-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using metadata policy on metadata parameters with JSON object values #35
Comments
I agree that simplicity is a virtue, including when applying metadata policies. This aligns with my comment #34 (comment), in which I posit that applying policies will be easier for simple data structures than hierarchical data structures. |
Thanks for this feedback Stefan. I will revisit the original considerations for this and will get back here. |
… metadata policies (iss openid#35)
I consulted the JSON RFC and standards that use JSON for a language that must exhibit predictable behaviour, like JSON Path. As long as the JSON, including JSON objects, regardless of complexity, are what the JSON RFC 8259 describes as "interoperable", the policies are going to be predictable and deterministic. Non-interoperable JSON is for example JSON objects with duplicate member names. Still, I recognised that some JSON libraries may have issues comparing JSON objects. For this reason, the JSON object support is specced as mandatory only for the Here is a PR to clarify this: |
…iss openid#35) Co-authored-by: Giuseppe De Marco <[email protected]>
…nterop Using non-interoperable JSON may result in unpredictable metadata and metadata policies (iss #35)
While updating my implementation I was not very happy to see that objects have been added as optional metadata values for policy processing. I really think some guidance is necessary here.
In order to implement processing of metadata for parameters with object values, it will be necessary to implement object comparison, and this process should be described. Questions that comes to my mind is:
The big drawback with objects here is that it really does not fit the metadata policy methodology. The more complex JSON objects, the harder it will be to provide a sensible and useful policy. True Interoperability will be very hard to achieve.
I would personally much rather see policy processing to be limited to simple types. If you want to use policy, then you better define metadata parameters with simple types, as metadata traditionally is defined.
At least I would like to remove any mandatory implementation of policy processing with object values (today it is mandatory in
add
anddefault
.The text was updated successfully, but these errors were encountered: