Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using metadata policy on metadata parameters with JSON object values #35

Open
Razumain opened this issue Aug 12, 2024 · 3 comments
Open

Using metadata policy on metadata parameters with JSON object values #35

Razumain opened this issue Aug 12, 2024 · 3 comments
Assignees
@vdzhuvinov

Comments

@Razumain
Copy link
Collaborator

Razumain commented Aug 12, 2024
edited
Loading

While updating my implementation I was not very happy to see that objects have been added as optional metadata values for policy processing. I really think some guidance is necessary here.

In order to implement processing of metadata for parameters with object values, it will be necessary to implement object comparison, and this process should be described. Questions that comes to my mind is:

  1. Does order of elements need to match?
  2. Can any object structure be provided?
  3. Is it a match if the metadata object contains all elements of the metadata policy, but also other additional elements?
  4. Is there any difference if the operator is subset_of or superset_of with regard to comparison rules?

The big drawback with objects here is that it really does not fit the metadata policy methodology. The more complex JSON objects, the harder it will be to provide a sensible and useful policy. True Interoperability will be very hard to achieve.

I would personally much rather see policy processing to be limited to simple types. If you want to use policy, then you better define metadata parameters with simple types, as metadata traditionally is defined.

At least I would like to remove any mandatory implementation of policy processing with object values (today it is mandatory in add and default.
@selfissued
Copy link
Member

I agree that simplicity is a virtue, including when applying metadata policies. This aligns with my comment #34 (comment), in which I posit that applying policies will be easier for simple data structures than hierarchical data structures.

@vdzhuvinov
Copy link
Collaborator

Thanks for this feedback Stefan. I will revisit the original considerations for this and will get back here.

@iherman iherman mentioned this issue Sep 4, 2024
Closed
vdzhuvinov added a commit to vdzhuvinov/federation that referenced this issue Dec 13, 2024
@vdzhuvinov
Using non-interoperable JSON may result in unpredictable metadata and…
2540f72 
… metadata policies (iss openid#35)
@vdzhuvinov vdzhuvinov mentioned this issue Dec 13, 2024
Open
@vdzhuvinov
Copy link
Collaborator

I consulted the JSON RFC and standards that use JSON for a language that must exhibit predictable behaviour, like JSON Path.

As long as the JSON, including JSON objects, regardless of complexity, are what the JSON RFC 8259 describes as "interoperable", the policies are going to be predictable and deterministic.

Non-interoperable JSON is for example JSON objects with duplicate member names.

Still, I recognised that some JSON libraries may have issues comparing JSON objects. For this reason, the JSON object support is specced as mandatory only for the value, default and essential operators, as they don't require any comparison. It is optional only for the add operator and the set / JSON array based operators.

Here is a PR to clarify this:

#168

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vdzhuvinov vdzhuvinov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Razumain @vdzhuvinov @selfissued