Internet Engineering Task Force                           A. Wright, Ed.
Internet-Draft
Intended status: Informational                           H. Andrews, Ed.
Expires: September 20, 2018                             Cloudflare, Inc.
                                                          March 19, 2018


        JSON Schema: A Media Type for Describing JSON Documents
                     draft-handrews-json-schema-01

Abstract

   JSON Schema defines the media type "application/schema+json", a JSON-
   based format for describing the structure of JSON data.  JSON Schema
   asserts what a JSON document must look like, ways to extract
   information from it, and how to interact with it.  The "application/
   schema-instance+json" media type provides additional feature-rich
   integration with "application/schema+json" beyond what can be offered
   for "application/json" documents.

Note to Readers

   The issues list for this draft can be found at <https://github.com/
   json-schema-org/json-schema-spec/issues>.

   For additional information, see <http://json-schema.org/>.

   To provide feedback, use this issue tracker, the communication
   methods listed on the homepage, or email the document editors.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 20, 2018.





Wright & Andrews       Expires September 20, 2018               [Page 1]


Internet-Draft                 JSON Schema                    March 2018


Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions and Terminology . . . . . . . . . . . . . . . . .   3
   3.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  Validation  . . . . . . . . . . . . . . . . . . . . . . .   4
     3.2.  Annotation  . . . . . . . . . . . . . . . . . . . . . . .   4
     3.3.  Hypermedia and Linking  . . . . . . . . . . . . . . . . .   4
   4.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  JSON Document . . . . . . . . . . . . . . . . . . . . . .   4
     4.2.  Instance  . . . . . . . . . . . . . . . . . . . . . . . .   5
       4.2.1.  Instance Data Model . . . . . . . . . . . . . . . . .   5
       4.2.2.  Instance Media Types  . . . . . . . . . . . . . . . .   6
       4.2.3.  Instance Equality . . . . . . . . . . . . . . . . . .   6
     4.3.  JSON Schema Documents . . . . . . . . . . . . . . . . . .   7
       4.3.1.  JSON Schema Values and Keywords . . . . . . . . . . .   7
       4.3.2.  JSON Schema Vocabularies  . . . . . . . . . . . . . .   8
       4.3.3.  Root Schema and Subschemas  . . . . . . . . . . . . .   8
   5.  Fragment Identifiers  . . . . . . . . . . . . . . . . . . . .   9
   6.  General Considerations  . . . . . . . . . . . . . . . . . . .  10
     6.1.  Range of JSON Values  . . . . . . . . . . . . . . . . . .  10
     6.2.  Programming Language Independence . . . . . . . . . . . .  10
     6.3.  Mathematical Integers . . . . . . . . . . . . . . . . . .  10
     6.4.  Extending JSON Schema . . . . . . . . . . . . . . . . . .  10
   7.  The "$schema" Keyword . . . . . . . . . . . . . . . . . . . .  10
   8.  Base URI and Dereferencing  . . . . . . . . . . . . . . . . .  11
     8.1.  Initial Base URI  . . . . . . . . . . . . . . . . . . . .  11
     8.2.  The "$id" Keyword . . . . . . . . . . . . . . . . . . . .  11
       8.2.1.  Identifying the root schema . . . . . . . . . . . . .  12
       8.2.2.  Changing the base URI within a schema file  . . . . .  12
       8.2.3.  Location-independent identifiers  . . . . . . . . . .  12
       8.2.4.  Schema identification examples  . . . . . . . . . . .  13
     8.3.  Schema References With "$ref" . . . . . . . . . . . . . .  14



Wright & Andrews       Expires September 20, 2018               [Page 2]


Internet-Draft                 JSON Schema                    March 2018


       8.3.1.  Loading a referenced schema . . . . . . . . . . . . .  15
       8.3.2.  Dereferencing . . . . . . . . . . . . . . . . . . . .  15
   9.  Comments With "$comment"  . . . . . . . . . . . . . . . . . .  16
   10. Usage for Hypermedia  . . . . . . . . . . . . . . . . . . . .  17
     10.1.  Linking to a Schema  . . . . . . . . . . . . . . . . . .  17
     10.2.  Identifying a Schema via a Media Type Parameter  . . . .  17
     10.3.  Usage Over HTTP  . . . . . . . . . . . . . . . . . . . .  18
   11. Security Considerations . . . . . . . . . . . . . . . . . . .  19
   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  19
     12.1.  application/schema+json  . . . . . . . . . . . . . . . .  19
     12.2.  application/schema-instance+json . . . . . . . . . . . .  20
   13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  20
     13.1.  Normative References . . . . . . . . . . . . . . . . . .  20
     13.2.  Informative References . . . . . . . . . . . . . . . . .  21
   Appendix A.  Acknowledgments  . . . . . . . . . . . . . . . . . .  23
   Appendix B.  ChangeLog  . . . . . . . . . . . . . . . . . . . . .  23
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  25

1.  Introduction

   JSON Schema is a JSON media type for defining the structure of JSON
   data.  JSON Schema is intended to define validation, documentation,
   hyperlink navigation, and interaction control of JSON data.

