Re: [webfinger] Redefining "properties"

[Will Norris <will@willnorris.com>]

On Sat, Aug 16, 2014 at 12:05 PM, 'Paul E. Jones' via WebFinger <
webfinger@googlegroups.com> wrote:

>  Will,
>
> Sorry for the slow response.  I've been busy.
>
> Yes, folks do want to put more complex data into JRD as opposed to
> linking, including objects or arrays.  I can see how this can be abused,
> but then I can also see an argument for not linking to data that could be
> trivially represented inside the JRD itself.
>
>  Unfortunately, I do not have details of the specific use cases.
>

as a rule, I think suggestions for major changes to spec should always be
accompanied by concrete use cases that necessitate the change, ever more so
when we're talking about *breaking* changes to a *finalized* spec.  (in
this case Mike did provide an example later, so my comment is more to the
fact that his was proposed in the first place without an actual use case in
mind)


> All I do know is that there people working on unrelated applications where
> they want to be able to  do things like this with WebFinger:
>
> "properties" :
> {
>   "http://example.com/ns/foo" :
>   {
>     "a" : "Hello",
>     "b" : 32
>   }
> }
>
> Perhaps what might be worse is the possibility that people do this:
>
> ...
> "properties" :
> {
>   "http://example.com/ns/foo" : "{\"a\" : \"Hello\", \"b\" : 32}"
> }
> ...
> When working on WebFinger, there was a desire to keep it as simple as
> possible.  However, I fully appreciate why some would want to do something
> like this.  Sometimes, linking to external resources is "overkill" for the
> task at hand.  And, you're right that dealing with polymorphic data types
> can be a pain.  Then again, the JSON parser deals with much of this
> automatically and the client is likely going to only be looking for known
> members, anyway.
>

it depends very much on what the code is doing.  If you're just relying on
a JSON parser to parse an unknown structure, it's unlikely anything too bad
will happen.  However, if you're specifically trying to unserialize the
properties object into a string=>string map, then you would likely get a
parsing error.


>
> So, I'm not sure what to do here.  I'm OK with making a change.  It
> bothers me that we might break any client code that assumes all properties
> are strings.
>

"client code that assumes all properties are strings" almost sounds like
they took a shortcut or something.  This could also be spelled "client code
that implemented the spec as written"... *of course* they may have assumed
properties would be strings, that's what the spec said they would be (or
null).


> But, there is always the option to add some other member named something
> other than "properties".
>
> I take it you're not too keen on the idea, though.
>

I think that option should certainly be explored at least.  In fact, that's
something that can already be done today, no?  I don't think webfinger
precludes including other JSON values, does it?

Certainly, making breaking changes does bother me, though I still don't
think there as been THAT much adoption in the wild yet, so I don't know how
much would really be at risk of breaking.  What is the process for making
this kind of change anyway?  Publish an entirely new RFC that updates 7033?
 Publish a rewritten spec that obsoletes 7033 altogether?


As a separate issue, and I don't recall to what extent this was discuss
before, but this also makes me worry a little about the size of the data
people are looking to add to a webfinger document.  At least with links,
you can request just the links you care about with the "rel" query
parameter, but no such filtering mechanism exists for properties.  Plus I
have no idea how well supported the "rel" parameter is in webfinger servers
anyway (I know I don't support it on my personal site, but that's just me).

I know that nothing is stopping someone from throwing a megabyte worth of
data in a property string today, so this "problem" (as much as it really
is) already exists today.  But I worry that changing properties to accept
arbitrary JSON data may entice people to shove larger amounts of data in a
JRD than perhaps should be.  Gzip helps you to a degree, but I don't think
JWT sets, for example, compress much.

Ultimately, whether properties are strings or JSON objects, it's up to the
application to decide where they're going to look for what data, and
therefore what they instruct users to publish in their webfinger document.
 Perhaps what I'm suggesting is just that if new text does end up getting
written to support JSON properties, then perhaps a note to implementors
should be added to caution against adding too large of data (for some
definition of "large")?

-will


------ Original Message ------
> From: "Will Norris" <will@willnorris.com>
> To: webfinger@googlegroups.com
> Cc: "webfinger@ietf.org" <webfinger@ietf.org>
> Sent: 8/11/2014 11:39:19 PM
> Subject: Re: [webfinger] Redefining "properties"
>
>
> what are the actual use cases prompting this?  If folks are trying to
> store more complicated data, why is it not just a linked resource?
>
> Personally, as a client author, I've always hated it when APIs have
> polymorphic data types like this.
>
>
> On Mon, Aug 11, 2014 at 7:29 PM, 'Paul E. Jones' via WebFinger <
> webfinger@googlegroups.com> wrote:
>
>>  Folks,
>>
>> I have been asked by multiple people for different purposes to see if it
>> might be possible to redefine "properties" in the JSON Resource Descriptor.
>>
>> Per RFC 7033, "properties" is defined as an object that has zero or more
>> name/value pairs whose values are strings or null.  The suggestion is that
>> the values should be any valid JSON type.  Thus, a property might refer to
>> a string (as is does now) or it might refer to an object or array.
>>
>> This change would break any parsers strictly implement definition of
>> "properties".  So, there are two questions I want to present to those who
>> are interested:
>>
>> 1) Would you be agreeable to change the current definition of
>> "properties" to allow any value type?
>> 2) If not, would be agreeable to introducing something like "properties"
>> that essentially allows for the same and, if so, what should this new
>> object be named?
>>
>> Personally, as much as I don't like breaking backward-compatibility, I'm
>> favorable to redefining properties to accomodate what people want to do.
>> I'm willing to work on an RFC 7033bis and/or a new RFC to update the JRD
>> specification, if folks are agreeable to either (1) or (2).
>>
>> Paul
>>
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "WebFinger" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to webfinger+unsubscribe@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "WebFinger" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to webfinger+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>