Permalink
Fetching contributors…
Cannot retrieve contributors at this time
1206 lines (1124 sloc) 58.3 KB
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC1034 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml">
<!ENTITY RFC2045 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2045.xml">
<!ENTITY RFC2046 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2046.xml">
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC2673 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2673.xml">
<!ENTITY RFC3339 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3339.xml">
<!ENTITY RFC3986 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml">
<!ENTITY RFC3987 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3987.xml">
<!ENTITY RFC4291 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4291.xml">
<!ENTITY RFC4329 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4329.xml">
<!ENTITY RFC4648 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4648.xml">
<!ENTITY RFC5322 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5322.xml">
<!ENTITY RFC5890 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
<!ENTITY RFC5891 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml">
<!ENTITY RFC6531 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6531.xml">
<!ENTITY RFC6570 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6570.xml">
<!ENTITY RFC6901 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6901.xml">
<!ENTITY RFC8259 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8259.xml">
]>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<?rfc strict="no"?>
<?rfc rfcedstyle="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes" ?>
<rfc category="info" docName="draft-handrews-json-schema-validation-02" ipr="trust200902">
<front>
<title abbrev="JSON Schema Validation">
JSON Schema Validation: A Vocabulary for Structural Validation of JSON
</title>
<author fullname="Austin Wright" initials="A" surname="Wright" role="editor">
<address>
<email>aaa@bzfx.net</email>
</address>
</author>
<author fullname="Henry Andrews" initials="H" surname="Andrews" role="editor">
<address>
<postal>
<street></street>
<city>San Francisco</city>
<region>CA</region>
<country>USA</country>
</postal>
<email>henry@cloudflare.com</email>
</address>
</author>
<author fullname="Geraint Luff" initials="G" surname="Luff">
<address>
<postal>
<street></street>
<city>Cambridge</city>
<country>UK</country>
</postal>
<email>luffgd@gmail.com</email>
</address>
</author>
<date year="2018"/>
<workgroup>Internet Engineering Task Force</workgroup>
<keyword>JSON</keyword>
<keyword>Schema</keyword>
<keyword>validation</keyword>
<abstract>
<t>
JSON Schema (application/schema+json) has several purposes, one of which is JSON
instance validation.
This document specifies a vocabulary for JSON Schema to describe the meaning of JSON
documents, provide hints for user interfaces working with JSON data, and to make
assertions about what a valid document must look like.
</t>
</abstract>
<note title="Note to Readers">
<t>
The issues list for this draft can be found at
<eref target="https://github.com/json-schema-org/json-schema-spec/issues"/>.
</t>
<t>
For additional information, see <eref target="http://json-schema.org/"/>.
</t>
<t>
To provide feedback, use this issue tracker, the communication methods listed on the
homepage, or email the document editors.
</t>
</note>
</front>
<middle>
<section title="Introduction">
<t>
JSON Schema can be used to require that a given JSON document (an instance)
satisfies a certain number of criteria. These criteria are asserted by using
keywords described in this specification. In addition, a set of keywords
is also defined to assist in interactive user interface instance generation.
</t>
<t>
This specification will use the concepts, syntax, and terminology defined
by the <xref target="json-schema">JSON Schema core</xref> specification.
</t>
</section>
<section title="Conventions and Terminology">
<t>
<!-- The text in this section has been copied from the official boilerplate,
and should not be modified.-->
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in <xref target="RFC2119">RFC 2119</xref>.
</t>
<t>
This specification uses the term "container instance" to refer to both array and
object instances. It uses the term "children instances" to refer to array elements
or object member values.
</t>
<t>
Elements in an array value are said to be unique if no two elements of this array
are <xref target="json-schema">equal</xref>.
</t>
</section>
<section title="Overview">
<t>
JSON Schema validation asserts constraints on the structure of instance data.
An instance location that satisfies all asserted constraints is then
annotated with any keywords that contain non-assertion information,
such as descriptive metadata and usage hints. If all locations within
the instance satisfy all asserted constraints, then the instance is
said to be valid against the schema.
</t>
<t>
Each schema object is independently evaluated against each instance location
to which it applies. This greatly simplifies the implementation requirements
for validators by ensuring that they do not need to maintain state across
the document-wide validation process.
