idnits 2.17.1 draft-ucarion-jddf-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 18, 2019) is 1615 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 1121 -- Looks like a reference, but probably isn't: '2' on line 1121 -- Looks like a reference, but probably isn't: '3' on line 1121 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Independent Submission U. Carion 3 Internet-Draft Segment 4 Intended status: Experimental November 18, 2019 5 Expires: May 21, 2020 7 JSON Data Definition Format (JDDF) 8 draft-ucarion-jddf-04 10 Abstract 12 This document proposes a format, called JSON Data Definition Format 13 (JDDF), for describing the shape of JavaScript Object Notation (JSON) 14 messages. Its main goals are to enable code generation from schemas 15 as well as portable validation with standardized error indicators. 16 To this end, JDDF is strategically limited to be no more expressive 17 than the type systems of mainstream programming languages. This 18 strategic limitation, as well as the decision to make JDDF schemas be 19 JSON documents, also makes tooling atop of JDDF easier to build. 21 This document does not have IETF consensus and is presented here to 22 facilitate experimentation with the concept of JDDF. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on May 21, 2020. 41 Copyright Notice 43 Copyright (c) 2019 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 60 1.2. Scope of Experiment . . . . . . . . . . . . . . . . . . . 5 61 2. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 2.1. Extending JDDF's Syntax . . . . . . . . . . . . . . . . . 15 63 3. Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . 16 64 3.1. Allowing Additional Properties . . . . . . . . . . . . . 16 65 3.2. Errors . . . . . . . . . . . . . . . . . . . . . . . . . 17 66 3.3. Forms . . . . . . . . . . . . . . . . . . . . . . . . . . 18 67 3.3.1. Empty . . . . . . . . . . . . . . . . . . . . . . . . 18 68 3.3.2. Ref . . . . . . . . . . . . . . . . . . . . . . . . . 18 69 3.3.3. Type . . . . . . . . . . . . . . . . . . . . . . . . 20 70 3.3.4. Enum . . . . . . . . . . . . . . . . . . . . . . . . 24 71 3.3.5. Elements . . . . . . . . . . . . . . . . . . . . . . 25 72 3.3.6. Properties . . . . . . . . . . . . . . . . . . . . . 26 73 3.3.7. Values . . . . . . . . . . . . . . . . . . . . . . . 29 74 3.3.8. Discriminator . . . . . . . . . . . . . . . . . . . . 30 75 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 76 5. Security Considerations . . . . . . . . . . . . . . . . . . . 36 77 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 78 6.1. Normative References . . . . . . . . . . . . . . . . . . 36 79 6.2. Informative References . . . . . . . . . . . . . . . . . 37 80 Appendix A. Other Considerations . . . . . . . . . . . . . . . . 37 81 A.1. Support for 64-bit Numbers . . . . . . . . . . . . . . . 37 82 A.2. Support for Non-Root Schemas . . . . . . . . . . . . . . 38 83 Appendix B. Comparison with CDDL . . . . . . . . . . . . . . . . 40 84 Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 43 85 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 43 86 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 44 88 1. Introduction 90 This document describes a schema language for JSON [RFC8259] called 91 JSON Data Definition Format (JDDF). The name JDDF is chosen to avoid 92 confusion with "JSON Schema" from [I-D.handrews-json-schema]. 94 There exist many options for describing JSON data. JDDF's niche is 95 to focus on enabling code generation from schemas; to this end, 96 JDDF's expressiveness is strategically limited to be no more powerful 97 than what can be expressed in the type systems of mainstream 98 programming languages. 100 The goals of JDDF are to: 102 o Provide an unambiguous description of the overall structure of a 103 JSON document. 105 o Be able to describe common JSON datatypes and structures. That 106 is, the datatypes and structures necessary to support most JSON 107 documents, and which are widely understood in an interoperable way 108 by JSON implementations. 110 o Provide a single format that is readable and editable by both 111 humans and machines, and which can be embedded within other JSON 112 documents. This makes JDDF a convenient format for tooling to 113 accept as input, or produce as output. 115 o Enable code generation from JDDF schemas. JDDF schemas are meant 116 to be easy to convert into data structures idiomatic to a given 117 mainstream programming language. 119 o Provide a standardized format for errors when data does not 120 conform with a schema. 122 JDDF is intentionally designed as a rather minimal schema language. 123 Thus, although JDDF can describe JSON, it is not able to describe its 124 own structure: the Concise Data Definition Language (CDDL) [RFC8610] 125 is used to describe JDDF in this document. By keeping the 126 expressiveness of the schema language minimal, JDDF makes code 127 generation and standardized errors easier to implement. 129 Examples in this document use constructs from the C++ programming 130 language. These examples are provided to aid the reader in 131 understanding the principles of JDDF, but are not limiting in any 132 way. 134 JDDF's feature set is designed to represent common patterns in JSON- 135 using applications, while still having a clear correspondence to 136 programming languages in widespread use. Thus, JDDF supports: 138 o Signed and unsigned 8, 16, and 32-bit integers. A tool which 139 converts JDDF schemas into code can use "int8_t", "uint8_t", 140 "int16_t", etc., or their equivalents in the target language, to 141 represent these JDDF types. 143 o A distinction between "float32" and "float64". Code generators 144 can use "float" and "double", or their equivalents, for these JDDF 145 types. 147 o A "properties" form of JSON objects, corresponding to some sort of 148 struct or record. The "properties" form of JSON objects is akin 149 to a C++ "struct". 151 o A "values" form of JSON objects, corresponding to some sort of 152 dictionary or associative array. The "values" form of JSON 153 objects is akin to a C++ "std::map". 155 o A "discriminator" form of JSON objects, corresponding to a 156 discriminated (or "tagged") union. The "discriminator" form of 157 JSON objects is akin to a C++ "std::variant". 159 The principle of common patterns in JSON is why JDDF does not support 160 64-bit integers, as these are usually transmitted over JSON in a non- 161 interoperable (i.e., ignoring the recommendations in Section 2.2 of 162 [RFC7493]) or mutually inconsistent (e.g., using hexadecimal versus 163 base64) ways. Appendix A.1 further elaborates on why JDDF does not 164 support 64-bit integers. 166 The principle of clear correspondence to common programming languages 167 is why JDDF does not support, for example, a data type for numbers up 168 to 2**53-1. 170 It is expected that for many use-cases, a schema language of JDDF's 171 expressiveness is sufficient. Where a more expressive language is 172 required, alternatives exist in CDDL and others. 