Technical Architecture Group Teleconference

17 Oct 2013


Daniel Appelquist, Tim Bray, Doug Crockford, Tim Berners-Lee, Sergey Konstantinov, Yves Lafon, Philippe Le Hegaret, Peter Linss, Matt Miller, Alex Russell, Wendy Seltzer, Jeni Tennison, Henry S. Thompson, Anne van Kesteren
Yehuda Katz
Daniel Appelquist
Henry S. Thompson


JSON liaison

DKA: Welcome to our guests
... The topic of JSON came up at the recent TAG f2f
... Particularly the question of the relation between work and specs at ECMA TC39 and the IETF JSON WG
... We wanted to help with any possible coordination issues, but didn't feel we had enough information
... And thought that getting a number of the relevant players from the two groups "in the same room"
... So here we are
... So, AR, what were your particular concerns

AR: We were trying to see if we could identify and perhaps better coordinate wrt what we saw as overlap between TC39 work and IETF JSON WG work

DKA: Potential output would be a decision to spawn some joint work, but everything is on the table
... If the TAG can help, we'd like to

MM: I'm one of the cochairs of JSON WG at the IETF

MM: RFC 4627 is the only existing IETF JSON doc, but it's informational

MM: The WG was chartered to revise this to the Standards track, as there was real need from other IETF docs for a normative reference
... IETF participation in WGs is by individuals volunteering, and a number of people have gotten invovled
... We reached WG consensus recently, and are now in what is known as WG Last Call at the IETF
... The next step would be IETF Last Call

<twbray> Possibly of interest related to this discussion:

<twbray> Specifications of JSON: https://www.tbray.org/tmp/draft-ietf-json-rfc4627bis-06.html#rfc.section.1.2

<twbray> Introduction to This Revision: https://www.tbray.org/tmp/draft-ietf-json-rfc4627bis-06.html#rfc.section.1.3

<twbray> Appendix A. Changes from RFC 4627: https://www.tbray.org/tmp/draft-ietf-json-rfc4627bis-06.html#rfc.appendix.A

HST: IETF LC is similar to W3C Last Call and/or CR, in that it's a) the point at which wide review is appropriate and b) the point before adoption

<annevk> So, FWIW, the combination of XMLHttpRequest's JSON and JSON's definition in ECMAScript has a wider grammar than this RFC

<annevk> It doesn't seem useful from a platform perspective...

DKA: Is IETF LC our opportunity to get involved?
... AK, AR, could you say what you think the issues are?

AR: I'd first like to hear DC's perspective

DC: I'm not involved now in the IETF effort -- I was for a while, but left the WG because I was concerned about the direction the WG was going
... I went back to ECMA and produced a grammar of JSON as a serialization of Javascript: http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf
... Which was intended for other specs and so on to reference

<slightlyoff> didn't understand...what's the issue?

DC: The old RFC 4627 was never intended to be a language spec., it was a necessary part of registering the application/json media type

TBL: What was the char encoding?

AvK: [inaudible]

TBL: I think you're talking about the US-ASCII default for the text/... MIME tree

<annevk> What I tried to say was that text/* has a bunch of IETF legacy they don't really want to get around, but implementers have. So we have text/vtt and such today that work sanely...

DKA: When was the old RFC?

DC: July 2006

DKA: So maybe that's water under the bridge -- TB, what's your view?

TB: The draft we published a few weeks ago is worth a look
... There are many specifications of JSON: json.org, ecmascript 5.2, rfc4627, ecma 404
... hard to see any as more canonical than any others

TB: They are all consistent, except for the original 4627 which has some top-level constraints
... the IETF draft (http://tools.ietf.org/html/draft-ietf-json-rfc4627bis-06), which I encourage you all to read, just retakes the RFC and adds notes about places where interoperability problems have been observed

AR: I have recalled from the TC39 discussions that there was debate about the semantics which was encodable
... ECMA404 explictly declines talk about the semantics: willful ignorance
... Embedding specs, e.g. browser specs, might supply (most likely) Javascript semantics
... Whereas the IETF draft does give some semantics
... DC, can you confirm that "no semantics" was your intent?