</t>
<t>
This specification defines a set of assertion keywords, as well as a small vocabulary
of metadata keywords that can be used to annotate the JSON instance with
useful information. The <xref target="format" /> and <xref target="content" />
keywords are also useful as annotations as well as being optional assertions,
as they convey additional usage guidance for the instance data.
</t>
</section>
<section title="Interoperability Considerations">
<section title="Validation of String Instances">
<t>
It should be noted that the nul character (\u0000) is valid in a JSON string. An
instance to validate may contain a string value with this character, regardless
of the ability of the underlying programming language to deal with such data.
</t>
</section>
<section title="Validation of Numeric Instances">
<t>
The JSON specification allows numbers with arbitrary precision, and JSON Schema
does not add any such bounds.
This means that numeric instances processed by JSON Schema can be arbitrarily large and/or
have an arbitrarily long decimal part, regardless of the ability of the
underlying programming language to deal with such data.
</t>
</section>
<section title="Regular Expressions" anchor="regexInterop">
<t>
Keywords that use regular expressions, or constrain the instance value
to be a regular expression, are subject to the interoperability
considerations for regular expressions in the
<xref target="json-schema">JSON Schema Core</xref> specification.
</t>
</section>
</section>
<section title="Meta-Schema">
<t>
The current URI for the JSON Schema Validation meta-schema is
<eref target="http://json-schema.org/draft-08/schema#"/>.
This meta-schema describes the core keywords, the subschema application
vocabulary from the core specification, and all keywords
defined by this specification. All implementations of this specification
SHOULD support the subschema application vocabulary, and MUST NOT
implement behavior that contradicts that vocabulary.
</t>
</section>
<section title="Validation Keywords">
<t>
Validation keywords in a schema impose requirements for successful validation of an
instance. These keywords are all assertions without any annotation behavior.
</t>
<section title="Validation Keywords for Any Instance Type" anchor="general">
<section title="type">
<t>
The value of this keyword MUST be either a string or an array. If it is
an array, elements of the array MUST be strings and MUST be unique.
</t>
<t>
String values MUST be one of the six primitive types
("null", "boolean", "object", "array", "number", or "string"),
or "integer" which matches any number with a zero fractional part.
</t>
<t>
An instance validates if and only if the instance is in any of the sets listed
for this keyword.
</t>
</section>
<section title="enum">
<t>
The value of this keyword MUST be an array. This array SHOULD have at
least one element. Elements in the array SHOULD be unique.
</t>
<t>
An instance validates successfully against this keyword if its value is
equal to one of the elements in this keyword's array value.
</t>
<t>
Elements in the array might be of any value, including null.
</t>
</section>
<section title="const">
<t>
The value of this keyword MAY be of any type, including null.
</t>
<t>
An instance validates successfully against this keyword if its value is
equal to the value of the keyword.
</t>
</section>
</section>
<section title="Validation Keywords for Numeric Instances (number and integer)"
anchor="numeric">
<section title="multipleOf">
<t>
The value of "multipleOf" MUST be a number, strictly greater than 0.
</t>
<t>
A numeric instance is valid only if division by this keyword's value results in
an integer.
</t>
</section>
<section title="maximum">
<t>
The value of "maximum" MUST be a number, representing an inclusive upper limit
for a numeric instance.
</t>
<t>
If the instance is a number, then this keyword validates only if the instance is
less than or exactly equal to "maximum".
</t>
</section>
<section title="exclusiveMaximum">
<t>
The value of "exclusiveMaximum" MUST be number, representing an exclusive upper
limit for a numeric instance.
</t>
<t>
If the instance is a number, then the instance is valid only if it has a value
strictly less than (not equal to) "exclusiveMaximum".
</t>
</section>
<section title="minimum">
<t>
The value of "minimum" MUST be a number, representing an inclusive lower limit
for a numeric instance.
</t>
<t>
If the instance is a number, then this keyword validates only if the instance is
greater than or exactly equal to "minimum".
</t>
</section>
<section title="exclusiveMinimum">
<t>
The value of "exclusiveMinimum" MUST be number, representing an exclusive lower
limit for a numeric instance.
</t>
<t>
If the instance is a number, then the instance is valid only if it has a value
strictly greater than (not equal to) "exclusiveMinimum".
