idnits 2.17.1 draft-ietf-appsawg-json-patch-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 11, 2012) is 4146 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-09) exists of draft-ietf-appsawg-json-pointer-07 ** Obsolete normative reference: RFC 4627 (Obsoleted by RFC 7158, RFC 7159) -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Applications Area Working Group P. Bryan, Ed. 3 Internet-Draft Salesforce.com 4 Intended status: Informational M. Nottingham, Ed. 5 Expires: June 14, 2013 Akamai 6 December 11, 2012 8 JSON Patch 9 draft-ietf-appsawg-json-patch-08 11 Abstract 13 JSON Patch defines the media type "application/json-patch", a JSON 14 document structure for expressing a sequence of operations to apply 15 to a JSON document, suitable for use with the HTTP PATCH method. 17 Status of this Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on June 14, 2013. 34 Copyright Notice 36 Copyright (c) 2012 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 3. Document Structure . . . . . . . . . . . . . . . . . . . . . . 3 54 4. Operations . . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 4.1. add . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 4.2. remove . . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 4.3. replace . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4.4. move . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 59 4.5. copy . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 4.6. test . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 61 5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . . 7 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 63 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 64 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 65 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 66 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 67 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 68 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 10 69 A.1. Adding an Object Member . . . . . . . . . . . . . . . . . 10 70 A.2. Adding an Array Element . . . . . . . . . . . . . . . . . 11 71 A.3. Removing an Object Member . . . . . . . . . . . . . . . . 11 72 A.4. Removing an Array Element . . . . . . . . . . . . . . . . 12 73 A.5. Replacing a Value . . . . . . . . . . . . . . . . . . . . 12 74 A.6. Moving a Value . . . . . . . . . . . . . . . . . . . . . . 12 75 A.7. Moving an Array Element . . . . . . . . . . . . . . . . . 13 76 A.8. Testing a Value: Success . . . . . . . . . . . . . . . . . 14 77 A.9. Testing a Value: Error . . . . . . . . . . . . . . . . . . 14 78 A.10. Adding a nested Member Object . . . . . . . . . . . . . . 14 79 A.11. Ignoring Unrecognized Elements . . . . . . . . . . . . . . 15 80 A.12. Adding to a Non-existant Target . . . . . . . . . . . . . 15 81 A.13. Invalid JSON Patch Document . . . . . . . . . . . . . . . 16 82 A.14. ~ Escape Ordering . . . . . . . . . . . . . . . . . . . . 16 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 85 1. Introduction 87 JavaScript Object Notation (JSON) [RFC4627] is a common format for 88 the exchange and storage of structured data. HTTP PATCH [RFC5789] 89 extends the Hypertext Transfer Protocol (HTTP) [RFC2616] with a 90 method to perform partial modifications to resources. 92 JSON Patch is a format (identified by the media type "application/ 93 json-patch") for expressing a sequence of operations to apply to a 94 target JSON document, suitable for use with the HTTP PATCH method. 96 This format is also potentially useful in other cases when it's 97 necessary to make partial updates to a JSON document. 99 2. Conventions 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 103 document are to be interpreted as described in RFC 2119 [RFC2119]. 105 See Section 5 for information about handling errors. 107 3. Document Structure 109 A JSON Patch document is a JSON [RFC4627] document that represents an 110 array of objects. Each object represents a single operation to be 111 applied to the target JSON document. 113 An example JSON Patch document: 115 [ 116 { "op": "test", "path": "/a/b/c", "value": "foo" }, 117 { "op": "remove", "path": "/a/b/c" }, 118 { "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] }, 119 { "op": "replace", "path": "/a/b/c", "value": 42 }, 120 { "op": "move", "from": "/a/b/c", "path": "/a/b/d" }, 121 { "op": "copy", "from": "/a/b/d", "path": "/a/b/e" } 122 ] 124 Evaluation of a JSON Patch document begins with a target JSON 125 document. Operations are applied sequentially in the order they 126 appear in the array. Each operation in the sequence is applied to 127 the target document; the resulting document becomes the target of the 128 next operation. Evaluation continues until all operations are 129 successfully applied, or an error condition is encountered. 131 4. Operations 133 Operation objects MUST have exactly one "op" member, whose value 134 indicates the operation to perform. Its value MUST be one of "add", 135 "remove", "replace", "move", "copy" or "test". The semantics of each 136 is defined below. 