Permalink
Fetching contributors…
Cannot retrieve contributors at this time
2765 lines (2707 sloc) 144 KB
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2046 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2046.xml">
<!ENTITY rfc2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY rfc3986 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml">
<!ENTITY rfc4151 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4151.xml">
<!ENTITY rfc4287 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4287.xml">
<!ENTITY rfc5789 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5789.xml">
<!ENTITY rfc6068 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6068.xml">
<!ENTITY rfc6570 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6570.xml">
<!ENTITY rfc6573 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6573.xml">
<!ENTITY rfc6901 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6901.xml">
<!ENTITY rfc7230 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7230.xml">
<!ENTITY rfc7231 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7231.xml">
<!ENTITY rfc7807 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7807.xml">
<!ENTITY rfc8288 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8288.xml">
<!ENTITY I-D.reschke-http-jfv SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.draft-reschke-http-jfv-06.xml">
]>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<?rfc strict="no"?>
<?rfc rfcedstyle="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes" ?>
<rfc category="info" docName="draft-handrews-json-schema-hyperschema-02" ipr="trust200902">
<front>
<title abbrev="JSON Hyper-Schema">
JSON Hyper-Schema: A Vocabulary for Hypermedia Annotation of JSON
</title>
<author fullname="Henry Andrews" initials="H" surname="Andrews" role="editor">
<address>
<postal>
<street></street>
<city>San Francisco</city>
<region>CA</region>
<country>USA</country>
</postal>
<email>henry@cloudflare.com</email>
</address>
</author>
<author fullname="Austin Wright" initials="A" surname="Wright" role="editor">
<address>
<email>aaa@bzfx.net</email>
</address>
</author>
<date year="2018" />
<workgroup>Internet Engineering Task Force</workgroup>
<keyword>JSON</keyword>
<keyword>Schema</keyword>
<keyword>JavaScript</keyword>
<keyword>Object</keyword>
<keyword>Notation</keyword>
<keyword>Hyper Schema</keyword>
<keyword>Hypermedia</keyword>
<abstract>
<t>
JSON Schema is a JSON-based format for describing JSON data using various
vocabularies. This document specifies a vocabulary for annotating JSON
documents with hyperlinks. These hyperlinks include attributes describing
how to manipulate and interact with remote resources through hypermedia
environments such as HTTP, as well as determining whether the link is usable
based on the instance value. The hyperlink serialization format described in
this document is also usable independent of JSON Schema.
</t>
</abstract>
<note title="Note to Readers">
<t>
The issues list for this draft can be found at
<eref target="https://github.com/json-schema-org/json-schema-spec/issues"/>.
</t>
<t>
For additional information, see
<eref target="http://json-schema.org/"/>.
</t>
<t>
To provide feedback, use this issue tracker, the communication methods listed on the
homepage, or email the document editors.
</t>
</note>
</front>
<middle>
<section title="Introduction">
<t>
JSON Hyper-Schema is a JSON Schema vocabulary for annotating JSON documents
with hyperlinks and instructions for processing and
manipulating remote JSON resources through hypermedia environments such as HTTP.
</t>
<t>
The term JSON Hyper-Schema is used to refer to a JSON Schema that uses these
keywords. The term "hyper-schema" on its own refers to a JSON Hyper-Schema
within the scope of this specification.
</t>
<t>
The primary mechanism introduced for specifying links is the Link Description
Object (LDO), which is a serialization of the abstract link model
defined in <xref target="RFC8288">RFC 8288, section 2</xref>.
</t>
<t>
This specification will use the concepts, syntax, and terminology defined by the
<xref target="json-schema">JSON Schema core</xref> and
<xref target="json-schema-validation">JSON Schema validation</xref> specifications.
It is advised that readers have a copy of these specifications.
</t>
</section>
<section title="Notational Conventions">
<t>
<!-- The text in this section has been copied from the official boilerplate,
and should not be modified.-->
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in <xref target="RFC2119">RFC 2119</xref>.
</t>
</section>
<section title="Overview">
<t>
JSON Hyper-Schema makes it possible to build hypermedia systems from JSON
documents by describing how to construct hyperlinks from instance data.
</t>
<t>
The combination of a JSON instance document and a valid application/schema+json
hyper-schema for that instance behaves as a single hypermedia representation.
By allowing this separation, hyper-schema-based systems can gracefully support
applications that expect plain JSON, while providing full hypermedia capabilities
for hyper-schema-aware applications and user agents.
</t>
<t>
User agents can detect the presence of hyper-schema by looking for
the application/schema+json media type and a "$schema" value that indicates the
presence of the hyper-schema vocabulary. A user agent can then use an
implementation of JSON Hyper-Schema to provide an interface to the
combination of the schema and instance documents as a single logical
representation of a resource, just as with any single-document hypermedia
representation format.
</t>
<t>
Hyper-schemas allow representations to take up fewer bytes on the wire, and
distribute the burden of link construction from the server to each client.
A user agent need not construct a link unless a client application requests
that link. JSON Hyper-Schema can also be used on the server side to generate
other link serializations or representation formats at runtime, or pre-emptively
follow links to facilitate server push usage.
</t>
<figure>
<preamble>
Here is an example hyper-schema that adds a single link, with the
IANA-registered link relation type "self", that is built from an instance
with one known object field named "id":
</preamble>
<artwork>
<![CDATA[{
"type": "object",
"properties": {
"id": {
"type": "number",
"readOnly": true
}
},
"links": [
{
"rel": "self",
"href": "thing/{id}"
}
]
}]]>
</artwork>
<postamble>
If the instance is {"id": 1234}, and its base URI according to
<xref target="RFC3986">RFC 3986 section 5.1</xref>, is
"https://api.example.com/", then "https://api.example.com/thing/1234"
is the resulting link's target URI.
</postamble>
</figure>
<section title="Terminology">
<t>
The terms "schema", "instance", and "meta-schema" are to be interpreted as
defined in the <xref target="json-schema">JSON Schema core specification</xref>.
</t>
<t>
The terms "applicable" and "attached" are to be interpreted as defined in
<xref target="json-schema-validation">Section 3 of the
JSON Schema validation specification</xref>.
</t>
<t>
The terms "link", "link context" (or "context"), "link target" (or "target"),
and "target attributes" are to be interpreted as defined in
<xref target="RFC8288">Section 2 of RFC 8288</xref>.
</t>
<t>
The term "user agent" is to be interpreted as defined in
<xref target="RFC7230">Section 2.1 of RFC 7230</xref>, generalized to apply
to any protocol that may be used in a hypermedia system rather than
specifically being an HTTP client.
</t>
<t>
This specification defines the following terms:
<list style="hanging">
<t hangText="JSON Hyper-Schema">
A JSON Schema using the keywords defined by this specification.
</t>
<t hangText="hyper-schema">
Within this document, the term "hyper-schema" always refers to
a JSON Hyper-Schema
</t>
<t hangText="link validity">
A valid link for an instance is one that is applicable to that
instance and does not fail any requirement imposed by the keywords
in the Link Description Object.
</t>
<t hangText="generic user agent">
A user agent which can be used to interact with any resource, from
any server, from among the standardized link relations, media types,
URI schemes, and protocols that it supports; though it may be
extendible to specially handle particular profiles of media types.
</t>
<t hangText="client application">
An application which uses a hypermedia system for a specific
purpose. Such an application may also be its own user agent,
or it may be built on top of a generic user agent. A client
application is programmed with knowledge of link relations,
media types, URI schemes, protocols, and data structures that
are specific to the application's domain.
</t>
<t hangText="client input">
Data provided through a user agent, and most often also through
a client application. Such data may be requested from a user
interactively, or provided before interaction in forms such as
command-line arguments, configuration files, or hardcoded values
in source code.
</t>
<t hangText="operation">
A specific use of a hyperlink, such as making a network request
(for a URI with a scheme such as "http://" that indicates a protocol)
or otherwise taking action based on a link (reading data from a
"data:" URI, or constructing an email message based on a "mailto:"
link). For protocols such as HTTP that support multiple methods,
each method is considered to be a separate operation on the same link.
</t>
</list>
</t>
</section>
<section title="Functionality">
<t>
A JSON Hyper-Schema implementation is able to take a hyper-schema, an
instance, and in some cases client input, and produce a set of fully
resolved valid links. As defined by
<xref target="RFC8288">RFC 8288, section 2</xref>,
a link consists of a context, a typed relation, a target, and optionally
additional target attributes.
</t>
<t>
The relation type and target attributes are taken directly from each link's
Link Description Object. The context and target identifiers are constructed
from some combination of URI Templates, instance data, and (in the case
of the target identifier) client input.
</t>
<t>
The target is always fully identified by a URI. Due to the lack of a URI
fragment identifier syntax for application/json and many other media types
that can be used with JSON Hyper-Schema, the context may be only partially
identified by a URI. In such cases, the remaining identification will be
provided as a JSON Pointer.
</t>
<t>
A few IANA-registered link relation types are given specific semantics in
a JSON Hyper-Schema document. A "self" link is used to interact with the
resource that the instance document represents, while "collection" and
"item" links identify resources for which collection-specific semantics
can be assumed.
</t>
</section>
</section>
<section title="Meta-Schemas and Output Schema">
<t>
The current URI for the JSON Hyper-Schema meta-schema is
<eref target="http://json-schema.org/draft-08/hyper-schema#"/>.
</t>
<t>
The <xref target="ldo">link description format</xref> can be used without JSON
Schema, and use of this format can be declared by referencing the normative
link description schema as the schema for the data structure that uses the links.
The URI of the normative link description schema is:
<eref target="http://json-schema.org/draft-08/links#"/>.
</t>
<t>
JSON Hyper-Schema implementations are free to provide output in any format.
However, a specific format is defined for use in the conformance test suite,
which is also used to illustrate points in the
<xref target="implementation">"Implementation Requirements"</xref>, and to
show the output generated by <xref target="examples">examples</xref>.
It is RECOMMENDED that implementations be capable of producing output
in this format to facilitated testing. The URI of the JSON Schema
describing the recommended output format is
<eref target="http://json-schema.org/draft-08/hyper-schema-output#"/>.
</t>
</section>
<section title="Schema Keywords">
<t>
Hyper-schema keywords from all schemas that are applicable to a position
in an instance, as defined by <xref target="json-schema-validation">Section
3 of JSON Schema validation</xref>, can be used with that instance.
</t>
<t>
When multiple subschemas are applicable to a given sub-instance, all "link"
arrays MUST be combined, in any order, into a single set. Each object
in the resulting set MUST retain its own list of applicable "base" values,
in resolution order, from the same schema and any parent schemas.
</t>
<t>
As with all JSON Schema keywords, all keywords described in this section
are optional. The minimal valid JSON Hyper-schema is the blank object.
