JavaScript Object Notation (JSON) Pointer
draft-ietf-appsawg-json-pointer-09

I'm clearing my Discuss after exchanges with the document shepherd and responsible AD that indicate that, in their opinion, consensus has been reached on the IETF last call issues and that the on-going thread represents only a tail-end to that dicussion with the potential to spin up a new I-D, but will not impact this particular document.

- I consider this draft as poor in explaining the use cases and example for the JSON pointer.
In comparison, draft-ietf-appsawg-json-patch did a much better job.
The interaction, if any, with the JSON patch should be explained. It nothing else as a potential use case/example.
JSON-PATCH mentions:

   Additionally, operation objects MUST have exactly one "path" member,
   whose value MUST be a string containing a [JSON-Pointer] value that
   references a location within the target document to perform the
   operation (the "target location").

But JSON-POINTER doesn't even mention JSON-PATCH
So bad luck is someone starts by reading JSON-POINTER...

- For the record, I insert Dan Romascanu's OPS DIR review, stressing the need to reclassify RFC 4627 sooner than latter:

    By now, if somebody makes a snapshot after these documents will be approved a rather odd situation shows up. Two (maybe more documents) which are standards track extend a base document which is Informational. Standards that extend non-standards. If 4627 was Standards Track we would have used 'Updates RFC 4627' in the meta-data, but of course we cannot do it now. 

    Nothing critical happens (I think) as long as things work OK - but probably the sooner reclassifying 4627 happens the better.

- Intro: Does this identify a "value" within a JSON document or
a "place where a value should be found" within a JSON document?
Seems more like the latter to me.

- Section 3: FWIW, Pete's comment about i18n has me confused.
But so does "is a Unicode string" here. I guess i18n just has
me confused generally, but that's common;-) The last sentence
of section 3 however does seem clear to me, as is section 4 so
I think leaving this as-is is better than changing it. 

- Section 3: You say that "~" is special before you say why its
special, might be clearer if you said that in text before the
ABNF, e.g. adding '"~" is only special because it allows you to
escape "/"' and that you chose "~" because its not otherwise
used to escape JSON things (which I guess is why you picked
it).

- 4: is there no MAX value for array indices? Is there any
chance that "/foo/12345667890002122312312" might be a DoS
vector if it caused some memory allocation to go wonky? If so,
it might be good to note that in the security considerations
and say that e.g. implemtations MAY have a MAX value they
allow for array indices and also give a number that they all
MUST support or something. (Yes, I know that'd be a naive way
to allocate memory, but I still wanna ask:-) I guess such
a warning could go here or in specs that use this, I'm not
sure which'd be better.

- Section 6: Is "#/i%5Cj" really the same as "/i\\j" ? If it is
(which I can believe) then maybe good to call that out as I can
imagine folks getting it wrong and using "#/i%5C%5Cj" instead.

- section 7: This says specs using this SHOULD do something for
"each type of error" but you don't give a specific list of the
types of error (you say "is not limited to"). That seems to be
a conflict and might be a source of problems if different
consumers of this do different things. Given that json-patch
does need to know which error has happened sometimes, I think
it'd be better if you defined specific named (or numbered,
whatever) errors here that could be referenced in other specs
using this. 

- Section 9: Would it be worth saying that pointers in
fragments might expose sensitive information? E.g. a fragment
like "/user109/hivtest/followupneeded" could be sensitive and
we generally prefer to not have sensitive information in URLs
as it might be logged.