idnits 2.17.1 draft-ucarion-json-type-definition-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 05, 2020) is 1482 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 1365 -- Looks like a reference, but probably isn't: '2' on line 1365 -- Looks like a reference, but probably isn't: '3' on line 1365 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Independent Submission U. Carion 3 Internet-Draft Segment 4 Intended status: Experimental April 05, 2020 5 Expires: October 7, 2020 7 JSON Type Definition 8 draft-ucarion-json-type-definition-02 10 Abstract 12 This document proposes a format, called JSON Type Definition (JTD), 13 for describing the shape of JavaScript Object Notation (JSON) 14 messages. Its main goals are to enable code generation from schemas 15 as well as portable validation with standardized error indicators. 16 To this end, JTD is intentionally limited to be no more expressive 17 than the type systems of mainstream programming languages. This 18 intentional limitation, as well as the decision to make JTD schemas 19 be JSON documents, makes tooling atop of JTD easier to build. 21 This document does not have IETF consensus and is presented here to 22 facilitate experimentation with the concept of JTD. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on October 7, 2020. 41 Copyright Notice 43 Copyright (c) 2020 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 60 1.2. Scope of Experiment . . . . . . . . . . . . . . . . . . . 5 61 2. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 2.1. Root vs. non-root schemas . . . . . . . . . . . . . . . . 9 63 2.2. Forms . . . . . . . . . . . . . . . . . . . . . . . . . . 9 64 2.2.1. Empty . . . . . . . . . . . . . . . . . . . . . . . . 9 65 2.2.2. Ref . . . . . . . . . . . . . . . . . . . . . . . . . 10 66 2.2.3. Type . . . . . . . . . . . . . . . . . . . . . . . . 11 67 2.2.4. Enum . . . . . . . . . . . . . . . . . . . . . . . . 11 68 2.2.5. Elements . . . . . . . . . . . . . . . . . . . . . . 12 69 2.2.6. Properties . . . . . . . . . . . . . . . . . . . . . 13 70 2.2.7. Values . . . . . . . . . . . . . . . . . . . . . . . 14 71 2.2.8. Discriminator . . . . . . . . . . . . . . . . . . . . 15 72 2.3. Extending JTD's Syntax . . . . . . . . . . . . . . . . . 17 73 3. Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . 18 74 3.1. Allowing Additional Properties . . . . . . . . . . . . . 18 75 3.2. Errors . . . . . . . . . . . . . . . . . . . . . . . . . 19 76 3.3. Forms . . . . . . . . . . . . . . . . . . . . . . . . . . 20 77 3.3.1. Empty . . . . . . . . . . . . . . . . . . . . . . . . 20 78 3.3.2. Ref . . . . . . . . . . . . . . . . . . . . . . . . . 20 79 3.3.3. Type . . . . . . . . . . . . . . . . . . . . . . . . 22 80 3.3.4. Enum . . . . . . . . . . . . . . . . . . . . . . . . 27 81 3.3.5. Elements . . . . . . . . . . . . . . . . . . . . . . 28 82 3.3.6. Properties . . . . . . . . . . . . . . . . . . . . . 30 83 3.3.7. Values . . . . . . . . . . . . . . . . . . . . . . . 34 84 3.3.8. Discriminator . . . . . . . . . . . . . . . . . . . . 36 85 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42 86 5. Security Considerations . . . . . . . . . . . . . . . . . . . 43 87 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 88 6.1. Normative References . . . . . . . . . . . . . . . . . . 43 89 6.2. Informative References . . . . . . . . . . . . . . . . . 44 90 Appendix A. Other Considerations . . . . . . . . . . . . . . . . 44 91 A.1. Support for 64-bit Numbers . . . . . . . . . . . . . . . 44 92 A.2. Support for Non-Root Definitions . . . . . . . . . . . . 45 93 Appendix B. Comparison with CDDL . . . . . . . . . . . . . . . . 46 94 Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 49 95 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 50 96 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 51 98 1. Introduction 100 This document describes a schema language for JSON [RFC8259] called 101 JSON Type Definition (JTD). 103 There exist many options for describing JSON data. JTD's niche is to 104 focus on enabling code generation from schemas; to this end, JTD's 105 expressiveness is intentionally limited to be no more powerful than 106 what can be expressed in the type systems of mainstream programming 107 languages. 109 The goals of JTD are to: 111 o Provide an unambiguous description of the overall structure of a 112 JSON document. 114 o Be able to describe common JSON datatypes and structures. That 115 is, the datatypes and structures necessary to support most JSON 116 documents, and which are widely understood in an interoperable way 117 by JSON implementations. 119 o Provide a single format that is readable and editable by both 120 humans and machines, and which can be embedded within other JSON 121 documents. This makes JTD a convenient format for tooling to 122 accept as input or produce as output. 124 o Enable code generation from JTD schemas. JTD schemas are meant to 125 be easy to convert into data structures idiomatic to mainstream 126 programming languages. 128 o Provide a standardized format for error indicators when data does 129 not conform with a schema. 131 JTD is intentionally designed as a rather minimal schema language. 132 Thus, although JTD can describe JSON, it is not able to describe its 133 own structure: this document uses Concise Data Definition Language 134 (CDDL) [RFC8610] to describe JTD's syntax. By keeping the 135 expressiveness of the schema language minimal, JTD makes code 136 generation and standardized error indicators easier to implement. 138 Examples in this document use constructs from the C++ programming 139 language. These examples are provided to aid the reader in 140 understanding the principles of JTD, but are not limiting in any way. 142 JTD's feature set is designed to represent common patterns in JSON- 143 using applications, while still having a clear correspondence to 144 programming languages in widespread use. Thus, JTD supports: 146 o Signed and unsigned 8, 16, and 32-bit integers. A tool which 147 converts JTD schemas into code can use "int8_t", "uint8_t", 148 "int16_t", etc., or their equivalents in the target language, to 149 represent these JTD types. 151 o A distinction between "float32" and "float64". Code generators 152 can use "float" and "double", or their equivalents, for these JTD 153 types. 155 o A "properties" form of JSON objects, corresponding to some sort of 156 struct or record. The "properties" form of JSON objects is akin 157 to a C++ "struct". 159 o A "values" form of JSON objects, corresponding to some sort of 160 dictionary or associative array. The "values" form of JSON 161 objects is akin to a C++ "std::map". 163 o A "discriminator" form of JSON objects, corresponding to a 164 discriminated (or "tagged") union. The "discriminator" form of 165 JSON objects is akin to a C++ "std::variant". 167 The principle of common patterns in JSON is why JTD does not support 168 64-bit integers, as these are usually transmitted over JSON in a non- 169 interoperable (i.e., ignoring the recommendations in Section 2.2 of 170 [RFC7493]) or mutually inconsistent ways. Appendix A.1 further 171 elaborates on why JTD does not support 64-bit integers. 173 The principle of clear correspondence to common programming languages 174 is why JTD does not support, for example, a data type for numbers up 175 to 2**53-1. 177 It is expected that for many use-cases, a schema language of JTD's 178 expressiveness is sufficient. Where a more expressive language is 179 required, alternatives exist in CDDL and others. 181 This document does not have IETF consensus and is presented here to 182 facilitate experimentation with the concept of JTD. The purpose of 183 the experiment is to gain experience with JTD and to possibly revise 184 this work accordingly. If JTD is determined to be a valuable and 185 popular approach it may be taken to the IETF for further discussion 186 and revision. 188 This document has the following structure: 190 Section 2 defines the syntax of JTD. Section 3 describes the 191 semantics of JTD; this includes determining whether some data 192 satisfies a schema and what error indicators should be produced when 193 the data is unsatisfactory. Appendix A discusses why certain 194 features are omitted from JTD. Appendix B presents various JTD 195 schemas and their CDDL equivalents. 