</t>
</section>
</section>
<section title="Validation Keywords for Strings" anchor="string">
<section title="maxLength">
<t>
The value of this keyword MUST be a non-negative integer.</t>
<t>
A string instance is valid against this keyword if its
length is less than, or equal to, the value of this keyword.
</t>
<t>
The length of a string instance is defined as the number of its
characters as defined by <xref target="RFC8259">RFC 8259</xref>.
</t>
</section>
<section title="minLength">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
A string instance is valid against this keyword if its
length is greater than, or equal to, the value of this keyword.
</t>
<t>
The length of a string instance is defined as the number of its
characters as defined by <xref target="RFC8259">RFC 8259</xref>.
</t>
<t>
Omitting this keyword has the same behavior as a value of 0.
</t>
</section>
<section title="pattern" anchor="pattern">
<t>
The value of this keyword MUST be a string. This string SHOULD be a
valid regular expression, according to the ECMA 262 regular expression
dialect.
</t>
<t>
A string instance is considered valid if the regular
expression matches the instance successfully. Recall: regular
expressions are not implicitly anchored.
</t>
</section>
</section>
<section title="Validation Keywords for Arrays">
<section title="maxItems">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
An array instance is valid against "maxItems" if its size is
less than, or equal to, the value of this keyword.
</t>
</section>
<section title="minItems">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
An array instance is valid against "minItems" if its size is
greater than, or equal to, the value of this keyword.
</t>
<t>
Omitting this keyword has the same behavior as a value of 0.
</t>
</section>
<section title="uniqueItems">
<t>
The value of this keyword MUST be a boolean.
</t>
<t>
If this keyword has boolean value false, the instance validates
successfully. If it has boolean value true, the instance validates
successfully if all of its elements are unique.
</t>
<t>
Omitting this keyword has the same behavior as a value of false.
</t>
</section>
<section title="maxContains">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
An array instance is valid against "maxContains" if the number of
elements that are valid against the schema for
<xref target="json-schema">"contains"</xref> is
less than, or equal to, the value of this keyword.
</t>
<t>
If "contains" is not present within the same schema object,
then this keyword has no effect.
</t>
</section>
<section title="minContains">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
An array instance is valid against "minContains" if the number of
elements that are valid against the schema for
<xref target="json-schema">"contains"</xref> is
greater than, or equal to, the value of this keyword.
</t>
<t>
A value of 0 is allowed, but is only useful for setting a range
of occurrences from 0 to the value of "maxContains". A value of
0 with no "maxContains" causes "contains" to always pass validation.
</t>
<t>
If "contains" is not present within the same schema object,
then this keyword has no effect.
</t>
<t>
Omitting this keyword has the same behavior as a value of 1.
</t>
</section>
</section>
<section title="Validation Keywords for Objects">
<section title="maxProperties">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
An object instance is valid against "maxProperties" if its
number of properties is less than, or equal to, the value of this
keyword.
</t>
</section>
<section title="minProperties">
<t>
The value of this keyword MUST be a non-negative integer.
</t>
<t>
An object instance is valid against "minProperties" if its
number of properties is greater than, or equal to, the value of this
keyword.
</t>
<t>
Omitting this keyword has the same behavior as a value of 0.
</t>
</section>
<section title="required">
<t>
The value of this keyword MUST be an array.
Elements of this array, if any, MUST be strings, and MUST be unique.
</t>
<t>
An object instance is valid against this keyword if every item in the array is
the name of a property in the instance.
</t>
<t>
Omitting this keyword has the same behavior as an empty array.
</t>
</section>
<section title="dependentRequired">
<t>
The value of this keyword MUST be an object. Properties in
this object, if any, MUST be arrays. Elements in each array,
if any, MUST be strings, and MUST be unique.
</t>
<t>
This keyword specifies properties that are required if a specific
other property is present. Their requirement is dependent on the
presence of the other property.
</t>
<t>
Validation succeeds if, for each name that appears in both
the instance and as a name within this keyword's value, every
item in the corresponding array is also the name of a property
in the instance.
</t>
<t>
Omitting this keyword has the same behavior as an empty object.
</t>
</section>
</section>
</section>
<section title='Semantic Validation With "format"' anchor="format">
<section title="Foreword">
<t>
Structural validation alone may be insufficient to validate that an instance
meets all the requirements of an application. The "format" keyword is defined to
allow interoperable semantic validation for a fixed subset of values which are
accurately described by authoritative resources, be they RFCs or other external
specifications.