174 This document does not have IETF consensus and is presented here to 175 facilitate experimentation with the concept of JDDF. The purpose of 176 the experiment is to gain experience with JDDF and to possibly revise 177 this work accordingly. If JDDF is determined to be a valuable and 178 popular approach it may be taken to the IETF for further discussion 179 and revision. 181 This document has the following structure: 183 The syntax of JDDF is defined in Section 2. Section 3 describes the 184 semantics of JDDF; this includes determining whether some data 185 satisfies a schema and what error indicators should be produced when 186 the data is unsatisfactory. Appendix A discusses why certain 187 features are omitted from JDDF. Appendix B presents various JDDF 188 schemas and their CDDL equivalents. 190 1.1. Terminology 192 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 193 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 194 "OPTIONAL" in this document are to be interpreted as described in 195 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 196 capitals, as shown here. These words may also appear in this 197 document in lower case as plain English words, absent their normative 198 meanings. 200 The term "JSON Pointer", when it appears in this document, is to be 201 understood as it is defined in [RFC6901]. 203 The terms "object", "member", "array", "number", "name", and "string" 204 in this document are to be interpreted as described in [RFC8259]. 206 The term "instance", when it appears in this document, refers to a 207 JSON value being validated against a JDDF schema. 209 1.2. Scope of Experiment 211 JDDF is an experiment. Participation in this experiment consists of 212 using JDDF to validate or document interchanged JSON messages, or in 213 building tooling atop of JDDF. Feedback on the results of this 214 experiment may be e-mailed to the author. Participants in this 215 experiment are anticipated to mostly be nodes which provide or 216 consume JSON-based APIs. 218 Nodes know if they are participating in the experiment if they are 219 validating JSON messages against a JDDF schema, or if they are 220 relying on another node to do so. Nodes are also participating in 221 the experiment if they are running code generated from a JDDF schema. 223 The risk of this experiment "escaping" takes the form of a JDDF- 224 supporting node expecting another node, which lacks such support, to 225 validate messages against some JDDF schema. In such a case, the 226 outcome will likely be that the nodes fail to interchange information 227 correctly. 229 This experiment will be deemed successful when JDDF has been 230 implemented by multiple independent parties, and these parties 231 successfully use JDDF to facilitate information interchange within 232 their internal systems or between systems operated by independent 233 parties. 235 If this experiment is deemed successful, and JDDF is determined to be 236 a valuable and popular approach, it may be taken to the IETF for 237 further discussion and revision. One possible outcome of this 238 discussion and revision could be that a working group produces a 239 Standards Track specification of JDDF. 241 2. Syntax 243 This section describes when a JSON document is a correct JDDF schema. 244 Because CDDL is well-suited to the task of defining complex JSON 245 formats, such as JDDF schemas, this section uses CDDL to describe the 246 format of JDDF schemas. 248 JDDF schemas may recursively contain other schemas. In this 249 document, a "root schema" is one which is not contained within 250 another schema, i.e. it is "top level". 252 A JDDF schema is a JSON object taking on an appropriate form. JDDF 253 schemas may contain "additional data", discussed in Section 2.1. 254 Root JDDF schemas may optionally contain definitions (a mapping from 255 names to schemas). 257 A correct root JDDF schema MUST match the "root-schema" CDDL rule 258 described in this section. A correct non-root JDDF schema MUST match 259 the "schema" CDDL rule described in this section. 261 ; root-schema is identical to schema, but additionally allows for 262 ; definitions. 263 ; 264 ; definitions are prohibited from appearing on non-root schemas. 265 root-schema = { 266 schema, 267 ? definitions: { * tstr => schema }, 268 } 270 ; schema is the main CDDL rule defining a JDDF schema. Certain JDDF 271 ; schema forms will be defined recursively in terms of this rule. 272 schema = { 273 form, 274 * non-keyword => * 275 } 277 ; non-keyword is constructed here so as to prevent it from matching 278 ; any of the keywords defined later. 279 non-keyword = 280 (((((((((.ne "definitions") 281 .ne "ref") 282 .ne "type") 283 .ne "enum") 284 .ne "elements") 285 .ne "properties") 286 .ne "optionalProperties") 287 .ne "additionalProperties") 288 .ne "values") 289 .ne "discriminator" 291 Figure 1: CDDL definition of a schema 293 Thus Figure 2 is not a correct JDDF schema, as its "definitions" 294 object contains a number, which is not a schema: 296 { "definitions": { "foo": 3 }} 298 Figure 2: An incorrect JDDF schema. JSON numbers are not JDDF 299 schemas 301 Figure 3 is also incorrect, as a "definitions" object may not appear 302 on non-root schemas. See Figure 16 for more details on how 303 "elements" is defined in terms of the "schema" CDDL rule. 305 { 306 "elements": { 307 "definitions": {} 308 } 309 } 311 Figure 3: An incorrect JDDF schema. "definitions" may appear only in 312 root schemas 314 Figure 4 is an example of a correct schema that uses "definitions": 316 { 317 "definitions": { 318 "user": { 319 "properties": { 320 "name": { "type": "string" }, 321 "create_time": { "type": "timestamp" } 322 } 323 } 324 }, 325 "elements": { 326 "ref": "user" 327 } 328 } 330 Figure 4: A correct JDDF schema using "definitions" 332 JDDF schemas can take on one of eight forms. These forms are defined 333 so as to be mutually exclusive; a schema cannot satisfy multiple 334 forms at once. 336 form = empty / 337 ref / 338 type / 339 enum / 340 elements / 341 properties / 342 values / 343 discriminator 345 Figure 5: CDDL definition of the JDDF schema forms 347 The first form, "empty", is trivial. It is meant for matching any 348 instance: 350 empty = {} 352 Figure 6: CDDL definition of the "empty" form 354 Thus, Figure 7 is a correct schema: 356 {} 358 Figure 7: A JDDF schema of the "empty" form 360 The empty form is not very useful by itself, and it meant to be used 361 as a sub-schema. Schema authors can use the empty form to describe 362 parts of a message format which do not contain predictable data, or 363 which the author does not want to specify. 365 The semantics of schemas of the empty form are described in 366 Section 3.3.1. 368 The second form, "ref", is for when a schema is defined in terms of 369 something in the "definitions" of the root schema: 371 ref = { ref: tstr } 373 Figure 8: CDDL definition of the "ref" form 375 For a schema to be correct, the "ref" value must refer to one of the 376 definitions found at the root level of the schema it appears in. 377 More formally, for a schema _S_ of the "ref" form: 379 o Let _B_ be the root schema containing the schema, or the schema 380 itself if it is a root schema. 382 o Let _R_ be the value of the member of _S_ with the name "ref". 384 If the schema is correct, then _B_ must have a member _D_ with the 385 name "definitions", and _D_ must contain a member whose name equals 386 _R_. 