197 1.1. Terminology 199 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 200 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 201 "OPTIONAL" in this document are to be interpreted as described in 202 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 203 capitals, as shown here. These words may also appear in this 204 document in lower case as plain English words, absent their normative 205 meanings. 207 The term "JSON Pointer", when it appears in this document, is to be 208 understood as it is defined in [RFC6901]. 210 The terms "object", "member", "array", "number", "name", and "string" 211 in this document are to be interpreted as described in [RFC8259]. 213 The term "instance", when it appears in this document, refers to a 214 JSON value being validated against a JTD schema. 216 1.2. Scope of Experiment 218 JTD is an experiment. Participation in this experiment consists of 219 using JTD to validate or document interchanged JSON messages, or in 220 building tooling atop of JTD. Feedback on the results of this 221 experiment may be e-mailed to the author. Participants in this 222 experiment are anticipated to mostly be nodes that provide or consume 223 JSON-based APIs. 225 Nodes know if they are participating in the experiment if they are 226 validating JSON messages against a JTD schema, or if they are relying 227 on another node to do so. Nodes are also participating in the 228 experiment if they are running code generated from a JTD schema. 230 The risk of this experiment "escaping" takes the form of a JTD- 231 supporting node expecting another node, which lacks such support, to 232 validate messages against some JTD schema. In such a case, the 233 outcome will likely be that the nodes fail to interchange information 234 correctly. 236 This experiment will be deemed successful when JTD has been 237 implemented by multiple independent parties, and these parties 238 successfully use JTD to facilitate information interchange within 239 their internal systems or between systems operated by independent 240 parties. 242 If this experiment is deemed successful, and JTD is determined to be 243 a valuable and popular approach, it may be taken to the IETF for 244 further discussion and revision. One possible outcome of this 245 discussion and revision could be that a working group produces a 246 Standards Track specification of JTD. 248 Some implementations of JTD, as well as code generators and other 249 tooling related to JTD, are available at . 252 2. Syntax 254 This section describes when a JSON document is a correct JTD schema. 255 Because Concise Data Definition Language (CDDL) is well-suited to the 256 task of defining complex JSON formats, such as JTD schemas, this 257 section uses CDDL to describe the format of JTD schemas. 259 JTD schemas may recursively contain other schemas. In this document, 260 a "root schema" is one which is not contained within another schema, 261 i.e. it is "top-level". 263 A JTD schema is a JSON object taking on an appropriate form. JTD 264 schemas may contain "additional data", discussed in Section 2.3. 265 Root JTD schemas may optionally contain definitions (a mapping from 266 names to schemas). 268 A correct root JTD schema MUST match the "root-schema" CDDL rule 269 described in this section. A correct non-root JTD schema MUST match 270 the "schema" CDDL rule described in this section. 272 ; root-schema is identical to schema, but additionally allows for 273 ; definitions. 274 ; 275 ; definitions are prohibited from appearing on non-root schemas. 276 root-schema = { 277 schema, 278 ? definitions: { * tstr => schema }, 279 } 281 ; schema is the main CDDL rule defining a JTD schema. 282 ; 283 ; All JTD schemas are JSON objects taking on one of eight forms 284 ; listed here. 285 schema = empty / 286 ref / 287 type / 288 enum / 289 elements / 290 properties / 291 values / 292 discriminator 294 ; shared is a CDDL rule containing properties that all eight schema 295 ; forms share. 296 shared = { 297 ? nullable: bool, 298 ? metadata: { * tstr => * }, 299 } 301 ; empty describes the "empty" schema form. 302 empty = { shared } 304 ; ref describes the "ref" schema form. 305 ; 306 ; There are additional constraints on this form that cannot be 307 ; expressed in CDDL. Section 2.2.2 describes these additional 308 ; constraints in detail. 309 ref = { shared, ref: tstr } 311 ; type describes the "type" schema form. 312 type = { 313 shared, 314 type: "boolean" 315 / "float32" 316 / "float64" 317 / "int8" 318 / "uint8" 319 / "int16" 320 / "uint16" 321 / "int32" 322 / "uint32" 323 / "string" 324 / "timestamp" 325 } 327 ; enum describes the "enum" schema form. 328 ; 329 ; There are additional constraints on this form that cannot be 330 ; expressed in CDDL. Section 2.2.4 describes these additional 331 ; constraints in detail. 332 enum = { shared, enum: [+ tstr] } 334 ; elements describes the "elements" schema form. 335 elements = { shared, elements: schema } 337 ; properties describes the "properties" schema form. 339 ; 340 ; This CDDL rule is defined so that a schema of the "properties" form 341 ; may omit a member named "properties" or a member named 342 ; "optionalProperties", but not both. 343 ; 344 ; There are additional constraints on this form that cannot be 345 ; expressed in CDDL. Section 2.2.6 describes these additional 346 ; constraints in detail. 347 properties = with-properties / with-optional-properties 349 with-properties = { 350 shared, 351 properties: { * tstr => schema }, 352 ? optionalProperties: { * tstr => schema }, 353 ? additionalProperties: bool, 354 } 356 with-optional-properties = { 357 shared, 358 ? properties: { * tstr => schema }, 359 optionalProperties: { * tstr => schema }, 360 ? additionalProperties: bool, 361 } 363 ; values describes the "values" schema form. 364 values = { shared, values: schema } 366 ; discriminator describes the "discriminator" schema form. 367 ; 368 ; There are additional constraints on this form that cannot be 369 ; expressed in CDDL. Section 2.2.8 describes these additional 370 ; constraints in detail. 371 discriminator = { 372 shared, 373 discriminator: tstr, 375 ; Note well: this rule is defined in terms of the "properties" 376 ; CDDL rule, not the "schema" CDDL rule. 377 mapping: { * tstr => properties } 378 } 380 Figure 1: CDDL definition of a schema 382 The remainder of this section will describe constraints on JTD 383 schemas which cannot be expressed in CDDL, and will provide examples 384 of valid and invalid JTD schemas. 386 2.1. Root vs. non-root schemas 388 The "root-schema" rule in Figure 1 permits for a member named 389 "definitions", but the "schema" rule does not permit for such a 390 member. This means that only root (i.e., "top-level") JTD schemas 391 can have a "definitions" object, and sub-schemas may not. 393 Thus 395 { "definitions": {} } 397 is a correct JTD schema, but 399 { 400 "definitions": { 401 "foo": { 402 "definitions": {} 403 } 404 } 405 } 407 is not, because sub-schemas (such as the object at "/definitions/ 408 foo") must not have a member named "definitions". 410 2.2. Forms 412 JTD schemas (i.e. JSON objects satisfying the "schema" CDDL rule in 413 Figure 1) must take on one of eight forms. These forms are defined 414 so as to be mutually exclusive; a schema cannot satisfy multiple 415 forms at once. 417 2.2.1. Empty 419 The "empty" form is defined by the "empty" CDDL rule in Figure 1. 420 The semantics of the "empty" form are described in Section 3.3.1. 422 Despite the name "empty", schemas of the "empty" form are not 423 necessarily empty JSON objects. Like schemas of any of the eight 424 forms, schemas of the "empty" form may contain members named 425 "nullable" (whose value must be "true" or "false") or "metadata" 426 (whose value must be an object) or both. 428 Thus 430 {} 432 and 433 { "nullable": true } 435 and 437 { "nullable": true, "metadata": { "foo": "bar" }} 439 are correct JTD schemas of the empty form, but 441 { "nullable": "foo" } 443 is not, because the value of the member named "nullable" must be 444 "true" or "false". 