</t>
<t>
The value of this keyword is called a format attribute. It MUST be a string. A
format attribute can generally only validate a given set of instance types. If
the type of the instance to validate is not in this set, validation for this
format attribute and instance SHOULD succeed.
</t>
</section>
<section title="Implementation Requirements">
<t>
The "format" keyword functions as both an annotation
and as an assertion. While no special effort is required to
implement it as an annotation conveying semantic meaning, implementing
validation is non-trivial.
</t>
<t>
Implementations MAY support the "format" keyword as a validation assertion.
Should they choose to do so:
<list>
<t>they SHOULD implement validation for attributes defined below;</t>
<t>they SHOULD offer an option to disable validation for this keyword.</t>
</list>
</t>
<t>
Implementations MAY add custom format attributes. Save for agreement between
parties, schema authors SHALL NOT expect a peer implementation to support this
keyword and/or custom format attributes.
</t>
</section>
<section title="Defined Formats">
<section title="Dates and Times">
<t>
These attributes apply to string instances.
</t>
<t>
Date and time format names are derived from
<xref target="RFC3339">RFC 3339, section 5.6</xref>.
</t>
<t>
Implementations supporting formats SHOULD implement support for
the following attributes:
<list style="hanging">
<t hangText="date-time:">
A string instance is valid against this attribute if it is
a valid representation according to the "date-time" production.
</t>
<t hangText="date:">
A string instance is valid against this attribute if it is
a valid representation according to the "full-date" production.
</t>
<t hangText="time:">
A string instance is valid against this attribute if it is
a valid representation according to the "full-time" production.
</t>
</list>
</t>
<t>
Implementations MAY support additional attributes using the other
production names defined in that section. If "full-date" or "full-time"
are implemented, the corresponding short form ("date" or "time"
respectively) MUST be implemented, and MUST behave identically.
Implementations SHOULD NOT define extension attributes
with any name matching an RFC 3339 production unless it validates
according to the rules of that production.
<cref>
There is not currently consensus on the need for supporting
all RFC 3339 formats, so this approach of reserving the
namespace will encourage experimentation without committing
to the entire set. Either the format implementation requirements
will become more flexible in general, or these will likely
either be promoted to fully specified attributes or dropped.
</cref>
</t>
</section>
<section title="Email Addresses">
<t>
These attributes apply to string instances.
</t>
<t>
A string instance is valid against these attributes if it is a valid
Internet email address as follows:
<list style="hanging">
<t hangText="email:">
As defined by <xref target="RFC5322">RFC 5322, section 3.4.1</xref>.
</t>
<t hangText="idn-email:">
As defined by <xref target="RFC6531">RFC 6531</xref>
</t>
</list>
Note that all strings valid against the "email" attribute are also
valid against the "idn-email" attribute.
</t>
</section>
<section title="Hostnames">
<t>
These attributes apply to string instances.
</t>
<t>
A string instance is valid against these attributes if it is a valid
representation for an Internet hostname as follows:
<list style="hanging">
<t hangText="hostname:">
As defined by <xref target="RFC1034">RFC 1034, section 3.1</xref>,
including host names produced using the Punycode algorithm
specified in <xref target="RFC5891">RFC 5891, section 4.4</xref>.
</t>
<t hangText="idn-hostname:">
As defined by either RFC 1034 as for hostname, or an
internationalized hostname as defined by
<xref target="RFC5890">RFC 5890, section 2.3.2.3</xref>.
</t>
</list>
Note that all strings valid against the "hostname" attribute are also
valid against the "idn-hostname" attribute.
</t>
</section>
<section title="IP Addresses">
<t>
These attributes apply to string instances.
</t>
<t>
A string instance is valid against these attributes if it is a valid
representation of an IP address as follows:
<list style="hanging">
<t hangText="ipv4:">
An IPv4 address according to the "dotted-quad" ABNF
syntax as defined in
<xref target="RFC2673">RFC 2673, section 3.2</xref>.
</t>
<t hangText="ipv6:">
An IPv6 address as defined in
<xref target="RFC4291">RFC 4291, section 2.2</xref>.