388 Figure 9 is a correct example of "ref" being used to avoid re- 389 defining the same thing twice: 391 { 392 "definitions": { 393 "coordinates": { 394 "properties": { 395 "lat": { "type": "float32" }, 396 "lng": { "type": "float32" } 397 } 398 } 399 }, 400 "properties": { 401 "user_location": { "ref": "coordinates" }, 402 "server_location": { "ref": "coordinates" } 403 } 404 } 406 Figure 9: A correct JDDF schema using the "ref" form 408 However, Figure 10 is incorrect, as it refers to a definition that 409 doesn't exist: 411 { 412 "definitions": { "foo": { "type": "float32" }}, 413 "ref": "bar" 414 } 416 Figure 10: An incorrect JDDF schema. There is no "bar" in 417 "definitions" 419 The semantics of schemas of the "ref" form are described in 420 Section 3.3.2. 422 The third form, "type", constrains instances to have a particular 423 primitive type. The precise meaning of each of the primitive types 424 is described in Section 3.3.3. 426 type = { type: "boolean" / num-type / "string" / "timestamp" } 427 num-type = "float32" / "float64" / 428 "int8" / "uint8" / "int16" / "uint16" / "int32" / "uint32" 430 Figure 11: CDDL Definition of the Type Form 432 For example, Figure 12 constrains instances to be strings that are 433 correct [RFC3339] timestamps: 435 { "type": "timestamp" } 437 Figure 12: A correct JDDF schema using the "type" form 439 The semantics of schemas of the "type" form are described in 440 Section 3.3.3. 442 The fourth form, "enum", describes instances whose value must be one 443 of a finite, predetermined set of values: 445 enum = { enum: [+ tstr] } 447 Figure 13: CDDL definition of the "enum" form 449 The values within "[+ tstr]" MUST NOT contain duplicates. Thus, 450 Figure 14 is a correct schema: 452 { "enum": ["IN_PROGRESS", "DONE", "CANCELED"] } 454 Figure 14: A correct JDDF schema using the "enum" form 456 But Figure 15 is not a correct schema, as "B" is duplicated: 458 { "enum": ["A", "B", "B"] } 460 Figure 15: An incorrect JDDF schema. "B" appears twice. 462 The semantics of schemas of the "enum" form are described in 463 Section 3.3.4. 465 The fifth form, "elements", describes instances that must be arrays. 466 A further sub-schema describes the elements of the array. 468 elements = { elements: schema } 470 Figure 16: CDDL definition of the "elements" form 472 Figure 17 is a schema describing an array of [RFC3339] timestamps: 474 { "elements": { "type": "timestamp" }} 476 Figure 17: A correct JDDF schema using the "elements" form 478 The semantics of schemas of the "elements" form are described in 479 Section 3.3.5. 481 The sixth form, "properties", describes JSON objects being used as a 482 "struct". A schema of this form specifies the names of required and 483 optional properties, as well as the schemas each of those properties 484 must satisfy: 486 ; One of properties or optionalProperties may be omitted, 487 ; but not both. 488 properties = with-properties / with-optional-properties 490 with-properties = { 491 properties: * tstr => schema, 492 ? optionalProperties * tstr => schema, 493 ? additionalProperties: bool, 494 } 496 with-optional-properties = { 497 ? properties: * tstr => schema, 498 optionalProperties: * tstr => schema, 499 ? additionalProperties: bool, 500 } 502 Figure 18: CDDL definition of the "properties" form 504 If a schema has both a member named "properties" (with value _P_) and 505 another member named "optionalProperties" (with value _O_), then _O_ 506 and _P_ MUST NOT have any member names in common. This is to prevent 507 ambiguity as to whether a property is optional or required. 509 Thus, Figure 19 is not a correct schema, as "confusing" appears in 510 both "properties" and "optionalProperties": 512 { 513 "properties": { "confusing": {} }, 514 "optionalProperties": { "confusing": {} } 515 } 517 Figure 19: An incorrect JDDF schema. "confusing" is repeated between 518 "properties" and "optionalProperties" 520 Figure 20 is a correct schema, describing a paginated list of users: 522 { 523 "properties": { 524 "users": { 525 "elements": { 526 "properties": { 527 "id": { "type": "string" }, 528 "name": { "type": "string" }, 529 "create_time": { "type": "timestamp" } 530 }, 531 "optionalProperties": { 532 "delete_time": { "type": "timestamp" } 533 } 534 } 535 }, 536 "next_page_token": { "type": "string" } 537 } 538 } 540 Figure 20: A correct JDDF schema using the "properties" form 542 The semantics of schemas of the "properties" form are described in 543 Section 3.3.6. 545 The seventh form, "values", describes JSON objects being used as an 546 associative array. A schema of this form specifies the form all 547 member values must satisfy, but places no constraints on the member 548 names: 550 values = { values: * tstr => schema } 552 Figure 21: CDDL definition of the "values" form 554 Thus, Figure 22 is a correct schema, describing a mapping from 555 strings to numbers: 557 { "values": { "type": "float32" }} 559 Figure 22: A correct JDDF schema using the "values 561 The semantics of schemas of the "values" form are described in 562 Section 3.3.7. 564 Finally, the eighth form, "discriminator", describes JSON objects 565 being used as a discriminated union. A schema of this form specifies 566 the "tag" (or "discriminator") of the union, as well as a mapping 567 from tag values to the appropriate schema to use. 569 ; Note well: the values of mapping are of the properties form. 570 discriminator = { tag: tstr, mapping: * tstr => properties } 572 Figure 23: CDDL definition of the "discriminator" form 574 To prevent ambiguous or unsatisfiable contstraints on the "tag" of a 575 discriminator, an additional constraint on schemas of the 576 discriminator form exists. For schemas of the discriminator form: 578 o Let _D_ be the schema member with the name "discriminator". 580 o Let _T_ be the member of _D_ with the name "tag". 582 o Let _M_ be the member of _D_ with the name "mapping". 584 If the schema is correct, then all member values _S_ of _M_ will be 585 schemas of the "properties" form. For each member _P_ of _S_ whose 586 name equals "properties" or "optionalProperties", _P_'s value, which 587 must be an object, MUST NOT contain any members whose name equals 588 _T_'s value. 590 Thus, Figure 24 is an incorrect schema, as "event_type" is both the 591 value of "tag" and a member name in one of the "mapping" member 592 "properties": 594 { 595 "tag": "event_type", 596 "mapping": { 597 "is_event_type_a_string_or_a_float32?": { 598 "properties": { "event_type": { "type": "float32" }} 599 } 600 } 601 } 603 Figure 24: An incorrect JDDF schema. "event_type" appears both in 604 "tag" and in the "properties" of a "mapping" value 606 However, Figure 25 is a correct schema, describing a pattern of data 607 common in JSON-based messaging systems: 609 { 610 "tag": "event_type", 611 "mapping": { 612 "account_deleted": { 613 "properties": { 614 "account_id": { "type": "string" } 615 } 616 }, 617 "account_payment_plan_changed": { 618 "properties": { 619 "account_id": { "type": "string" }, 620 "payment_plan": { "enum": ["FREE", "PAID"] } 621 }, 622 "optionalProperties": { 623 "upgraded_by": { "type": "string" } 624 } 625 } 626 } 627 } 629 Figure 25: A correct JDDF schema using the "discriminator" form 631 The semantics of schemas of the "discriminator" form are described in 632 Section 3.3.8. Section 3.3.8 also includes examples of what 633 Figure 25 accepts and rejects. 