</t>
<section title="base" anchor="base">
<t>
If present, this keyword MUST be first <xref target="uriTemplating">resolved as
a URI Template</xref>, and then MUST be resolved as a URI Reference against the
current URI base of the instance. The result MUST be set as the new URI
base for the instance while processing the sub-schema containing "base"
and all sub-schemas within it.
</t>
<t>
The process for resolving the "base" template can be different when being
resolved for use with "anchor" than when being resolved for use with "href",
which is explained in detail in the URI Templating section.
</t>
</section>
<section title="links">
<t>
The "links" property of schemas is used to associate Link Description Objects
with instances. The value of this property MUST be an array, and the items in
the array must be Link Description Objects, as defined below.
</t>
</section>
</section>
<section title="Link Description Object" anchor="ldo">
<t>
A Link Description Object (LDO) is a serialization of the abstract link model
defined in <xref target="RFC8288">RFC 8288, section 2</xref>.
As described in that document, a link consists of a context, a relation type,
a target, and optionally target attributes. JSON Hyper-Schema's LDO provides
all of these, along with additional features using JSON Schema to describe input
for use with the links in various ways.
</t>
<t>
Due to the use of URI Templates to identify link contexts and targets, as well
as optional further use of client input when identifying targets, an LDO is
a link template that may resolve to multiple links when used with a JSON
instance document.
</t>
<t>
A specific use of an LDO, typically involving a request and response across
a protocol, is referred to as an operation. For many protocols, multiple
operations are possible on any given link. The protocol is indicated by
the target's URI scheme. Note that not all URI schemes indicate a protocol
that can be used for communications, and even resources with URI schemes that
do indicate such protocols need not be available over that protocol.
</t>
<t>
A Link Description Object MUST be an object, and the
<xref target="href">"href"</xref> and <xref target="rel">"rel"</xref> properties
MUST be present. Each keyword is covered briefly in this section, with additional
usage explanation and comprehensive examples given later in the document.
</t>
<section title="Link Context" anchor="context">
<t>
In JSON Hyper-Schema, the link's context resource is, by default, the
sub-instance to which it is attached (as defined by
<xref target="json-schema-validation">Section 3 of the JSON Schema
validation specification</xref>). This is often not the entire instance
document. This default context can be changed using the keywords
in this section.
</t>
<t>
Depending on the media type of the instance, it may or may not be possible
to assign a URI to the exact default context resource. In particular,
application/json does not define a URI fragment resolution syntax, so
properties or array elements within a plain JSON document cannot be fully
identified by a URI. When it is not possible to produce a complete URI,
the position of the context SHOULD be conveyed by the URI of the instance
document, together with a separate plain-string JSON Pointer.
</t>
<t>
Implementations MUST be able to construct the link context's URI, and
(if necessary for full identification), a JSON Pointer in string representation
form as per <xref target="RFC6901">RFC 6901, section 5</xref> in place of
a URI fragment. The process for constructing a URI based on a URI template
is given in the <xref target="uriTemplating">URI Templating</xref> section.
</t>
<section title="anchor" anchor="anchor">
<t>
This property sets the context URI of the link.
The value of the property is a <xref target="RFC6570">URI Template</xref>,
and the resulting <xref target="RFC3986">URI-reference</xref> MUST
be resolved against the base URI of the instance.
</t>
<t>
The URI is computed from the provided URI template using the same process
described for the <xref target="href">"href"</xref> property, with the
exception that <xref target="hrefSchema">"hrefSchema"</xref> MUST NOT
be applied. Unlike target URIs, context URIs do not accept user input.
</t>
</section>
<section title="anchorPointer" anchor="anchorPointer">
<t>
This property changes the point within the instance that is considered
to be the context resource of the link. The value of the property MUST
be a valid JSON Pointer in JSON String representation form, or a valid
<xref target="relative-json-pointer">Relative JSON Pointer</xref>
which is evaluated relative to the default context.
</t>
<t>
While an alternate context with a known URI is best set with the
<xref target="anchor">"anchor"</xref> keyword, the lack of a fragment
identifier syntax for application/json means that it is usually not
possible to change the context within a JSON instance using a URI.
</t>
<t>
Even in "+json" media types that define JSON Pointer as a fragment
identifier syntax, if the default context is nested within an array,
it is not possible to obtain the index of the default context's position
in that array in order to construct a pointer to another property in that
same nested JSON object. This will be demonstrated in the examples.
</t>
<t>
The result of processing this keyword SHOULD be a URI fragment if the
media type of the instance allows for such a fragment. Otherwise it
MUST be a string-encoded JSON Pointer.
</t>
</section>
</section>
<section title="Link Relation Type" anchor="relationType">
<t>
The link's relation type identifies its semantics. It is the primary
means of conveying how an application can interact with a resource.
</t>
<t>
Relationship definitions are not normally media type
dependent, and users are encouraged to utilize the most
suitable existing accepted relation definitions.
</t>
<section title="rel" anchor="rel">
<t>
The value of this property MUST be either a string or
an array of strings. If the value is an array,
it MUST contain at least one string.
</t>
<t>
Each string MUST be a single Link Relation Type as defined
in RFC 8288, Section 2.1, including the restriction that
additional semantics SHOULD NOT be inferred based upon the
presence or absence of another link relation type.
</t>
<t>
This property is required.
</t>
</section>
<section title='"self" Links' anchor="self">
<t>
A "self" link, as originally defined by <xref target="RFC4287">Section
4.2.7.2 of RFC 4287</xref>, indicates that the target URI identifies
a resource equivalent to the link context. In JSON Hyper-Schema,
a "self" link MUST be resolvable from the instance, and therefore
"hrefSchema" MUST NOT be present.
</t>
<t>
Hyper-schema authors SHOULD use "templateRequired" to ensure that the
"self" link has all instance data that is needed for use.
</t>
<t>
A hyper-schema implementation MUST recognize that a link with relation
type "self" that has the entire current instance document as its context
describes how a user agent can interact with the resource represented by
that instance document.
</t>
</section>
<section title='"collection" and "item" Links' anchor="collectionAndItem">
<t>
<xref target="RFC6573">RFC 6573</xref> defines and registers
the "item" and "collection" link relation types. JSON Hyper-Schema imposes
additional semantics on collection resources indicated by these types.
</t>
<t>
Implementations MUST recognize the target of a "collection" link and
the context of an "item" link as collections.
</t>
<t>
A well-known design pattern in hypermedia is to use a collection resource
to create a member of the collection and give it a server-assigned URI.
If the protocol indicated by the URI scheme defines a specific method
that is suited to creating a resource with a server-assigned URI, then
a collection resource, as identified by these link relation types,
MUST NOT define semantics for that method that conflict with the semantics
of creating a collection member. Collection resources MAY implement
item creation via such a protocol method, and user agents MAY assume
that any such operation, if it exists, has item creation semantics.
</t>
<t>
As such a method would correspond to JSON Hyper-Schema's data submission
concept, the <xref target="submissionSchema">"submissionSchema"</xref>
field for the link SHOULD be compatible with the schema of the
representation of the collection's items, as indicated by the "item" link's
target resource or the "self" link of the "collection" link's context
resource.
</t>
</section>
<section title="Using Extension Relation Types" anchor="extensionRelationTypes">
<t>
When no registered relation (aside from "related") applies, users are
encouraged to mint their own extension relation types, as described in
<xref target="RFC8288">section 2.1.2 of RFC 8288</xref>. The simplest
approaches for choosing link relation type URIs are to either use
a URI scheme that is already in use to identify the system's primary
resources, or to use a human-readable, non-dereferenceable URI scheme
such as <xref target="RFC4151">"tag", defined by RFC 4151</xref>.
</t>
<t>
Extension relation type URIs need not be dereferenceable, even when
using a scheme that allows it.
</t>
</section>
</section>
<section title="Link Target" anchor="target">
<t>
The target URI template is used to identify the link's target, potentially
making use of instance data. Additionally, with
<xref target="hrefSchema">"hrefSchema"</xref>, this template can identify
a set of possible target resources to use based on client input.
The full process of resolving the URI template, with or without client
input, is covered in the <xref target="uriTemplating">URI Templating</xref>
section.
</t>
<section title="href" anchor="href">
<t>
The value of the "href" link description property is a template used to
determine the target URI of the related resource.
The value of the instance property MUST be resolved as a
<xref target="RFC3986">URI-reference</xref> against the base URI of the
instance.
</t>
<t>
This property is REQUIRED.
</t>
</section>
</section>
<section title="Adjusting URI Template Resolution">
<t>
The keywords in this section are used when resolving all URI Templates
involved in hyper-schema: "base", "anchor", and "href". See the
<xref target="uriTemplating">URI Templating</xref> section for the complete
template resolution algorithm.
</t>
<t>
Note that when resolving a "base" template, the attachment point from
which resolution begins is the attachment point of the "href" or "anchor"
keyword being resolved which requires "base" templates to be resolved,
not the attachment point of the "base" keyword itself.
</t>
<section title="templatePointers" anchor="templatePointers">
<t>
The value of the "templatePointers" link description property MUST be
an object. Each property value in the object MUST be a valid
<xref target="RFC6901">JSON Pointer</xref>, or a valid
<xref target="relative-json-pointer">Relative JSON Pointer</xref>
which is evaluated relative to the attachment point of the link
for which the template is being resolved.
</t>
<t>
For each property name in the object that matches a variable name in the
template being resolved, the value of that property adjusts the starting
position of variable resolution for that variable. Properties which
do not match template variable names in the template being resolved
MUST be ignored.
</t>
</section>
<section title="templateRequired" anchor="templateRequired">
<t>
The value of this keyword MUST be an array, and the elements MUST be unique.
Each element SHOULD match a variable in the link's URI Template, without
percent-encoding. After completing the entire URI Template resolution
process, if any variable that is present in this array does not have
a value, the link MUST NOT be used.
</t>
</section>
</section>
<section title="Link Target Attributes" anchor="targetAttributes">
<t>
All properties in this section are advisory only. While keywords such
as "title" and "description" are used primarily to present the link
to users, those keywords that predict the nature of a link interaction
or response MUST NOT be considered authoritative. The runtime behavior
of the target resource MUST be respected whenever it conflicts with
the target attributes in the LDO.
</t>
<section title="title">
<t>
This property defines a title for the link.
The value MUST be a string.
</t>
<t>
User agents MAY use this title when presenting the link to the user.
</t>
</section>
<section title="description">
<t>
This property provides additional information beyond what
is present in the title. The value MUST be a string.
While a title is preferably short, a description can be
used to go into more detail about the purpose and usage
of the link.
</t>
<t>
User agents MAY use this description when presenting
the link to the user.
</t>
</section>
<section title="targetMediaType">
<t>
The value of this property represents the media type
<xref target="RFC2046">RFC 2046</xref>, that is expected to be returned
when fetching this resource. This property value MAY be a media range
instead, using the same pattern defined in
<xref target="RFC7231">RFC 7231, section 5.3.2 -
HTTP "Accept" header</xref>.
