Re: [Txauth] JSON Schema?
Benjamin Kaduk <kaduk@mit.edu> Tue, 07 July 2020 05:30 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E54863A0859 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 22:30:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rIurM5JShF93 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 22:30:54 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CE7C3A0853 for <txauth@ietf.org>; Mon, 6 Jul 2020 22:30:53 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0675Unxl018643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 7 Jul 2020 01:30:51 -0400
Date: Mon, 06 Jul 2020 22:30:48 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Dick Hardt <dick.hardt@gmail.com>
Cc: Justin Richer <jricher@mit.edu>, txauth@ietf.org
Message-ID: <20200707053048.GV16335@kduck.mit.edu>
References: <CAD9ie-vnA98pobbboS00SAHneEG52_8eMxh_sE3r3jg6gyooGg@mail.gmail.com> <E9EC90C9-7A9A-4909-8627-A161B33E941F@mit.edu> <B3104062-AF2B-4FFB-A8CD-3DD5BE178812@mit.edu> <CAD9ie-u==Yjdyef2bQD+Ngv=bgpw1KVG+ND--CMQv1JOTd3Dqg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAD9ie-u==Yjdyef2bQD+Ngv=bgpw1KVG+ND--CMQv1JOTd3Dqg@mail.gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/UDr02XxxA2MZGWre3Sx5s-XsG-E>
Subject: Re: [Txauth] JSON Schema?
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 05:30:56 -0000
On Mon, Jul 06, 2020 at 01:16:27PM -0700, Dick Hardt wrote: > Thanks Wayne and Justin. > > I agree that we would not want to make it an implementation requirement. > > I asked Tim Bray his thoughts (edited the IETF JSON specs, one of XML > creators) > > Tim has written a number of blog posts on JSON Schema. TL;DR: he is not a > huge fan. > > He pointed out the IETF JSON Type Definition ID [2]. This looks much > simpler and addresses many of the concerns Tim had expressed with JSON > Schema. It also has a more recent draft published on the IETF. FWIW, draft-ucarion-json-type-definition is in the RFC Editor's queue as a document published via the ISE stream, as can be seen at https://www.rfc-editor.org/current_queue.php and https://datatracker.ietf.org/doc/draft-ucarion-json-type-definition/ It's only been at the RFC Editor for a week or so, and we're running 10 weeks minimum to publication, it will not be an RFC for anouther couple months at least. -Ben > Unfortunately there do not seem to be many implementations, and the website > [3] is missing the promised docs [4]. The latest ID [5] looks to be derived > from CDDL (RFC 8610) [6]. > > I reached out to the core JSON Schema people, and they are focussed on > making JSON Schema changes to support efforts for the next version of Open > API [7] > > My take: I may use Open Schema in my PoC implementation not unlike what > Wayne did, but it does not look like either JSON Schema or JSON Type > Definition is ready for the WG to use at this point. > > /Dick > > [1] > https://www.google.com/search?as_q=json+schema&hl=en&ie=UTF-8&btnG=Google%2BSearch&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=tbray.org > <https://www.google.com/search?as_q=json+schema&hl=en&ie=UTF-8&btnG=Google%2BSearch&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=tbray.org> > > [2] https://datatracker.ietf.org/doc/draft-ucarion-json-type-definition/ > > [3] https://jsontypedef.com/ > > [4] https://jsontypedef.com/docs/getting-started/overview > > [5] https://tools.ietf.org/html/draft-ucarion-json-type-definition-04 > > [6] https://tools.ietf.org/html/rfc8610 > > [7] https://github.com/OAI/OpenAPI-Specification > > > On Mon, Jul 6, 2020 at 12:55 PM Justin Richer <jricher@mit.edu> wrote: > > > > > On Jul 6, 2020, at 3:54 PM, Justin Richer <jricher@mit.edu> wrote: > > > > I think it’s potentially ok for defining the specification and its > > boundaries, but it is not ok if it ends up requiring client and AS > > developers to use JSON Schema directly to implement anything. In other > > words, you should be a able to still write a bunch of hand-crafted > > validation code to make it work, or to use a parser that drops things into > > structured objects for you (like my Java implementation of XYZ does). Much > > like my argument against JSONLD, I think anything beyond a JSON parser > > > > > > … and generator is too much to ask. (Sorry, hit