446 2.2.2. Ref 448 The "ref" form is defined by the "ref" CDDL rule in Figure 1. The 449 semantics of the "ref" form are described in Section 3.3.2. 451 For a schema of the "ref" form to be correct, the value of the member 452 named "ref" must refer to one of the definitions found at the root 453 level of the schema it appears in. More formally, for a schema _S_ 454 of the "ref" form: 456 o Let _B_ be the root schema containing the schema, or the schema 457 itself if it is a root schema. 459 o Let _R_ be the value of the member of _S_ with the name "ref". 461 If the schema is correct, then _B_ MUST have a member _D_ with the 462 name "definitions", and _D_ MUST contain a member whose name equals 463 _R_. 465 Thus 467 { 468 "definitions": { 469 "coordinates": { 470 "properties": { 471 "lat": { "type": "float32" }, 472 "lng": { "type": "float32" } 473 } 474 } 475 }, 476 "properties": { 477 "user_location": { "ref": "coordinates" }, 478 "server_location": { "ref": "coordinates" } 479 } 480 } 482 is a correct JTD schema, and demonstrates the point of the "ref" 483 form: to avoid re-defining the same thing twice. However, 485 { "ref": "foo" } 487 is not a correct JTD schema, as there is no top-level "definitions", 488 and so the "ref" form cannot be correct. Similarly, 490 { "definitions": { "foo": {}}, "ref": "bar" } 492 is not a correct JTD schema, as there is no member named "bar" in the 493 top-level "definitions". 495 2.2.3. Type 497 The "type" form is defined by the "type" CDDL rule in Figure 1. The 498 semantics of the "type" form are described in Section 3.3.3. 500 As an example of a correct JTD schema of the "type" form, 502 { "type": "uint8" } 504 is a correct JTD schema, whereas 506 { "type": true } 508 and 510 { "type": "foo" } 512 are not correct schemas, as neither "true" nor the JSON string "foo" 513 are in the list of permitted values of the "type" member described in 514 the "type" CDDL rule in Figure 1. 516 2.2.4. Enum 518 The "enum" form is defined by the "enum" CDDL rule in Figure 1. The 519 semantics of the "enum" form are described in Section 3.3.4. 521 For a schema of the "enum" form to be correct, the value of the 522 member named "enum" must be a nonempty array of strings, and that 523 array must not contain duplicate values. More formally, for a schema 524 _S_ of the "enum" form: 526 o Let _E_ be the value of the member of _S_ with name "enum". 528 If the schema is correct, then there MUST NOT exist any pair of 529 elements of _E_ which encode equal string values, where string 530 equality is defined as in Section 8.3 of [RFC8259]. 532 Thus 534 { "enum": [] } 536 is not a correct JTD schema, as the value of the member named "enum" 537 must be nonempty, and 539 { "enum": ["a\\b", "a\u005Cb"] } 541 is not a correct JTD schema, as 543 "a\\b" 545 and 547 "a\u005Cb" 549 encode strings that are equal by the definition of string equality 550 given in Section 8.3 of [RFC8259]. By contrast, 552 { "enum": ["PENDING", "IN_PROGRESS", "DONE" ]} 554 is an example of a correct JTD schema of the "enum" form. 556 2.2.5. Elements 558 The "elements" form is defined by the "elements" CDDL rule in 559 Figure 1. The semantics of the "elements" form are described in 560 Section 3.3.5. 562 As an example of a correct JTD schema of the "elements" form, 564 { "elements": { "type": "uint8" }} 566 is a correct JTD schema, whereas 568 { "elements": true } 570 and 572 { "elements": { "type": "foo" } } 574 are not correct schemas, as neither 575 true 577 nor 579 { "type": "foo" } 581 are correct JTD schemas, and the value of the member named "elements" 582 must be a correct JTD schema. 584 2.2.6. Properties 586 The "properties" form is defined by the "properties" CDDL rule in 587 Figure 1. The semantics of the "properties" form are described in 588 Section 3.3.6. 590 For a schema of the "properties" form to be correct, properties must 591 either be required (i.e., in "properties") or optional (i.e., in 592 "optionalProperties"), but not both. More formally: 594 If a schema has both a member named "properties" (with value _P_) and 595 another member named "optionalProperties" (with value _O_), then _O_ 596 and _P_ MUST NOT have any member names in common; that is, no member 597 of _P_ may have a name equal to the name of any member of _O_, under 598 the definition of string equality given in Section 8.3 of [RFC8259]. 600 Thus 602 { 603 "properties": { "confusing": {} }, 604 "optionalProperties": { "confusing": {} } 605 } 607 is not a correct JTD schema, as "confusing" appears in both 608 "properties" and "optionalProperties". By contrast, 609 { 610 "properties": { 611 "users": { 612 "elements": { 613 "properties": { 614 "id": { "type": "string" }, 615 "name": { "type": "string" }, 616 "create_time": { "type": "timestamp" } 617 }, 618 "optionalProperties": { 619 "delete_time": { "type": "timestamp" } 620 } 621 } 622 }, 623 "next_page_token": { "type": "string" } 624 } 625 } 627 is a correct JTD schema of the "properties" form, describing a 628 paginated list of users and demonstrating the recursive nature of the 629 syntax of JTD schemas. 631 2.2.7. Values 633 The "values" form is defined by the "values" CDDL rule in Figure 1. 634 The semantics of the "values" form are described in Section 3.3.7. 636 As an example of a correct JTD schema of the "values" form, 638 { "values": { "type": "uint8" }} 640 is a correct JTD schema, whereas 642 { "values": true } 644 and 646 { "values": { "type": "foo" } } 648 are not correct schemas, as neither 650 true 652 nor 654 { "type": "foo" } 656 are correct JTD schemas, and the value of the member named "values" 657 must be a correct JTD schema. 659 2.2.8. Discriminator 661 The "discriminator" form is defined by the "discriminator" CDDL rule 662 in Figure 1. The semantics of the "discriminator" form are described 663 in Section 3.3.8. Understanding the semantics of the "discriminator" 664 form will likely aid the reader in understanding why this section 665 provides constraints on the "discriminator" form beyond those in 666 Figure 1. 668 To prevent ambiguous or unsatisfiable constraints on the 669 "discriminator" property of a tagged union, an additional constraint 670 on schemas of the "discriminator" form exists. For schemas of the 671 discriminator form: 673 o Let _D_ be the member of the schema with the name "discriminator". 675 o Let _M_ be the member of the schema with the name "mapping". 677 If the schema is correct, then all member values _S_ of _M_ will be 678 schemas of the "properties" form. For each _S_: 680 o If _S_ has a member _N_ whose name equals "nullable", _N_'s value 681 MUST NOT be the JSON primitive value "true". 683 o For each member _P_ of _S_ whose name equals "properties" or 684 "optionalProperties", _P_'s value, which must be an object, MUST 685 NOT contain any members whose name equals _D_'s value. 687 Thus 689 { 690 "discriminator": "event_type", 691 "mapping": { 692 "can_the_object_be_null_or_not?": { 693 "nullable": true, 694 "properties": { "foo": { "type": "string" } }} 695 } 696 } 697 } 699 is an incorrect schema, as a member of "mapping" has a member named 700 "nullable" whose value is "true". This would suggest that the 701 instance may be null. Yet the top-level schema lacks such a 702 "nullable" set to "true", which would suggest that the instance in 703 fact cannot be null. If this were a correct JTD schema, it would be 704 unclear which piece of information takes "precedence". 706 JTD handles such possible ambiguity by disallowing, at the syntactic 707 level, the possibility of contradictory specifications of whether an 708 instance described by a schema of the "discriminator" form may be 709 null. The schemas in a discriminator "mapping" cannot have 710 "nullable" set to "true"; only the discriminator itself can use 711 "nullable" in this way. 713 It also follows that 715 { 716 "discriminator": "event_type", 717 "mapping": { 718 "is_event_type_a_string_or_a_float32?": { 719 "properties": { "event_type": { "type": "float32" }} 720 } 721 } 722 } 724 and 726 { 727 "discriminator": "event_type", 728 "mapping": { 729 "is_event_type_a_string_or_an_optional_float32?": { 730 "optionalProperties": { "event_type": { "type": "float32" }} 731 } 732 } 733 } 735 are incorrect schemas, as "event_type" is both the value of 736 "discriminator" and a member name in one of the "mapping" member 737 "properties" or "optionalProperties". This is ambiguous, because 738 ordinarily the "discriminator" keyword would indicate that 739 "event_type" is expected to be a string, but another part of the 740 schema specifies that "event_type" is expected to be a number. 