</t>
<t>
This property is analogous to the "type" property of other link
serialization formats. User agents MAY use this information to inform
the interface they present to the user before the link is followed,
but MUST NOT use this information in the interpretation of the resulting
data. Instead, a user agent MUST use the media type given by the response
for run-time interpretation. See the section on
<xref target="security">"Security Concerns"</xref> for a detailed
examination of mis-use of "targetMediaType".
</t>
<t>
For protocols supporting content-negotiation, implementations MAY choose to
describe possible target media types using protocol-specific information in
<xref target="headerSchema">"headerSchema"</xref>. If both
protocol-specific information and "targetMediaType" are present, then the
value of "targetMediaType" MUST be compatible with the protocol-specific
information, and SHOULD indicate the media type that will be returned in the
absence of content negotiation.
</t>
<t>
When no such protocol-specific information is available, or when the
implementation does not recognize the protocol involved, then the value
SHOULD be taken to be "application/json".
</t>
</section>
<section title="targetSchema" anchor="targetSchema">
<t>
This property provides a schema that is expected to describe
the link target's representation. Depending on the protocol,
the schema may or may not describe the request or response to
any particular operation performed with the link. See the
<xref target="HTTP">JSON Hyper-Schema and HTTP</xref> section for
an in-depth discussion of how this keyword is used with HTTP.
</t>
</section>
<section title="targetHints" anchor="targetHints">
<t>
<cref>
This section attempts to strike a balance between comprehensiveness
and flexibility by deferring most of its structure to the protocol
indicated by the URI scheme. Note that a resource can be identified
by a URI with a dereferenceable scheme, yet not be accessible over
that protocol. While currently very loose, this section is expected
to become more well-defined based on draft feedback, and may change
significantly in future drafts.
</cref>
</t>
<t>
The value of this property is advisory only. It represents information that
is expected to be discoverable through interacting with the target resource,
typically in the form of protocol-specific control information or meta-data
such as headers returned in response to an HTTP HEAD or OPTIONS request.
The protocol is determined by the "href" URI scheme, although note that
resources are not guaranteed to be accessible over such a protocol.
</t>
<t>
The value of this property SHOULD be an object. The keys to this object
SHOULD be lower-cased forms of the control data field names. Each value
SHOULD be an array, in order to uniformly handle multi-valued fields.
Multiple values MUST be presented as an array, and not as a single string.
</t>
<t>
Protocols with control information not suitable for representation as
a JSON object MAY be represented by another data type, such as an array.
</t>
<t>
Values that cannot be understood as part of the indicated protocol MUST
be ignored by a JSON Hyper-Schema implementation. Applications MAY make
use of such values, but MUST NOT assume interoperability with other
implementations.
</t>
<t>
Implementations MUST NOT assume that all discoverable information is
accounted for in this object. Client applications MUST properly handle
run-time responses that contradict this property's values.
</t>
<t>
Client applications MUST NOT assume that an implementation will
automatically take any action based on the value of this property.
</t>
<t>
See <xref target="HTTP">"JSON Hyper-Schema and HTTP"</xref> for
guidance on using this keyword with HTTP and analogous protocols.
</t>
</section>
</section>
<section title="Link Input" anchor="input">
<t>
There are four ways to use client input with a link, and each
is addressed by a separate link description object keyword. When performing
operations, user agents SHOULD ignore schemas that are not relevant to their
semantics.
</t>
<section title="hrefSchema" anchor="hrefSchema">
<t>
The value of the "hrefSchema" link description property MUST be
a valid JSON Schema. This schema is used to validate user input
or other user agent data for filling out the URI Template in
<xref target="href">"href"</xref>.
</t>
<t>
Omitting "hrefSchema" or setting the entire schema to "false" prevents
any user agent data from being accepted.
</t>
<t>
Setting any subschema that applies to a particular variable to the
JSON literal value "false" prevents any user agent data from being
accepted for that single variable.
</t>
<t>
For template variables that can be resolved from the instance data,
if the instance data is valid against all applicable subschemas
in "hrefSchema", then it MUST be used to pre-populate the input
data set for that variable.
</t>
<t>
Note that even when data is pre-populated from the instance, the
validation schema for that variable in "hrefSchema" need not be identical
to the validation schema(s) that apply to the instance data's location.
This allows for different validation rules for user agent data, such as
supporting spelled-out months for date-time input, but using the standard
date-time format for storage.
</t>
<t>
After input is accepted, potentially overriding the pre-populated
instance data, the resulting data set MUST successfully validate
against the value of "hrefSchema". If it does not then the link
MUST NOT be used. If it is valid, then the process given in the
"URI Templating" section continues with this updated data set.
</t>
</section>
<section title="headerSchema" anchor="headerSchema">
<t>
<cref>
As with "targetHints", this keyword is somewhat under-specified
to encourage experimentation and feedback as we try to balance
flexibility and clarity.
</cref>
</t>
<t>
If present, this property is a schema for protocol-specific request
headers or analogous control and meta-data. The value of this
object MUST be a valid JSON Schema.
The protocol is determined by the "href" URI scheme, although note that
resources are not guaranteed to be accessible over such a protocol.
The schema is advisory only; the target resource's behavior is not
constrained by its presence.
</t>
<t>
The purpose of this keyword is to advertise target resource interaction
features, and indicate to user agents and client applications what headers
and header values are likely to be useful.
User agents and client applications MAY use the schema to validate relevant
headers, but MUST NOT assume that missing headers or values are forbidden
from use. While schema authors MAY set "additionalProperties" to
false, this is NOT RECOMMENDED and MUST NOT prevent client applications
or user agents from supplying additional headers when requests are made.
</t>
<t>
The exact mapping of the JSON data model into the headers is
protocol-dependent. However, in most cases this schema SHOULD
specify a type of "object", and the property names SHOULD be
lower-cased forms of the control data field names. See the
<xref target="HTTP">"JSON Hyper-Schema and HTTP"</xref> section
for detailed guidance on using this keyword with HTTP and
analogous protocols.
</t>
<t>
"headerSchema" is applicable to any request method or command that the
protocol supports. When generating a request, user agents and client
applications SHOULD ignore schemas for headers that are not relevant
to that request.
</t>
</section>
<section title="Manipulating the Target Resource Representation">
<t>
In JSON Hyper-Schema, <xref target="targetSchema">"targetSchema"</xref>
supplies a non-authoritative description of the target resource's
representation. A client application can use "targetSchema" to structure
input for replacing or modifying the representation, or as the base
representation for building a patch document based on a patch media type.
</t>
<t>
Alternatively, if "targetSchema" is absent or if the client application
prefers to only use authoritative information, it can interact with the
target resource to confirm or discover its representation structure.
</t>
<t>
"targetSchema" is not intended to describe link operation responses,
except when the response semantics indicate that it is a representation
of the target resource. In all cases, the schema indicated by the response
itself is authoritative. See
<xref target="HTTP">"JSON Hyper-Schema and HTTP"</xref> for detailed
examples.
</t>
</section>
<section title="Submitting Data for Processing">
<t>
The <xref target="submissionSchema">"submissionSchema"</xref> and
<xref target="submissionMediaType">"submissionMediaType"</xref> keywords
describe the domain of the processing function implemented by the target
resource. Otherwise, as noted above, the submission schema and media type
are ignored for operations to which they are not relevant.
</t>
<section title="submissionMediaType" anchor="submissionMediaType">
<t>
If present, this property indicates the media type format the
client application and user agent should use for the request
payload described by
<xref target="submissionSchema">"submissionSchema"</xref>.
</t>
<t>
Omitting this keyword has the same behavior as a value of
application/json.
</t>
<t>
Note that "submissionMediaType" and "submissionSchema"
are not restricted to HTTP URIs.
<cref>This statement might move to wherever the example ends up.</cref>
</t>
</section>
<section title="submissionSchema" anchor="submissionSchema">
<t>
This property contains a schema which defines the acceptable structure
of the document to be encoded according to the "submissionMediaType"
property and sent to the target resource for processing. This can be
viewed as describing the domain of the processing function implemented
by the target resource.
</t>
<t>
This is a separate concept from the
<xref target="targetSchema">"targetSchema"</xref> property, which
describes the target information resource (including for replacing the
contents of the resource in a PUT request), unlike "submissionSchema"
which describes the user-submitted request data to be evaluated by the
resource. "submissionSchema" is intended for use with requests that
have payloads that are not necessarily defined in terms of the target
representation.
</t>
<t>
Omitting "submissionSchema" has the same behavior as a value of "true".
</t>
</section>
</section>
</section>
</section>
<section title="Implementation Requirements" anchor="implementation">
<t>
At a high level, a conforming implementation will meet the following
requirements. Each of these requirements is covered in more detail in the
individual keyword sections and keyword group overviews.
</t>
<t>
Note that the requirements around how an implementation MUST recognize
"self", "collection", and "item" links are thoroughly covered in the
<xref target="relationType">link relation type</xref> section and are not
repeated here.
</t>
<t>
While it is not a mandatory format for implementations, the output format used
in the test suite summarizes what needs to be computed for each link before
it can be used:
<list style="hanging">
<t hangText="contextUri">
The fully resolved URI (with scheme) of the context resource. If
the context is not the entire resource and there is a usable fragment
identifier syntax, then the URI includes a fragment. Note that there
is no such syntax for application/json.
</t>
<t hangText="contextPointer">
The JSON Pointer for the location within the instance of the context
resource. If the instance media type supports JSON Pointers as fragment
identifiers, this pointer will be the same as the one encoded in the
fragment of the "contextUri" field.
</t>
<t hangText="rel">
The link relation type. When multiple link relation types appear
in the LDO, for the purpose of producing output, they are to be
treated as multiple LDOs, each with a single link relation type
but otherwise identical.
</t>
<t hangText="targetUri">
The fully resolved URI (with a scheme) of the target resource. If the
link accepts input, this can only be produced once the input has been
supplied.
</t>
<t hangText="hrefInputTemplates">
The list of partially resolved URI references for a link that accepts
input. The first entry in the list is the partially resolved "href".
The additional entries, if any, are the partially resolved "base" values
ordered from the most immediate out to the root of the schema.
Template variables that are pre-populated in the input are not resolved
at this stage, as the pre-populated value can be overridden.
</t>
<t hangText="hrefPrepopulatedInput">
The data set that the user agent should use to prepopulate any
input mechanism before accepting client input. If input is to be
accepted but no fields are to be pre-populated, then this will be
an empty object.
</t>
<t hangText="attachmentPointer">
The JSON Pointer for the location within the instance to which the
link is attached. By default, "contextUri" and "attachmentPointer" are
the same, but "contextUri" can be changed by LDO keywords, while
"attachmentPointer" cannot.
</t>
</list>
Other LDO keywords that are not involved in producing the above information
are included exactly as they appear when producing output for the test suite.
Those fields will not be further discussed here unless specifically relevant.
