNsKy PRb6ezWsD+OHFntO+B8Ja6Bfe+XgBoZne61x+OLQhyNrWqIXjmcgFeQ/VY/Ip8MiN93c Pakgxgs0KB7nrLHXeNTmkOJwIE9spyXqYSzFBzPb1G+t/mYD1YbqyPnbb9ETWDocx7pX IVQddi7N9DFpzMCqP9M0CLz6GU9smQYaJo55zZ3QjWNW9a/NPgJoorZDlBq6Qzg4xpEi D7Vrp/6jQ34nQ4002h6QAxF6dqN9b4emktRsh2iqJJ5JIaOw8yqcu3rBbjxS5nGFJJ4L 2xpA==
X-Gm-Message-State: AOAM532VeP+omnT6gAB0l4ErzZxKV59f4hxBTetbGce/i1CoYAwOEXn8 rkCHCATJkpW0sjESmXPoZ1bG7RJE1rcp5KaKH/3qacWYFXU=
X-Google-Smtp-Source: ABdhPJxSZPgt/TZJBanyT8OKZe7LgYQbSUW9jKA9Vky16LDDAZUjfVYu68wGtaEFBqRR0mjj/MrGWsqRBK+/LhROdLU=
X-Received: by 2002:a2e:9611:: with SMTP id v17mr20099339ljh.110.1594164691352; Tue, 07 Jul 2020 16:31:31 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: Dick Hardt <>
Date: Tue, 7 Jul 2020 16:30:55 -0700
Message-ID: <>
To: Justin Richer <>
Content-Type: multipart/alternative; boundary="000000000000243f2005a9e264c9"
Archived-At: <>
Subject: Re: [Txauth] Polymorphism (Was: JSON Schema?)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Jul 2020 23:31:35 -0000

On Tue, Jul 7, 2020 at 3:40 AM Justin Richer <> wrote:

> I wanted to respond to this comment more fully:
> > wrt. my authorization / authorizations oddness, polymorphism would not
> solve it as the contents of both authorization / authorizations in XAuth
> are objects.
> It’s not surprising that this is the case, as the XAuth protocol was not
> designed with polymorphism as a tool to consider. This is exactly the
> reason that I say we should have polymorphism in the toolbox from the
> start, as it allows us to avoid this kind of awkwardness in many cases.

 What evidence do you have to make this statement? "XAuth protocol was not
designed with polymorphism as a tool to consider"

It sounds like you are saying I did not consider polymorphism in the XAuth
protocol design.

I will restate my comment above about polymorphism.

Using different JSON types does not solve the problem, but as I suggest in
my comments, polymorphism of different JSON objects is one solution. An
authorization, or a dictionary of authorizations. It has the restriction
that the string "type" cannot be used as a label in the dictionary. An

    "authorizations" {
        "type": "oauth_scope",
        "scope": "read write"

    "authorizations" {
        "reader": {
            "type": "oauth_scope",
            "scope": "read"
        "writer": {
            "type": "oauth_scope",
            "scope": "write"

I am looking at making this change in XAuth and in the implementation.