</t>
</list>
</t>
</section>
<section title="Resource Identifiers">
<t>
These attributes apply to string instances.
</t>
<t>
<list style="hanging">
<t hangText="uri:">
A string instance is valid against this attribute if it is
a valid URI, according to <xref target="RFC3986"/>.
</t>
<t hangText="uri-reference:">
A string instance is valid against this attribute if it is a valid URI
Reference (either a URI or a relative-reference),
according to <xref target="RFC3986"/>.
</t>
<t hangText="iri:">
A string instance is valid against this attribute if it is
a valid IRI, according to <xref target="RFC3987"/>.
</t>
<t hangText="iri-reference:">
A string instance is valid against this attribute if it is a valid IRI
Reference (either an IRI or a relative-reference),
according to <xref target="RFC3987"/>.
</t>
</list>
Note that all valid URIs are valid IRIs, and all valid URI References are
also valid IRI References.
</t>
</section>
<section title="uri-template">
<t>
This attribute applies to string instances.
</t>
<t>
A string instance is valid against this attribute if it is a valid URI Template
(of any level), according to <xref target="RFC6570"/>.
</t>
<t>
Note that URI Templates may be used for IRIs; there is no separate
IRI Template specification.
</t>
</section>
<section title="JSON Pointers">
<t>
These attributes apply to string instances.
</t>
<t>
<list style="hanging">
<t hangText="json-pointer:">
A string instance is valid against this attribute if it
is a valid JSON string representation of a JSON Pointer,
according to <xref target="RFC6901">RFC 6901, section 5</xref>.
</t>
<t hangText="relative-json-pointer:">
A string instance is valid against this attribute if it is a valid
<xref target="relative-json-pointer">Relative JSON Pointer</xref>.
</t>
</list>
To allow for both absolute and relative JSON Pointers, use "anyOf" or
"oneOf" to indicate support for either format.
</t>
</section>
<section title="regex">
<t>
This attribute applies to string instances.
</t>
<t>
A regular expression, which SHOULD be valid according to the
<xref target="ecma262">ECMA 262</xref> regular expression dialect.
</t>
<t>
Implementations that validate formats MUST accept at least the subset of
ECMA 262 defined in the <xref target="regexInterop">Regular Expressions</xref>
section of this specification, and SHOULD accept all valid ECMA 262 expressions.
</t>
</section>
</section>
</section>
<section title='String-Encoding Non-JSON Data' anchor="content">
<section title="Foreword">
<t>
Properties defined in this section indicate that an instance contains
non-JSON data encoded in a JSON string.
They describe the type of content and how it is encoded.
</t>
<t>
These properties provide additional information required to interpret JSON data
as rich multimedia documents.
</t>
</section>
<section title="Implementation Requirements">
<t>
The content keywords function as both annotations and as assertions.
While no special effort is required to implement them as annotations conveying
how applications can interpret the data in the string, implementing
validation of conformance to the media type and encoding is non-trivial.
</t>
<t>
Implementations MAY support the "contentMediaType" and "contentEncoding"
keywords as validation assertions.
Should they choose to do so, they SHOULD offer an option to disable validation
for these keywords.
</t>
</section>
<section title="contentEncoding">
<t>
If the instance value is a string, this property defines that the string
SHOULD be interpreted as binary data and decoded using the encoding
named by this property.
</t>
<t>
Possible values for this property are listed in
<xref target="RFC2045">RFC 2045, Sec 6.1</xref> and
<xref target="RFC4648">RFC 4648</xref>. For "base64", which is defined
in both RFCs, the definition in RFC 4648, which removes line length
limitations, SHOULD be used, as various other specifications have
mandated different lengths. Note that line lengths within a string
can be constrained using the <xref target="pattern">"pattern"</xref> keyword.
</t>
<t>
The value of this property MUST be a string.
</t>
<t>
The value of this property SHOULD be ignored if the instance described is not a
string.
</t>
</section>
<section title="contentMediaType">
<t>
The value of this property must be a media type, as defined by
<xref target="RFC2046">RFC 2046</xref>. This property defines the media
type of instances which this schema defines.
</t>
<t>
The value of this property MUST be a string.
</t>
<t>
The value of this property SHOULD be ignored if the instance described is not a
string.