</t>
<section title="Link Discovery and Look-Up">
<t>
Before links can be used, they must be discovered by applying the hyper-schema
to the instance and finding all applicable and valid links. Note that in
addition to collecting valid links, any <xref target="base">"base"</xref>
values necessary to resolve each LDO's URI Templates must also be located
and associated with the LDO through whatever mechanism is most useful for
the implementation's URI Template resolution process.
</t>
<t>
And implementation MUST support looking up links by either their
attachment pointer or context pointer, either by performing the look-up
or by providing the set of all links with both pointers determined
so that user agents can implement the look-up themselves.
</t>
<t>
When performing look-ups by context pointer, links that are attached to
elements of the same array MUST be returned in the same order as the
array elements to which they are attached.
</t>
</section>
<section title="URI Templating" anchor="uriTemplating">
<t>
Three hyper-schema keywords are <xref target="RFC6570">URI Templates</xref>:
"base", "anchor", and "href". Each are resolved separately to URI-references,
and then the anchor or href URI-reference is resolved against the base (which
is itself resolved against earlier bases as needed, each of which was first
resolved from a URI Template to a URI-reference).
</t>
<t>
All three keywords share the same algorithm for resolving variables from
instance data, which makes use of the "templatePointers" and "templateRequired"
keywords. When resolving "href", both it and any "base" templates
needed for resolution to an absolute URI, the algorithm is modified to
optionally accept user input based on the "hrefSchema" keyword.
</t>
<t>
For each URI Template (T), the following pseudocode describes an algorithm for
resolving T into a URI-reference (R). For the purpose of this algorithm:
<list style="symbols">
<t>
"ldo.templatePointers" is an empty object if the keyword was not
present and "ldo.templateRequired" is likewise an empty array.
</t>
<t>
"attachmentPointer" is the absolute JSON Pointer for the attachment
location of the LDO.
</t>
<t>
"getApplicableSchemas()" returns an iterable set of all (sub)schemas
that apply to the attachment point in the instance.
</t>
</list>
</t>
<t>
This algorithm should be applied first to either "href" or "anchor",
and then as needed to each successive "base". The order is important,
as it is not always possible to tell whether a template will resolve
to a full URI or a URI-reference.
</t>
<t>
In English, the high-level algorithm is:
<list style="numbers">
<t>Populate template variable data from the instance</t>
<t>If input is desired, accept input</t>
<t>Check that all required variables have a value</t>
<t>Encode values into strings and fill out the template</t>
</list>
</t>
<figure>
<preamble>
This is the high-level algorithm as pseudocode. "T" comes from either
"href" or "anchor" within the LDO, or from "base" in a containing schema.
Pseudocode for each step follows. "initialTemplateKeyword" indicates
which of the two started the process (since "base" is always resolved
in order to finish resolving one or the other of those keywords).
</preamble>
<artwork>
<![CDATA[
templateData = populateDataFromInstance(T, ldo, instance)
if initialTemplateKeyword == "href" and ldo.hrefSchema exists:
inputData = acceptInput(ldo, instance, templateData)
for varname in inputData:
templateData[varname] = inputData[varname]
for varname in ldo.templateRequired:
if not exists templateData[varname]
fatal("Missing required variable(s)")
templateData = stringEncode(templateData)
R = rfc6570ResolutionAlgorithm(T, templateData)
]]>
</artwork>
</figure>
<section title="Populating Template Data From the Instance">
<t>
This step looks at various locations in the instance for variable values.
For each variable:
<list style="numbers">
<t>
Use "templatePointers" to find a value if the variable
appears in that keyword's value
</t>
<t>
Otherwise, look for a property name matching the variable in
the instance location to which the link is attached
</t>
<t>
In either case, if there is a value at the location, put it in
the template resolution data set
</t>
</list>
</t>
<figure>
<artwork>
<![CDATA[
for varname in T:
varname = rfc3986PercentDecode(varname)
if varname in ldo.templatePointers:
valuePointer = templatePointers[varname]
if valuePointer is relative:
valuePointer = resolveRelative(attachmentPointer,
valuePointer)
else
valuePointer = attachmentPointer + "/" + varname
value = instance.valueAt(valuePointer)
if value is defined:
templateData[varname] = value
]]>
</artwork>
</figure>
</section>
<section title="Accepting Input for Template Data">
<t>
This step is relatively complex, as there are several cases to support.
Some variables will forbid input and some will allow it. Some will
have initial values that need to be presented in the input interface,
and some will not.
</t>
<t>
<list style="numbers">
<t>
Determine which variables can accept input
</t>
<t>
Pre-populate the input data set if the template resolution data
set has a value
</t>
<t>
Accept input (present a web form, make a callback, etc.)
</t>
<t>
Validate the input data set, (not the template resolution data set)
</t>
<t>
Put the input in the template resolution data set, overriding
any existing values
</t>
</list>
</t>
<figure>
<preamble>
"InputForm" represents whatever sort of input mechanism is appropriate.
This may be a literal web form, or may be a more programmatic construct
such as a callback function accepting specific fields and data types,
with the given initial values, if any.
</preamble>
<artwork>
<![CDATA[
form = new InputForm()
for varname in T:
useField = true
useInitialData = true
for schema in getApplicableSchemas(ldo.hrefSchema,
"/" + varname):
if schema is false:
useField = false
break
if varname in templateData and
not isValid(templateData[varname], schema)):
useInitialData = false
break
if useField:
if useInitialData:
form.addInputFieldFor(varname, ldo.hrefSchema,
templateData[varname])
else:
form.addInputFieldFor(varname, ldo.hrefSchema)
inputData = form.acceptInput()
if not isValid(inputData, hrefSchema):
fatal("Input invalid, link is not usable")
return inputData:
]]>
</artwork>
</figure>
</section>
<section title="Encoding Data as Strings">
<t>
This section is straightforward, converting literals to their names
as strings, and converting numbers to strings in the most obvious manner,
and percent-encoding as needed for use in the URI.
</t>
<figure>
<artwork>
<![CDATA[
for varname in templateData:
value = templateData[varname]
if value is true:
templateData[varname] = "true"
else if value is false:
temlateData[varname] = "false"
else if value is null:
templateData[varname] = "null"
else if value is a number:
templateData[varname] =
bestEffortOriginalJsonString(value)
else:
templateData[varname] = rfc3986PercentEncode(value)
]]>
</artwork>
<postamble>
In some software environments the original JSON representation of a
number will not be available (there is no way to tell the difference
between 1.0 and 1), so any reasonable representation should be used.
Schema and API authors should bear this in mind, and use other types
(such as string or boolean) if the exact representation is
important. If the number was provide as input in the form of a
string, the string used as input SHOULD be used.
</postamble>
</figure>
</section>
</section>
<section title="Providing Access to LDO Keywords">
<t>
For a given link, an implementation MUST make the values of all
target attribute keywords directly available to the user agent.
Implementations MAY provide additional interfaces for using this
information, as discussed in each keyword's section.
</t>
<t>
For a given link, an implementation MUST make the value of each
input schema keyword directly available to the user agent.
</t>
<t>
To encourage encapsulation of the URI Template resolution process,
implementations MAY omit the LDO keywords that are used only to
construct URIs. However, implementations MUST provide access to
the link relation type.
</t>
<t>
Unrecognized keywords SHOULD be made available to the user agent,
and MUST otherwise be ignored.
</t>
</section>
<section title="Requests">
<t>
A hyper-schema implementation SHOULD provide access to all information
needed to construct any valid request to the target resource.
</t>
<t>
The LDO can express all information needed to perform any operation on
a link. This section explains what hyper-schema fields a user agent
should examine to build requests from any combination of instance data
and client input. A hyper-schema implementation is not itself expected
to construct and send requests.
</t>
<t>
Target URI construction rules, including "hrefSchema" for accepting input,
are identical for all possible requests.
</t>
<t>
Requests that do not carry a body payload do not require additional keyword
support.
</t>
<t>
Requests that take a target representation as a payload SHOULD use the
"targetSchema" and "targetMediaType" keywords for input description and
payload validation. If a protocol allows an operation taking a payload
that is based on the representation as modified by a media type
(such as a patch media type), then such a media type SHOULD be indicated
through "targetHints" in a protocol-specific manner.
</t>
<t>
Requests that take a payload that is not derived from the target resource's
representation SHOULD use the "submissionSchema" and "submissionMediaType"
keywords for input description and payload validation. Protocols used in
hypermedia generally only support one such non-representation operation
per link.
</t>
<t>
RPC systems that pipe many application operations with arbitrarily different
request structures through a single hypermedia protocol operation are outside
of the scope of a hypermedia format such as JSON Hyper-Schema.
</t>
</section>
<section title="Responses">
<t>
As a hypermedia format, JSON Hyper-Schema is concerned with describing
a resource, including describing its links in sufficient detail to make
all valid requests. It is not concerned with directly describing all
possible responses for those requests.
</t>
<t>
As in any hypermedia system, responses are expected to be self-describing.
In the context of hyper-schema, this means that each response MUST link
its own hyper-schema(s). While responses that consist of a representation
of the target resource are expected to be valid against "targetSchema"
and "targetMediaType", those keywords are advisory only and MUST be
ignored if contradicted by the response itself.
</t>
<t>
Other responses, including error responses, complex redirections, and
processing status representations SHOULD also link to their own schemas
and use appropriate media types
(e.g. <xref target="RFC7807">"application/problem+json"</xref> for errors).
Certain errors might not link a schema due to being generated by an
intermediary that is not aware of hyper-schema, rather than by the origin.
</t>
<t>
User agents are expected to understand protocol status codes and response
media types well enough to handle common situations, and provide enough
information to client applications to handle domain-specific responses.
</t>
<t>
Statically mapping all possible responses and their schemas at design time
is outside of the scope of JSON Hyper-Schema, but may be within the scope
of other JSON Schema vocabularies which build on hyper-schema
(see <xref target="staticAnalysis" />).
</t>
</section>
<section title="Streaming Parsers" anchor="streaming">
<t>
The requirements around discovering links based on their context, or
using the context of links to identify collections, present unique
challenges when used with streaming parsers. It is not possible to
authoritatively fulfill these requirements without processing the entire
schema and instance documents.
</t>
<t>
Such implementations MAY choose to return non-authoritative answers
based on data processed to date. When offering this approach,
implementations MUST be clear on the nature of the response, and MUST
offer an option to block and wait until all data is processed and
an authoritative answer can be returned.
</t>
</section>
</section>
<section title="JSON Hyper-Schema and HTTP" anchor="HTTP">
<t>
While JSON Hyper-Schema is a hypermedia format and therefore protocol-independent,
it is expected that its most common use will be in HTTP systems, or systems
using protocols such as CoAP that are explicitly analogous to HTTP.
</t>
<t>
This section provides guidance on how to use each common HTTP method with a link,
and how collection resources impose additional constraints on HTTP POST.
