Internet Engineering Task Force A. Wright, Ed.
Internet-Draft
Intended status: Informational H. Andrews, Ed.
Expires: May 23, 2018 Cloudflare, Inc.
November 19, 2017
JSON Schema: A Media Type for Describing JSON Documents
draft-handrews-json-schema-00
Abstract
JSON Schema defines the media type "application/schema+json", a JSON-
based format for describing the structure of JSON data. JSON Schema
asserts what a JSON document must look like, ways to extract
information from it, and how to interact with it. The "application/
schema-instance+json" media type provides additional feature-rich
integration with "application/schema+json" beyond what can be offered
for "application/json" documents.
Note to Readers
The issues list for this draft can be found at <https://github.com/
json-schema-org/json-schema-spec/issues>.
For additional information, see <http://json-schema.org/>.
To provide feedback, use this issue tracker, the communication
methods listed on the homepage, or email the document editors.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 23, 2018.
Wright & Andrews Expires May 23, 2018 [Page 1]
Internet-Draft JSON Schema November 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Validation . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Hypermedia and Linking . . . . . . . . . . . . . . . . . 4
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. JSON Document . . . . . . . . . . . . . . . . . . . . . . 4
4.2. Instance . . . . . . . . . . . . . . . . . . . . . . . . 4
4.2.1. Instance Data Model . . . . . . . . . . . . . . . . . 4
4.2.2. Instance Media Types . . . . . . . . . . . . . . . . 5
4.2.3. Instance Equality . . . . . . . . . . . . . . . . . . 6
4.3. JSON Schema Documents . . . . . . . . . . . . . . . . . . 6
4.3.1. JSON Schema Values and Keywords . . . . . . . . . . . 7
4.3.2. JSON Schema Vocabularies . . . . . . . . . . . . . . 7
4.3.3. Root Schema and Subschemas . . . . . . . . . . . . . 8
5. Fragment Identifiers . . . . . . . . . . . . . . . . . . . . 8
6. General Considerations . . . . . . . . . . . . . . . . . . . 9
6.1. Range of JSON Values . . . . . . . . . . . . . . . . . . 9
6.2. Programming Language Independence . . . . . . . . . . . . 9
6.3. Mathematical Integers . . . . . . . . . . . . . . . . . . 9
6.4. Extending JSON Schema . . . . . . . . . . . . . . . . . . 10
7. The "$schema" Keyword . . . . . . . . . . . . . . . . . . . . 10
8. Schema References With "$ref" . . . . . . . . . . . . . . . . 11
9. Base URI and Dereferencing . . . . . . . . . . . . . . . . . 11
9.1. Initial Base URI . . . . . . . . . . . . . . . . . . . . 11
9.2. The "$id" Keyword . . . . . . . . . . . . . . . . . . . . 11
9.2.1. Internal References . . . . . . . . . . . . . . . . . 13
9.2.2. External References . . . . . . . . . . . . . . . . . 14
10. Comments With "$comment" . . . . . . . . . . . . . . . . . . 14
11. Usage for Hypermedia . . . . . . . . . . . . . . . . . . . . 14
11.1. Linking to a Schema . . . . . . . . . . . . . . . . . . 15
Wright & Andrews Expires May 23, 2018 [Page 2]
Internet-Draft JSON Schema November 2017
11.2. Identifying a Schema via a Media Type Parameter . . . . 15
11.3. Usage Over HTTP . . . . . . . . . . . . . . . . . . . . 16
12. Security Considerations . . . . . . . . . . . . . . . . . . . 16
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
13.1. application/schema+json . . . . . . . . . . . . . . . . 17
13.2. application/schema-instance+json . . . . . . . . . . . . 17
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
14.1. Normative References . . . . . . . . . . . . . . . . . . 18
14.2. Informative References . . . . . . . . . . . . . . . . . 19
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 20
Appendix B. ChangeLog . . . . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction
JSON Schema is a JSON media type for defining the structure of JSON
data. JSON Schema is intended to define validation, documentation,
hyperlink navigation, and interaction control of JSON data.
This specification defines JSON Schema core terminology and
mechanisms, including pointing to another JSON Schema by reference,
dereferencing a JSON Schema reference, and specifying the vocabulary
being used.