   This specification defines JSON Schema core terminology and
   mechanisms, including pointing to another JSON Schema by reference,
   dereferencing a JSON Schema reference, and specifying the vocabulary
   being used.

   Other specifications define the vocabularies that perform assertions
   about validation, linking, annotation, navigation, and interaction.

2.  Conventions and Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   The terms "JSON", "JSON text", "JSON value", "member", "element",
   "object", "array", "number", "string", "boolean", "true", "false",
   and "null" in this document are to be interpreted as defined in RFC
   7159 [RFC7159].

3.  Overview

   This document proposes a new media type "application/schema+json" to
   identify a JSON Schema for describing JSON data.  It also proposes a
   further optional media type, "application/schema-instance+json", to



Wright & Andrews       Expires September 20, 2018               [Page 3]


Internet-Draft                 JSON Schema                    March 2018


   provide additional integration features.  JSON Schemas are themselves
   JSON documents.  This, and related specifications, define keywords
   allowing authors to describe JSON data in several ways.

3.1.  Validation

   JSON Schema describes the structure of a JSON document (for instance,
   required properties and length limitations).  Applications can use
   this information to validate instances (check that constraints are
   met), or inform interfaces to collect user input such that the
   constraints are satisfied.

   Validation behaviour and keywords are specified in a separate
   document [json-schema-validation].

3.2.  Annotation

   JSON Schema can annotate an instance with information, whenever the
   instance validates against the schema object containing the
   annotation, and all of its parent schema objects.

   Detailed annotation behavior, along with a small set of basic
   annotation keywords are defined in the validation specification
   [json-schema-validation].

3.3.  Hypermedia and Linking

   JSON Hyper-Schema describes the hypertext structure of a JSON
   document.  This includes link relations from the instance to other
   resources, interpretation of instances as multimedia data, and
   submission data required to use an API.

   Hyper-schema behaviour and keywords are specified in a separate
   document [json-hyper-schema].

4.  Definitions

4.1.  JSON Document

   A JSON document is an information resource (series of octets)
   described by the application/json media type.

   In JSON Schema, the terms "JSON document", "JSON text", and "JSON
   value" are interchangeable because of the data model it defines.

   JSON Schema is only defined over JSON documents.  However, any
   document or memory structure that can be parsed into or processed




Wright & Andrews       Expires September 20, 2018               [Page 4]


Internet-Draft                 JSON Schema                    March 2018


   according to the JSON Schema data model can be interpreted against a
   JSON Schema, including media types like CBOR [RFC7049].

4.2.  Instance

   A JSON document to which a schema is applied is known as an
   "instance".

4.2.1.  Instance Data Model

   JSON Schema interprets documents according to a data model.  A JSON
   value interpreted according to this data model is called an
   "instance".

   An instance has one of six primitive types, and a range of possible
   values depending on the type:

   null:  A JSON "null" production

   boolean:  A "true" or "false" value, from the JSON "true" or "false"
      productions

   object:  An unordered set of properties mapping a string to an
      instance, from the JSON "object" production

   array:  An ordered list of instances, from the JSON "array"
      production

   number:  An arbitrary-precision, base-10 decimal number value, from
      the JSON "number" production

   string:  A string of Unicode code points, from the JSON "string"
      production

   Whitespace and formatting concerns, including different lexical
   representations of numbers that are equal within the data model, are
   thus outside the scope of JSON Schema.  JSON Schema vocabularies
   (Section 4.3.2) that wish to work with such differences in lexical
   representations SHOULD define keywords to precisely interpret
   formatted strings within the data model rather than relying on having
   the original JSON representation Unicode characters available.

   Since an object cannot have two properties with the same key,
   behavior for a JSON document that tries to define two properties (the
   "member" production) with the same key (the "string" production) in a
   single object is undefined.





Wright & Andrews       Expires September 20, 2018               [Page 5]


Internet-Draft                 JSON Schema                    March 2018


   Note that JSON Schema vocabularies are free to define their own
   extended type system.  This should not be confused with the core data
   model types defined here.  As an example, "integer" is a reasonable
   type for a vocabulary to define as a value for a keyword, but the
   data model makes no distinction between integers and other numbers.

4.2.2.  Instance Media Types

   JSON Schema is designed to fully work with "application/json"
   documents, as well as media types using the "+json" structured syntax
   suffix.

   Some functionality that is useful for working with schemas is defined
   by each media type, namely media type parameters and URI fragment
   identifier syntax and semantics.  These features are useful in
   content negotiation and in calculating URIs for specific locations
   within an instance, respectively.

   This specification defines the "application/schema-instance+json"
   media type in order to allow instance authors to take full advantage
   of parameters and fragment identifiers for these purposes.

4.2.3.  Instance Equality

   Two JSON instances are said to be equal if and only if they are of
   the same type and have the same value according to the data model.
   Specifically, this means:

      both are null; or

      both are true; or

      both are false; or

      both are strings, and are the same codepoint-for-codepoint; or

      both are numbers, and have the same mathematical value; or

      both are arrays, and have an equal value item-for-item; or

      both are objects, and each property in one has exactly one
      property with a key equal to the other's, and that other property
      has an equal value.