Additionally, guidance is provided on hinting at HTTP response header values and
describing possible HTTP request headers that are relevant to the given resource.
</t>
<t>
<xref target="json-schema">Section 11 of the JSON Schema core specification</xref>
provides guidance on linking instances in a hypermedia system to their schemas.
This may be done with network-accessible schemas, or may simply identify schemas
which were pre-packaged within the client application. JSON Hyper-Schema
intentionally does not constrain this mechanism, although it is RECOMMENDED that
the techniques outlined in the core specification be used to whatever extent
is possible.
</t>
<section title="One Link Per Target and Relation Type">
<t>
Link Description Objects do not directly indicate what operations, such
as HTTP methods, are supported by the target resource. Instead, operations
should be inferred primarily from link <xref target="rel">relation types</xref>
and URI schemes.
</t>
<t>
This means that for each target resource and link relation type pair, schema
authors SHOULD only define a single LDO. While it is possible to use
"allow" with "targetHints" to repeat a relation type and target pair with
different HTTP methods marked as allowed, this is NOT RECOMMENDED and may
not be well-supported by conforming implementations.
</t>
<t>
All information necessary to use each HTTP method can be conveyed in a
single LDO as explained in this section. The "allow" field in "targetHints"
is intended simply to hint at which operations are supported, not to
separately define each operation.
</t>
<t>
Note, however, that a resource may always decline an operation at runtime,
for instance due to authorization failure, or due to other application state
that controls the operation's availability.
</t>
</section>
<section title='"targetSchema" and HTTP' anchor="targetHTTP">
<t>
"targetSchema" describes the resource on the target end of the link, while
"targetMediaType" defines that resource's media type. With HTTP links,
"headerSchema" can also be used to describe valid values for use in an
"Accept" request header, which can support multiple media types or
media ranges. When both ways of indicating the target media type are
present, "targetMediaType" SHOULD indicate the default representation
media type, while the schema for "accept" in "headerSchema" SHOULD include
the default as well as any alternate media types or media ranges that can
be requested.
</t>
<t>
Since the semantics of many HTTP methods are defined in terms of the target
resource, "targetSchema" is used for requests and/or responses for several
HTTP methods. In particular, "targetSchema" suggests what a client
application can expect for the response to an HTTP GET or any response
for which the "Content-Location" header is equal to the request URI,
and what a client application should send if it replaces the resource
in an HTTP PUT request.
These correlations are defined by <xref target="RFC7231">RFC 7231,
section 4.3.1 - "GET", section 4.3.4 "PUT", and section 3.1.4.2,
"Content-Location"</xref>.
</t>
<t>
Per <xref target="RFC5789">RFC 5789</xref>, the request structure for an HTTP
PATCH is determined by the combination of "targetSchema" and the request
media type, which is conveyed by the "Accept-Patch" header, which may be
included in "targetHints". Media types that are suitable for PATCH-ing
define a syntax for expressing changes to a document, which can be applied
to the representation described by "targetSchema" to determine the set of
syntactically valid request payloads. Often, the simplest way to validate
a PATCH request is to apply it and validate the result as a normal
representation.
</t>
</section>
<section title='HTTP POST and the "submission*" keywords' anchor="post">
<t>
JSON Hyper-Schema allows for resources that process arbitrary data
in addition to or instead of working with the target's representation.
This arbitrary data is described by the "submissionSchema" and
"submissionMediaType" keywords. In the case of HTTP, the POST method
is the only one that handles such data. While there are certain
conventions around using POST with collections, the semantics of a POST
request are defined by the target resource, not HTTP.
</t>
<t>
In addition to the protocol-neutral "submission*" keywords (see
<xref target="mailto"/> for a non-HTTP example), the "Accept-Post" header
can be used to specify the necessary media type, and MAY be
advertised via the "targetHints" field.
<cref>
What happens if both are used? Also, "submissionSchema" is a MUST
to support, while "targetHints" are at most a SHOULD. But forbidding
the use of "Accept-Post" in "targetHints" seems incorrect.
</cref>
</t>
<t>
Successful responses to POST other than a 201 or a 200 with "Content-Location"
set likewise have no HTTP-defined semantics. As with all HTTP responses,
any representation in the response should link to its own hyper-schema to
indicate how it may be processed. As noted in <xref target="responses"/>,
connecting hyperlinks with all possible operation responses is not within
the scope of JSON Hyper-Schema.
</t>
</section>
<section title='Optimizing HTTP Discoverability With "targetHints"'>
<t>
<cref>It would be good to also include a section with CoAP examples.</cref>
</t>
<t>
JSON serializations of HTTP response header information SHOULD follow the
guidelines established by the work in progress
<xref target="I-D.reschke-http-jfv">"A JSON Encoding for HTTP Header Field Values"</xref>.
Approaches shown in that document's examples SHOULD be applied to other
similarly structured headers wherever possible.
</t>
<t>
Headers for all possible HTTP method responses all share "headerSchema".
In particular, both headers that appear in a HEAD response and those
that appear in an OPTIONS response can appear. No distinction is made
within "headerSchema" as to which method response contains which header.
</t>
<t>
It is RECOMMENDED that schema authors provide hints for the values of
the following types of HTTP headers whenever applicable:
<list style="symbols">
<t>Method allowance</t>
<t>Method-specific request media types</t>
<t>Authentication challenges</t>
</list>
</t>
<t>
In general, headers that are likely to have different values at different
times SHOULD NOT be included in "targetHints".
</t>
</section>
<section title='Advertising HTTP Features With "headerSchema"'>
<t>
Schemas SHOULD be written to describe JSON serializations that
follow guidelines established by the work in progress
<xref target="I-D.reschke-http-jfv">"A JSON Encoding for HTTP Header Field Values"</xref>
Approaches shown in that document's examples SHOULD be applied to
other similarly structured headers wherever possible.
</t>
<t>
It is RECOMMENDED that schema authors describe the available usage of
the following types of HTTP headers whenever applicable:
<list style="symbols">
<t>Content negotiation</t>
<t>Authentication and authorization</t>
<t>Range requests</t>
<t>The "Prefer" header</t>
</list>
</t>
<t>
Headers such as cache control and conditional request headers are generally
implemented by intermediaries rather than the resource, and are therefore
not generally useful to describe. While the resource must supply the
information needed to use conditional requests, the runtime handling of
such headers and related responses is not resource-specific.
</t>
</section>
<section title="Creating Resources Through Collections">
<t>
When using HTTP, or a protocol such as CoAP that is explicitly analogous
to HTTP, this is done by POST-ing a representation of the individual
resource to be created to the collection resource. The process for
recognizing collection and item resources is described in
<xref target="collectionAndItem" />.
</t>
</section>
<section title="Content Negotiation and Schema Evolution">
<t>
JSON Hyper-Schema facilitates HTTP content negotiation, and allows for
a hybrid of the proactive and reactive strategies. As mentioned
above, a hyper-schema can include a schema for HTTP headers such as
"Accept", "Accept-Charset", "Accept-Language", etc with the "headerSchema"
keyword. A user agent or client application can use information in
this schema, such as an enumerated list of supported languages, in lieu of
making an initial request to start the reactive negotiation process.
</t>
<t>
In this way, the proactive content negotiation technique of setting these
headers can be informed by server information about what values are
possible, similar to examining a list of alternatives in reactive negotiation.
</t>
<t>
For media types that allow specifying a schema as a media type parameter,
the "Accept" values sent in a request or advertised in "headerSchema" can
include the URI(s) of the schema(s) to which the negotiated representation
is expected to conform. One possible use for schema parameters in
content negotiation is if the resource has conformed to several different
schema versions over time. The client application can indicate what version(s)
it understands in the "Accept" header in this way.
</t>
</section>
</section>
<section title="Examples" anchor="examples">
<t>
This section shows how the keywords that construct URIs and JSON Pointers
are used. The results are shown in the format used by the test suite.
<cref>
Need to post that and link it, but it should be pretty self-explanatory
to those of you reviewing things at this stage.
</cref>
</t>
<t> Most other keywords are either straightforward ("title" and "description"),
apply validation to specific sorts of input, requests, or responses, or have
protocol-specific behavior. Examples demonstrating HTTP usage are available
in <xref target="HTTP">an Appendix</xref>.
</t>
<section title="Entry Point Links, No Templates" anchor="entryPoint">
<t>
For this example, we will assume an example API with a documented
entry point URI of https://api.example.com, which is an empty JSON object
with a link to a schema. Here, the entry point has no data of its
own and exists only to provide an initial set of links:
</t>
<figure>
<artwork>
<![CDATA[
GET https://api.example.com HTTP/1.1
200 OK
Content-Type: application/json
Link: <https://schema.example.com/entry>; rel="describedBy"
{}
]]>
</artwork>
</figure>
<t>
The linked hyper-schema defines the API's base URI and provides
two links: an "about" link to API documentation, and a "self"
link indicating that this is a schema for the base URI. In this
case the base URI is also the entry point URI.
</t>
<figure>
<artwork>
<![CDATA[
{
"$id": "https://schema.example.com/entry",
"$schema": "http://json-schema.org/draft-08/hyper-schema#",
"base": "https://api.example.com/",
"links": [
{
"rel": "self",
"href": ""
}, {
"rel": "about",
"href": "/docs"
}
]
}]]>
</artwork>
</figure>
<t>
These are the simplest possible links, with only a relation type and
an "href" with no template variables. They resolve as follows:
</t>
<figure>
<artwork>
<![CDATA[[
{
"contextUri": "https://api.example.com",
"contextPointer": "",
"rel": "self",
"targetUri": "https://api.example.com",
"attachmentPointer": ""
},
{
"contextUri": "https://api.example.com",
"contextPointer": "",
"rel": "about",
"targetUri": "https://api.example.com/docs",
"attachmentPointer": ""
}
]]]>
</artwork>
</figure>
<t>
The attachment pointer is the root pointer (the only possibility with
an empty object for the instance). The context URI is the default,
which is the requested document. Since application/json does not allow
for fragments, the context pointer is necessary to fully describe the
context. Its default behavior is to be the same as the attachment pointer.
</t>
</section>
<section title="Individually Identified Resources">
<t>
Let's add "things" to our system, starting with an individual thing:
</t>
<figure>
<artwork>
<![CDATA[{
"$id": "https://schema.example.com/thing",
"$schema": "http://json-schema.org/draft-08/hyper-schema#",
"base": "https://api.example.com/",
"type": "object",
"required": ["data"],
"properties": {
"id": {"$ref": "#/$defs/id"},
"data": true
},
"links": [
{
"rel": "self",
"href": "things/{id}",
"templateRequired": ["id"],
"targetSchema": {"$ref": "#"}
}
],
"$defs": {
"id": {
"type": "integer",
"minimum": 1,
"readOnly": true
}
}
}]]>
</artwork>
</figure>
<t>
Our "thing" has a server-assigned id, which is required in order to
construct the "self" link. It also has a "data" field which can be
of any type. The reason for the "$defs" section will be clear
in the next example.