635 2.1. Extending JDDF's Syntax 637 This document does not describe any extension mechanisms for JDDF 638 schema validation, which is described in Section 3. However, schemas 639 (through the "non-keyword" CDDL rule in Section 2) are defined to 640 allow members whose names are not equal to any of the specially- 641 defined keywords (i.e. "definitions", "elements", etc.). Call these 642 members "non-keyword members". 644 Users MAY add additional, non-keyword members to JDDF schemas to 645 convey information that is not pertinent to validation. For example, 646 such non-keyword members could provide hints to code generators, or 647 trigger some special behavior for a library that generates user 648 interfaces from schemas. 650 Users SHOULD NOT expect non-keyword members to be understood by other 651 parties. As a result, if consistent validation with other parties is 652 a requirement, users SHOULD NOT use non-keyword members to affect how 653 schema validation, as described in Section 3, works. 655 Users MAY expect expect non-keywords to be understood by other 656 parties, and MAY use non-keyword members to affect how schema 657 validation works, if these other parties are somehow known to support 658 these non-keyword members. For example, two parties may agree, out 659 of band, that they will support an extended JDDF with a custom 660 keyword. 662 3. Semantics 664 This section describes when an instance is valid against a correct 665 JDDF schema, and the error indicators to produce when an instance is 666 invalid. 668 3.1. Allowing Additional Properties 670 Users will have different desired behavior with respect to 671 "unspcecified" members in an instance. For example, consider the 672 JDDF schema in Figure 26: 674 { "properties": { "a": { "type": "string" }}} 676 Figure 26: An illustrative JDDF schema 678 Some users may expect that 680 {"a": "foo", "b": "bar"} 682 satisfies the schema in Figure 26. Others may disagree, as "b" is 683 not one of the properties described in the schema. In this document, 684 allowing such "unspecified" members, like "b" in this example, 685 happens when evaluation is in "allow additional properties" mode. 687 Evaluation of a schema does not allow additional properties by 688 default, but can be overridden by having the schema include a member 689 named "additionalProperties", where that member has a value of 690 "true". 692 More formally: evaluation of a schema _S_ is in "allow additional 693 properties" mode if there exists a member of _S_ whose name equals 694 "additionalProperties", and whose value is a boolean "true". 695 Otherwise, evaluation of _S_ is not in "allow additional properties" 696 mode. 698 See Section 3.3.6 for how allowing unknown properties affects schema 699 evaluation, but briefly, consider the schema in Figure 27: 701 { "properties": { "a": { "type": "string" }}} 703 Figure 27: A JDDF schema that does not allow additional properties 705 The schema in Figure 27 rejects 707 {"a": "foo", "b": "bar"} 709 However, consider the schema in Figure 28: 711 { 712 "additionalProperties": true, 713 "properties": { "a": { "type": "string" }} 714 } 716 Figure 28: A JDDF schema that allows additional properties 718 The schema in Figure 28 accepts 720 {"a": "foo", "b": "bar"} 722 Note that "additionalProperties" does not get "inherited" by sub- 723 schemas. For example, the JDDF schema: 725 { 726 "additionalProperties": true, 727 "properties": { 728 "a": { 729 "properties": { 730 "b": { "type": "string" } 731 } 732 } 733 } 734 } 736 accepts 738 { "a": { "b": "c" }, "foo": "bar" } 740 but rejects 742 { "a": { "b": "c", "foo": "bar" }} 744 because the "additionalProperties" at the root level does not affect 745 the behavior of sub-schemas. 747 3.2. Errors 749 To facilitate consistent validation error handling, this document 750 specifies a standard error indicator format. Implementations SHOULD 751 support producing error indicators in this standard form. 753 The standard error indicator format is a JSON array. The order of 754 the elements of this array is not specified. The elements of this 755 array are JSON objects with the members: 757 o A member with the name "instancePath", whose value is a JSON 758 string encoding a JSON Pointer. This JSON Pointer will point to 759 the part of the instance that was rejected. 761 o A member with the name "schemaPath", whose value is a JSON string 762 encoding a JSON Pointer. This JSON Pointer will point to the part 763 of the schema that rejected the instance. 765 The values for "instancePath" and "schemaPath" depend on the form of 766 the schema, and are described in detail in Section 3.3. 768 3.3. Forms 770 This section describes, for each of the eight JDDF schema forms, the 771 rules dictating whether an instance is accepted, as well as the error 772 indicators to produce when an instance is invalid. 774 The forms a correct schema may take on are formally described in 775 Section 2. 777 3.3.1. Empty 779 The empty form is meant to describe instances whose values are 780 unknown, unpredictable, or otherwise unconstrained by the schema. 782 If a schema is of the empty form, then it accepts all instances. A 783 schema of the empty form will never produce any error indicators. 785 3.3.2. Ref 787 The ref form is for when a schema is defined in terms of something in 788 the "definitions" of the root schema. The ref form enables schemas 789 to be less repetitive, and also enables describing recursive 790 structures. 792 If a schema is of the ref form, then: 794 o Let _B_ be the root schema containing the schema, or the schema 795 itself if it is a root schema. 797 o Let _D_ be the member of _B_ with the name "definitions". By 798 Section 2, _D_ exists. 800 o Let _R_ be the value of the schema member with the name "ref". 802 o Let _S_ be the value of the member of _D_ whose name equals _R_. 803 By Section 2, _S_ exists, and is a schema. 805 The schema accepts the instance if and only if _S_ accepts the 806 instance. Otherwise, the error indicators to return in this case are 807 the union of the error indicators from evaluating _S_ against the 808 instance. 810 For example, the schema: 812 { 813 "definitions": { "a": { "type": "float32" }}, 814 "ref": "a" 815 } 817 Figure 29: A JDDF schema demonstrating the "ref" form 819 Accepts 821 123 823 but not 825 false 827 The error indicators to produce when evaluting 829 false 831 against the schema in Figure 29 are: 833 [{ "instancePath": "", "schemaPath": "/definitions/a/type" }] 835 Note that the ref form is defined to only look up definitions at the 836 root level. Thus, with the schema: 838 { 839 "definitions": { "a": { "type": "float32" }}, 840 "elements": { 841 "definitions": { "a": { "type": "boolean" }}, 842 "ref": "a" 843 } 844 } 846 The instance 848 123 850 is accepted, and 852 false 854 is rejected, and the error indicator would be: 856 [{ "instancePath": "", "schemaPath": "/definitions/a/type" }] 858 Though non-root definitions are not syntactically disallowed in 859 correct schemas, they are entirely immaterial to evaluating 860 references. 