   Implied in this definition is that arrays must be the same length,
   objects must have the same number of members, properties in objects
   are unordered, there is no way to define multiple properties with the




Wright & Andrews       Expires September 20, 2018               [Page 6]


Internet-Draft                 JSON Schema                    March 2018


   same key, and mere formatting differences (indentation, placement of
   commas, trailing zeros) are insignificant.

4.3.  JSON Schema Documents

   A JSON Schema document, or simply a schema, is a JSON document used
   to describe an instance.  A schema is itself interpreted as an
   instance, but SHOULD always be given the media type "application/
   schema+json" rather than "application/schema-instance+json".  The
   "application/schema+json" media type is defined to offer a superset
   of the media type parameter and fragment identifier syntax and
   semantics provided by "application/schema-instance+json".

4.3.1.  JSON Schema Values and Keywords

   A JSON Schema MUST be an object or a boolean.

   Object properties that are applied to the instance are called
   keywords, or schema keywords.  Broadly speaking, keywords fall into
   one or both of two categories:

   assertions:  produce a boolean result when applied to an instance

   annotations:  attach information to an instance for application use

   Keywords may fall into either or both categories.  Extension
   keywords, meaning those defined outside of this document and its
   companions, are free to define other behaviors as well.

   The boolean schema values "true" and "false" are trivial assertions
   that always return themselves regardless of the instance value.  As
   an example, in terms of the validation vocabulary, boolean schemas
   are equivalent to the following behaviors:

   true:  Always passes validation, as if the empty schema {}

   false:  Always fails validation, as if the schema { "not":{} }

   A JSON Schema MAY contain properties which are not schema keywords.
   Unknown keywords SHOULD be ignored.

   An empty schema is a JSON Schema with no properties, or only unknown
   properties.








Wright & Andrews       Expires September 20, 2018               [Page 7]


Internet-Draft                 JSON Schema                    March 2018


4.3.2.  JSON Schema Vocabularies

   A JSON Schema vocabulary is a set of keywords defined for a
   particular purpose.  The vocabulary specifies the meaning of its
   keywords as assertions, annotations, and/or any vocabulary-defined
   keyword category.  The two companion standards to this document each
   define a vocabulary: One for instance validation, and one for
   hypermedia annotations.  Vocabularies are the primary mechanism for
   extensibility within the JSON Schema media type.

   Vocabularies may be defined by any entity.  Vocabulary authors SHOULD
   take care to avoid keyword name collisions if the vocabulary is
   intended for broad use, and potentially combined with other
   vocabularies.  JSON Schema does not provide any formal namespacing
   system, but also does not constrain keyword names, allowing for any
   number of namespacing approaches.

   Vocabularies may build on each other, such as by defining the
   behavior of their keywords with respect to the behavior of keywords
   from another vocabulary, or by using a keyword from another
   vocabulary with a restricted or expanded set of acceptable values.
   Not all such vocabulary re-use will result in a new vocabulary that
   is compatible with the vocabulary on which it is built.  Vocabulary
   authors SHOULD clearly document what level of compatibility, if any,
   is expected.

   A schema that itself describes a schema is called a meta-schema.
   Meta-schemas are used to validate JSON Schemas and specify which
   vocabulary it is using.  [[CREF1: Currently, only a single meta-
   schema may be specified per schema, meaning that in order to use
   multiple vocabularies, a meta-schema must be written that encompasses
   all of them.  The hyper-schema meta-schema is an example of this, as
   it encompasses the validation vocabulary as well as the hypermedia
   vocabulary.  ]]

4.3.3.  Root Schema and Subschemas

   The root schema is the schema that comprises the entire JSON document
   in question.

   Some keywords take schemas themselves, allowing JSON Schemas to be
   nested:









Wright & Andrews       Expires September 20, 2018               [Page 8]


Internet-Draft                 JSON Schema                    March 2018


   {
       "title": "root",
       "items": {
           "title": "array item"
       }
   }


   In this example document, the schema titled "array item" is a
   subschema, and the schema titled "root" is the root schema.

   As with the root schema, a subschema is either an object or a
   boolean.

5.  Fragment Identifiers

   In accordance with section 3.1 of [RFC6839], the syntax and semantics
   of fragment identifiers specified for any +json media type SHOULD be
   as specified for "application/json".  (At publication of this
   document, there is no fragment identification syntax defined for
   "application/json".)

   Additionally, the "application/schema+json" media type supports two
   fragment identifier structures: plain names and JSON Pointers.  The
   "application/schema-instance+json" media type supports one fragment
   identifier structure: JSON Pointers.

   The use of JSON Pointers as URI fragment identifiers is described in
   RFC 6901 [RFC6901].  For "application/schema+json", which supports
   two fragment identifier syntaxes, fragment identifiers matching the
   JSON Pointer syntax, including the empty string, MUST be interpreted
   as JSON Pointer fragment identifiers.