</t>
<t>
Note that "id" is not required by the validation schema, but is required
by the self link. This makes sense: a "thing" only has a URI if it has
been created, and the server has assigned an id. However, you can use
this schema with an instance containing only the data field, which allows
you to validate "thing" instances that you are about to create.
</t>
<t>
Let's add a link to our entry point schema that lets you jump directly
to a particular thing if you can supply it's id as input. To save space,
only the new LDO is shown. Unlike "self" and "about", there is no
IANA-registered relationship about hypothetical things, so an extension
relationship is defined using the
<xref target="RFC4151">"tag:" URI scheme</xref>:
</t>
<figure>
<artwork>
<![CDATA[{
"rel": "tag:rel.example.com,2017:thing",
"href": "things/{id}",
"hrefSchema": {
"required": ["id"],
"properties": {
"id": {"$ref": "thing#/$defs/id"}
}
},
"targetSchema": {"$ref": "thing#"}
}]]>
</artwork>
</figure>
<t>
The "href" value here is the same, but everything else is different.
Recall that the instance is an empty object, so "id" cannot be resolved
from instance data. Instead it is required as client input. This LDO
could also have used "templateRequired" but with "required" in "hrefSchema"
it is not strictly necessary. Providing "templateRequired" without marking
"id" as required in "hrefSchema" would lead to errors, as client input
is the only possible source for resolving this link.
</t>
</section>
<section title="Submitting a Payload and Accepting URI Input" anchor="mailto">
<t>
This example covers using the "submission" fields for non-representation
input, as well as using them alongside of resolving the URI Template with
input. Unlike HTML forms, which require either constructing a URI or
sending a payload, but do not allow not both at once, JSON Hyper-Schema can
describe both sorts of input for the same operation on the same link.
</t>
<t>
The "submissionSchema" and "submissionMediaType" fields are for
describing payloads that are not representations of the target resource.
When used with "http(s)://" URIs, they generally refer to a POST request
payload, as seen in the <xref target="HTTP">appendix on HTTP usage</xref>.
</t>
<t>
In this case, we use a "mailto:" URI, which, per
<xref target="RFC6068">RFC 6068, Section 3"</xref>, does not provide any
operation for retrieving a resource. It can only be used to construct
a message for sending. Since there is no concept of a retrievable,
replaceable, or deletable target resource, "targetSchema" and
"targetMediaType" are not used. Non-representation payloads are
described by "submissionSchema" and "submissionMediaType".
</t>
<t>
We use "submissionMediaType" to indicate a multipart/alternative
payload format, providing two representations of the same data (HTML and
plain text). Since a multipart/alternative message is an ordered sequence
(the last part is the most preferred alternative), we model the sequence as
an array in "submissionSchema". Since each part is itself a document with
a media type, we model each item in the array as a string, using
"contentMediaType" to indicate the format within the string.
</t>
<t>
Note that media types such as multipart/form-data, which associate a name with
each part and are not ordered, should be modeled as JSON objects rather than
arrays.
</t>
<figure>
<preamble>
Note that some lines are wrapped to fit this document's width restrictions.
</preamble>
<artwork>
<![CDATA[{
"$id": "https://schema.example.com/interesting-stuff",
"$schema": "http://json-schema.org/draft-08/hyper-schema#",
"required": ["stuffWorthEmailingAbout", "email", "title"],
"properties": {
"title": {
"type": "string"
},
"stuffWorthEmailingAbout": {
"type": "string"
},
"email": {
"type": "string",
"format": "email"
},
"cc": false
},
"links": [
{
"rel": "author",
"href": "mailto:{email}?subject={title}{&cc}",
"templateRequired": ["email"],
"hrefSchema": {
"required": ["title"],
"properties": {
"title": {
"type": "string"
},
"cc": {
"type": "string",
"format": "email"
},
"email": false
}
},
"submissionMediaType":
"multipart/alternative; boundary=ab2",
"submissionSchema": {
"type": "array",
"items": [
{
"type": "string",
"contentMediaType":
"text/plain; charset=utf8"
},
{
"type": "string",
"contentMediaType": "text/html"
}
],
"minItems": 2
}
}
]
}]]>
</artwork>
</figure>
<t>
For the URI parameters, each of the three demonstrates a different way of
resolving the input:
<list style="hanging">
<t hangText="email:">
This variable's presence in "templateRequired" means that it must be
resolved for the template to be used. Since the "false" schema
assigned to it in "hrefSchema" excludes it from the input data set,
it must be resolved from the instance.
</t>
<t hangText="title:">
The instance field matching this variable is required, and it is also
allowed in the input data. So its instance value is used to
pre-populate the input data set before accepting client input. The
client application can opt to leave the instance value in place. Since
this field is required in "hrefSchema", the client application cannot
delete it (although it could set it to an empty string).
</t>
<t hangText="cc:">
The "false" schema set for this in the main schema prevents this field
from having an instance value. If it is present at all, it must come
from client input. As it is not required in "hrefSchema", it may not
be used at all.
</t>
</list>
</t>
<t>
So, given the following instance retrieved from "https://api.example.com/stuff":
</t>
<figure>
<artwork>
<![CDATA[{
"title": "The Awesome Thing",
"stuffWorthEmailingAbout": "Lots of text here...",
"email": "someone@example.com"
}]]>
</artwork>
</figure>
<t>
We can partially resolve the link as follows, before asking the client
application for input.
</t>
<figure>
<artwork>
<![CDATA[{
"contextUri": "https://api.example.com/stuff",
"contextPointer": "",
"rel": "author",
"hrefInputTemplates": [
"mailto:someone@example.com?subject={title}{&cc}"
],
"hrefPrepopulatedInput": {
"title": "The Awesome Thing"
},
"attachmentPointer": ""
}]]>
</artwork>
</figure>
<t>
Notice the "href*" keywords in place of "targetUri". These are three
possible kinds of "targetUri" values covering different sorts of input. Here
are examples of each:
<list style="hanging">
<t hangText="No additional or changed input:">
"mailto:someone@example.com?subject=The%20Awesome%20Thing"
</t>
<t hangText='Change "title" to "your work":'>
"mailto:someone@example.com?subject=your%20work"
</t>
<t hangText='Change title and add a "cc" of "other@elsewhere.org":'>
"mailto:someone@example.com?subject=your%20work&amp;cc=other@elsewhere.org"
</t>
</list>
</t>
</section>
<section title='"anchor", "base" and URI Template Resolution'>
<t>
A link is a typed connection from a context resource to a target resource.
Older link serializations support a "rev" keyword that takes a link relation
type as "rel" does, but reverses the semantics. This has long been deprecated,
so JSON Hyper-Schema does not support it. Instead, "anchor"'s ability to
change the context URI can be used to reverse the direction of a link.
It can also be used to describe a link between two resources, neither of
which is the current resource.
</t>
<t>
As an example, there is an IANA-registered "up" relation, but
there is no "down". In an HTTP Link header, you could implement
"down" as <spanx style="verb">"rev": "up"</spanx>.
</t>
<figure>
<preamble>
First let's look at how this could be done in HTTP, showing a "self"
link and two semantically identical links, one with "rev": "up"
and the other using "anchor" with "rel": "up" (line wrapped due to
formatting limitations).
</preamble>
<artwork>
<![CDATA[
GET https://api.example.com/trees/1/nodes/123 HTTP/1.1
200 OK
Content-Type: application/json
Link: <https://api.example.com/trees/1/nodes/123>; rel="self"
Link: <https://api.example.com/trees/1/nodes/123>; rel="up";
anchor="https://api.example.com/trees/1/nodes/456"
Link: <https://api.example.com/trees/1/nodes/456>; rev="up"
{
"id": 123,
"treeId": 1,
"childIds": [456]
}
]]>
</artwork>
<postamble>
Note that the "rel=up" link has a target URI identical
to the "rel=self" link, and sets "anchor" (which identifies
the link's context) to the child's URI. This sort of reversed
link is easily detectable by tools when a "self" link is also present.
</postamble>
</figure>
<figure>
<preamble>
The following hyper-schema, applied to the instance in the response
above, would produce the same "self" link and "up" link with "anchor".
It also shows the use of a templated "base" URI, plus both absolute
and relative JSON Pointers in "templatePointers".
</preamble>
<artwork>
<![CDATA[{
"$id": "https://schema.example.com/tree-node",
"$schema": "http://json-schema.org/draft-08/hyper-schema#",
"base": "trees/{treeId}/",
"properties": {
"id": {"type": "integer"},
"treeId": {"type": "integer"},
"childIds": {
"type": "array",
"items": {
"type": "integer",
"links": [
{
"anchor": "nodes/{thisNodeId}",
"rel": "up",
"href": "nodes/{childId}",
"templatePointers": {
"thisNodeId": "/id",
"childId": "0"
}
}
]
}
}
},
"links": [
{
"rel": "self",
"href": "nodes/{id}"
}
]
}]]>
</artwork>
<postamble>
The "base" template is evaluated identically for both the
target ("href") and context ("anchor") URIs.
</postamble>
</figure>
<t>
Note the two different sorts of templatePointers used.
"thisNodeId" is mapped to an absolute JSON Pointer, "/id",
while "childId" is mapped to a relative pointer, "0", which
indicates the value of the current item. Absolute
JSON Pointers do not support any kind of wildcarding, so
there is no way to specify a concept like "current item"
without a relative JSON Pointer.
</t>
</section>
<section title="Collections">
<t>
In many systems, individual resources are grouped into collections. Those
collections also often provide a way to create individual item resources with
server-assigned identifiers.
</t>
<figure>
<preamble>
For this example, we will re-use the individual thing schema as
shown in an earlier section. It is repeated here for convenience,
with an added "collection" link with a "targetSchema" reference
pointing to the collection schema we will introduce next.
</preamble>
<artwork>
<![CDATA[{
"$id": "https://schema.example.com/thing",
"$schema": "http://json-schema.org/draft-08/hyper-schema#",
"base": "https://api.example.com/",
"type": "object",
"required": ["data"],
"properties": {
"id": {"$ref": "#/$defs/id"},
"data": true
},
"links": [
{
"rel": "self",
"href": "things/{id}",
"templateRequired": ["id"],
"targetSchema": {"$ref": "#"}
}, {
"rel": "collection",
"href": "/things",
"targetSchema": {"$ref": "thing-collection#"},
"submissionSchema": {"$ref": "#"}
}
],
"$defs": {
"id": {
"type": "integer",
"minimum": 1,
"readOnly": true
}
}
}]]>
</artwork>
<postamble>
The "collection" link is the same for all items, so there are no
URI Template variables. The "submissionSchema" is that of the
item itself. As described in <xref target="collectionAndItem"/>,
if a "collection" link supports a submission mechanism (POST in HTTP)
then it MUST implement item creation semantics. Therefore
"submissionSchema" is the schema for creating a "thing" via this link.