138 Additionally, operation objects MUST have exactly one "path" member, 139 whose value MUST be a string containing a [JSON-Pointer] value that 140 references a location within the target document to perform the 141 operation (the "target location"). 143 The meanings of other members of operation objects are defined by the 144 operation (see the subsections below). Members that are not 145 explicitly defined for the operation in question MUST be ignored. 147 Note that the ordering of members in JSON objects is not significant; 148 therefore, the following operation objects are equivalent: 150 { "op": "add", "path": "/a/b/c", "value": "foo" } 151 { "path": "/a/b/c", "op": "add", "value": "foo" } 152 { "value": "foo", "path": "/a/b/c", "op": "add" } 154 Operations are applied to the data structures represented by a JSON 155 document; i.e., after unescaping takes place. 157 4.1. add 159 The "add" operation adds a new value at the target location. The 160 operation object MUST contain a "value" member that specifies the 161 value to be added. 163 For example: 165 { "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] } 167 When the operation is applied, the target location MUST reference one 168 of: 170 o The root of the target document - whereupon the specified value 171 becomes the entire content of the target document. 173 o A member to add to an existing object - whereupon the supplied 174 value is added to that object at the indicated location. If the 175 member already exists, it is replaced by the specified value. 177 o An element to add to an existing array - whereupon the supplied 178 value is added to the array at the indicated location. Any 179 elements at or above the specified index are shifted one position 180 to the right. The specified index MUST NOT be greater than the 181 number of elements in the array. If the "-" character is used to 182 index the end of the array, this has the effect of appending the 183 value to the array. 185 Because this operation is designed to add to existing objects and 186 arrays, its target location will often not resolve to an existing 187 value. Although the pointer's error handling algorithm will thus be 188 invoked, this specification defines the error handling behaviour for 189 "add" pointers to ignore that error and add value as specified. 191 The object itself or an array containing it, however, has to exist, 192 and it remains an error for that not to be the case. 194 For example, "add"ing to the path "/a/b" to this document: 196 { "a": { "foo": 1 } } 198 is not an error, because "a" exists, and "b" will be added to its 199 value. It is an error in this document: 201 { "q": { "bar": 2 } } 203 because "a" does not exist. 205 4.2. remove 207 The "remove" operation removes the value at the target location. 209 The target location MUST exist for the operation to be successful. 211 For example: 213 { "op": "remove", "path": "/a/b/c" } 215 If removing an element from an array, any elements above the 216 specified index are shifted one position to the left. 218 4.3. replace 220 The "replace" operation replaces the value at the target location 221 with a new value. The operation object MUST contain a "value" member 222 that specifies the replacement value. 224 The target location MUST exist for the operation to be successful. 226 For example: 228 { "op": "replace", "path": "/a/b/c", "value": 42 } 230 This operation is functionally identical to a "remove" operation for 231 a value, followed immediately by an "add" operation at the same 232 location with the replacement value. 234 4.4. move 236 The "move" operation removes the value at a specified location and 237 adds it to the target location. 239 The operation object MUST contain a "from" member, a string 240 containing a JSON Pointer value that references the location in the 241 target document to move the value from. 243 The "from" location MUST exist for the operation to be successful. 245 For example: 247 { "op": "move", "from": "/a/b/c", "path": "/a/b/d" } 249 This operation is functionally identical to a "remove" operation on 250 the "from" location, followed immediately by an "add" operation at 251 the target location with the value that was just removed. 253 The target location MUST NOT be part of the location defined by 254 "from"; i.e., a location cannot be moved into one of its children. 256 4.5. copy 258 The "copy" operation copies the value at a specified location to the 259 target location. 261 The operation object MUST contain a "from" member, a string 262 containing a JSON Pointer value that references the location in the 263 target document to copy the value from. 265 The "from" location MUST exist for the operation to be successful. 267 For example: 269 { "op": "copy", "from": "/a/b/c", "path": "/a/b/e" } 271 This operation is functionally identical to an "add" operation at the 272 target location using the value specified in the "from". 