742 JTD handles such possible ambiguity by disallowing, at the syntactic 743 level, the possibility of contradictory specifications of 744 discriminator "tags". Discriminator "tags" cannot be re-defined in 745 other parts of the schema. 747 By contrast, 748 { 749 "tag": "event_type", 750 "mapping": { 751 "account_deleted": { 752 "properties": { 753 "account_id": { "type": "string" } 754 } 755 }, 756 "account_payment_plan_changed": { 757 "properties": { 758 "account_id": { "type": "string" }, 759 "payment_plan": { "enum": ["FREE", "PAID"] } 760 }, 761 "optionalProperties": { 762 "upgraded_by": { "type": "string" } 763 } 764 } 765 } 766 } 768 is a correct schema, describing a pattern of data common in JSON- 769 based messaging systems. Section 3.3.8 provides examples of what 770 this schema accepts and rejects. 772 2.3. Extending JTD's Syntax 774 This document does not describe any extension mechanisms for JTD 775 schema validation, which is described in Section 3. However, schemas 776 are defined to optionally contain a "metadata" keyword, whose value 777 is an arbitrary JSON object. Call the members of this object 778 "metadata members". 780 Users MAY add metadata members to JTD schemas to convey information 781 that is not pertinent to validation. For example, such metadata 782 members could provide hints to code generators, or trigger some 783 special behavior for a library that generates user interfaces from 784 schemas. 786 Users SHOULD NOT expect metadata members to be understood by other 787 parties. As a result, if consistent validation with other parties is 788 a requirement, users SHOULD NOT use metadata members to affect how 789 schema validation, as described in Section 3, works. 791 Users MAY expect metadata members to be understood by other parties, 792 and MAY use metadata members to affect how schema validation works, 793 if these other parties are somehow known to support these metadata 794 members. For example, two parties may agree, out of band, that they 795 will support an extended JTD with a custom metadata member that 796 affects validation. 798 3. Semantics 800 This section describes when an instance is valid against a correct 801 JTD schema, and the error indicators to produce when an instance is 802 invalid. 804 3.1. Allowing Additional Properties 806 Users will have different desired behavior with respect to 807 "unspcecified" members in an instance. For example, consider the JTD 808 schema in Figure 2: 810 { "properties": { "a": { "type": "string" }}} 812 Figure 2: An illustrative JTD schema 814 Some users may expect that 816 {"a": "foo", "b": "bar"} 818 satisfies the schema in Figure 2. Others may disagree, as "b" is not 819 one of the properties described in the schema. In this document, 820 allowing such "unspecified" members, like "b" in this example, 821 happens when evaluation is in "allow additional properties" mode. 823 Evaluation of a schema does not allow additional properties by 824 default, but can be overridden by having the schema include a member 825 named "additionalProperties", where that member has a value of 826 "true". 828 More formally: evaluation of a schema _S_ is in "allow additional 829 properties" mode if there exists a member of _S_ whose name equals 830 "additionalProperties", and whose value is a boolean "true". 831 Otherwise, evaluation of _S_ is not in "allow additional properties" 832 mode. 834 See Section 3.3.6 for how allowing unknown properties affects schema 835 evaluation, but briefly, the schema 837 { "properties": { "a": { "type": "string" }}} 839 rejects 841 { "a": "foo", "b": "bar" } 843 However, the schema 845 { 846 "additionalProperties": true, 847 "properties": { "a": { "type": "string" }} 848 } 850 accepts 852 { "a": "foo", "b": "bar" } 854 Note that "additionalProperties" does not get "inherited" by sub- 855 schemas. For example, the JTD schema 857 { 858 "additionalProperties": true, 859 "properties": { 860 "a": { 861 "properties": { 862 "b": { "type": "string" } 863 } 864 } 865 } 866 } 868 accepts 870 { "a": { "b": "c" }, "foo": "bar" } 872 but rejects 874 { "a": { "b": "c", "foo": "bar" }} 876 because the "additionalProperties" at the root level does not affect 877 the behavior of sub-schemas. 879 Note from Figure 1 that only schemas of the "properties" form may 880 have a member named "additionalProperties". 882 3.2. Errors 884 To facilitate consistent validation error handling, this document 885 specifies a standard error indicator format. Implementations SHOULD 886 support producing error indicators in this standard form. 888 The standard error indicator format is a JSON array. The order of 889 the elements of this array is not specified. The elements of this 890 array are JSON objects with: 892 o A member with the name "instancePath", whose value is a JSON 893 string encoding a JSON Pointer. This JSON Pointer will point to 894 the part of the instance that was rejected. 896 o A member with the name "schemaPath", whose value is a JSON string 897 encoding a JSON Pointer. This JSON Pointer will point to the part 898 of the schema that rejected the instance. 900 The values for "instancePath" and "schemaPath" depend on the form of 901 the schema, and are described in detail in Section 3.3. 903 3.3. Forms 905 This section describes, for each of the eight JTD schema forms, the 906 rules dictating whether an instance is accepted, as well as the error 907 indicators to produce when an instance is invalid. 909 The forms a correct schema may take on are formally described in 910 Section 2. 912 3.3.1. Empty 914 The "empty" form is meant to describe instances whose values are 915 unknown, unpredictable, or otherwise unconstrained by the schema. 916 The syntax of the "empty" form is described in Section 2.2.1. 918 If a schema is of the empty form, then it accepts all instances. A 919 schema of the empty form will never produce any error indicators. 921 3.3.2. Ref 923 The "ref" form is for when a schema is defined in terms of something 924 in the "definitions" of the root schema. The ref form enables 925 schemas to be less repetitive, and also enables describing recursive 926 structures. The syntax of the "ref" form is described in 927 Section 2.2.2. 929 If a schema is of the ref form, then: 931 o If the schema has a member named "nullable" whose value is the 932 boolean "true", and the instance is the JSON primitive value 933 "null", then the schema accepts the instance. Otherwise: 935 o Let _B_ be the root schema containing the schema, or the schema 936 itself if it is a root schema. 938 o Let _D_ be the member of _B_ with the name "definitions". By 939 Section 2, _D_ exists. 941 o Let _R_ be the value of the schema member with the name "ref". 943 o Let _S_ be the value of the member of _D_ whose name equals _R_. 944 By Section 2.2.2, _S_ exists, and is a schema. 946 The schema accepts the instance if and only if _S_ accepts the 947 instance. Otherwise, the error indicators to return in this case are 948 the union of the error indicators from evaluating _S_ against the 949 instance. 951 For example, the schema: 953 { 954 "definitions": { "a": { "type": "float32" }}, 955 "ref": "a" 956 } 958 accepts 960 123 962 but rejects 964 null 966 with the error indicator 968 [{ "instancePath": "", "schemaPath": "/definitions/a/type" }] 970 The schema 972 { 973 "definitions": { "a": { "type": "float32" }}, 974 "ref": "a", 975 "nullable": true 976 } 978 accepts 980 null 982 because the schema has a "nullable" member, whose value is "true". 984 Note that "nullable" being "false" has no effect in any of the forms 985 described in this document. For example, the schema 986 { 987 "definitions": { "a": { "nullable": false, "type": "float32" }}, 988 "ref": "a", 989 "nullable": true 990 } 992 accepts 994 null 996 In other words, it is not the case that putting a "false" value for 997 "nullable" will ever "override" a "nullable" member in schemas of the 998 "ref" form; it is correct, though ineffectual, to have a value of 999 "false" for the "nullable" member in a schema. 