Other specifications define the vocabularies that perform assertions
about validation, linking, annotation, navigation, and interaction.
2. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
The terms "JSON", "JSON text", "JSON value", "member", "element",
"object", "array", "number", "string", "boolean", "true", "false",
and "null" in this document are to be interpreted as defined in RFC
7159 [RFC7159].
3. Overview
This document proposes a new media type "application/schema+json" to
identify a JSON Schema for describing JSON data. It also proposes a
further optional media type, "application/schema-instance+json", to
provide additional integration features. JSON Schemas are themselves
JSON documents. This, and related specifications, define keywords
allowing authors to describe JSON data in several ways.
Wright & Andrews Expires May 23, 2018 [Page 3]
Internet-Draft JSON Schema November 2017
3.1. Validation
JSON Schema describes the structure of a JSON document (for instance,
required properties and length limitations). Applications can use
this information to validate instances (check that constraints are
met), or inform interfaces to collect user input such that the
constraints are satisfied.
Validation behaviour and keywords are specified in a separate
document [json-schema-validation].
3.2. Hypermedia and Linking
JSON Hyper-Schema describes the hypertext structure of a JSON
document. This includes link relations from the instance to other
resources, interpretation of instances as multimedia data, and
submission data required to use an API.
Hyper-schema behaviour and keywords are specified in a separate
document [json-hyper-schema].
4. Definitions
4.1. JSON Document
A JSON document is an information resource (series of octets)
described by the application/json media type.
In JSON Schema, the terms "JSON document", "JSON text", and "JSON
value" are interchangeable because of the data model it defines.
JSON Schema is only defined over JSON documents. However, any
document or memory structure that can be parsed into or processed
according to the JSON Schema data model can be interpreted against a
JSON Schema, including media types like CBOR [RFC7049].
4.2. Instance
A JSON document to which a schema is applied is known as an
"instance".
4.2.1. Instance Data Model
JSON Schema interprets documents according to a data model. A JSON
value interpreted according to this data model is called an
"instance".
Wright & Andrews Expires May 23, 2018 [Page 4]
Internet-Draft JSON Schema November 2017
An instance has one of six primitive types, and a range of possible
values depending on the type:
null A JSON "null" production
boolean A "true" or "false" value, from the JSON "true" or "false"
productions
object An unordered set of properties mapping a string to an
instance, from the JSON "object" production
array An ordered list of instances, from the JSON "array" production
number An arbitrary-precision, base-10 decimal number value, from
the JSON "number" production
string A string of Unicode code points, from the JSON "string"
production
Whitespace and formatting concerns, including different lexical
representations of numbers that are equal within the data model, are
thus outside the scope of JSON Schema. JSON Schema vocabularies
(Section 4.3.2) that wish to work with such differences in lexical
representations SHOULD define keywords to precisely interpret
formatted strings within the data model rather than relying on having
the original JSON representation Unicode characters available.
Since an object cannot have two properties with the same key,
behavior for a JSON document that tries to define two properties (the
"member" production) with the same key (the "string" production) in a
single object is undefined.
Note that JSON Schema vocabularies are free to define their own
extended type system. This should not be confused with the core data
model types defined here. As an example, "integer" is a reasonable
type for a vocabulary to define as a value for a keyword, but the
data model makes no distinction between integers and other numbers.
4.2.2. Instance Media Types
JSON Schema is designed to fully work with "application/json"
documents, as well as media types using the "+json" structured syntax
suffix.
Some functionality that is useful for working with schemas is defined
by each media type, namely media type parameters and URI fragment
identifier syntax and semantics. These features are useful in
Wright & Andrews Expires May 23, 2018 [Page 5]
Internet-Draft JSON Schema November 2017
content negotiation and in calculating URIs for specific locations
within an instance, respectively.
This specification defines the "application/schema-instance+json"
media type in order to allow instance authors to take full advantage
of parameters and fragment identifiers for these purposes.
4.2.3. Instance Equality
Two JSON instances are said to be equal if and only if they are of
the same type and have the same value according to the data model.