274 4.6. test 276 The "test" operation tests that a value at the target location is 277 equal to a specified value. 279 The operation object MUST contain a "value" member that conveys the 280 value to be compared to that at the target location. 282 The target location MUST be equal to the "value" value for the 283 operation to be considered successful. 285 Here, "equal" means that the value at the target location and the 286 value conveyed by "value" are of the same JSON type, and considered 287 equal by the following rules for that type: 289 o strings: are considered equal if they contain the same number of 290 Unicode characters and their code points are position-wise equal. 292 o numbers: are considered equal if their values are numerically 293 equal. 295 o arrays: are considered equal if they contain the same number of 296 values, and each value can be considered equal to the value at the 297 corresponding position in the other array. 299 o objects: are considered equal if they contain the same number of 300 members, and each member can be considered equal to a member in 301 the other object, by comparing their keys as strings, and values 302 using this list of type-specific rules. 304 o literals (false, true and null): are considered equal if they are 305 the same. 307 Note that this is a logical comparison; e.g., whitespace between the 308 member values of an array is not significant. 310 Also, note that ordering of the serialisation of object members is 311 not significant. 313 For example: 315 { "op": "test", "path": "/a/b/c", "value": "foo" } 317 5. Error Handling 319 If a normative requirement is violated by a JSON Patch document, or 320 if an operation is not successful, evaluation of the JSON Patch 321 document SHOULD terminate and application of the entire patch 322 document SHALL NOT be deemed successful. 324 See [RFC5789], Section 2.2 for considerations regarding handling 325 errors when JSON Patch is used with the HTTP PATCH method, including 326 suggested status codes to use to indicate various conditions. 328 Note that the HTTP PATCH method is atomic, as per [RFC5789]. 329 Therefore, the following patch would result in no changes being made 330 to the document at all (because the "test" operation results in an 331 error). 333 [ 334 { "op": "replace", "path": "/a/b/c", "value": 42 }, 335 { "op": "test", "path": "/a/b/c", "value": "C" } 336 ] 338 6. IANA Considerations 340 The Internet media type for a JSON Patch document is application/ 341 json-patch. 343 Type name: application 345 Subtype name: json-patch 347 Required parameters: none 349 Optional parameters: none 351 Encoding considerations: binary 353 Security considerations: 354 See Security Considerations in section 7. 356 Interoperability considerations: N/A 358 Published specification: 359 [this memo] 361 Applications that use this media type: 362 Applications that manipulate JSON documents. 364 Additional information: 366 Magic number(s): N/A 368 File extension(s): .json-patch 370 Macintosh file type code(s): TEXT 372 Person & email address to contact for further information: 373 Paul C. Bryan 375 Intended usage: COMMON 377 Restrictions on usage: none 379 Author: Paul C. Bryan 381 Change controller: IETF 383 7. Security Considerations 385 This specification has the same security considerations as JSON 386 [RFC4627] and [JSON-Pointer]. 388 A few older Web browsers can be coerced into loading an arbitrary 389 JSON document whose root is an array, leading to a situation where a 390 JSON Patch document containing sensitive information could be exposed 391 to attackers, even if access is authenticated. This is known as a 392 Cross-Site Request Forgery (CSRF) attack [CSRF]. 394 However, such browsers are not widely used ( estimated to comprise 395 less than 1% of the market, at the time of writing). Publishers who 396 are nevertheless concerned about this attack are advised to avoid 397 making such documents available with HTTP GET. 399 8. Acknowledgements 401 The following individuals contributed ideas, feedback and wording to 402 this specification: 404 Mike Acar, Mike Amundsen, Cyrus Daboo, Paul Davis, Murray S. 405 Kucherawy, Dean Landolt, Randall Leeds, James Manger, Julian 406 Reschke, James Snell, Eli Stevens and Henry S. Thompson. 408 The structure of a JSON Patch document was influenced by the XML 409 Patch document [RFC5261] specification. 411 9. References 413 9.1. Normative References 415 [JSON-Pointer] 416 Bryan, P., Zyp, K., and M. Nottingham, "JSON Pointer", 417 draft-ietf-appsawg-json-pointer-07 (work in progress), 418 November 2012. 420 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 421 Requirement Levels", BCP 14, RFC 2119, March 1997. 423 [RFC4627] Crockford, D., "The application/json Media Type for 424 JavaScript Object Notation (JSON)", RFC 4627, July 2006. 426 9.2. Informative References 428 [CSRF] Barth, A., Jackson, C., and J. Mitchell, "Robust Defenses 429 for Cross-Site Request Forgery". 