1001 3.3.3. Type 1003 The "type" form is meant to describe instances whose value is a 1004 boolean, number, string, or timestamp ([RFC3339]). The syntax of the 1005 "type" form is described in Section 2.2.3. 1007 If a schema is of the type form, then: 1009 o If the schema has a member named "nullable" whose value is the 1010 boolean "true", and the instance is the JSON primitive value 1011 "null", then the schema accepts the instance. Otherwise: 1013 o Let _T_ be the value of the member with the name "type". The 1014 following table describes whether the instance is accepted, as a 1015 function of _T_'s value: 1017 +-------------------+----------------------------------------------+ 1018 | If _T_ equals ... | then the instance is accepted if it is ... | 1019 +-------------------+----------------------------------------------+ 1020 | boolean | equal to "true" or "false" | 1021 | | | 1022 | float32 | a JSON number | 1023 | | | 1024 | float64 | a JSON number | 1025 | | | 1026 | int8 | See Table 2 | 1027 | | | 1028 | uint8 | See Table 2 | 1029 | | | 1030 | int16 | See Table 2 | 1031 | | | 1032 | uint16 | See Table 2 | 1033 | | | 1034 | int32 | See Table 2 | 1035 | | | 1036 | uint32 | See Table 2 | 1037 | | | 1038 | string | a JSON string | 1039 | | | 1040 | timestamp | a JSON string encoding a [RFC3339] timestamp | 1041 +-------------------+----------------------------------------------+ 1043 Table 1: Accepted Values for Type 1045 "float32" and "float64" are distinguished from each other in their 1046 intent. "float32" indicates data intended to be processed as an IEEE 1047 754 single-precision float, whereas "float64" indicates data intended 1048 to be processed as an IEEE 754 double-precision float. Tools which 1049 generate code from JTD schemas will likely produce different code for 1050 "float32" than for "float64". 1052 If _T_ starts with "int" or "uint", then the instance is accepted if 1053 and only if it is a JSON number encoding a value with zero fractional 1054 part. Depending on the value of _T_, this encoded number must 1055 additionally fall within a particular range: 1057 +--------+---------------------------+---------------------------+ 1058 | _T_ | Minimum Value (Inclusive) | Maximum Value (Inclusive) | 1059 +--------+---------------------------+---------------------------+ 1060 | int8 | -128 | 127 | 1061 | | | | 1062 | uint8 | 0 | 255 | 1063 | | | | 1064 | int16 | -32,768 | 32,767 | 1065 | | | | 1066 | uint16 | 0 | 65,535 | 1067 | | | | 1068 | int32 | -2,147,483,648 | 2,147,483,647 | 1069 | | | | 1070 | uint32 | 0 | 4,294,967,295 | 1071 +--------+---------------------------+---------------------------+ 1073 Table 2: Ranges for Integer Types 1075 Note that 1077 10 1079 and 1081 10.0 1083 and 1085 1.0e1 1087 encode values with zero fractional part, whereas 1089 10.5 1091 encodes a number with a non-zero fractional part. Thus the schema 1093 {"type": "int8"} 1095 accepts 1097 10 1099 and 1101 10.0 1103 and 1104 1.0e1 1106 but rejects 1108 10.5 1110 as well as 1112 false 1114 because "false" is not a number at all. 1116 If the instance is not accepted, then the error indicator for this 1117 case shall have an "instancePath" pointing to the instance, and a 1118 "schemaPath" pointing to the schema member with the name "type". 1120 For example, the schema: 1122 {"type": "boolean"} 1124 accepts 1126 false 1128 but rejects 1130 127 1132 The schema: 1134 {"type": "float32"} 1136 accepts 1138 10.5 1140 and 1142 127 1144 but rejects 1146 false 1148 The schema: 1150 {"type": "string"} 1152 accepts 1154 "1985-04-12T23:20:50.52Z" 1156 and 1158 "foo" 1160 but rejects 1162 false 1164 The schema: 1166 {"type": "timestamp"} 1168 accepts 1170 "1985-04-12T23:20:50.52Z" 1172 but rejects 1174 "foo" 1176 and 1178 false 1180 The schema: 1182 {"type": "boolean", "nullable": true} 1184 accepts 1186 null 1188 and 1190 false 1192 but rejects 1194 127 1196 In all of the examples of rejected instances given in this section, 1197 the error indicator to produce is: 1199 [{ "instancePath": "", "schemaPath": "/type" }] 1201 3.3.4. Enum 1203 The "enum" form is meant to describe instances whose value must be 1204 one of a given set of string values. The syntax of the "enum" form 1205 is described in Section 2.2.4. 1207 If a schema is of the enum form, then: 1209 o If the schema has a member named "nullable" whose value is the 1210 boolean "true", and the instance is the JSON primitive value 1211 "null", then the schema accepts the instance. Otherwise: 1213 o Let _E_ be the value of the schema member with the name "enum". 1214 The instance is accepted if and only if it is equal to one of the 1215 elements of _E_. 1217 If the instance is not accepted, then the error indicator for this 1218 case shall have an "instancePath" pointing to the instance, and a 1219 "schemaPath" pointing to the schema member with the name "enum". 1221 For example, the schema: 1223 { "enum": ["PENDING", "DONE", "CANCELED"] } 1225 Accepts 1227 "PENDING" 1229 and 1231 "DONE" 1233 and 1235 "CANCELED" 1237 but rejects all of 1239 0 1241 and 1243 1 1245 and 1247 2 1249 and 1251 "UNKNOWN" 1253 and 1255 null 1257 with the error indicator: 1259 [{ "instancePath": "", "schemaPath": "/enum" }] 1261 The schema 1263 { "enum": ["PENDING", "DONE", "CANCELED"], "nullable": true } 1265 accepts 1267 "PENDING" 1269 and 1271 null 1273 but rejects 1275 1 1277 and 1279 "UNKNOWN" 1281 with the error indicator: 1283 [{ "instancePath": "", "schemaPath": "/enum" }] 1285 3.3.5. Elements 1287 The "elements" form is meant to describe instances that must be 1288 arrays. A further sub-schema describes the elements of the array. 1289 The syntax of the "elements" form is described in Section 2.2.5. 1291 If a schema is of the elements form, then: 1293 o If the schema has a member named "nullable" whose value is the 1294 boolean "true", and the instance is the JSON primitive value 1295 "null", then the schema accepts the instance. Otherwise: 1297 o Let _S_ be the value of the schema member with the name 1298 "elements". The instance is accepted if and only if all of the 1299 following are true: 1301 * The instance is an array. Otherwise, the error indicator for 1302 this case shall have an "instancePath" pointing to the 1303 instance, and a "schemaPath" pointing to the schema member with 1304 the name "elements". 1306 * If the instance is an array, then every element of the instance 1307 must be accepted by _S_. Otherwise, the error indicators for 1308 this case are the union of all the errors arising from 1309 evaluating _S_ against elements of the instance. 1311 For example, the schema: 1313 { 1314 "elements": { 1315 "type": "float32" 1316 } 1317 } 1319 accepts 1321 [] 1323 and 1325 [1, 2, 3] 1327 but rejects 1329 null 1331 with the error indicator: 1333 [{ "instancePath": "", "schemaPath": "/elements" }] 1335 and rejects 1337 [1, 2, "foo", 3, "bar"] 1339 with the error indicators: 1341 [ 1342 { "instancePath": "/2", "schemaPath": "/elements/type" }, 1343 { "instancePath": "/4", "schemaPath": "/elements/type" } 1344 ] 1346 The schema 1348 { 1349 "elements": { 1350 "type": "float32" 1351 }, 1352 "nullable": true 1353 } 1355 accepts 1357 null 1359 and 1361 [] 1363 and 1365 [1, 2, 3] 1367 but rejects 1369 [1, 2, "foo", 3, "bar"] 1371 with the error indicators: 1373 [ 1374 { "instancePath": "/2", "schemaPath": "/elements/type" }, 1375 { "instancePath": "/4", "schemaPath": "/elements/type" } 1376 ] 1378 3.3.6. Properties 1380 The "properties" form is meant to describe JSON objects being used as 1381 a "struct". The syntax of the "properties" form is described in 1382 Section 2.2.6. 1384 If a schema is of the properties form, then: 1386 o If the schema has a member named "nullable" whose value is the 1387 boolean "true", and the instance is the JSON primitive value 1388 "null", then the schema accepts the instance. Otherwise the 1389 instance is accepted if and only if all of the following are true: 1391 o The instance is an object. 