   Per the W3C's best practices for fragment identifiers
   [W3C.WD-fragid-best-practices-20121025], plain name fragment
   identifiers in "application/schema+json" are reserved for referencing
   locally named schemas.  All fragment identifiers that do not match
   the JSON Pointer syntax MUST be interpreted as plain name fragment
   identifiers.

   Defining and referencing a plain name fragment identifier within an
   "application/schema+json" document are specified in the "$id" keyword
   (Section 8.2) section.








Wright & Andrews       Expires September 20, 2018               [Page 9]


Internet-Draft                 JSON Schema                    March 2018


6.  General Considerations

6.1.  Range of JSON Values

   An instance may be any valid JSON value as defined by JSON [RFC7159].
   JSON Schema imposes no restrictions on type: JSON Schema can describe
   any JSON value, including, for example, null.

6.2.  Programming Language Independence

   JSON Schema is programming language agnostic, and supports the full
   range of values described in the data model.  Be aware, however, that
   some languages and JSON parsers may not be able to represent in
   memory the full range of values describable by JSON.

6.3.  Mathematical Integers

   Some programming languages and parsers use different internal
   representations for floating point numbers than they do for integers.

   For consistency, integer JSON numbers SHOULD NOT be encoded with a
   fractional part.

6.4.  Extending JSON Schema

   Implementations MAY define additional keywords to JSON Schema.  Save
   for explicit agreement, schema authors SHALL NOT expect these
   additional keywords to be supported by peer implementations.
   Implementations SHOULD ignore keywords they do not support.

   Authors of extensions to JSON Schema are encouraged to write their
   own meta-schemas, which extend the existing meta-schemas using
   "allOf".  This extended meta-schema SHOULD be referenced using the
   "$schema" keyword, to allow tools to follow the correct behaviour.

   Note that the recursive nature of meta-schemas requires re-defining
   recursive keywords in the extended meta-schema, as can be seen in the
   JSON Hyper-Schema meta-schema.

7.  The "$schema" Keyword

   The "$schema" keyword is both used as a JSON Schema version
   identifier and the location of a resource which is itself a JSON
   Schema, which describes any schema written for this particular
   version.






Wright & Andrews       Expires September 20, 2018              [Page 10]


Internet-Draft                 JSON Schema                    March 2018


   The value of this keyword MUST be a URI [RFC3986] (containing a
   scheme) and this URI MUST be normalized.  The current schema MUST be
   valid against the meta-schema identified by this URI.

   If this URI identifies a retrievable resource, that resource SHOULD
   be of media type "application/schema+json".

   The "$schema" keyword SHOULD be used in a root schema.  It MUST NOT
   appear in subschemas.

   [[CREF2: Using multiple "$schema" keywords in the same document would
   imply that the vocabulary and therefore behavior can change within a
   document.  This would necessitate resolving a number of
   implementation concerns that have not yet been clearly defined.  So,
   while the pattern of using "$schema" only in root schemas is likely
   to remain the best practice for schema authoring, implementation
   behavior is subject to be revised or liberalized in future drafts.
   ]]

   Values for this property are defined in other documents and by other
   parties.  JSON Schema implementations SHOULD implement support for
   current and previous published drafts of JSON Schema vocabularies as
   deemed reasonable.

8.  Base URI and Dereferencing

   To differentiate between schemas in a vast ecosystem, schemas are
   identified by URI [RFC3986], and can embed references to other
   schemas by specifying their URI.

8.1.  Initial Base URI

   RFC3986 Section 5.1 [RFC3986] defines how to determine the default
   base URI of a document.

   Informatively, the initial base URI of a schema is the URI at which
   it was found, or a suitable substitute URI if none is known.

8.2.  The "$id" Keyword

   The "$id" keyword defines a URI for the schema, and the base URI that
   other URI references within the schema are resolved against.  A
   subschema's "$id" is resolved against the base URI of its parent
   schema.  If no parent sets an explicit base with "$id", the base URI
   is that of the entire document, as determined per RFC 3986 section 5
   [RFC3986].





Wright & Andrews       Expires September 20, 2018              [Page 11]


Internet-Draft                 JSON Schema                    March 2018


   If present, the value for this keyword MUST be a string, and MUST
   represent a valid URI-reference [RFC3986].  This value SHOULD be
   normalized, and SHOULD NOT be an empty fragment <#> or an empty
   string <>.

8.2.1.  Identifying the root schema

   The root schema of a JSON Schema document SHOULD contain an "$id"
   keyword with an absolute-URI [RFC3986] (containing a scheme, but no
   fragment), or this absolute URI but with an empty fragment.

8.2.2.  Changing the base URI within a schema file

   When an "$id" sets the base URI, the object containing that "$id" and
   all of its subschemas can be identified by using a JSON Pointer
   fragment starting from that location.  This is true even of
   subschemas that further change the base URI.  Therefore, a single
   subschema may be accessible by multiple URIs, each consisting of base
   URI declared in the subschema or a parent, along with a JSON Pointer
   fragment identifying the path from the schema object that declares
   the base to the subschema being identified.  Examples of this are
   shown in section 8.2.4.