862 3.3.3. Type 864 The type form is meant to describe instances whose value is a 865 boolean, number, string, or timestamp ([RFC3339]). 867 If a schema is of the type form, then let _T_ be the value of the 868 member with the name "type". The following table describes whether 869 the instance is accepted, as a function of _T_'s value: 871 +-------------------+----------------------------------------------+ 872 | If _T_ equals ... | then the instance is accepted if it is ... | 873 +-------------------+----------------------------------------------+ 874 | boolean | equal to "true" or "false" | 875 | | | 876 | float32 | a JSON number | 877 | | | 878 | float64 | a JSON number | 879 | | | 880 | int8 | See Table 2 | 881 | | | 882 | uint8 | See Table 2 | 883 | | | 884 | int16 | See Table 2 | 885 | | | 886 | uint16 | See Table 2 | 887 | | | 888 | int32 | See Table 2 | 889 | | | 890 | uint32 | See Table 2 | 891 | | | 892 | string | a JSON string | 893 | | | 894 | timestamp | a JSON string encoding a [RFC3339] timestamp | 895 +-------------------+----------------------------------------------+ 897 Table 1: Accepted Values for Type 899 "float32" and "float64" are distinguished from each other in their 900 intent. "float32" indicates data intended to be processed as an IEEE 901 754 single-precision float, whereas "float64" indicates data intended 902 to be processed as an IEEE 754 double-precision float. Tools which 903 generate code from JDDF schemas will likely produce different code 904 for "float32" than for "float64". 906 If _T_ starts with "int" or "uint", then the instance is accepted if 907 and only if it is a JSON number encoding a value with zero fractional 908 part. Depending on the value of _T_, this encoded number must 909 additionally fall within a particular range: 911 +--------+---------------------------+---------------------------+ 912 | _T_ | Minimum Value (Inclusive) | Maximum Value (Inclusive) | 913 +--------+---------------------------+---------------------------+ 914 | int8 | -128 | 127 | 915 | | | | 916 | uint8 | 0 | 255 | 917 | | | | 918 | int16 | -32,768 | 32,767 | 919 | | | | 920 | uint16 | 0 | 65,535 | 921 | | | | 922 | int32 | -2,147,483,648 | 2,147,483,647 | 923 | | | | 924 | uint32 | 0 | 4,294,967,295 | 925 +--------+---------------------------+---------------------------+ 927 Table 2: Ranges for Integer Types 929 Note that 931 10 933 and 935 10.0 937 and 939 1.0e1 941 encode values with zero fractional part, whereas 943 10.5 945 encodes a number with a non-zero fractional part. Thus the schema 946 {"type": "int8"} 948 accepts 950 10 952 and 954 10.0 956 and 958 1.0e1 960 but rejects 962 10.5 964 as well as 966 false 968 because "false" is not a number at all. 970 If the instance is not accepted, then the error indicator for this 971 case shall have an "instancePath" pointing to the instance, and a 972 "schemaPath" pointing to the schema member with the name "type". 974 For example, the schema: 976 {"type": "boolean"} 978 accepts 980 false 982 but rejects 984 127 986 The schema: 988 {"type": "float32"} 990 accepts 992 10.5 994 and 996 127 998 but rejects 1000 false 1002 The schema: 1004 {"type": "string"} 1006 accepts 1008 "1985-04-12T23:20:50.52Z" 1010 and 1012 "foo" 1014 but rejects 1016 false 1018 The schema: 1020 {"type": "timestamp"} 1022 accepts 1024 "1985-04-12T23:20:50.52Z" 1026 but rejects 1028 "foo" 1030 and 1032 false 1034 In all of the examples of rejected instances given in this section, 1035 the error indicator to produce is: 1037 [{ "instancePath": "", "schemaPath": "/type" }] 1039 3.3.4. Enum 1041 The enum form is meant to describe instances whose value must be one 1042 of a finite, predetermined set of string values. 1044 If a schema is of the enum form, then let _E_ be the value of the 1045 schema member with the name "enum". The instance is accepted if and 1046 only if it is equal to one of the elements of _E_. 1048 If the instance is not accepted, then the error indicator for this 1049 case shall have an "instancePath" pointing to the instance, and a 1050 "schemaPath" pointing to the schema member with the name "enum". 1052 For example, the schema: 1054 { "enum": ["PENDING", "DONE", "CANCELED"] } 1056 Accepts 1058 "PENDING" 1060 and 1062 "DONE" 1064 and 1066 "CANCELED" 1068 but rejects all of 1070 0 1072 and 1074 1 1076 and 1078 2 1080 and 1082 "UNKNOWN" 1084 with the error indicator: 1086 [{ "instancePath": "", "schemaPath": "/enum" }] 1088 3.3.5. Elements 1090 The elements form is meant to describe instances that must be arrays. 1091 A further sub-schema describes the elements of the array. 1093 If a schema is of the elements form, then let _S_ be the value of the 1094 schema member with the name "elements". The instance is accepted if 1095 and only if all of the following are true: 1097 o The instance is an array. Otherwise, the error indicator for this 1098 case shall have an "instancePath" pointing to the instance, and a 1099 "schemaPath" pointing to the schema member with the name 1100 "elements". 1102 o If the instance is an array, then every element of the instance 1103 must be accepted by _S_. Otherwise, the error indicators for this 1104 case are the union of all the errors arising from evaluating _S_ 1105 against elements of the instance. 1107 For example, the schema: 1109 { 1110 "elements": { 1111 "type": "float32" 1112 } 1113 } 1115 accepts 1117 [] 1119 and 1121 [1, 2, 3] 1123 but rejects 1125 false 1127 with the error indicator: 1129 [{ "instancePath": "", "schemaPath": "/elements" }] 1131 and rejects 1133 [1, 2, "foo", 3, "bar"] 1135 with the error indicators: 1137 [ 1138 { "instancePath": "/2", "schemaPath": "/elements/type" }, 1139 { "instancePath": "/4", "schemaPath": "/elements/type" } 1140 ] 1142 3.3.6. Properties 1144 The properties form is meant to describe JSON objects being used as a 1145 "struct". 1147 If a schema is of the properties form, then the instance is accepted 1148 if and only if all of the following are true: 1150 o The instance is an object. 1152 Otherwise, the error indicator for this case shall have an 1153 "instancePath" pointing to the instance, and a "schemaPath" 1154 pointing to the schema member with the name "properties" if such a 1155 schema member exists; if such a member doesn't exist, "schemaPath" 1156 shall point to the schema member with the name 1157 "optionalProperties". 1159 o If the instance is an object and the schema has a member named 1160 "properties", then let _P_ be the value of the schema member named 1161 "properties". _P_, by Section 2, must be an object. For every 1162 member name in _P_, a member of the same name in the instance must 1163 exist. 1165 Otherwise, the error indicator for this case shall have an 1166 "instancePath" pointing to the instance, and a "schemaPath" 1167 pointing to the member of _P_ failing the requirement just 1168 described. 1170 o If the instance is an object, then let _P_ be the value of the 1171 schema member named "properties" (if it exists), and _O_ be the 1172 value of the schema member named "optionalProperties" (if it 1173 exists). 