1393 Otherwise, the error indicator for this case shall have an 1394 "instancePath" pointing to the instance, and a "schemaPath" 1395 pointing to the schema member with the name "properties" if such a 1396 schema member exists; if such a member doesn't exist, "schemaPath" 1397 shall point to the schema member with the name 1398 "optionalProperties". 1400 o If the instance is an object and the schema has a member named 1401 "properties", then let _P_ be the value of the schema member named 1402 "properties". _P_, by Section 2.2.6, must be an object. For every 1403 member name in _P_, a member of the same name in the instance must 1404 exist. 1406 Otherwise, the error indicator for this case shall have an 1407 "instancePath" pointing to the instance, and a "schemaPath" 1408 pointing to the member of _P_ failing the requirement just 1409 described. 1411 o If the instance is an object, then let _P_ be the value of the 1412 schema member named "properties" (if it exists), and _O_ be the 1413 value of the schema member named "optionalProperties" (if it 1414 exists). 1416 For every member _I_ of the instance, find a member with the same 1417 name as _I_'s in _P_ or _O_. By Section 2.2.6, it is not possible 1418 for both _P_ and _O_ to have such a member. If the "discriminator 1419 tag exemption" is in effect on _I_ (see Section 3.3.8), then 1420 ignore _I_. Otherwise: 1422 * If no such member in _P_ or _O_ exists and validation is not in 1423 "allow additional properties" mode (see Section 3.1), then the 1424 instance is rejected. 1426 The error indicator for this case has an "instancePath" 1427 pointing to _I_, and a "schemaPath" pointing to the schema. 1429 * If such a member in _P_ or _O_ does exist, then call this 1430 member _S_. If _S_ rejects _I_'s value, then the instance is 1431 rejected. 1433 The error indicators for this case are the union of the error 1434 indicators from evaluating _S_ against _I_'s value. 1436 An instance may have multiple errors arising from the third and 1437 fourth bullet in the above. In this case, the error indicators are 1438 the union of the errors. 1440 For example, the schema: 1442 { 1443 "properties": { 1444 "a": { "type": "string" }, 1445 "b": { "type": "string" } 1446 }, 1447 "optionalProperties": { 1448 "c": { "type": "string" }, 1449 "d": { "type": "string" } 1450 } 1451 } 1453 accepts 1455 { "a": "foo", "b": "bar" } 1457 and 1459 { "a": "foo", "b": "bar", "c": "baz" } 1461 and 1463 { "a": "foo", "b": "bar", "c": "baz", "d": "quux" } 1465 and 1467 { "a": "foo", "b": "bar", "d": "quux" } 1469 but rejects 1471 null 1473 with the error indicator 1475 [{ "instancePath": "", "schemaPath": "/properties" }] 1477 and rejects 1479 { "b": 3, "c": 3, "e": 3 } 1481 with the error indicators 1483 [ 1484 { "instancePath": "", 1485 "schemaPath": "/properties/a" }, 1486 { "instancePath": "/b", 1487 "schemaPath": "/properties/b/type" }, 1488 { "instancePath": "/c", 1489 "schemaPath": "/optionalProperties/c/type" }, 1490 { "instancePath": "/e", 1491 "schemaPath": "" } 1492 ] 1494 If instead the schema had "additionalProperties: true", but was 1495 otherwise the same: 1497 { 1498 "properties": { 1499 "a": { "type": "string" }, 1500 "b": { "type": "string" } 1501 }, 1502 "optionalProperties": { 1503 "c": { "type": "string" }, 1504 "d": { "type": "string" } 1505 }, 1506 "additionalProperties": true 1507 } 1509 And the instance remained the same: 1511 { "b": 3, "c": 3, "e": 3 } 1513 Then the error indicators from evaluating the instance against the 1514 schema would be: 1516 [ 1517 { "instancePath": "", 1518 "schemaPath": "/properties/a" }, 1519 { "instancePath": "/b", 1520 "schemaPath": "/properties/b/type" }, 1521 { "instancePath": "/c", 1522 "schemaPath": "/optionalProperties/c/type" }, 1523 ] 1525 These are the same errors as before, except the final error 1526 (associated with the additional member named "e" in the instance) is 1527 no longer present. This is because "additionalProperties: true" 1528 enables "allow additional properties" mode on the schema. 1530 Finally, the schema: 1532 { 1533 "nullable": true, 1534 "properties": { 1535 "a": { "type": "string" }, 1536 "b": { "type": "string" } 1537 }, 1538 "optionalProperties": { 1539 "c": { "type": "string" }, 1540 "d": { "type": "string" } 1541 }, 1542 "additionalProperties": true 1543 } 1545 accepts 1547 null 1549 but rejects 1551 { "b": 3, "c": 3, "e": 3 } 1553 with the error indicators 1555 [ 1556 { "instancePath": "", 1557 "schemaPath": "/properties/a" }, 1558 { "instancePath": "/b", 1559 "schemaPath": "/properties/b/type" }, 1560 { "instancePath": "/c", 1561 "schemaPath": "/optionalProperties/c/type" }, 1562 ] 1564 3.3.7. Values 1566 The "values" form is meant to describe instances that are JSON 1567 objects being used as an associative array. The syntax of the 1568 "values" form is described in Section 2.2.7. 1570 If a schema is of the values form, then: 1572 o If the schema has a member named "nullable" whose value is the 1573 boolean "true", and the instance is the JSON primitive value 1574 "null", then the schema accepts the instance. Otherwise: 1576 o Let _S_ be the value of the schema member with the name "values". 1577 The instance is accepted if and only if all of the following are 1578 true: 1580 * The instance is an object. Otherwise, the error indicator for 1581 this case shall have an "instancePath" pointing to the 1582 instance, and a "schemaPath" pointing to the schema member with 1583 the name "values". 1585 * If the instance is an object, then every member value of the 1586 instance must be accepted by _S_. Otherwise, the error 1587 indicators for this case are the union of all the error 1588 indicators arising from evaluating _S_ against member values of 1589 the instance. 1591 For example, the schema: 1593 { 1594 "values": { 1595 "type": "float32" 1596 } 1597 } 1599 accepts 1601 {} 1603 and 1605 {"a": 1, "b": 2} 1607 but rejects 1609 null 1611 with the error indicator 1613 [{ "instancePath": "", "schemaPath": "/values" }] 1615 and rejects 1617 { "a": 1, "b": 2, "c": "foo", "d": 3, "e": "bar" } 1619 with the error indicators 1621 [ 1622 { "instancePath": "/c", "schemaPath": "/values/type" }, 1623 { "instancePath": "/e", "schemaPath": "/values/type" } 1624 ] 1626 The schema: 1628 { 1629 "nullable": true, 1630 "values": { 1631 "type": "float32" 1632 } 1633 } 1635 accepts 1637 null 1639 but rejects 1641 { "a": 1, "b": 2, "c": "foo", "d": 3, "e": "bar" } 1643 with the error indicators 1645 [ 1646 { "instancePath": "/c", "schemaPath": "/values/type" }, 1647 { "instancePath": "/e", "schemaPath": "/values/type" } 1648 ] 1650 3.3.8. Discriminator 1652 The "discriminator" form is meant to describe JSON objects being used 1653 in a fashion similar to a discriminated union construct in C-like 1654 languages. The syntax of the "discriminator" form is described in 1655 Section 2.2.8. 1657 When a schema is of the "discriminator" form, it validates: 1659 o That the instance is an object, 1661 o That the instance has a particular "tag" property, 1663 o That this "tag" property's value is a string within a set of valid 1664 values, and 1666 o That the instance satisfies another schema, where this other 1667 schema is chosen based on the value of the "tag" property. 1669 The behavior of the discriminator form is more complex than the other 1670 keywords. Readers familiar with CDDL may find the final example in 1671 Appendix B helpful in understanding its behavior. What follows in 1672 this section is a description of the discriminator form's behavior, 1673 as well as some examples. 1675 If a schema is of the "discriminator" form, then: 1677 o Let _D_ be the schema member with the name "discriminator". 1679 o Let _M_ be the schema member with the name "mapping". 1681 o Let _I_ be the instance member whose name equals _D_'s value. _I_ 1682 may, for some rejected instances, not exist. 1684 o Let _S_ be the member of _M_ whose name equals _I_'s value. _S_ 1685 may, for some rejected instances, not exist. 1687 If the schema has a member named "nullable" whose value is the 1688 boolean "true", and the instance is the JSON primitive value "null", 1689 then the schema accepts the instance. Otherwise the instance is 1690 accepted if and only if all of the following are true: 1692 o The instance is an object. 