Specifically, this means:
both are null; or
both are true; or
both are false; or
both are strings, and are the same codepoint-for-codepoint; or
both are numbers, and have the same mathematical value; or
both are arrays, and have an equal value item-for-item; or
both are objects, and each property in one has exactly one
property with a key equal to the other's, and that other property
has an equal value.
Implied in this definition is that arrays must be the same length,
objects must have the same number of members, properties in objects
are unordered, there is no way to define multiple properties with the
same key, and mere formatting differences (indentation, placement of
commas, trailing zeros) are insignificant.
4.3. JSON Schema Documents
A JSON Schema document, or simply a schema, is a JSON document used
to describe an instance. A schema is itself interpreted as an
instance, but SHOULD always be given the media type "application/
schema+json" rather than "application/schema-instance+json". The
"application/schema+json" media type is defined to offer a superset
of the media type parameter and fragment identifier syntax and
semantics provided by "application/schema-instance+json".
Wright & Andrews Expires May 23, 2018 [Page 6]
Internet-Draft JSON Schema November 2017
4.3.1. JSON Schema Values and Keywords
A JSON Schema MUST be an object or a boolean.
Object properties that are applied to the instance are called
keywords, or schema keywords. Broadly speaking, keywords fall into
one or both of two categories:
assertions produce a boolean result when applied to an instance
annotations attach information to an instance for application use
Keywords may fall into either or both categories. Extension
keywords, meaning those defined outside of this document and its
companions, are free to define other behaviors as well.
The boolean schema values "true" and "false" are trivial assertions
that always return themselves regardless of the instance value. As
an example, in terms of the validation vocabulary, boolean schemas
are equivalent to the following behaviors:
true Always passes validation, as if the empty schema {}
false Always fails validation, as if the schema { "not":{} }
A JSON Schema MAY contain properties which are not schema keywords.
Unknown keywords SHOULD be ignored.
An empty schema is a JSON Schema with no properties, or only unknown
properties.
4.3.2. JSON Schema Vocabularies
A JSON Schema vocabulary is a set of keywords defined for a
particular purpose. The vocabulary specifies the meaning of its
keywords as assertions, annotations, and/or any vocabulary-defined
keyword category. The two companion standards to this document each
define a vocabulary: One for instance validation, and one for
hypermedia annotations. Vocabularies are the primary mechanism for
extensibility within the JSON Schema media type.
Vocabularies may be defined by any entity. Vocabulary authors SHOULD
take care to avoid keyword name collisions if the vocabulary is
intended for broad use, and potentially combined with other
vocabularies. JSON Schema does not provide any formal namespacing
system, but also does not constrain keyword names, allowing for any
number of namespacing approaches.
Wright & Andrews Expires May 23, 2018 [Page 7]
Internet-Draft JSON Schema November 2017
Vocabularies may build on each other, such as by defining the
behavior of their keywords with respect to the behavior of keywords
from another vocabulary, or by using a keyword from another
vocabulary with a restricted or expanded set of acceptable values.
Not all such vocabulary re-use will result in a new vocabulary that
is compatible with the vocabulary on which it is built. Vocabulary
authors SHOULD clearly document what level of compatibility, if any,
is expected.
A schema that itself describes a schema is called a meta-schema.
Meta-schemas are used to validate JSON Schemas and specify which
vocabulary it is using. [[CREF1: Currently, only a single meta-
schema may be specified per schema, meaning that in order to use
multiple vocabularies, a meta-schema must be written that encompasses
all of them. The hyper-schema meta-schema is an example of this, as
it encompasses the validation vocabulary as well as the hypermedia
vocabulary. ]]
4.3.3. Root Schema and Subschemas
The root schema is the schema that comprises the entire JSON document
in question.
Some keywords take schemas themselves, allowing JSON Schemas to be
nested:
{
"title": "root",
"items": {
"title": "array item"
}
}
In this example document, the schema titled "array item" is a
subschema, and the schema titled "root" is the root schema.
As with the root schema, a subschema is either an object or a
boolean.
5. Fragment Identifiers
In accordance with section 3.1 of [RFC6839], the syntax and semantics
of fragment identifiers specified for any +json media type SHOULD be
as specified for "application/json". (At publication of this
document, there is no fragment identification syntax defined for
"application/json".)