1175 For every member _I_ of the instance, find a member with the same 1176 name as _I_'s in _P_ or _O_. By Section 2, it is not possible for 1177 both _P_ and _O_ to have such a member. If the "discriminator tag 1178 exemption" is in effect on _I_ (see Section 3.3.8), then ignore 1179 _I_. Otherwise: 1181 * If no such member in _P_ or _O_ exists and validation is not in 1182 "allow additional properties" mode (see Section 3.1), then the 1183 instance is rejected. 1185 The error indicator for this case has an "instancePath" 1186 pointing to _I_, and a "schemaPath" pointing to the schema. 1188 * If such a member in _P_ or _O_ does exist, then call this 1189 member _S_. If _S_ rejects _I_'s value, then the instance is 1190 rejected. 1192 The error indicators for this case are the union of the error 1193 indicators from evaluating _S_ against _I_'s value. 1195 An instance may have multiple errors arising from the second and 1196 third bullet in the above. In this case, the error indicators are 1197 the union of the errors. 1199 For example, the schema: 1201 { 1202 "properties": { 1203 "a": { "type": "string" }, 1204 "b": { "type": "string" } 1205 }, 1206 "optionalProperties": { 1207 "c": { "type": "string" }, 1208 "d": { "type": "string" } 1209 } 1210 } 1212 accepts 1214 { "a": "foo", "b": "bar" } 1216 and 1218 { "a": "foo", "b": "bar", "c": "baz" } 1220 and 1222 { "a": "foo", "b": "bar", "c": "baz", "d": "quux" } 1224 and 1226 { "a": "foo", "b": "bar", "d": "quux" } 1228 but rejects 1230 123 1232 with the error indicator 1234 [{ "instancePath": "", "schemaPath": "/properties" }] 1236 and rejects 1238 { "b": 3, "c": 3, "e": 3 } 1240 with the error indicators 1242 [ 1243 { "instancePath": "", 1244 "schemaPath": "/properties/a" }, 1245 { "instancePath": "/b", 1246 "schemaPath": "/properties/b/type" }, 1247 { "instancePath": "/c", 1248 "schemaPath": "/optionalProperties/c/type" }, 1249 { "instancePath": "/e", 1250 "schemaPath": "" } 1251 ] 1253 If instead the schema had "additionalProperties: true", but was 1254 otherwise the same: 1256 { 1257 "properties": { 1258 "a": { "type": "string" }, 1259 "b": { "type": "string" } 1260 }, 1261 "optionalProperties": { 1262 "c": { "type": "string" }, 1263 "d": { "type": "string" } 1264 }, 1265 "additionalProperties": true 1266 } 1268 And the instance remained the same: 1270 { "b": 3, "c": 3, "e": 3 } 1272 Then the error indicators from evaluating the instance the schema 1273 would be 1275 [ 1276 { "instancePath": "", 1277 "schemaPath": "/properties/a" }, 1278 { "instancePath": "/b", 1279 "schemaPath": "/properties/b/type" }, 1280 { "instancePath": "/c", 1281 "schemaPath": "/optionalProperties/c/type" }, 1282 ] 1284 These are the same errors as before, except the final error 1285 (associated with the additional member named "e" in the instance) is 1286 no longer present. This is because "additionalProperties: true" 1287 enables "allow additional properties" mode on the schema. 1289 3.3.7. Values 1291 The elements form is meant to describe instances that are JSON 1292 objects being used as an associative array. 1294 If a schema is of the values form, then let _S_ be the value of the 1295 schema member with the name "values". The instance is accepted if 1296 and only if all of the following are true: 1298 o The instance is an object. Otherwise, the error indicator for 1299 this case shall have an "instancePath" pointing to the instance, 1300 and a "schemaPath" pointing to the schema member with the name 1301 "values". 1303 o If the instance is an object, then every member value of the 1304 instance must be accepted by _S_. Otherwise, the error indicators 1305 for this case are the union of all the error indicators arising 1306 from evaluating _S_ against member values of the instance. 1308 For example, the schema: 1310 { 1311 "values": { 1312 "type": "float32" 1313 } 1314 } 1316 accepts 1318 {} 1320 and 1322 {"a": 1, "b": 2} 1324 but rejects 1326 false 1328 with the error indicator 1330 [{ "instancePath": "", "schemaPath": "/values" }] 1332 and rejects 1334 { "a": 1, "b": 2, "c": "foo", "d": 3, "e": "bar" } 1336 with the error indicators 1338 [ 1339 { "instancePath": "/c", "schemaPath": "/values/type" }, 1340 { "instancePath": "/e", "schemaPath": "/values/type" } 1341 ] 1343 3.3.8. Discriminator 1345 The discriminator form is meant to describe JSON objects being used 1346 in a fashion similar to a discriminated union construct in C-like 1347 languages. When a schema is of the "discriminator" form, it 1348 validates: 1350 o That the instance is an object, 1352 o That the instance has a particular "tag" property, 1354 o That this "tag" property's value is a string within a set of valid 1355 values, and 1357 o That the instance satisfies another schema, where this other 1358 schema is chosen based on the value of the "tag" property. 1360 The behavior of the discriminator form is more complex than the other 1361 keywords. Readers familiar with CDDL may find the final example in 1362 Appendix B helpful in understanding its behavior. What follows in 1363 this section is a description of the discriminator form's behavior, 1364 as well as some examples. 1366 If a schema is of the "discriminator" form, then: 1368 o Let _D_ be the schema member with the name "discriminator". 1370 o Let _T_ be the member of _D_ with the name "tag". 1372 o Let _M_ be the member of _D_ with the name "mapping". 1374 o Let _I_ be the instance member whose name equals _T_'s value. _I_ 1375 may, for some rejected instances, not exist. 1377 o Let _S_ be the member of _M_ whose name equals _I_'s value. _S_ 1378 may, for some rejected instances, not exist. 1380 The instance is accepted if and only if: 1382 o The instance is an object. 1384 Otherwise, the error indicator for this case shall have an 1385 "instancePath" pointing to the instance, and a "schemaPath" 1386 pointing to _D_. 1388 o If the instance is a JSON object, then _I_ must exist. 1390 Otherwise, the error indicator for this case shall have an 1391 "instancePath" pointing to the instance, and a "schemaPath" 1392 pointing to _T_. 1394 o If the instance is a JSON object and _I_ exists, _I_'s value must 1395 be a string. 1397 Otherwise, the error indicator for this case shall have an 1398 "instancePath" pointing to _I_, and a "schemaPath" pointing to 1399 _T_. 1401 o If the instance is a JSON object and _I_ exists and has a string 1402 value, then _S_ must exist. 1404 Otherwise, the error indicator for this case shall have an 1405 "instancePath" pointing to _I_, and a "schemaPath" pointing to 1406 _M_. 1408 o If the instance is a JSON object, _I_ exists, and _S_ exists, then 1409 the instance must satisfy _S_'s value. By Section 2, _S_'s value 1410 must have the properties form. Apply the "discriminator tag 1411 exemption" afforded in Section 3.3.6 to _I_ when evaluating 1412 whether the instance satisfies _S_'s value. 1414 Otherwise, the error indicators for this case shall be error 1415 indicators from evaluating _S_'s value against the instance, with 1416 the "discriminator tag exemption" applied to _I_. 1418 Each of the list items above are defined to be mutually exclusive. 1419 For the same instance and schema, only one of the list items above 1420 will apply. 