1694 Otherwise, the error indicator for this case shall have an 1695 "instancePath" pointing to the instance, and a "schemaPath" 1696 pointing to _D_. 1698 o If the instance is a JSON object, then _I_ must exist. 1700 Otherwise, the error indicator for this case shall have an 1701 "instancePath" pointing to the instance, and a "schemaPath" 1702 pointing to _D_. 1704 o If the instance is a JSON object and _I_ exists, _I_'s value must 1705 be a string. 1707 Otherwise, the error indicator for this case shall have an 1708 "instancePath" pointing to _I_, and a "schemaPath" pointing to 1709 _D_. 1711 o If the instance is a JSON object and _I_ exists and has a string 1712 value, then _S_ must exist. 1714 Otherwise, the error indicator for this case shall have an 1715 "instancePath" pointing to _I_, and a "schemaPath" pointing to 1716 _M_. 1718 o If the instance is a JSON object, _I_ exists, and _S_ exists, then 1719 the instance must satisfy _S_'s value. By Section 2, _S_'s value 1720 must be a schema of the properties form. Apply the "discriminator 1721 tag exemption" afforded in Section 3.3.6 to _I_ when evaluating 1722 whether the instance satisfies _S_'s value. 1724 Otherwise, the error indicators for this case shall be error 1725 indicators from evaluating _S_'s value against the instance, with 1726 the "discriminator tag exemption" applied to _I_. 1728 The list items above are defined in a mutually exclusive way. For 1729 any given instance and schema, exactly one of the list items above 1730 will apply. 1732 For example, the schema: 1734 { 1735 "discriminator": "version", 1736 "mapping": { 1737 "v1": { 1738 "properties": { 1739 "a": { "type": "float32" } 1740 } 1741 }, 1742 "v2": { 1743 "properties": { 1744 "a": { "type": "string" } 1745 } 1746 } 1747 } 1748 } 1750 rejects 1752 null 1754 with the error indicator 1756 [{ "instancePath": "", "schemaPath": "/discriminator" }] 1758 (This is the case of the instance not being an object.) 1760 Also rejected is 1762 {} 1764 with the error indicator 1766 [{ "instancePath": "", "schemaPath": "/discriminator" }] 1768 (This is the case of _I_ not existing.) 1770 Also rejected is 1771 { "version": 1 } 1773 with the error indicator 1775 [ 1776 { 1777 "instancePath": "/version", 1778 "schemaPath": "/discriminator" 1779 } 1780 ] 1782 (This is the case of _I_ existing, but not having a string value.) 1784 Also rejected is 1786 { "version": "v3" } 1788 with the error indicator 1790 [ 1791 { 1792 "instancePath": "/version", 1793 "schemaPath": "/mapping" 1794 } 1795 ] 1797 (This is the case of _I_ existing and having a string value, but _S_ 1798 not existing.) 1800 Also rejected is 1802 { "version": "v2", "a": 3 } 1804 with the error indicator 1806 [ 1807 { 1808 "instancePath": "/a", 1809 "schemaPath": "/mapping/v2/properties/a/type" 1810 } 1811 ] 1813 (This is the case of _I_ and _S_ existing, but the instance not 1814 satisfying _S_'s value.) 1816 Finally, the schema accepts 1818 { "version": "v2", "a": "foo" } 1820 This instance is accepted even though "version" is not mentioned by 1821 "/mapping/v2/properties"; the "discriminator tag exemption" ensures 1822 that "version" is not treated as an additional property when 1823 evaluating the instance against _S_'s value. 1825 By contrast, consider the same schema, but with "nullable" being 1826 "true". The schema: 1828 { 1829 "nullable": true, 1830 "discriminator": "version", 1831 "mapping": { 1832 "v1": { 1833 "properties": { 1834 "a": { "type": "float32" } 1835 } 1836 }, 1837 "v2": { 1838 "properties": { 1839 "a": { "type": "string" } 1840 } 1841 } 1842 } 1843 } 1845 accepts 1847 null 1849 To further illustrate the discriminator form with examples, recall 1850 the JTD schema in Section 2.2.8, reproduced here: 1852 { 1853 "discriminator": "event_type", 1854 "mapping": { 1855 "account_deleted": { 1856 "properties": { 1857 "account_id": { "type": "string" } 1858 } 1859 }, 1860 "account_payment_plan_changed": { 1861 "properties": { 1862 "account_id": { "type": "string" }, 1863 "payment_plan": { "enum": ["FREE", "PAID"] } 1864 }, 1865 "optionalProperties": { 1866 "upgraded_by": { "type": "string" } 1867 } 1868 } 1869 } 1870 } 1872 This schema accepts 1874 { "event_type": "account_deleted", "account_id": "abc-123" } 1876 and 1878 { 1879 "event_type": "account_payment_plan_changed", 1880 "account_id": "abc-123", 1881 "payment_plan": "PAID" 1882 } 1884 and 1886 { 1887 "event_type": "account_payment_plan_changed", 1888 "account_id": "abc-123", 1889 "payment_plan": "PAID", 1890 "upgraded_by": "users/mkhwarizmi" 1891 } 1893 but rejects 1895 {} 1897 with the error indicator 1899 [{ "instancePath": "", "schemaPath": "/discriminator" }] 1901 and rejects 1903 { "event_type": "some_other_event_type" } 1905 with the error indicator 1907 [ 1908 { 1909 "instancePath": "/event_type", 1910 "schemaPath": "/mapping" 1911 } 1912 ] 1914 and rejects 1916 { "event_type": "account_deleted" } 1918 with the error indicator 1920 [{ 1921 "instancePath": "", 1922 "schemaPath": "/mapping/account_deleted/properties/account_id" 1923 }] 1925 and rejects 1927 { 1928 "event_type": "account_payment_plan_changed", 1929 "account_id": "abc-123", 1930 "payment_plan": "PAID", 1931 "xxx": "asdf" 1932 } 1934 with the error indicator 1936 [{ 1937 "instancePath": "/xxx", 1938 "schemaPath": "/mapping/account_payment_plan_changed" 1939 }] 1941 4. IANA Considerations 1943 No IANA considerations. 1945 5. Security Considerations 1947 Implementations of JTD will necessarily be manipulating JSON data. 1948 Therefore, the security considerations of [RFC8259] are all relevant 1949 here. 1951 Implementations which evaluate user-inputted schemas SHOULD implement 1952 mechanisms to detect, and abort, circular references which might 1953 cause a naive implementation to go into an infinite loop. Without 1954 such mechanisms, implementations may be vulnerable to denial-of- 1955 service attacks. 1957 6. References 1959 6.1. Normative References 1961 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1962 Requirement Levels", BCP 14, RFC 2119, 1963 DOI 10.17487/RFC2119, March 1997, 1964 . 1966 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 1967 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 1968 . 1970 [RFC6901] Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed., 1971 "JavaScript Object Notation (JSON) Pointer", RFC 6901, 1972 DOI 10.17487/RFC6901, April 2013, 1973 . 1975 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1976 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1977 May 2017, . 1979 [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 1980 Interchange Format", STD 90, RFC 8259, 1981 DOI 10.17487/RFC8259, December 2017, 1982 . 1984 [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data 1985 Definition Language (CDDL): A Notational Convention to 1986 Express Concise Binary Object Representation (CBOR) and 1987 JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, 1988 June 2019, . 1990 6.2. Informative References 1992 [I-D.handrews-json-schema] 1993 Wright, A., Andrews, H., Hutton, B., and G. Dennis, "JSON 1994 Schema: A Media Type for Describing JSON Documents", 1995 draft-handrews-json-schema-02 (work in progress), 1996 September 2019. 1998 [OPENAPI] OpenAPI Initiative, "OpenAPI Specification", October 2019, 1999 . 2001 [RFC7071] Borenstein, N. and M. Kucherawy, "A Media Type for 2002 Reputation Interchange", RFC 7071, DOI 10.17487/RFC7071, 2003 November 2013, . 2005 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 2006 DOI 10.17487/RFC7493, March 2015, 2007 . 2009 Appendix A. Other Considerations 2011 This appendix is not normative. 2013 This section describes possible features which are intentionally left 2014 out of JSON Type Definition, and justifies why these features are 2015 omitted. 2017 A.1. Support for 64-bit Numbers 2019 This document does not allow "int64" or "uint64" as values for the 2020 JTD "type" keyword (see Section 2.2.3 and Section 3.3.3). Such 2021 hypothetical "int64" or "uint64" types would behave like "int32" or 2022 "uint32" (respectively), but with the range of values associated with 2023 64-bit instead of 32-bit integers, that is: 2025 o "int64" would accept numbers between -(2**63) and (2**63)-1 2027 o "uint64" would accept numbers between 0 and (2**64)-1 2029 Users of "int64" and "uint64" would likely expect that the full range 2030 of signed or unsigned 64-bit integers could interoperably be 2031 transmitted as JSON without loss of precision. But this assumption 2032 is likely to be incorrect, for the reasons given in Section 2.2 of 2033 [RFC7493]. 