send too early.) > > > > > > Another aspect that I don’t like about JSON schema is that it makes it > > difficult to describe things in terms of polymorphic data types. > > Polymorphism in the protocol is an important part of the XYZ proposal’s > > design, and as a feature it directly addresses a number of the items you > > found when doing your XAuth implementation, like parsing OAuth scopes and > > dealing with the authorization/authorizations mutually-exclusive oddness > > that you mentioned. I strongly believe that GNAP should make use of a > > polymorphic protocol structure for these and other reasons. Polymorphism is > > a built-in feature of the JSON data model, and it’s also fully possible to > > support under CBOR and other data serialization languages. Even JWT most > > famously uses polymorphism for the “aud” field, which can be a string or an > > array of strings depending on context, all with clear semantics. Defining > > that in JSON schema is not impossible, but it’s not easy. > > > > So overall, I think JSON schema is probably not a good fit here. > > > > — Justin > > > > On Jul 6, 2020, at 3:00 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > > > > Hey > > > > Does anyone have experience and/or opinions on JSON Schema [1]? > > > > When implementing XAuth [2], I wrote a bunch of hand crafted JSON > > validation code. JSON schema looks like it could be a great way to validate > > input, and to create automated tests for output. It may also be a great way > > to document the Grant Response JSON. > > > > / Dick > > > > [1] https://json-schema.org/ > > [2] https://github.com/dickhardt/XAuth-poc > > > > > > -- > > Txauth mailing list > > Txauth@ietf.org > > https://www.ietf.org/mailman/listinfo/txauth > > > > > > -- > > Txauth mailing list > > Txauth@ietf.org > > https://www.ietf.org/mailman/listinfo/txauth > > > > > > > -- > Txauth mailing list > Txauth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth
- [Txauth] JSON Schema? Dick Hardt
- Re: [Txauth] JSON Schema? Wayne Chang
- Re: [Txauth] JSON Schema? Justin Richer
- Re: [Txauth] JSON Schema? Justin Richer
- Re: [Txauth] JSON Schema? Dick Hardt
- Re: [Txauth] JSON Schema? Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] JSON Schema? Benjamin Kaduk
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Tom Jones
- Re: [Txauth] TLS Dependency Wayne Chang
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Stephen Moore
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Denis
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- [Txauth] XAuth "flaws" (Was: Polymorphism (Was: J… Dick Hardt
- [Txauth] acquiring claims (was Polymorphism (Was:… Dick Hardt
- [Txauth] WG scope wrt. identity (Was: Polymorphis… Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] acquiring claims (was Polymorphism (… Justin Richer
- Re: [Txauth] WG scope wrt. identity (Was: Polymor… Justin Richer
- Re: [Txauth] WG scope wrt. identity (Was: Polymor… Dick Hardt
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Dick Hardt
- Re: [Txauth] acquiring claims (was Polymorphism (… Dick Hardt
- Re: [Txauth] JSON Schema? Yaron Sheffer
- Re: [Txauth] Polymorphism (Was: JSON Schema?) Justin Richer
- Re: [Txauth] acquiring claims (was Polymorphism (… Justin Richer
- Re: [Txauth] acquiring claims (was Polymorphism (… Dick Hardt
- Re: [Txauth] acquiring claims (was Polymorphism (… Justin Richer
- Re: [Txauth] acquiring claims (was Polymorphism (… Justin Richer
- Re: [Txauth] acquiring claims (was Polymorphism (… Denis
- Re: [Txauth] WG scope wrt. identity (Was: Polymor… Leif Johansson
- Re: [Txauth] acquiring claims (was Polymorphism (… Tom Jones
- Re: [Txauth] acquiring claims (was Polymorphism (… Dick Hardt
- Re: [Txauth] acquiring claims (was Polymorphism (… Tom Jones
- Re: [Txauth] acquiring claims (was Polymorphism (… Dick Hardt
- Re: [Txauth] acquiring claims (was Polymorphism (… Tom Jones
- Re: [Txauth] acquiring claims (was Polymorphism (… Leif Johansson
- Re: [Txauth] acquiring claims (was Polymorphism (… Dick Hardt
- Re: [Txauth] acquiring claims (was Polymorphism (… Tom Jones
- Re: [Txauth] acquiring claims (was Polymorphism (… Francis Pouatcha
- Re: [Txauth] acquiring claims (was Polymorphism (… Justin Richer