1422 For example, the schema: 1424 { 1425 "discriminator": { 1426 "tag": "version", 1427 "mapping": { 1428 "v1": { 1429 "properties": { 1430 "a": { "type": "float32" } 1431 } 1432 }, 1433 "v2": { 1434 "properties": { 1435 "a": { "type": "string" } 1436 } 1437 } 1438 } 1439 } 1440 } 1442 rejects 1444 "example" 1446 with the error indicator 1448 [{ "instancePath": "", "schemaPath": "/discriminator" }] 1450 (This is the case of the instance not being an object.) 1452 Also rejected is 1454 {} 1456 with the error indicator 1458 [{ "instancePath": "", "schemaPath": "/discriminator/tag" }] 1460 (This is the case of _I_ not existing.) 1462 Also rejected is 1464 { "version": 1 } 1466 with the error indicator 1468 [ 1469 { 1470 "instancePath": "/version", 1471 "schemaPath": "/discriminator/tag" 1472 } 1473 ] 1475 (This is the case of _I_ existing, but not having a string value.) 1477 Also rejected is 1479 { "version": "v3" } 1481 with the error indicator 1483 [ 1484 { 1485 "instancePath": "/version", 1486 "schemaPath": "/discriminator/mapping" 1487 } 1488 ] 1490 (This is the case of _I_ existing and having a string value, but _S_ 1491 not existing.) 1493 Also rejected is 1495 { "version": "v2", "a": 3 } 1497 with the error indicator 1499 [ 1500 { 1501 "instancePath": "/a", 1502 "schemaPath": "/discriminator/mapping/v2/properties/a/type" 1503 } 1504 ] 1506 (This is the case of _I_ and _S_ existing, but the instance not 1507 satisfying _S_'s value.) 1509 Finally, the schema accepts 1511 { "version": "v2", "a": "foo" } 1513 This instance is accepted despite the fact that "version" is not 1514 mentioned by "/discriminator/mapping/v2/properties"; the 1515 "discriminator tag exemption" ensures that "version" is not treated 1516 as an additional property when evaluating the instance against _S_'s 1517 value. 1519 To further illustrate the discriminator form with examples, recall 1520 the JDDF schema in Figure 25, reproduced here: 1522 { 1523 "tag": "event_type", 1524 "mapping": { 1525 "account_deleted": { 1526 "properties": { 1527 "account_id": { "type": "string" } 1528 } 1529 }, 1530 "account_payment_plan_changed": { 1531 "properties": { 1532 "account_id": { "type": "string" }, 1533 "payment_plan": { "enum": ["FREE", "PAID"] } 1534 }, 1535 "optionalProperties": { 1536 "upgraded_by": { "type": "string" } 1537 } 1538 } 1539 } 1540 } 1542 This schema accepts 1544 { "event_type": "account_deleted", "account_id": "abc-123" } 1546 and 1548 { 1549 "event_type": "account_payment_plan_changed", 1550 "account_id": "abc-123", 1551 "payment_plan": "PAID" 1552 } 1554 and 1555 { 1556 "event_type": "account_payment_plan_changed", 1557 "account_id": "abc-123", 1558 "payment_plan": "PAID", 1559 "upgraded_by": "users/mkhwarizmi" 1560 } 1562 but rejects 1564 {} 1566 with the error indicator 1568 [{ "instancePath": "", "schemaPath": "/discriminator/tag" }] 1570 and rejects 1572 { "event_type": "some_other_event_type" } 1574 with the error indicator 1576 [ 1577 { 1578 "instancePath": "/event_type", 1579 "schemaPath": "/discriminator/mapping" 1580 } 1581 ] 1583 and rejects 1585 { "event_type": "account_deleted" } 1587 with the error indicator 1589 [{ 1590 "instancePath": "", 1591 "schemaPath": 1592 "/discriminator/mapping/account_deleted/properties/account_id" 1593 }] 1595 and rejects 1597 { 1598 "event_type": "account_payment_plan_changed", 1599 "account_id": "abc-123", 1600 "payment_plan": "PAID", 1601 "xxx": "asdf" 1602 } 1604 with the error indicator 1606 [{ 1607 "instancePath": "/xxx", 1608 "schemaPath": 1609 "/discriminator/mapping/account_payment_plan_changed" 1610 }] 1612 4. IANA Considerations 1614 No IANA considerations. 1616 5. Security Considerations 1618 Implementations of JDDF will necessarily be manipulating JSON data. 1619 Therefore, the security considerations of [RFC8259] are all relevant 1620 here. 1622 Implementations which evaluate user-inputted schemas SHOULD implement 1623 mechanisms to detect, and abort, circular references which might 1624 cause a naive implementation to go into an infinite loop. Without 1625 such mechanisms, implementations may be vulnerable to denial-of- 1626 service attacks. 1628 6. References 1630 6.1. Normative References 1632 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1633 Requirement Levels", BCP 14, RFC 2119, 1634 DOI 10.17487/RFC2119, March 1997, 1635 . 1637 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 1638 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 1639 . 1641 [RFC6901] Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed., 1642 "JavaScript Object Notation (JSON) Pointer", RFC 6901, 1643 DOI 10.17487/RFC6901, April 2013, 1644 . 1646 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1647 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1648 May 2017, . 1650 [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 1651 Interchange Format", STD 90, RFC 8259, 1652 DOI 10.17487/RFC8259, December 2017, 1653 . 1655 [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data 1656 Definition Language (CDDL): A Notational Convention to 1657 Express Concise Binary Object Representation (CBOR) and 1658 JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, 1659 June 2019, . 1661 6.2. Informative References 1663 [I-D.handrews-json-schema] 1664 Wright, A., Andrews, H., Hutton, B., and G. Dennis, "JSON 1665 Schema: A Media Type for Describing JSON Documents", 1666 draft-handrews-json-schema-02 (work in progress), 1667 September 2019. 1669 [OPENAPI] OpenAPI Initiative, "OpenAPI Specification", October 2019, 1670 . 1672 [RFC7071] Borenstein, N. and M. Kucherawy, "A Media Type for 1673 Reputation Interchange", RFC 7071, DOI 10.17487/RFC7071, 1674 November 2013, . 1676 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 1677 DOI 10.17487/RFC7493, March 2015, 1678 . 1680 Appendix A. Other Considerations 1682 This appendix is not normative. 1684 This section describes possible features which are intentionally left 1685 out of JSON Data Definition Format, and justifies why these features 1686 are omitted. 1688 A.1. Support for 64-bit Numbers 1690 This document does not allow "int64" or "uint64" as values for the 1691 JDDF "type" keyword (see Figure 11 and Section 3.3.3). Such 1692 hypothetical "int64" or "uint64" types would behave like "int32" or 1693 "uint32" (respectively), but with the range of values associated with 1694 64-bit instead of 32-bit integers, that is: 1696 o "int64" would accept numbers between -(2**63) and (2**63)-1 1697 o "uint64" would accept numbers between 0 and (2**64)-1 1699 Users of "int64" and "uint64" would likely expect that the full range 1700 of signed or unsigned 64-bit integers could interoperably be 1701 transmitted as JSON without loss of precision. But this assumption 1702 is likely to be incorrect, for the reasons given in Section 2.2 of 1703 [RFC7493]. 1705 "int64" and "uint64" likely would have led users to falsely assume 1706 that the full range of 64-bit integers can be interoperably procesed 1707 as JSON without loss of precision. To avoid leading users astray, 1708 JDDF omits "int64" and "uint64". 