</t>
<t>
If the "contentEncoding" property is not present, but the instance value is a
string, then the value of this property SHOULD specify a text document type,
and the character set SHOULD be the character set into which the JSON string
value was decoded (for which the default is Unicode).
</t>
</section>
<section title="Example">
<figure>
<preamble>
Here is an example schema, illustrating the use of "contentEncoding" and
"contentMediaType":
</preamble>
<artwork>
<![CDATA[
{
"type": "string",
"contentEncoding": "base64",
"contentMediaType": "image/png"
}
]]>
</artwork>
<postamble>
Instances described by this schema should be strings, and their values
should be interpretable as base64-encoded PNG images.
</postamble>
</figure>
<figure>
<preamble>
Another example:
</preamble>
<artwork>
<![CDATA[
{
"type": "string",
"contentMediaType": "text/html"
}
]]>
</artwork>
<postamble>
Instances described by this schema should be strings containing HTML, using
whatever character set the JSON string was decoded into (default is
Unicode).
</postamble>
</figure>
</section>
</section>
<section title="Basic Meta-Data Annotations">
<t>
These general-purpose annotation keywords provide commonly used information
for documentation and user interface display purposes. They are not intended
to form a comprehensive set of features. Rather, additional vocabularies
can be defined for more complex annotation-based applications.
</t>
<section title='"title" and "description"'>
<t>
The value of both of these keywords MUST be a string.
</t>
<t>
Both of these keywords can be used to decorate a user interface with
information about the data produced by this user interface. A title will
preferably be short, whereas a description will provide explanation about
the purpose of the instance described by this schema.
</t>
</section>
<section title='"default"'>
<t>
There are no restrictions placed on the value of this keyword. When
multiple occurrences of this keyword are applicable to a single
sub-instance, implementations SHOULD remove duplicates.
</t>
<t>
This keyword can be used to supply a default JSON value associated with a
particular schema. It is RECOMMENDED that a default value be valid against
the associated schema.
</t>
</section>
<section title='"readOnly" and "writeOnly"'>
<t>
The value of these keywords MUST be a boolean. When multiple occurrences
of these keywords are applicable to a single sub-instance, the resulting
value MUST be true if any occurrence specifies a true value, and MUST
be false otherwise.
</t>
<t>
If "readOnly" has a value of boolean true, it indicates that the value
of the instance is managed exclusively by the owning authority, and
attempts by an application to modify the value of this property are
expected to be ignored or rejected by that owning authority.
</t>
<t>
An instance document that is marked as "readOnly for the entire document
MAY be ignored if sent to the owning authority, or MAY result in an
error, at the authority's discretion.
</t>
<t>
If "writeOnly" has a value of boolean true, it indicates that the value
is never present when the instance is retrieved from the owning authority.
It can be present when sent to the owning authority to update or create
the document (or the resource it represents), but it will not be included
in any updated or newly created version of the instance.
</t>
<t>
An instance document that is marked as "writeOnly" for the entire document
MAY be returned as a blank document of some sort, or MAY produce an error
upon retrieval, or have the retrieval request ignored, at the authority's
discretion.
</t>
<t>
For example, "readOnly" would be used to mark a database-generated serial
number as read-only, while "writeOnly" would be used to mark a password
input field.
</t>
<t>
These keywords can be used to assist in user interface instance generation.
In particular, an application MAY choose to use a widget that hides
input values as they are typed for write-only fields.
</t>
<t>
Omitting these keywords has the same behavior as values of false.
</t>
</section>
<section title='"examples"'>
<t>
The value of this keyword MUST be an array.
There are no restrictions placed on the values within the array.
When multiple occurrences of this keyword are applicable to a single
sub-instance, implementations MUST provide a flat array of all
values rather than an array of arrays.
</t>
<t>
This keyword can be used to provide sample JSON values associated with a
particular schema, for the purpose of illustrating usage. It is
RECOMMENDED that these values be valid against the associated schema.
</t>
<t>
Implementations MAY use the value(s) of "default", if present, as
an additional example. If "examples" is absent, "default"
MAY still be used in this manner.
</t>
</section>
</section>
<section title="Security Considerations">
<t>
JSON Schema validation defines a vocabulary for JSON Schema core and concerns all
the security considerations listed there.
</t>
<t>
JSON Schema validation allows the use of Regular Expressions, which have numerous
different (often incompatible) implementations.