8.2.3.  Location-independent identifiers

   Using JSON Pointer fragments requires knowledge of the structure of
   the schema.  When writing schema documents with the intention to
   provide re-usable schemas, it may be preferable to use a plain name
   fragment that is not tied to any particular structural location.
   This allows a subschema to be relocated without requiring JSON
   Pointer references to be updated.

   To specify such a subschema identifier, the "$id" keyword is set to a
   URI reference with a plain name fragment (not a JSON Pointer
   fragment).  This value MUST begin with the number sign that specifies
   a fragment ("#"), then a letter ([A-Za-z]), followed by any number of
   letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons
   (":"), or periods (".").

   The effect of using a fragment in "$id" that isn't blank or doesn't
   follow the plain name syntax is undefined.  [[CREF3: How should an
   "$id" URI reference containing a fragment with other components be
   interpreted?  There are two cases: when the other components match
   the current base URI and when they change the base URI.  ]]







Wright & Andrews       Expires September 20, 2018              [Page 12]


Internet-Draft                 JSON Schema                    March 2018


8.2.4.  Schema identification examples

   Consider the following schema, which shows "$id" being used to
   identify the root schema, change the base URI for subschemas, and
   assign plain name fragments to subschemas:


   {
       "$id": "http://example.com/root.json",
       "definitions": {
           "A": { "$id": "#foo" },
           "B": {
               "$id": "other.json",
               "definitions": {
                   "X": { "$id": "#bar" },
                   "Y": { "$id": "t/inner.json" }
               }
           },
           "C": {
               "$id": "urn:uuid:ee564b8a-7a87-4125-8c96-e9f123d6766f"
           }
       }
   }


   The schemas at the following URI-encoded JSON Pointers [RFC6901]
   (relative to the root schema) have the following base URIs, and are
   identifiable by any listed URI in accordance with Section 5 above:

   # (document root)

         http://example.com/root.json

         http://example.com/root.json#

   #/definitions/A

         http://example.com/root.json#foo

         http://example.com/root.json#/definitions/A

   #/definitions/B

         http://example.com/other.json

         http://example.com/other.json#

         http://example.com/root.json#/definitions/B



Wright & Andrews       Expires September 20, 2018              [Page 13]


Internet-Draft                 JSON Schema                    March 2018


   #/definitions/B/definitions/X

         http://example.com/other.json#bar

         http://example.com/other.json#/definitions/X

         http://example.com/root.json#/definitions/B/definitions/X

   #/definitions/B/definitions/Y

         http://example.com/t/inner.json

         http://example.com/t/inner.json#

         http://example.com/other.json#/definitions/Y

         http://example.com/root.json#/definitions/B/definitions/Y

   #/definitions/C

         urn:uuid:ee564b8a-7a87-4125-8c96-e9f123d6766f

         urn:uuid:ee564b8a-7a87-4125-8c96-e9f123d6766f#

         http://example.com/root.json#/definitions/C

8.3.  Schema References With "$ref"

   The "$ref" keyword is used to reference a schema, and provides the
   ability to validate recursive structures through self-reference.

   An object schema with a "$ref" property MUST be interpreted as a
   "$ref" reference.  The value of the "$ref" property MUST be a URI
   Reference.  Resolved against the current URI base, it identifies the
   URI of a schema to use.  All other properties in a "$ref" object MUST
   be ignored.

   The URI is not a network locator, only an identifier.  A schema need
   not be downloadable from the address if it is a network-addressable
   URL, and implementations SHOULD NOT assume they should perform a
   network operation when they encounter a network-addressable URI.

   A schema MUST NOT be run into an infinite loop against a schema.  For
   example, if two schemas "#alice" and "#bob" both have an "allOf"
   property that refers to the other, a naive validator might get stuck
   in an infinite recursive loop trying to validate the instance.
   Schemas SHOULD NOT make use of infinite recursive nesting like this;
   the behavior is undefined.



Wright & Andrews       Expires September 20, 2018              [Page 14]


Internet-Draft                 JSON Schema                    March 2018


8.3.1.  Loading a referenced schema

   The use of URIs to identify remote schemas does not necessarily mean
   anything is downloaded, but instead JSON Schema implementations
   SHOULD understand ahead of time which schemas they will be using, and
   the URIs that identify them.

   When schemas are downloaded, for example by a generic user-agent that
   doesn't know until runtime which schemas to download, see Usage for
   Hypermedia (Section 10).

   Implementations SHOULD be able to associate arbitrary URIs with an
   arbitrary schema and/or automatically associate a schema's "$id"-
   given URI, depending on the trust that the validator has in the
   schema.  Such URIs and schemas can be supplied to an implementation
   prior to processing instances, or may be noted within a schema
   document as it is processed, producing associations as shown in
   section 8.2.4.

   A schema MAY (and likely will) have multiple URIs, but there is no
   way for a URI to identify more than one schema.  When multiple
   schemas try to identify as the same URI, validators SHOULD raise an
   error condition.

8.3.2.  Dereferencing

   Schemas can be identified by any URI that has been given to them,
   including a JSON Pointer or their URI given directly by "$id".  In
   all cases, dereferencing a "$ref" reference involves first resolving
   its value as a URI reference against the current base URI per RFC
   3986 [RFC3986].

