Description
Currently the JSON Schema specification allows to reference external files using a hyperlink. This is a very loose reference, specifically:
When an implementation encounters the reference to "other.json", it resolves this to https://example.net/other.json, which is not defined in this document. If a schema with that identifier has otherwise been supplied to the implementation, it can also be used automatically.
The schema in this case (the one referencing to other.json) to be insufficiently expressive. If the author of the schema wants to say "I refer to the meta-schema hosted at https://example.com/other.json" then they are helpless to make this expression. Instead they can only make the very limited utility statement "I refer to the meta-schema identified as https://example.com/other.json". This means that the meaning of every schema document is extremely implementation-dependent. (Even if they are implemented the same way.) Isn't this an underspecification of the JSON Schema specification?
There may not be an appetite to update JSON Schema specification to explain how the retrieval of resources over the internet works. That process is not consistent, not reliable and it depends on HTTPS/SSL/MITM and a lot more.
Instead, is there some other way we can include referential integrity into the standard? Maybe something like this:
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$schema-sri": "sha384-F3w7mX95PdgyTmZZMECAngseQB83DfGTowi0iMjiWaeVhAn4FJkqJByhZMI3AhiU"
}
This would only be applicable to whole documents, not partial resources (because it depends on the full binary representation of the JSON file, which is not unique).
We could reuse the approach W3C uses for Subresource Integrity.
The end result would be that, JSON Schema specification still does not specify how you are to download resources, but it allows schema authors to express clearly which document they are referring to.
Background: I am lead author of ERC-721 (the Non-fungible Token standard) and am focused on high-value, long-term, immutable metadata documents that validate against JSON Schemas.