Wright & Andrews Expires May 23, 2018 [Page 8]
Internet-Draft JSON Schema November 2017
Additionally, the "application/schema+json" media type supports two
fragment identifier structures: plain names and JSON Pointers. The
"application/schema-instance+json" media type supports one fragment
identifier structure: JSON Pointers.
The use of JSON Pointers as URI fragment identifiers is described in
RFC 6901 [RFC6901]. For "application/schema+json", which supports
two fragment identifier syntaxes, fragment identifiers matching the
JSON Pointer syntax, including the empty string, MUST be interpreted
as JSON Pointer fragment identifiers.
Per the W3C's best practices for fragment identifiers
[W3C.WD-fragid-best-practices-20121025], plain name fragment
identifiers in "application/schema+json" are reserved for referencing
locally named schemas. All fragment identifiers that do not match
the JSON Pointer syntax MUST be interpreted as plain name fragment
identifiers.
Defining and referencing a plain name fragment identifier within an
"application/schema+json" document are specified in the "$id" keyword
(Section 9.2) section.
6. General Considerations
6.1. Range of JSON Values
An instance may be any valid JSON value as defined by JSON [RFC7159].
JSON Schema imposes no restrictions on type: JSON Schema can describe
any JSON value, including, for example, null.
6.2. Programming Language Independence
JSON Schema is programming language agnostic, and supports the full
range of values described in the data model. Be aware, however, that
some languages and JSON parsers may not be able to represent in
memory the full range of values describable by JSON.
6.3. Mathematical Integers
Some programming languages and parsers use different internal
representations for floating point numbers than they do for integers.
For consistency, integer JSON numbers SHOULD NOT be encoded with a
fractional part.
Wright & Andrews Expires May 23, 2018 [Page 9]
Internet-Draft JSON Schema November 2017
6.4. Extending JSON Schema
Implementations MAY define additional keywords to JSON Schema. Save
for explicit agreement, schema authors SHALL NOT expect these
additional keywords to be supported by peer implementations.
Implementations SHOULD ignore keywords they do not support.
Authors of extensions to JSON Schema are encouraged to write their
own meta-schemas, which extend the existing meta-schemas using
"allOf". This extended meta-schema SHOULD be referenced using the
"$schema" keyword, to allow tools to follow the correct behaviour.
Note that the recursive nature of meta-schemas requires re-defining
recursive keywords in the extended meta-schema, as can be seen in the
JSON Hyper-Schema meta-schema.
7. The "$schema" Keyword
The "$schema" keyword is both used as a JSON Schema version
identifier and the location of a resource which is itself a JSON
Schema, which describes any schema written for this particular
version.
The value of this keyword MUST be a URI [RFC3986] (containing a
scheme) and this URI MUST be normalized. The current schema MUST be
valid against the meta-schema identified by this URI.
If this URI identifies a retrievable resource, that resource SHOULD
be of media type "application/schema+json".
The "$schema" keyword SHOULD be used in a root schema. It MUST NOT
appear in subschemas.
[[CREF2: Using multiple "$schema" keywords in the same document would
imply that the vocabulary and therefore behavior can change within a
document. This would necessitate resolving a number of
implementation concerns that have not yet been clearly defined. So,
while the pattern of using "$schema" only in root schemas is likely
to remain the best practice for schema authoring, implementation
behavior is subject to be revised or liberalized in future drafts.
]]
Values for this property are defined in other documents and by other
parties. JSON Schema implementations SHOULD implement support for
current and previous published drafts of JSON Schema vocabularies as
deemed reasonable.
Wright & Andrews Expires May 23, 2018 [Page 10]
Internet-Draft JSON Schema November 2017
8. Schema References With "$ref"
The "$ref" keyword is used to reference a schema, and provides the
ability to validate recursive structures through self-reference.
An object schema with a "$ref" property MUST be interpreted as a
"$ref" reference. The value of the "$ref" property MUST be a URI
Reference. Resolved against the current URI base, it identifies the
URI of a schema to use. All other properties in a "$ref" object MUST
be ignored.