   If the resulting URI identifies a schema within the current document,
   or within another schema document that has been made available to the
   implementation, then that schema SHOULD be used automatically.

   For example, consider this schema:














Wright & Andrews       Expires September 20, 2018              [Page 15]


Internet-Draft                 JSON Schema                    March 2018


   {
       "$id": "http://example.net/root.json",
       "items": {
           "type": "array",
           "items": { "$ref": "#item" }
       },
       "definitions": {
           "single": {
               "$id": "#item",
               "type": "object",
               "additionalProperties": { "$ref": "other.json" }
           }
       }
   }


   When an implementation encounters the <#/definitions/single> schema,
   it resolves the "$id" URI reference against the current base URI to
   form <http://example.net/root.json#item>.

   When an implementation then looks inside the <#/items> schema, it
   encounters the <#item> reference, and resolves this to
   <http://example.net/root.json#item>, which it has seen defined in
   this same document and can therefore use automatically.

   When an implementation encounters the reference to "other.json", it
   resolves this to <http://example.net/other.json>, which is not
   defined in this document.  If a schema with that identifier has
   otherwise been supplied to the implementation, it can also be used
   automatically.  [[CREF4: What should implementations do when the
   referenced schema is not known?  Are there circumstances in which
   automatic network dereferencing is allowed?  A same origin policy?  A
   user-configurable option?  In the case of an evolving API described
   by Hyper-Schema, it is expected that new schemas will be added to the
   system dynamically, so placing an absolute requirement of pre-loading
   schema documents is not feasible.  ]]

9.  Comments With "$comment"

   This keyword is reserved for comments from schema authors to readers
   or maintainers of the schema.  The value of this keyword MUST be a
   string.  Implementations MUST NOT present this string to end users.
   Tools for editing schemas SHOULD support displaying and editing this
   keyword.  The value of this keyword MAY be used in debug or error
   output which is intended for developers making use of schemas.
   Schema vocabularies SHOULD allow "$comment" within any object
   containing vocabulary keywords.  Implementations MAY assume
   "$comment" is allowed unless the vocabulary specifically forbids it.



Wright & Andrews       Expires September 20, 2018              [Page 16]


Internet-Draft                 JSON Schema                    March 2018


   Vocabularies MUST NOT specify any effect of "$comment" beyond what is
   described in this specification.  Tools that translate other media
   types or programming languages to and from application/schema+json
   MAY choose to convert that media type or programming language's
   native comments to or from "$comment" values.  The behavior of such
   translation when both native comments and "$comment" properties are
   present is implementation-dependent.  Implementations SHOULD treat
   "$comment" identically to an unknown extension keyword.  They MAY
   strip "$comment" values at any point during processing.  In
   particular, this allows for shortening schemas when the size of
   deployed schemas is a concern.  Implementations MUST NOT take any
   other action based on the presence, absence, or contents of
   "$comment" properties.

10.  Usage for Hypermedia

   JSON has been adopted widely by HTTP servers for automated APIs and
   robots.  This section describes how to enhance processing of JSON
   documents in a more RESTful manner when used with protocols that
   support media types and Web linking [RFC8288].

10.1.  Linking to a Schema

   It is RECOMMENDED that instances described by a schema provide a link
   to a downloadable JSON Schema using the link relation "describedby",
   as defined by Linked Data Protocol 1.0, section 8.1
   [W3C.REC-ldp-20150226].

   In HTTP, such links can be attached to any response using the Link
   header [RFC8288].  An example of such a header would be:


   Link: <http://example.com/my-hyper-schema#>; rel="describedby"


10.2.  Identifying a Schema via a Media Type Parameter

   Media types MAY allow for a "schema" media type parameter, which
   gives HTTP servers the ability to perform Content-Type Negotiation
   based on schema.  The media-type parameter MUST be a whitespace-
   separated list of URIs (i.e. relative references are invalid).

   When using the media type application/schema-instance+json, the
   "schema" parameter MUST be supplied.

   The schema URI is opaque and SHOULD NOT automatically be
   dereferenced.  If the implementation does not understand the
   semantics of the provided schema, the implementation can instead



Wright & Andrews       Expires September 20, 2018              [Page 17]


Internet-Draft                 JSON Schema                    March 2018


   follow the "describedby" links, if any, which may provide information
   on how to handle the schema.  Since "schema" doesn't necessarily
   point to a network location, the "describedby" relation is used for
   linking to a downloadable schema.  However, for simplicity, schema
   authors should make these URIs point to the same resource when
   possible.