1710 A.2. Support for Non-Root Schemas 1712 This document disallows the "definitions" keyword from appearing 1713 outside of root schemas (see Figure 1). Conceivably, this document 1714 could have instead allowed "definitions" to appear on any schema, 1715 even non-root ones. Under this alternative design, "ref"s would 1716 resolve to a definition in the "nearest" (i.e., most nested) schema 1717 which both contained the "ref" and which had a suitably-named 1718 "definitions" member. 1720 For instance, under this alternative approach, one could define 1721 schemas like the one in Figure 30: 1723 { 1724 "properties": { 1725 "foo": { 1726 "definitions": { 1727 "user": { "properties": { "user_id": {"type": "string" }}} 1728 }, 1729 "ref": "user" 1730 }, 1731 "bar": { 1732 "definitions": { 1733 "user": { "properties": { "user_id": {"type": "string" }}} 1734 }, 1735 "ref": "user" 1736 }, 1737 "baz": { 1738 "definitions": { 1739 "user": { "properties": { "userId": {"type": "string" }}} 1740 }, 1741 "ref": "user" 1742 } 1743 } 1744 } 1746 Figure 30: A hypothetical schema had this document permitted non-root 1747 definitions. This is not a correct JDDF schema. 1749 If schemas like that in Figure 30 were permitted, code generation 1750 from JDDF schemas would be more difficult, and the generated code 1751 would be less useful. 1753 Code generation would be more difficult because it would force code 1754 generators to implement a name mangling scheme for types generated 1755 from definitions. This additional difficulty is not immense, but 1756 adds complexity to an otherwise relatively trivial task. 1758 Generated code would be less useful because generated, mangled struct 1759 names are less pithy than human-defined struct names. For instance, 1760 the "user" definitions in Figure 30 might have been generated into 1761 types named "PropertiesFooUser", "PropertiesBarUser", and 1762 "PropertiesBazUser"; obtuse names like these are less useful to 1763 human-written code than names like "User". 1765 Furthermore, even though "PropertiesFooUser" and "PropertiesBarUser" 1766 would be essentially identical, they would not be interchangeable in 1767 many statically-typed programming languages. A code generator could 1768 attempt to circumvent this by deduplicating identical definitions, 1769 but then the user might be confused as to why the subtly distinct 1770 "PropertiesBazUser", defined from a schema allowing a property named 1771 "userId" (not "user_id"), was not deduplicated. 1773 Because there seem to be implementation and usability challenges 1774 associated with non-root definitions, and because it would be easier 1775 to later amend JDDF to permit for non-root definitions than to later 1776 amend JDDF to prohibit them, this document does not permit non-root 1777 definitions in JDDF schemas. 1779 Appendix B. Comparison with CDDL 1781 This appendix is not normative. 1783 To aid the reader familiar with CDDL, this section illustrates how 1784 JDDF works by presenting JDDF schemas and CDDL schemas which accept 1785 and reject the same instances. 1787 The JDDF schema: 1789 {} 1791 accepts the same instances as the CDDL rule: 1793 root = any 1795 The JDDF schema: 1797 { 1798 "definitions": { 1799 "a": { "elements": { "ref": "b" }}, 1800 "b": { "type": "float32" } 1801 }, 1802 "elements": { 1803 "ref": "a" 1804 } 1805 } 1807 accepts the same instances as the CDDL rule: 1809 root = [* a] 1811 a = [* b] 1812 b = number 1814 The JDDF schema: 1816 { "enum": ["PENDING", "DONE", "CANCELED"]} 1818 accepts the same instances as the CDDL rule: 1820 root = "PENDING" / "DONE" / "CANCELED" 1822 The JDDF schema: 1824 {"type": "boolean"} 1826 accepts the same instances as the CDDL rule: 1828 root = bool 1830 The JDDF schemas: 1832 {"type": "float32"} 1834 and 1836 {"type": "float64"} 1838 both accept the same instances as the CDDL rule: 1840 root = number 1842 The JDDF schema: 1844 {"type": "string"} 1846 accepts the same instances as the CDDL rule: 1848 root = tstr 1850 The JDDF schema: 1852 {"type": "timestamp"} 1854 accepts the same instances as the CDDL rule: 1856 root = tdate 1858 The JDDF schema: 1860 { "elements": { "type": "float32" }} 1862 accepts the same instances as the CDDL rule: 1864 root = [* number] 1866 The JDDF schema: 1868 { 1869 "properties": { 1870 "a": { "type": "boolean" }, 1871 "b": { "type": "float32" } 1872 }, 1873 "optionalProperties": { 1874 "c": { "type": "string" }, 1875 "d": { "type": "timestamp" } 1876 } 1877 } 1879 accepts the same instances as the CDDL rule: 1881 root = { a: bool, b: number, ? c: tstr, ? d: tdate } 1883 The JDDF schema: 1885 { "values": { "type": "float32" }} 1887 accepts the same instances as the CDDL rule: 1889 root = { * tstr => number } 1891 Finally, the JDDF schema: 1893 { 1894 "discriminator": { 1895 "tag": "a", 1896 "mapping": { 1897 "foo": { 1898 "properties": { 1899 "b": { "type": "float32" } 1900 } 1901 }, 1902 "bar": { 1903 "properties": { 1904 "b": { "type": "string" } 1905 } 1906 } 1907 } 1908 } 1909 } 1911 accepts the same instances as the CDDL rule: 1913 root = { a: "foo", b: number } / { a: "bar", b: tstr } 1915 Appendix C. Examples 1917 This appendix is not normative. 1919 As a demonstration of JDDF, in Figure 31 is a JDDF schema closely 1920 equivalent to the plain-English definition "reputation-object" 1921 described in Section 6.2.2 of [RFC7071]: 1923 { 1924 "properties": { 1925 "application": { "type": "string" }, 1926 "reputons": { 1927 "elements": { 1928 "additionalProperties": true, 1929 "properties": { 1930 "rater": { "type": "string" }, 1931 "assertion": { "type": "string" }, 1932 "rated": { "type": "string" }, 1933 "rating": { "type": "float32" }, 1934 }, 1935 "optionalProperties": { 1936 "confidence": { "type": "float32" }, 1937 "normal-rating": { "type": "float32" }, 1938 "sample-size": { "type": "float64" }, 1939 "generated": { "type": "float64" }, 1940 "expires": { "type": "float64" } 1941 } 1942 } 1943 } 1944 } 1945 } 1947 Figure 31: A JDDF schema describing "reputation-object" from 1948 Section 6.6.2 of [RFC7071] 1950 This schema does not enforce the requirement that "sample-size", 1951 "generated", and "expires" be unbounded positive integers. It does 1952 not express the limitation that "rating", "confidence", and "normal- 1953 rating" should not have more than three decimal places of precision. 1955 The example in Figure 31 can be compared against the equivalent 1956 example in Appendix H of [RFC8610]. 1958 Acknowledgments 1960 Carsten Bormann provided lots of useful guidance and feedback on 1961 JDDF's design and the structure of this document. 1963 Tim Bray suggested the current "ref" model, and the addition of 1964 "enum". Anders Rundgren suggested extending "type" to have more 1965 support for numerical types. James Manger suggested additional 1966 clarifying examples of how integer types work. Members of the IETF 1967 JSON mailing list - in particular, Pete Cordell, Phillip Hallam- 1968 Baker, Nico Williams, John Cowan, Rob Sayre, and Erik Wilde - 1969 provided lots of useful feedback. 1971 OpenAPI's "discriminator" object [OPENAPI] inspired the 1972 "discriminator" form. [I-D.handrews-json-schema] influenced various 1973 parts of JDDF's early design. 1975 Author's Address 1977 Ulysse Carion 1978 Segment.io, Inc 1979 100 California Street 1980 San Francisco 94111 1981 United States of America 1983 Email: ulysse@segment.com