The URI is not a network locator, only an identifier. A schema need
not be downloadable from the address if it is a network-addressable
URL, and implementations SHOULD NOT assume they should perform a
network operation when they encounter a network-addressable URI.
A schema MUST NOT be run into an infinite loop against a schema. For
example, if two schemas "#alice" and "#bob" both have an "allOf"
property that refers to the other, a naive validator might get stuck
in an infinite recursive loop trying to validate the instance.
Schemas SHOULD NOT make use of infinite recursive nesting like this;
the behavior is undefined.
9. Base URI and Dereferencing
9.1. Initial Base URI
RFC3986 Section 5.1 [RFC3986] defines how to determine the default
base URI of a document.
Informatively, the initial base URI of a schema is the URI at which
it was found, or a suitable substitute URI if none is known.
9.2. The "$id" Keyword
The "$id" keyword defines a URI for the schema, and the base URI that
other URI references within the schema are resolved against. A
subschema's "$id" is resolved against the base URI of its parent
schema. If no parent sets an explicit base with "$id", the base URI
is that of the entire document, as determined per RFC 3986 section 5
[RFC3986].
If present, the value for this keyword MUST be a string, and MUST
represent a valid URI-reference [RFC3986]. This value SHOULD be
normalized, and SHOULD NOT be an empty fragment <#> or an empty
string <>.
Wright & Andrews Expires May 23, 2018 [Page 11]
Internet-Draft JSON Schema November 2017
The root schema of a JSON Schema document SHOULD contain an "$id"
keyword with a URI (containing a scheme). This URI SHOULD either not
have a fragment, or have one that is an empty string. [[CREF3: How
should an "$id" URI reference containing a fragment with other
components be interpreted? There are two cases: when the other
components match the current base URI and when they change the base
URI. ]]
To name subschemas in a JSON Schema document, subschemas can use
"$id" to give themselves a document-local identifier. This is done
by setting "$id" to a URI reference consisting only of a plain name
fragment (not a JSON Pointer fragment). The fragment identifier MUST
begin with a letter ([A-Za-z]), followed by any number of letters,
digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), or
periods (".").
Providing a plain name fragment enables a subschema to be relocated
within a schema without requiring that JSON Pointer references are
updated.
The effect of defining a fragment-only "$id" URI reference that
neither matches the above requirements nor is a valid JSON pointer is
not defined.
For example:
{
"$id": "http://example.com/root.json",
"definitions": {
"A": { "$id": "#foo" },
"B": {
"$id": "other.json",
"definitions": {
"X": { "$id": "#bar" },
"Y": { "$id": "t/inner.json" }
}
},
"C": {
"$id": "urn:uuid:ee564b8a-7a87-4125-8c96-e9f123d6766f"
}
}
}
The schemas at the following URI-encoded JSON Pointers [RFC6901]
(relative to the root schema) have the following base URIs, and are
identifiable by either URI in accordance with Section 5 above:
Wright & Andrews Expires May 23, 2018 [Page 12]
Internet-Draft JSON Schema November 2017
# (document root) http://example.com/root.json#
#/definitions/A http://example.com/root.json#foo
#/definitions/B http://example.com/other.json
#/definitions/B/definitions/X http://example.com/other.json#bar
#/definitions/B/definitions/Y http://example.com/t/inner.json
#/definitions/C urn:uuid:ee564b8a-7a87-4125-8c96-e9f123d6766f
9.2.1. Internal References
Schemas can be identified by any URI that has been given to them,
including a JSON Pointer or their URI given directly by "$id".
Tools SHOULD take note of the URIs that schemas, including
subschemas, provide for themselves using "$id". This is known as
"Internal referencing".
For example, consider this schema:
{
"$id": "http://example.net/root.json",
"items": {
"type": "array",
"items": { "$ref": "#item" }
},
"definitions": {
"single": {
"$id": "#item",
"type": "integer"
}
}
}
When an implementation encounters the <#/definitions/single> schema,
it resolves the "$id" URI reference against the current base URI to
form <http://example.net/root.json#item>.
When an implementation then looks inside the <#/items> schema, it
encounters the <#item> reference, and resolves this to
<http://example.net/root.json#item> which is understood as the schema
defined elsewhere in the same document without needing to resolve the
fragment against the base URI.