   In HTTP, the media-type parameter would be sent inside the Content-
   Type header:


   Content-Type: application/json;
             schema="http://example.com/my-hyper-schema#"


   Multiple schemas are whitespace separated:


   Content-Type: application/json;
             schema="http://example.com/alice http://example.com/bob"


   [[CREF5: This paragraph assumes that we can register a "schema" link
   relation.  Should we instead specify something like "tag:json-
   schema.org,2017:schema" for now? ]] HTTP can also send the "schema"
   in a Link, though this may impact media-type semantics and Content-
   Type negotiation if this replaces the media-type parameter entirely:


   Link: </alice>;rel="schema", </bob>;rel="schema"


10.3.  Usage Over HTTP

   When used for hypermedia systems over a network, HTTP [RFC7231] is
   frequently the protocol of choice for distributing schemas.
   Misbehaving clients can pose problems for server maintainers if they
   pull a schema over the network more frequently than necessary, when
   it's instead possible to cache a schema for a long period of time.

   HTTP servers SHOULD set long-lived caching headers on JSON Schemas.
   HTTP clients SHOULD observe caching headers and not re-request
   documents within their freshness period.  Distributed systems SHOULD
   make use of a shared cache and/or caching proxy.

   Clients SHOULD set or prepend a User-Agent header specific to the
   JSON Schema implementation or software product.  Since symbols are
   listed in decreasing order of significance, the JSON Schema library



Wright & Andrews       Expires September 20, 2018              [Page 18]


Internet-Draft                 JSON Schema                    March 2018


   name/version should precede the more generic HTTP library name (if
   any).  For example:


   User-Agent: product-name/5.4.1 so-cool-json-schema/1.0.2 curl/7.43.0


   Clients SHOULD be able to make requests with a "From" header so that
   server operators can contact the owner of a potentially misbehaving
   script.

11.  Security Considerations

   Both schemas and instances are JSON values.  As such, all security
   considerations defined in RFC 7159 [RFC7159] apply.

   Instances and schemas are both frequently written by untrusted third
   parties, to be deployed on public Internet servers.  Validators
   should take care that the parsing and validating against schemas
   doesn't consume excessive system resources.  Validators MUST NOT fall
   into an infinite loop.

   Servers MUST ensure that malicious parties can't change the
   functionality of existing schemas by uploading a schema with an pre-
   existing or very similar "$id".

   Individual JSON Schema vocabularies are liable to also have their own
   security considerations.  Consult the respective specifications for
   more information.

   Schema authors should take care with "$comment" contents, as a
   malicious implementation can display them to end-users in violation
   of a spec, or fail to strip them if such behavior is expected.

   A malicious schema author could place executable code or other
   dangerous material within a "$comment".  Implementations MUST NOT
   parse or otherwise take action based on "$comment" contents.

12.  IANA Considerations

12.1.  application/schema+json

   The proposed MIME media type for JSON Schema is defined as follows:

      Type name: application

      Subtype name: schema+json




Wright & Andrews       Expires September 20, 2018              [Page 19]


Internet-Draft                 JSON Schema                    March 2018


      Required parameters: N/A

      Encoding considerations: Encoding considerations are identical to
      those specified for the "application/json" media type.  See JSON
      [RFC7159].

      Security considerations: See Section 11 above.

      Interoperability considerations: See Sections 6.2 and 6.3 above.

      Fragment identifier considerations: See Section 5

12.2.  application/schema-instance+json

   The proposed MIME media type for JSON Schema Instances that require a
   JSON Schema-specific media type is defined as follows:

      Type name: application

      Subtype name: schema-instance+json

      Required parameters:

      schema:  A non-empty list of space-separated URIs, each
         identifying a JSON Schema resource.  The instance SHOULD
         successfully validate against at least one of these schemas.
         Non-validating schemas MAY be included for purposes such as
         allowing clients to make use of older versions of a schema as
         long as the runtime instance validates against that older
         version.

      Encoding considerations: Encoding considerations are identical to
      those specified for the "application/json" media type.  See JSON
      [RFC7159].

      Security considerations: See Section 11 above.

      Interoperability considerations: See Sections 6.2 and 6.3 above.

      Fragment identifier considerations: See Section 5

13.  References

13.1.  Normative References







Wright & Andrews       Expires September 20, 2018              [Page 20]


Internet-Draft                 JSON Schema                    March 2018


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, DOI 10.17487/RFC3986, January 2005,
              <https://www.rfc-editor.org/info/rfc3986>.

   [RFC6839]  Hansen, T. and A. Melnikov, "Additional Media Type
              Structured Syntax Suffixes", RFC 6839,
              DOI 10.17487/RFC6839, January 2013,
              <https://www.rfc-editor.org/info/rfc6839>.

   [RFC6901]  Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed.,
              "JavaScript Object Notation (JSON) Pointer", RFC 6901,
              DOI 10.17487/RFC6901, April 2013,
              <https://www.rfc-editor.org/info/rfc6901>.

   [RFC7159]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <https://www.rfc-editor.org/info/rfc7159>.

   [W3C.REC-ldp-20150226]
              Speicher, S., Arwe, J., and A. Malhotra, "Linked Data
              Platform 1.0", World Wide Web Consortium Recommendation
              REC-ldp-20150226, February 2015,
              <http://www.w3.org/TR/2015/REC-ldp-20150226>.

13.2.  Informative References

   [json-hyper-schema]
              Andrews, H. and A. Wright, "JSON Hyper-Schema: A
              Vocabulary for Hypermedia Annotation of JSON", draft-
              handrews-json-schema-hyperschema-01 (work in progress),
              November 2017.