</postamble>
</figure>
<figure>
<preamble>
Now we want to describe collections of "thing"s.
This schema describes a collection where each item representation is
identical to the individual "thing" representation. While many
collection representations only include subset of the item
representations, this example uses the entirety to minimize the
number of schemas involved. The actual collection items appear as
an array within an object, as we will add more fields to the object
in the next example.
</preamble>
<artwork>
<![CDATA[{
"$id": "https://schema.example.com/thing-collection",
"$schema": "http://json-schema.org/draft-08/hyper-schema#",
"base": "https://api.example.com/",
"type": "object",
"required": ["elements"],
"properties": {
"elements": {
"type": "array",
"items": {
"allOf": [{"$ref": "thing#"}],
"links": [
{
"anchorPointer": "",
"rel": "item",
"href": "things/{id}",
"templateRequired": ["id"],
"targetSchema": {"$ref": "thing#"}
}
]
}
}
},
"links": [
{
"rel": "self",
"href": "things",
"targetSchema": {"$ref": "#"},
"submissionSchema": {"$ref": "thing"}
}
]
}]]>
</artwork>
</figure>
<figure>
<preamble>
Here is a simple two-element collection instance:
</preamble>
<artwork>
<![CDATA[{
"elements": [
{"id": 12345, "data": {}},
{"id": 67890, "data": {}}
]
}]]>
</artwork>
</figure>
<figure>
<preamble>
Here are all of the links that apply to this instance,
including those that are defined in the referenced individual
"thing" schema:
</preamble>
<artwork>
<![CDATA[[
{
"contextUri": "https://api.example.com/things",
"contextPointer": "",
"rel": "self",
"targetUri": "https://api.example.com/things",
"attachmentPointer": ""
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "/elements/0",
"rel": "self",
"targetUri": "https://api.example.com/things/12345",
"attachmentPointer": "/elements/0"
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "/elements/1",
"rel": "self",
"targetUri": "https://api.example.com/things/67890",
"attachmentPointer": "/elements/1"
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "",
"rel": "item",
"targetUri": "https://api.example.com/things/12345",
"attachmentPointer": "/elements/0"
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "",
"rel": "item",
"targetUri": "https://api.example.com/things/67890",
"attachmentPointer": "/elements/1"
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "/elements/0",
"rel": "collection",
"targetUri": "https://api.example.com/things",
"attachmentPointer": "/elements/0"
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "/elements/1",
"rel": "collection",
"targetUri": "https://api.example.com/things",
"attachmentPointer": "/elements/1"
}
]]]>
</artwork>
<postamble>
In all cases, the context URI is shown for
an instance of media type application/json, which does not
support fragments. If the instance media type was
application/instance+json, which supports JSON Pointer fragments,
then the context URIs would contain fragments identical to
the context pointer field. For application/json and other media types
without fragments, it is critically important to consider the context
pointer as well as the context URI.
</postamble>
</figure>
<t>
There are three "self" links, one for the collection, and one for
each item in the "elements" array. The item "self" links are defined
in the individual "thing" schema which is referenced with "$ref".
The three links can be distinguished by their context or attachment
pointers. We will revisit the "submissionSchema" of the collection's
"self" link in <xref target="firstItem"/>.
</t>
<t>
There are two "item" links, one for each item in the "elements" array.
Unlike the "self" links, these are defined only in the collection schema.
Each of them have the same target URI as the corresponding "self" link that
shares the same attachment pointer. However, each has a different context
pointer. The context of the "self" link is the entry in "elements",
while the context of the "item" link is always the entire collection
regardless of the specific item.
</t>
<t>
Finally, there are two "collection" links, one for each item in "elements".
In the individual item schema, these produce links with the item resource
as the context. When referenced from the collection schema, the context
is the location in the "elements" array of the relevant "thing", rather than
that "thing"'s own separate resource URI.
</t>
<t>
The collection links have identical target URIs as there is only one relevant
collection URI. While calculating both links as part of a full set of
constructed links may not seem useful, when constructing links on an as-needed
basis, this arrangement means that there is a "collection" link definition
close at hand no matter which "elements" entry you are processing.
</t>
<section title="Pagination">
<figure>
<preamble>
Here we add pagination to our collection. There is a "meta" section
to hold the information about current, next, and previous pages.
Most of the schema is the same as in the previous section and has been
omitted. Only new fields and new or (in the case of the main "self"
link) changed links are shown in full.
</preamble>
<artwork>
<![CDATA[{
"properties": {
"elements": {
...
},
"meta": {
"type": "object",
"properties": {
"prev": {"$ref": "#/$defs/pagination"},
"current": {"$ref": "#/$defs/pagination"},
"next": {"$ref": "#/$defs/pagination"}
}
}
},
"links": [
{
"rel": "self",
"href": "things{?offset,limit}",
"templateRequired": ["offset", "limit"],
"templatePointers": {
"offset": "/meta/current/offset",
"limit": "/meta/current/limit"
},
"targetSchema": {"$ref": "#"}
}, {
"rel": "prev",
"href": "things{?offset,limit}",
"templateRequired": ["offset", "limit"],
"templatePointers": {
"offset": "/meta/prev/offset",
"limit": "/meta/prev/limit"
},
"targetSchema": {"$ref": "#"}
}, {
"rel": "next",
"href": "things{?offset,limit}",
"templateRequired": ["offset", "limit"],
"templatePointers": {
"offset": "/meta/next/offset",
"limit": "/meta/next/limit"
},
"targetSchema": {"$ref": "#"}
}
],
"$defs": {
"pagination": {
"type": "object",
"properties": {
"offset": {
"type": "integer",
"minimum": 0,
"default": 0
},
"limit": {
"type": "integer",
"minimum": 1,
"maximum": 100,
"default": 10
}
}
}
}
}]]>
</artwork>
<postamble>
Notice that the "self" link includes the pagination query
that produced the exact representation, rather than being
a generic link to the collection allowing selecting the
page via input.
</postamble>
</figure>
<figure>
<preamble>
Given this instance:
</preamble>
<artwork>
<![CDATA[{
"elements": [
{"id": 12345, "data": {}},
{"id": 67890, "data": {}}
],
"meta": {
"current": {
"offset": 0,
"limit": 2
},
"next": {
"offset": 3,
"limit": 2
}
}
}]]>
</artwork>
</figure>
<figure>
<preamble>
Here are all of the links that apply to this instance
that either did not appear in the previous example or
have been changed with pagination added.
</preamble>
<artwork>
<![CDATA[[
{
"contextUri": "https://api.example.com/things",
"contextPointer": "",
"rel": "self",
"targetUri":
"https://api.example.com/things?offset=0&limit=2",
"attachmentPointer": ""
},
{
"contextUri": "https://api.example.com/things",
"contextPointer": "",
"rel": "next",
"targetUri":
"https://api.example.com/things?offset=3&limit=2",
"attachmentPointer": ""
}
]]]>
</artwork>
<postamble>
Note that there is no "prev" link in the output, as we are looking
at the first page. The lack of a "prev" field under "meta",
together with the "prev" link's "templateRequired" values, means
that the link is not usable with this particular instance.
</postamble>
</figure>
<t>
<cref>
It's not clear how pagination should work with the link from
the "collection" links in the individual "thing" schema.
Technically, a link from an item to a paginated or filtered
collection should go to a page/filter that contains the item
(in this case the "thing") that is the link context.
See GitHub issue #421 for more discussion.
</cref>
</t>
<t>
Let's add a link for this collection to the entry point schema
(<xref target="entryPoint"/>), including
pagination input in order to allow client applications to jump directly
to a specific page. Recall that the entry point schema consists only
of links, therefore we only show the newly added link:
</t>
<figure>
<artwork>
<![CDATA[{
"rel": "tag:rel.example.com,2017:thing-collection",
"href": "/things{?offset,limit}",
"hrefSchema": {
"$ref": "thing-collection#/$defs/pagination"
},
"submissionSchema": {
"$ref": "thing#"
},
"targetSchema": {
"$ref": "thing-collection#"
}
}]]>
</artwork>
<postamble>
Now we see the pagination parameters being accepted as input, so
we can jump to any page within the collection. The link relation
type is a custom one as the generic "collection" link can only
be used with an item as its context, not an entry point or other
resource.
</postamble>
</figure>
</section>
<section title="Creating the First Item" anchor="firstItem">
<t>
When we do not have any "thing"s, we do not have any resources with
a relevant "collection" link. Therefore we cannot use a "collection"
link's submission keywords to create the first "thing"; hyper-schemas
must be evaluated with respect to an instance. Since the "elements"
array in the collection instance would be empty, it cannot provide
us with a collection link either.
</t>
<t>
However, our entry point link can take us to the empty collection, and
we can use the presence of "item" links in the hyper-schema to recognize
that it is a collection. Since the context of the "item" link is the
collection, we simply look for a "self" link with the same context, which
we can then treat as collection for the purposes of a creation operation.
</t>
<t>
Presumably, our custom link relation type in the entry point schema was
sufficient to ensure that we have found the right collection. A client
application that recognizes that custom link relation type may know that
it can immediately assume that the target is a collection, but a generic
user agent cannot do so. Despite the presence of a "-collection" suffix
in our example, a generic user agent would have no way of knowing whether
that substring indicates a hypermedia resource collection, or some other
sort of collection.
</t>
<t>
Once we have recognized the "self" link as being for the correct collection,
we can use its "submissionSchema" and/or "submissionMediaType" keywords to
perform an item creation operation.
<cref>
This works perfectly if the collection is unfiltered and unpaginated.
However, one should generally POST to a collection that will contain
the created resource, and a "self" link MUST include any filters,
pagination, or other query parameters. Is it still valid to POST to
such a "self" link even if the resulting item would not match the
filter or appear within that page? See GitHub issue #421 for further
discussion.
</cref>
<cref>
Draft-04 of Hyper-Schema defined a "create" link relation that
had the schema, rather than the instance, as its context. This
did not fit into the instance-based link model, and incorrectly
used an operation name for a link relation type. However, defining
a more correctly designed link from the schema to the collection
instance may be one possible approach to solving this.
Again, see GitHub issue #421 for more details.
</cref>
</t>
</section>
</section>
</section>
<section title="Security Considerations" anchor="security">
<t>
JSON Hyper-Schema defines a vocabulary for JSON Schema core and concerns all
the security considerations listed there. As a link serialization format,
the security considerations of <xref target="RFC8288">RFC 8288 Web Linking</xref>
also apply, with appropriate adjustments (e.g. "anchor" as an LDO keyword rather
than an HTTP Link header attribute).
</t>
<section title="Target Attributes">
<t>
As stated in <xref target="targetAttributes"/>, all LDO keywords describing
the target resource are advisory and MUST NOT be used in place of
the authoritative information supplied by the target resource in response
to an operation. Target resource responses SHOULD indicate their own
hyper-schema, which is authoritative.