Wright & Andrews Expires May 23, 2018 [Page 13]
Internet-Draft JSON Schema November 2017
9.2.2. External References
To differentiate schemas between each other in a vast ecosystem,
schemas are identified by URI. As specified above, this does not
necessarily mean anything is downloaded, but instead JSON Schema
implementations SHOULD already understand the schemas they will be
using, including the URIs that identify them.
Implementations SHOULD be able to associate arbitrary URIs with an
arbitrary schema and/or automatically associate a schema's "$id"-
given URI, depending on the trust that the validator has in the
schema.
A schema MAY (and likely will) have multiple URIs, but there is no
way for a URI to identify more than one schema. When multiple
schemas try to identify with the same URI, validators SHOULD raise an
error condition.
10. Comments With "$comment"
This keyword is reserved for comments from schema authors to readers
or maintainers of the schema. The value of this keyword MUST be a
string. Implementations MUST NOT present this string to end users.
Tools for editing schemas SHOULD support displaying and editing this
keyword. The value of this keyword MAY be used in debug or error
output which is intended for developers making use of schemas.
Schema vocabularies SHOULD allow "$comment" within any object
containing vocabulary keywords. Implementations MAY assume
"$comment" is allowed unless the vocabulary specifically forbids it.
Vocabularies MUST NOT specify any effect of "$comment" beyond what is
described in this specification. Tools that translate other media
types or programming languages to and from application/schema+json
MAY choose to convert that media type or programming language's
native comments to or from "$comment" values. The behavior of such
translation when both native comments and "$comment" properties are
present is implementation-dependent. Implementations SHOULD treat
"$comment" identically to an unknown extension keyword. They MAY
strip "$comment" values at any point during processing. In
particular, this allows for shortening schemas when the size of
deployed schemas is a concern. Implementations MUST NOT take any
other action based on the presence, absence, or contents of
"$comment" properties.
11. Usage for Hypermedia
JSON has been adopted widely by HTTP servers for automated APIs and
robots. This section describes how to enhance processing of JSON
Wright & Andrews Expires May 23, 2018 [Page 14]
Internet-Draft JSON Schema November 2017
documents in a more RESTful manner when used with protocols that
support media types and Web linking [RFC8288].
11.1. Linking to a Schema
It is RECOMMENDED that instances described by a schema provide a link
to a downloadable JSON Schema using the link relation "describedby",
as defined by Linked Data Protocol 1.0, section 8.1
[W3C.REC-ldp-20150226].
In HTTP, such links can be attached to any response using the Link
header [RFC8288]. An example of such a header would be:
Link: <http://example.com/my-hyper-schema#>; rel="describedby"
11.2. Identifying a Schema via a Media Type Parameter
Media types MAY allow for a "schema" media type parameter, which
gives HTTP servers the ability to perform Content-Type Negotiation
based on schema. The media-type parameter MUST be a whitespace-
separated list of URIs (i.e. relative references are invalid).
When using the media type application/schema-instance+json, the
"schema" parameter MUST be supplied.
The schema URI is opaque and SHOULD NOT automatically be
dereferenced. If the implementation does not understand the
semantics of the provided schema, the implementation can instead
follow the "describedby" links, if any, which may provide information
on how to handle the schema. Since "schema" doesn't necessarily
point to a network location, the "describedby" relation is used for
linking to a downloadable schema. However, for simplicity, schema
authors should make these URIs point to the same resource when
possible.
In HTTP, the media-type parameter would be sent inside the Content-
Type header:
Content-Type: application/json;
schema="http://example.com/my-hyper-schema#"
Multiple schemas are whitespace separated:
Wright & Andrews Expires May 23, 2018 [Page 15]
Internet-Draft JSON Schema November 2017
Content-Type: application/json;
schema="http://example.com/alice http://example.com/bob"
[[CREF4: This paragraph assumes that we can register a "schema" link
relation. Should we instead specify something like "tag:json-
schema.org,2017:schema" for now? ]] HTTP can also send the "schema"
in a Link, though this may impact media-type semantics and Content-
Type negotiation if this replaces the media-type parameter entirely:
Link: </alice>;rel="schema", </bob>;rel="schema"
11.3. Usage Over HTTP
When used for hypermedia systems over a network, HTTP [RFC7231] is
frequently the protocol of choice for distributing schemas.