   [json-schema-validation]
              Wright, A., Andrews, H., and G. Luff, "JSON Schema
              Validation: A Vocabulary for Structural Validation of
              JSON", draft-handrews-json-schema-validation-01 (work in
              progress), November 2017.

   [RFC7049]  Bormann, C. and P. Hoffman, "Concise Binary Object
              Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
              October 2013, <https://www.rfc-editor.org/info/rfc7049>.




Wright & Andrews       Expires September 20, 2018              [Page 21]


Internet-Draft                 JSON Schema                    March 2018


   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
              DOI 10.17487/RFC7231, June 2014,
              <https://www.rfc-editor.org/info/rfc7231>.

   [RFC8288]  Nottingham, M., "Web Linking", RFC 8288,
              DOI 10.17487/RFC8288, October 2017,
              <https://www.rfc-editor.org/info/rfc8288>.

   [W3C.WD-fragid-best-practices-20121025]
              Tennison, J., "Best Practices for Fragment Identifiers and
              Media Type Definitions", World Wide Web Consortium WD WD-
              fragid-best-practices-20121025, October 2012,
              <http://www.w3.org/TR/2012/
              WD-fragid-best-practices-20121025>.




































Wright & Andrews       Expires September 20, 2018              [Page 22]


Internet-Draft                 JSON Schema                    March 2018


Appendix A.  Acknowledgments

   Thanks to Gary Court, Francis Galiegue, Kris Zyp, and Geraint Luff
   for their work on the initial drafts of JSON Schema.

   Thanks to Jason Desrosiers, Daniel Perrett, Erik Wilde, Ben Hutton,
   Evgeny Poberezkin, Brad Bowman, Gowry Sankar, Donald Pipowitch, and
   Dave Finlay for their submissions and patches to the document.

Appendix B.  ChangeLog

   [[CREF6: This section to be removed before leaving Internet-Draft
   status.]]

   draft-handrews-json-schema-01

      *  This draft is purely a clarification with no functional changes

      *  Emphasized annotations as a primary usage of JSON Schema

      *  Clarified $id by use cases

      *  Exhaustive schema identification examples

      *  Replaced "external referencing" with how and when an
         implementation might know of a schema from another doucment

      *  Replaced "internal referencing" with how an implementation
         should recognized schema identifiers during parsing

      *  Dereferencing the former "internal" or "external" references is
         always the same process

      *  Minor formatting improvements

   draft-handrews-json-schema-00

      *  Make the concept of a schema keyword vocabulary more clear

      *  Note that the concept of "integer" is from a vocabulary, not
         the data model

      *  Classify keywords as assertions or annotations and describe
         their general behavior

      *  Explain the boolean schemas in terms of generalized assertions

      *  Reserve "$comment" for non-user-visible notes about the schema



Wright & Andrews       Expires September 20, 2018              [Page 23]


Internet-Draft                 JSON Schema                    March 2018


      *  Wording improvements around "$id" and fragments

      *  Note the challenges of extending meta-schemas with recursive
         references

      *  Add "application/schema-instance+json" media type

      *  Recommend a "schema" link relation / parameter instead of
         "profile"

   draft-wright-json-schema-01

      *  Updated intro

      *  Allowed for any schema to be a boolean

      *  "$schema" SHOULD NOT appear in subschemas, although that may
         change

      *  Changed "id" to "$id"; all core keywords prefixed with "$"

      *  Clarify and formalize fragments for application/schema+json

      *  Note applicability to formats such as CBOR that can be
         represented in the JSON data model

   draft-wright-json-schema-00

      *  Updated references to JSON

      *  Updated references to HTTP

      *  Updated references to JSON Pointer

      *  Behavior for "id" is now specified in terms of RFC3986

      *  Aligned vocabulary usage for URIs with RFC3986

      *  Removed reference to draft-pbryan-zyp-json-ref-03

      *  Limited use of "$ref" to wherever a schema is expected

      *  Added definition of the "JSON Schema data model"

      *  Added additional security considerations

      *  Defined use of subschema identifiers for "id"




Wright & Andrews       Expires September 20, 2018              [Page 24]


Internet-Draft                 JSON Schema                    March 2018


      *  Rewrote section on usage with HTTP

      *  Rewrote section on usage with rel="describedBy" and
         rel="profile"

      *  Fixed numerous invalid examples

   draft-zyp-json-schema-04

      *  Salvaged from draft v3.

      *  Split validation keywords into separate document.

      *  Split hypermedia keywords into separate document.

      *  Initial post-split draft.

      *  Mandate the use of JSON Reference, JSON Pointer.

      *  Define the role of "id".  Define URI resolution scope.

      *  Add interoperability considerations.

   draft-zyp-json-schema-00

      *  Initial draft.

Authors' Addresses

   Austin Wright (editor)

   EMail: aaa@bzfx.net


   Henry Andrews (editor)
   Cloudflare, Inc.
   San Francisco, CA
   USA

   EMail: henry@cloudflare.com











Wright & Andrews       Expires September 20, 2018              [Page 25]