431 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 432 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 433 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 435 [RFC5261] Urpalainen, J., "An Extensible Markup Language (XML) Patch 436 Operations Framework Utilizing XML Path Language (XPath) 437 Selectors", RFC 5261, September 2008. 439 [RFC5789] Dusseault, L. and J. Snell, "PATCH Method for HTTP", 440 RFC 5789, March 2010. 442 Appendix A. Examples 444 A.1. Adding an Object Member 446 An example target JSON document: 448 { 449 "foo": "bar" 450 } 452 A JSON Patch document: 454 [ 455 { "op": "add", "path": "/baz", "value": "qux" } 456 ] 457 The resulting JSON document: 459 { 460 "baz": "qux", 461 "foo": "bar" 462 } 464 A.2. Adding an Array Element 466 An example target JSON document: 468 { 469 "foo": [ "bar", "baz" ] 470 } 472 A JSON Patch document: 474 [ 475 { "op": "add", "path": "/foo/1", "value": "qux" } 476 ] 478 The resulting JSON document: 480 { 481 "foo": [ "bar", "qux", "baz" ] 482 } 484 A.3. Removing an Object Member 486 An example target JSON document: 488 { 489 "baz": "qux", 490 "foo": "bar" 491 } 493 A JSON Patch document: 495 [ 496 { "op": "remove", "path": "/baz" } 497 ] 499 The resulting JSON document: 501 { 502 "foo": "bar" 503 } 505 A.4. Removing an Array Element 507 An example target JSON document: 509 { 510 "foo": [ "bar", "qux", "baz" ] 511 } 513 A JSON Patch document: 515 [ 516 { "op": "remove", "path": "/foo/1" } 517 ] 519 The resulting JSON document: 521 { 522 "foo": [ "bar", "baz" ] 523 } 525 A.5. Replacing a Value 527 An example target JSON document: 529 { 530 "baz": "qux", 531 "foo": "bar" 532 } 534 A JSON Patch document: 536 [ 537 { "op": "replace", "path": "/baz", "value": "boo" } 538 ] 540 The resulting JSON document: 542 { 543 "baz": "boo", 544 "foo": "bar" 545 } 547 A.6. Moving a Value 549 An example target JSON document: 551 { 552 "foo": { 553 "bar": "baz", 554 "waldo": "fred" 555 }, 556 "qux": { 557 "corge": "grault" 558 } 559 } 561 A JSON Patch document: 563 [ 564 { "op": "move", "from": "/foo/waldo", "path": "/qux/thud" } 565 ] 567 The resulting JSON document: 569 { 570 "foo": { 571 "bar": "baz" 572 }, 573 "qux": { 574 "corge": "grault", 575 "thud": "fred" 576 } 577 } 579 A.7. Moving an Array Element 581 An example target JSON document: 583 { 584 "foo": [ "all", "grass", "cows", "eat" ] 585 } 587 A JSON Patch document: 589 [ 590 { "op": "move", "from": "/foo/1", "path": "/foo/3" } 591 ] 593 The resulting JSON document: 595 { 596 "foo": [ "all", "cows", "eat", "grass" ] 597 } 599 A.8. Testing a Value: Success 601 An example target JSON document: 603 { 604 "baz": "qux", 605 "foo": [ "a", 2, "c" ] 606 } 608 A JSON Patch document that will result in successful evaluation: 610 [ 611 { "op": "test", "path": "/baz", "value": "qux" }, 612 { "op": "test", "path": "/foo/1", "value": 2 } 613 ] 615 A.9. Testing a Value: Error 617 An example target JSON document: 619 { 620 "baz": "qux" 621 } 623 A JSON Patch document that will result in an error condition: 625 [ 626 { "op": "test", "path": "/baz", "value": "bar" } 627 ] 629 A.10. Adding a nested Member Object 631 An example target JSON document: 633 { 634 "foo": "bar" 635 } 637 A JSON Patch document: 639 [ 640 { "op": "add", "path": "/child", "value": { "grandchild": { } } } 641 ] 643 The resulting JSON document: 645 { 646 "foo": "bar", 647 "child": { 648 "grandchild": { 649 } 650 } 651 } 653 A.11. Ignoring Unrecognized Elements 655 An example target JSON document: 657 { 658 "foo":"bar" 659 } 661 A JSON Patch document: 663 [ 664 { "op": "add", "path": "/baz", "value": "qux", "xyz": 123 } 665 ] 667 The resulting JSON document: 669 { 670 "foo":"bar", 671 "baz":"qux" 672 } 674 A.12. Adding to a Non-existant Target 676 An example target JSON document: 678 { 679 "foo": "bar" 680 } 682 A JSON Patch document: 684 [ 685 { "op": "add", "path": "/baz/bat", "value": "qux" } 686 ] 688 This JSON Patch document, applied to the target JSON document above, 689 would result in an error (therefore not being applied) because the 690 "add" operation's target location that references neither the root of 691 the document, nor a member of an existing object, nor a member of an 692 existing array. 694 A.13. Invalid JSON Patch Document 696 A JSON Patch document: 698 [ 699 { "op": "add", "path": "/baz", "value": "qux", "op": "remove" } 700 ] 702 This JSON Patch document cannot be treated as an "add" operation 703 since there is a later "op":"remove" element. A JSON parser that 704 hides such duplicate element names therefore cannot be used unless it 705 always exposes only the last element with a given name (eg 706 "op":"remove" in this example). 708 A.14. ~ Escape Ordering 710 A JSON Patch document: 712 { 713 "/": 9, 714 "~1": 10 715 } 717 A JSON Patch document: 719 [ 720 {"op": "test", "path": "/~01", "value":"10"} 721 ] 723 The resulting JSON document: 725 { 726 "/": 9, 727 "~1": 10 728 } 730 Authors' Addresses 732 Paul C. Bryan (editor) 733 Salesforce.com 735 Phone: +1 604 783 1481 736 Email: pbryan@anode.ca 737 Mark Nottingham (editor) 738 Akamai 740 Email: mnot@mnot.net