Misbehaving clients can pose problems for server maintainers if they
pull a schema over the network more frequently than necessary, when
it's instead possible to cache a schema for a long period of time.
HTTP servers SHOULD set long-lived caching headers on JSON Schemas.
HTTP clients SHOULD observe caching headers and not re-request
documents within their freshness period. Distributed systems SHOULD
make use of a shared cache and/or caching proxy.
Clients SHOULD set or prepend a User-Agent header specific to the
JSON Schema implementation or software product. Since symbols are
listed in decreasing order of significance, the JSON Schema library
name/version should precede the more generic HTTP library name (if
any). For example:
User-Agent: product-name/5.4.1 so-cool-json-schema/1.0.2 curl/7.43.0
Clients SHOULD be able to make requests with a "From" header so that
server operators can contact the owner of a potentially misbehaving
script.
12. Security Considerations
Both schemas and instances are JSON values. As such, all security
considerations defined in RFC 7159 [RFC7159] apply.
Instances and schemas are both frequently written by untrusted third
parties, to be deployed on public Internet servers. Validators
Wright & Andrews Expires May 23, 2018 [Page 16]
Internet-Draft JSON Schema November 2017
should take care that the parsing of schemas doesn't consume
excessive system resources. Validators MUST NOT fall into an
infinite loop.
Servers need to take care that malicious parties can't change the
functionality of existing schemas by uploading a schema with an pre-
existing or very similar "$id".
Individual JSON Schema vocabularies are liable to also have their own
security considerations. Consult the respective specifications for
more information.
Schema authors should take care with "$comment" contents, as a
malicious implementation can display them to end-users in violation
of a spec, or fail to strip them if such behavior is expected.
A malicious schema author could place executable code or other
dangerous material within a "$comment". Implementations MUST NOT
parse or otherwise take action based on "$comment" contents.
13. IANA Considerations
13.1. application/schema+json
The proposed MIME media type for JSON Schema is defined as follows:
Type name: application
Subtype name: schema+json
Required parameters: N/A
Encoding considerations: Encoding considerations are identical to
those specified for the "application/json" media type. See JSON
[RFC7159].
Security considerations: See Section 12 above.
Interoperability considerations: See Sections 6.2 and 6.3 above.
Fragment identifier considerations: See Section 5
13.2. application/schema-instance+json
The proposed MIME media type for JSON Schema Instances that require a
JSON Schema-specific media type is defined as follows:
Type name: application
Wright & Andrews Expires May 23, 2018 [Page 17]
Internet-Draft JSON Schema November 2017
Subtype name: schema-instance+json
Required parameters:
schema A non-empty list of space-separated URIs, each identifying
a JSON Schema resource. The instance SHOULD successfully
validate against at least one of these schemas. Non-validating
schemas MAY be included for purposes such as allowing clients
to make use of older versions of a schema as long as the
runtime instance validates against that older version.
Encoding considerations: Encoding considerations are identical to
those specified for the "application/json" media type. See JSON
[RFC7159].
Security considerations: See Section 12 above.
Interoperability considerations: See Sections 6.2 and 6.3 above.
Fragment identifier considerations: See Section 5
14. References
14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC6839] Hansen, T. and A. Melnikov, "Additional Media Type
Structured Syntax Suffixes", RFC 6839,
DOI 10.17487/RFC6839, January 2013,
<https://www.rfc-editor.org/info/rfc6839>.
[RFC6901] Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed.,
"JavaScript Object Notation (JSON) Pointer", RFC 6901,
DOI 10.17487/RFC6901, April 2013,
<https://www.rfc-editor.org/info/rfc6901>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014, <https://www.rfc-editor.org/info/rfc7159>.
Wright & Andrews Expires May 23, 2018 [Page 18]
Internet-Draft JSON Schema November 2017
[W3C.REC-ldp-20150226]
Speicher, S., Arwe, J., and A. Malhotra, "Linked Data
Platform 1.0", World Wide Web Consortium Recommendation
REC-ldp-20150226, February 2015,
<http://www.w3.org/TR/2015/REC-ldp-20150226>.