</t>
<t>
If the hyper-schema in the target response matches (by "$id") the hyper-schema
in which the current LDO was found, then the target attributes MAY be
considered authoritative.
<cref>
Need to add something about the risks of spoofing by "$id", but given
that other parts of the specification discourage always re-downloading
the linked schema, the risk mitigation options are unclear.
</cref>
</t>
<t>
User agents or client applications MUST NOT use the value of "targetSchema"
to aid in the interpretation of the data received in response to following
the link, as this leaves
"safe" data open to re-interpretation.
</t>
<t>
When choosing how to interpret data, the type information provided by the
server (or inferred from the filename, or any other usual method) MUST be
the only consideration, and the "targetMediaType" property of the link
MUST NOT be used.
User agents MAY use this information to determine how they represent the
link or where to display it (for example hover-text, opening in a new tab).
If user agents decide to pass the link to an external program, they SHOULD
first verify that the data is of a type that would normally be passed to
that external program.
</t>
<t>
This is to guard against re-interpretation of "safe" data, similar to the
precautions for "targetSchema".
</t>
<t>
Protocol meta-data values conveyed in "targetHints" MUST NOT be considered
authoritative. Any security considerations defined by the protocol that
may apply based on incorrect assumptions about meta-data values apply.
</t>
<t>
Even when no protocol security considerations are directly applicable,
implementations MUST be prepared to handle responses that do not
match the link's "targetHints" values.
</t>
</section>
<section title='"self" Links'>
<t>
When link relation of "self" is used to denote a full representation of an
object, the user agent SHOULD NOT consider the representation to be the
authoritative representation of the resource denoted by the target URI if
the target URI is not equivalent to or a sub-path of the URI used to request
the resource representation which contains the target URI with the "self"
link.
<cref>
It is no longer entirely clear what was intended by the "sub-path"
option in this paragraph. It may have been intended to allow
"self" links for embedded item representations in a collection, which
usually have target URIs that are sub-paths of that collection's URI,
to be considered authoritative. However, this is simply a common
design convention and does not appear to be based in RFC 3986 or any other
guidance on URI usage. See GitHub issue #485 for further discussion.
</cref>
</t>
</section>
</section>
<!--
<section title="IANA Considerations">
<t>No considerations</t>
</section>
-->
<section title="Acknowledgments">
<t>
Thanks to
Gary Court,
Francis Galiegue,
Kris Zyp,
and Geraint Luff
for their work on the initial drafts of JSON Schema.
</t>
<t>
Thanks to
Jason Desrosiers,
Daniel Perrett,
Erik Wilde,
Ben Hutton,
Evgeny Poberezkin,
Brad Bowman,
Gowry Sankar,
Donald Pipowitch,
Dave Finlay,
and Denis Laxalde
for their submissions and patches to the document.
</t>
</section>
</middle>
<back>
<!-- References Section -->
<references title="Normative References">
&rfc2119;
&rfc3986;
&rfc4287;
&rfc6570;
&rfc6573;
&rfc6901;
&rfc8288;
<reference anchor="relative-json-pointer">
<front>
<title>Relative JSON Pointers</title>
<author initials="G." surname="Luff">
<organization/>
</author>
<author initials="H." surname="Andrews">
<organization/>
</author>
<date year="2018" month="January"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-handrews-relative-json-pointer-02" />
</reference>
<reference anchor="json-schema">
<front>
<title>JSON Schema: A Media Type for Describing JSON Documents</title>
<author initials="A." surname="Wright">
<organization/>
</author>
<author initials="H." surname="Andrews">
<organization/>
</author>
<date year="2017" month="November"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-handrews-json-schema-02" />
</reference>
<reference anchor="json-schema-validation">
<front>
<title>JSON Schema Validation: A Vocabulary for Structural Validation of JSON</title>
<author initials="A." surname="Wright">
<organization/>
</author>
<author initials="H." surname="Andrews">
<organization/>
</author>
<author initials="G." surname="Luff">
<organization/>
</author>
<date year="2017" month="November"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-handrews-json-schema-validation-02" />
</reference>
</references>
<references title="Informative References">
&rfc2046;
&rfc4151;
&rfc5789;
&rfc6068;
&rfc7230;
&rfc7231;
&rfc7807;
&I-D.reschke-http-jfv;
</references>
<section title="Using JSON Hyper-Schema in APIs" anchor="apis">
<t>
Hypermedia APIs, which follow the constraints of the REST architectural
style, enable the creation of generic user agents. Such a user agent
has no application-specific knowledge. Rather, it understands pre-defined
media types, URI schemes, protocols, and link relations, often by recognizing
these and coordinating the use of existing software that implements support
for them. Client applications can then be built on top of such a user agent,
focusing on their own semantics and logic rather than the mechanics of the
interactions.
</t>
<t>
Hyper-schema is only concerned with one resource and set of associated links
at a time. Just as a web browser works with only one HTML page at a time,
with no concept of whether or how that page functions as part of a "site",
a hyper-schema-aware user agent works with one resource at a time, without
any concept of whether or how that resource fits into an API.
</t>
<t>
Therefore, hyper-schema is suitable for use within an API, but is not suitable
for the description of APIs as complete entities in their own right. There is
no way to describe concepts at the API scope, rather than the resource and
link scope, and such descriptions are outside of the boundaries
of JSON Hyper-Schema.
</t>
<section title="Resource Evolution With Hyper-Schema">
<t>
Since a given JSON Hyper-Schema is used with a single resource at a single
point in time, it has no inherent notion of versioning. However, a given
resource can change which schema or schemas it uses over time, and the
URIs of these schemas can be used to indicate versioning information.
When used with a media type that supports indicating a schema with a media
type parameter, these versioned schema URIs can be used in content negotiation.
</t>
<t>
A resource can indicate that it is an instance of multiple schemas, which allows
supporting multiple compatible versions simultaneously. A client application
can then make use of the hyper-schema that it recognizes, and ignore newer
or older versions.
</t>
</section>
<section title="Responses and Errors" anchor="responses">
<t>
Because a hyper-schema represents a single resource at a time, it does not
provide for an enumeration of all possible responses to protocol operations
performed with links. Each response, including errors, is considered
its own (possibly anonymous) resource, and should identify its own
hyper-schema, and optionally use an appropriate media type such as
<xref target="RFC7807">RFC 7807's "application/problem+json"</xref>,
to allow the user agent or client application to interpret any
information that is provided beyond the protocol's own status reporting.
</t>
</section>
<section title="Static Analysis of an API's Hyper-Schemas" anchor="staticAnalysis">
<t>
It is possible to statically analyze a set of hyper-schemas without instance
data in order to generate output such as documentation or code. However,
the full feature set of both validation and hyper-schema cannot be accessed
without runtime instance data.
</t>
<t>
This is an intentional design choice to provide the maximum runtime
flexibility for hypermedia systems. JSON Schema as a media type allows for
establishing additional vocabularies for static analysis and content
generation, which are not addressed in this specification. Additionally,
individual systems may restrict their usage to subsets that can be
analyzed statically if full design-time description is a goal.
<cref>
Vocabularies for API documentation and other purposes have been
proposed, and contributions are welcome at
https://github.com/json-schema-org/json-schema-vocabularies
</cref>
</t>
</section>
</section>
<section title="ChangeLog">
<t>
<cref>This section to be removed before leaving Internet-Draft status.</cref>
</t>
<t>
<list style="hanging">
<t hangText="draft-handrews-json-schema-hyperschema-02">
<list style="symbols">
<t></t>
</list>
</t>
<t hangText="draft-handrews-json-schema-hyperschema-01">
<list style="symbols">
<t>This draft is purely a bug fix with no functional changes</t>
<t>Fixed erroneous meta-schema URI (draft-07, not draft-07-wip)</t>
<t>Removed stray "work in progress" language left over from review period</t>
<t>Fixed missing trailing "/" in various "base" examples</t>
<t>Fixed incorrect draft name in changelog (luff-*-00, not -01)</t>
<t>Update relative pointer ref to handrews-*-01, also purely a bug fix</t>
</list>
</t>
<t hangText="draft-handrews-json-schema-hyperschema-00">
<list style="symbols">
<t>Top to bottom reorganization and rewrite</t>
<t>Group keywords per RFC 8288 context/relation/target/target attributes</t>
<t>Additional keyword groups for template resolution and describing input</t>
<t>Clarify implementation requirements with a suggested output format</t>
<t>Expanded overview to provide context</t>
<t>Consolidated examples into their own section, illustrate real-world patterns</t>
<t>Consolidated HTTP guidance in its own section</t>
<t>Added a subsection on static analysis of hyper-schemas</t>
<t>Consolidated security concerns in their own section</t>
<t>Added an appendix on usage in APIs</t>
<t>Moved "readOnly" to the validation specification</t>
<t>Moved "media" to validation as "contentMediaType"/"contentEncoding"</t>
<t>Renamed "submissionEncType" to "submissionMediaType"</t>
<t>Renamed "mediaType" to "targetMediaType"</t>
<t>Added "anchor" and "anchorPointer"</t>
<t>Added "templatePointers" and "templateRequired"</t>
<t>Clarified how "hrefSchema" is used</t>
<t>Added "targetHints" and "headerSchema"</t>
<t>Added guidance on "self", "collection" and "item" link usage</t>
<t>Added "description" as an LDO keyword</t>
<t>Added "$comment" in LDOs to match the schema keyword</t>
</list>
</t>
<t hangText="draft-wright-json-schema-hyperschema-01">
<list style="symbols">
<t>Fixed examples</t>
<t>Added "hrefSchema" for user input to "href" URI Templates</t>
<t>Removed URI Template pre-processing</t>
<t>Clarified how links and data submission work</t>
<t>Clarified how validation keywords apply hyper-schema keywords and links</t>
<t>Clarified HTTP use with "targetSchema"</t>
<t>Renamed "schema" to "submissionSchema"</t>
<t>Renamed "encType" to "submissionEncType"</t>
<t>Removed "method"</t>
</list>
</t>
<t hangText="draft-wright-json-schema-hyperschema-00">
<list style="symbols">
<t>"rel" is now optional</t>
<t>rel="self" no longer changes URI base</t>
<t>Added "base" keyword to change instance URI base</t>
<t>Removed "root" link relation</t>
<t>Removed "create" link relation</t>
<t>Removed "full" link relation</t>
<t>Removed "instances" link relation</t>
<t>Removed special behavior for "describedBy" link relation</t>
<t>Removed "pathStart" keyword</t>
<t>Removed "fragmentResolution" keyword</t>
<t>Updated references to JSON Pointer, HTML</t>
<t>Changed behavior of "method" property to align with hypermedia best current practices</t>
</list>
</t>
<t hangText="draft-luff-json-hyper-schema-00">
<list style="symbols">
<t>Split from main specification.</t>
</list>
</t>
</list>
</t>
</section>
</back>
</rfc>