Some implementations allow the embedding of arbitrary code, which is outside the
scope of JSON Schema and MUST NOT be permitted.
Regular expressions can often also be crafted to be extremely expensive to compute
(with so-called "catastrophic backtracking"), resulting in a denial-of-service
attack.
</t>
<t>
Implementations that support validating or otherwise evaluating instance
string data based on "contentEncoding" and/or "contentMediaType" are at
risk of evaluating data in an unsafe way based on misleading information.
Applications can mitigate this risk by only performing such processing
when a relationship between the schema and instance is established
(e.g., they share the same authority).
</t>
<t>
Processing a media type or encoding is subject to the security considerations
of that media type or encoding. For example, the security considerations
of <xref target="RFC4329">RFC 4329 Scripting Media Types</xref> apply when
processing JavaScript or ECMAScript encoded within a JSON string.
</t>
</section>
<!--
<section title="IANA Considerations">
<t>
This specification does not have any influence with regards to IANA.
</t>
</section>
-->
</middle>
<back>
<!-- References Section -->
<references title="Normative References">
&RFC2119;
&RFC1034;
&RFC2045;
&RFC2046;
&RFC2673;
&RFC3339;
&RFC3986;
&RFC3987;
&RFC4291;
&RFC4648;
&RFC5322;
&RFC5890;
&RFC5891;
&RFC6570;
&RFC6531;
&RFC6901;
&RFC8259;
<reference anchor="ecma262"
target="http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf">
<front>
<title>ECMA 262 specification</title>
<author/>
<date/>
</front>
</reference>
<reference anchor="relative-json-pointer">
<front>
<title>Relative JSON Pointers</title>
<author initials="G." surname="Luff">
<organization/>
</author>
<author initials="H." surname="Andrews">
<organization>Cloudflare, Inc.</organization>
</author>
<date year="2017" month="November"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-handrews-relative-json-pointer-01" />
</reference>
<reference anchor="json-schema">
<front>
<title>JSON Schema: A Media Type for Describing JSON Documents</title>
<author initials="A." surname="Wright">
<organization/>
</author>
<author initials="H." surname="Andrews">
<organization/>
</author>
<date year="2017" month="November"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-handrews-json-schema-02" />
</reference>
</references>
<references title="Informative References">
&RFC4329;
</references>
<section title="Keywords Moved from Validation to Core">
<t>
Several keywords have been moved from this document into the
<xref target="json-schema">Core Specification</xref> as of this draft, in some
cases with re-naming or other changes. This affects the following former
validation keywords:
<list style="hanging">
<t hangText='"definitions"'>
Renamed to "$defs" to match "$ref" and be shorter to type.
Schema vocabulary authors SHOULD NOT define a "definitions" keyword
with different behavior in order to avoid invalidating schemas that
still use the older name.
</t>
<t hangText='"allOf", "anyOf", "oneOf", "not", "if", "then", "else",
"items", "additionalItems", "contains", "propertyNames",
"properties", "patternProperties", "additionalProperties"'>
All of these keywords apply subschemas to the instance and combine
their results, without asserting any conditions of their own.
Without assertion keywords, these applicators can only cause assertion
failures by using the false boolean schema, or by inverting the result
of the true boolean schema. For this reason, they are better defined
as a generic mechanism on which validation, hyper-schema, and extension
vocabularies can all be based
</t>
<t hangText='"dependencies"'>
This keyword had two different modes of behavior, which made it
relatively challenging to implement and reason about.
The schema form has been moved to Core and renamed to
"dependentSchemas", as part of the applicator vocabulary.
It is analogous to "properties", except that instead of applying
its subschema to the property value, it applies it to the object
containing the property.
The property name array form is retained here and renamed to
"dependentRequired", as it is an assertion which is a shortcut
for the conditional use of the "required" assertion keyword.
</t>
</list>
</t>
</section>
<section title="Acknowledgments">
<t>
Thanks to
Gary Court,
Francis Galiegue,
Kris Zyp,
and Geraint Luff
for their work on the initial drafts of JSON Schema.
</t>
<t>
Thanks to
Jason Desrosiers,
Daniel Perrett,
Erik Wilde,
Ben Hutton,
Evgeny Poberezkin,
Brad Bowman,
Gowry Sankar,
Donald Pipowitch,
Dave Finlay,
and Denis Laxalde
for their submissions and patches to the document.