14.2. Informative References
[json-hyper-schema]
Andrews, H. and A. Wright, "JSON Hyper-Schema: A
Vocabulary for Hypermedia Annotation of JSON", draft-
handrews-json-schema-hyperschema-00 (work in progress),
November 2017.
[json-schema-validation]
Wright, A., Andrews, H., and G. Luff, "JSON Schema
Validation: A Vocabulary for Structural Validation of
JSON", draft-handrews-json-schema-validation-00 (work in
progress), November 2017.
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
October 2013, <https://www.rfc-editor.org/info/rfc7049>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
DOI 10.17487/RFC7231, June 2014,
<https://www.rfc-editor.org/info/rfc7231>.
[RFC8288] Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/info/rfc8288>.
[W3C.WD-fragid-best-practices-20121025]
Tennison, J., "Best Practices for Fragment Identifiers and
Media Type Definitions", World Wide Web Consortium
LastCall WD-fragid-best-practices-20121025, October 2012,
<http://www.w3.org/TR/2012/
WD-fragid-best-practices-20121025>.
Wright & Andrews Expires May 23, 2018 [Page 19]
Internet-Draft JSON Schema November 2017
Appendix A. Acknowledgments
Thanks to Gary Court, Francis Galiegue, Kris Zyp, and Geraint Luff
for their work on the initial drafts of JSON Schema.
Thanks to Jason Desrosiers, Daniel Perrett, Erik Wilde, Ben Hutton,
Evgeny Poberezkin, Brad Bowman, Gowry Sankar, Donald Pipowitch, and
Dave Finlay for their submissions and patches to the document.
Appendix B. ChangeLog
[[CREF5: This section to be removed before leaving Internet-Draft
status.]]
draft-handrews-json-schema-00
* Make the concept of a schema keyword vocabulary more clear
* Note that the concept of "integer" is from a vocabulary, not
the data model
* Classify keywords as assertions or annotations and describe
their general behavior
* Explain the boolean schemas in terms of generalized assertions
* Reserve "$comment" for non-user-visible notes about the schema
* Wording improvements around "$id" and fragments
* Note the challenges of extending meta-schemas with recursive
references
* Add "application/schema-instance+json" media type
* Recommend a "schema" link relation / parameter instead of
"profile"
draft-wright-json-schema-01
* Updated intro
* Allowed for any schema to be a boolean
* "$schema" SHOULD NOT appear in subschemas, although that may
change
* Changed "id" to "$id"; all core keywords prefixed with "$"
Wright & Andrews Expires May 23, 2018 [Page 20]
Internet-Draft JSON Schema November 2017
* Clarify and formalize fragments for application/schema+json
* Note applicability to formats such as CBOR that can be
represented in the JSON data model
draft-wright-json-schema-00
* Updated references to JSON
* Updated references to HTTP
* Updated references to JSON Pointer
* Behavior for "id" is now specified in terms of RFC3986
* Aligned vocabulary usage for URIs with RFC3986
* Removed reference to draft-pbryan-zyp-json-ref-03
* Limited use of "$ref" to wherever a schema is expected
* Added definition of the "JSON Schema data model"
* Added additional security considerations
* Defined use of subschema identifiers for "id"
* Rewrote section on usage with HTTP
* Rewrote section on usage with rel="describedBy" and
rel="profile"
* Fixed numerous invalid examples
draft-zyp-json-schema-04
* Split validation keywords into separate document
draft-zyp-json-schema-00
* Initial draft.
* Salvaged from draft v3.
* Mandate the use of JSON Reference, JSON Pointer.
* Define the role of "id". Define URI resolution scope.
Wright & Andrews Expires May 23, 2018 [Page 21]
Internet-Draft JSON Schema November 2017
* Add interoperability considerations.
Authors' Addresses
Austin Wright (editor)
EMail: aaa@bzfx.net
Henry Andrews (editor)
Cloudflare, Inc.
San Francisco, CA
USA
EMail: henry@cloudflare.com
Wright & Andrews Expires May 23, 2018 [Page 22]