2035 "int64" and "uint64" likely would have led users to falsely assume 2036 that the full range of 64-bit integers can be interoperably processed 2037 as JSON without loss of precision. To avoid leading users astray, 2038 JTD omits "int64" and "uint64". 2040 A.2. Support for Non-Root Definitions 2042 This document disallows the "definitions" keyword from appearing 2043 outside of root schemas (see Figure 1). Conceivably, this document 2044 could have instead allowed "definitions" to appear on any schema, 2045 even non-root ones. Under this alternative design, "ref"s would 2046 resolve to a definition in the "nearest" (i.e., most nested) schema 2047 which both contained the "ref" and which had a suitably-named 2048 "definitions" member. 2050 For instance, under this alternative approach, one could define 2051 schemas like the one in Figure 3: 2053 { 2054 "properties": { 2055 "foo": { 2056 "definitions": { 2057 "user": { "properties": { "user_id": {"type": "string" }}} 2058 }, 2059 "ref": "user" 2060 }, 2061 "bar": { 2062 "definitions": { 2063 "user": { "properties": { "user_id": {"type": "string" }}} 2064 }, 2065 "ref": "user" 2066 }, 2067 "baz": { 2068 "definitions": { 2069 "user": { "properties": { "userId": {"type": "string" }}} 2070 }, 2071 "ref": "user" 2072 } 2073 } 2074 } 2076 Figure 3: A hypothetical schema had this document permitted non-root 2077 definitions. This is not a correct JTD schema. 2079 If schemas like that in Figure 3 were permitted, code generation from 2080 JTD schemas would be more difficult, and the generated code would be 2081 less useful. 2083 Code generation would be more difficult because it would force code 2084 generators to implement a name mangling scheme for types generated 2085 from definitions. This additional difficulty is not immense, but 2086 adds complexity to an otherwise relatively trivial task. 2088 Generated code would be less useful because generated, mangled struct 2089 names are less pithy than human-defined struct names. For instance, 2090 the "user" definitions in Figure 3 might have been generated into 2091 types named "PropertiesFooUser", "PropertiesBarUser", and 2092 "PropertiesBazUser"; obtuse names like these are less useful to 2093 human-written code than names like "User". 2095 Furthermore, even though "PropertiesFooUser" and "PropertiesBarUser" 2096 would be essentially identical, they would not be interchangeable in 2097 many statically-typed programming languages. A code generator could 2098 attempt to circumvent this by deduplicating identical definitions, 2099 but then the user might be confused as to why the subtly distinct 2100 "PropertiesBazUser", defined from a schema allowing a property named 2101 "userId" (not "user_id"), was not deduplicated. 2103 Because there seem to be implementation and usability challenges 2104 associated with non-root definitions, and because it would be easier 2105 to later amend JTD to permit for non-root definitions than to later 2106 amend JTD to prohibit them, this document does not permit non-root 2107 definitions in JTD schemas. 2109 Appendix B. Comparison with CDDL 2111 This appendix is not normative. 2113 To aid the reader familiar with CDDL, this section illustrates how 2114 JTD works by presenting JTD schemas and CDDL schemas which accept and 2115 reject the same instances. 2117 The JTD schema: 2119 {} 2121 accepts the same instances as the CDDL rule: 2123 root = any 2125 The JTD schema: 2127 { 2128 "definitions": { 2129 "a": { "elements": { "ref": "b" }}, 2130 "b": { "type": "float32" } 2131 }, 2132 "elements": { 2133 "ref": "a" 2134 } 2135 } 2137 accepts the same instances as the CDDL rule: 2139 root = [* a] 2141 a = [* b] 2142 b = number 2144 The JTD schema: 2146 { "enum": ["PENDING", "DONE", "CANCELED"]} 2148 accepts the same instances as the CDDL rule: 2150 root = "PENDING" / "DONE" / "CANCELED" 2152 The JTD schema: 2154 {"type": "boolean"} 2156 accepts the same instances as the CDDL rule: 2158 root = bool 2160 The JTD schemas: 2162 {"type": "float32"} 2164 and 2166 {"type": "float64"} 2168 both accept the same instances as the CDDL rule: 2170 root = number 2172 The JTD schema: 2174 {"type": "string"} 2176 accepts the same instances as the CDDL rule: 2178 root = tstr 2180 The JTD schema: 2182 {"type": "timestamp"} 2184 accepts the same instances as the CDDL rule: 2186 root = tdate 2188 The JTD schema: 2190 { "elements": { "type": "float32" }} 2192 accepts the same instances as the CDDL rule: 2194 root = [* number] 2196 The JTD schema: 2198 { 2199 "properties": { 2200 "a": { "type": "boolean" }, 2201 "b": { "type": "float32" } 2202 }, 2203 "optionalProperties": { 2204 "c": { "type": "string" }, 2205 "d": { "type": "timestamp" } 2206 } 2207 } 2209 accepts the same instances as the CDDL rule: 2211 root = { a: bool, b: number, ? c: tstr, ? d: tdate } 2213 The JTD schema: 2215 { "values": { "type": "float32" }} 2217 accepts the same instances as the CDDL rule: 2219 root = { * tstr => number } 2221 Finally, the JTD schema: 2223 { 2224 "discriminator": "a", 2225 "mapping": { 2226 "foo": { 2227 "properties": { 2228 "b": { "type": "float32" } 2229 } 2230 }, 2231 "bar": { 2232 "properties": { 2233 "b": { "type": "string" } 2234 } 2235 } 2236 } 2237 } 2239 accepts the same instances as the CDDL rule: 2241 root = { a: "foo", b: number } / { a: "bar", b: tstr } 2243 Appendix C. Examples 2245 This appendix is not normative. 2247 As a demonstration of JTD, in Figure 4 is a JTD schema closely 2248 equivalent to the plain-English definition "reputation-object" 2249 described in Section 6.2.2 of [RFC7071]: 2251 { 2252 "properties": { 2253 "application": { "type": "string" }, 2254 "reputons": { 2255 "elements": { 2256 "additionalProperties": true, 2257 "properties": { 2258 "rater": { "type": "string" }, 2259 "assertion": { "type": "string" }, 2260 "rated": { "type": "string" }, 2261 "rating": { "type": "float32" }, 2262 }, 2263 "optionalProperties": { 2264 "confidence": { "type": "float32" }, 2265 "normal-rating": { "type": "float32" }, 2266 "sample-size": { "type": "float64" }, 2267 "generated": { "type": "float64" }, 2268 "expires": { "type": "float64" } 2269 } 2270 } 2271 } 2272 } 2273 } 2275 Figure 4: A JTD schema describing "reputation-object" from 2276 Section 6.6.2 of [RFC7071] 2278 This schema does not enforce the requirement that "sample-size", 2279 "generated", and "expires" be unbounded positive integers. It does 2280 not express the limitation that "rating", "confidence", and "normal- 2281 rating" should not have more than three decimal places of precision. 2283 The example in Figure 4 can be compared against the equivalent 2284 example in Appendix H of [RFC8610]. 2286 Acknowledgments 2288 Carsten Bormann provided lots of useful guidance and feedback on 2289 JTD's design and the structure of this document. 2291 Evgeny Poberezkin suggested the addition of "nullable", and 2292 thoroughly vetted this document for mistakes and opportunities for 2293 simplification. 2295 Tim Bray suggested the current "ref" model, and the addition of 2296 "enum". Anders Rundgren suggested extending "type" to have more 2297 support for numerical types. James Manger suggested additional 2298 clarifying examples of how integer types work. Adrian Farrel 2299 suggested many improvements to help make this document clearer. 2301 Members of the IETF JSON mailing list - in particular, Pete Cordell, 2302 Phillip Hallam-Baker, Nico Williams, John Cowan, Rob Sayre, and Erik 2303 Wilde - provided lots of useful feedback. 2305 OpenAPI's "discriminator" object [OPENAPI] inspired the 2306 "discriminator" form. [I-D.handrews-json-schema] influenced various 2307 parts of JTD's early design. 2309 Author's Address 2311 Ulysse Carion 2312 Segment.io, Inc 2313 100 California Street 2314 San Francisco 94111 2315 United States of America 2317 Email: ulysse@segment.com