</t>
</section>
<section title="ChangeLog">
<t>
<cref>This section to be removed before leaving Internet-Draft status.</cref>
</t>
<t>
<list style="hanging">
<t hangText="draft-handrews-json-schema-validation-02">
<list style="symbols">
<t>Moved "definitions" to the core spec as "$defs"</t>
<t>Moved applicator keywords to the core spec</t>
<t>Renamed the array form of "dependencies" to "dependentRequired", moved the schema form to the core spec</t>
</list>
</t>
<t hangText="draft-handrews-json-schema-validation-01">
<list style="symbols">
<t>This draft is purely a clarification with no functional changes</t>
<t>Provided the general principle behind ignoring annotations under "not" and similar cases</t>
<t>Clarified "if"/"then"/"else" validation interactions</t>
<t>Clarified "if"/"then"/"else" behavior for annotation</t>
<t>Minor formatting and cross-referencing improvements</t>
</list>
</t>
<t hangText="draft-handrews-json-schema-validation-00">
<list style="symbols">
<t>Added "if"/"then"/"else"</t>
<t>Classify keywords as assertions or annotations per the core spec</t>
<t>Warn of possibly removing "dependencies" in the future</t>
<t>Grouped validation keywords into sub-sections for readability</t>
<t>Moved "readOnly" from hyper-schema to validation meta-data</t>
<t>Added "writeOnly"</t>
<t>Added string-encoded media section, with former hyper-schema "media" keywords</t>
<t>Restored "regex" format (removal was unintentional)</t>
<t>Added "date" and "time" formats, and reserved additional RFC 3339 format names</t>
<t>I18N formats: "iri", "iri-reference", "idn-hostname", "idn-email"</t>
<t>Clarify that "json-pointer" format means string encoding, not URI fragment</t>
<t>Fixed typo that inverted the meaning of "minimum" and "exclusiveMinimum"</t>
<t>Move format syntax references into Normative References</t>
<t>JSON is a normative requirement</t>
</list>
</t>
<t hangText="draft-wright-json-schema-validation-01">
<list style="symbols">
<t>Standardized on hyphenated format names with full words ("uriref" becomes "uri-reference")</t>
<t>Add the formats "uri-template" and "json-pointer"</t>
<t>Changed "exclusiveMaximum"/"exclusiveMinimum" from boolean modifiers of "maximum"/"minimum" to independent numeric fields.</t>
<t>Split the additionalItems/items into two sections</t>
<t>Reworked properties/patternProperties/additionalProperties definition</t>
<t>Added "examples" keyword</t>
<t>Added "contains" keyword</t>
<t>Allow empty "required" and "dependencies" arrays</t>
<t>Fixed "type" reference to primitive types</t>
<t>Added "const" keyword</t>
<t>Added "propertyNames" keyword</t>
</list>
</t>
<t hangText="draft-wright-json-schema-validation-00">
<list style="symbols">
<t>Added additional security considerations</t>
<t>Removed reference to "latest version" meta-schema, use numbered version instead</t>
<t>Rephrased many keyword definitions for brevity</t>
<t>Added "uriref" format that also allows relative URI references</t>
</list>
</t>
<t hangText="draft-fge-json-schema-validation-00">
<list style="symbols">
<t>Initial draft.</t>
<t>Salvaged from draft v3.</t>
<t>Redefine the "required" keyword.</t>
<t>Remove "extends", "disallow"</t>
<t>Add "anyOf", "allOf", "oneOf", "not", "definitions", "minProperties",
"maxProperties".</t>
<t>"dependencies" member values can no longer be single strings; at
least one element is required in a property dependency array.</t>
<t>Rename "divisibleBy" to "multipleOf".</t>
<t>"type" arrays can no longer have schemas; remove "any" as a possible
value.</t>
<t>Rework the "format" section; make support optional.</t>
<t>"format": remove attributes "phone", "style", "color"; rename
"ip-address" to "ipv4"; add references for all attributes.</t>
<t>Provide algorithms to calculate schema(s) for array/object
instances.</t>
<t>Add interoperability considerations.</t>
</list>
</t>
</list>
</t>
</section>
</back>
</rfc>