DC: Yes, precisely -- that's a matter for consuming application

TBL: So some flexibility in interpretation?

DC: Yes -- what I did not want to do was require that what Javascript does is what everyone should do

AR: Whereas I hear the IETF saying that this "willful ignorance" leads to interop problems

AR: And they want to fix that
... TB, is that right?

TB: No, I don't think so
... First, "the IETF" doesn't say anything as such

TB: Second, the WG thinks that JSON generally works great
... interoperability is good
... There are a few areas where interoperability issues have been observed, and the IETF draft [4627bis] tries to enumerate them
... but the IETF draft does NOT contain any MUSTs or SHOULDs that weren't in 4627

TB: In particular, in my day job work wrt identity some of these give rise to security vulnerabilities

<twbray> One particular standards-writing pain point is that people who are doing identity standards is that they have to reference JSON and then add extra criteria such as MUST NOT have dupe keys. We'd like to give them something to point to so they don't have to repeat that for every standard

DKA: Are you aware of incompatibility with ECMA404?

AvK: ECMA404 specifies a language which is a superset of the language in 4627bis

AvK: A document consisting of 'false' is allowed by ECMA404, but not by 4627bis

TB: Yes, that's the point I mentioned above which we inherited from 4627

AvK: What we want is to have interop with the JSON that Javascript will parse

<annevk> What we want for web platform APIs is to have interoperability with JSON.parse() from JavaScript

<annevk> E.g. xhr.responseType = "json"; alert(xhr.response) when you load a resource that contains "false" should give the false value

DKA: So is that interop point something the WG has looked at?

TB: Not as such, no. There are lots of JSON parsers in lots of languages, and they seem to interoperate well

<annevk> It seems if you load such a document in Python that ought to work too

<slightlyoff> twbray, what was the consensus about?

MM: We did discuss expanding the top-level constraint, but since there are parsers [?] which have a problem with that, we didn't make a change there

JT: Is this similar to the kind of issue with HTML where the main HTML spec. describes all sorts of strings which masquerade as HTML, because that's what browsers need to do, but the TAG argued for an authors' spec, to describe what should be produced for best interop
... Is this the same issue? Is the ECMA404 language the broader one, and the 4627bis one the author's spec?

DC: No, it's not like that

<slightlyoff> is this about using the word "JSON" vs. saying "IETF is spec-ing a subset with the following constraints..."?

TB: 4627bis says things such as "if there are no duplicate keys, you will achieve good interop, whereis if you have duplicate keys, the following interop problems have been observed"

<slightlyoff> twbray, is that the extent of the subsetting?

<twbray> Recommend you guys read the IETF draft.

<slightlyoff> twbray, if so...could we just put that language into one of the other specs?

DKA: Is there something to be done to improve the interop issue?

DC: I don't see an interop problem

<slightlyoff> here's my worry: we're going to have multiple specs that say mostly the same things, distinguished by non-normative language...why do we have that then?

<dka> Alex, can you clarify "non-normative language"?

<slightlyoff> dka, so ISTM that this isn't about the grammar, it's about the advice to users

<annevk> Well the grammar is different between Ecma and IETF

<annevk> So if Python follows IETF they can't parse all the things XHR can

<annevk> Unless Python implements some XHR bindings... but that'd be sad for different reasons

TBL: If two different implementations do two different things with the same document, expectations may be confounded
... E.g. if someone uses append to override earlier keys, but this doesn't always have that effect, there is a security risk

TB: Precisely -- that's why the IETF draft points out this kind of problem

TBL: So it would be nice to have a kind of JSON-strict which would avoid these pitfalls

TB: We have discussed going further to produce something along those lines, but not yet on the table

<twbray> There have been proposals to produce something called I-JSON which has MUST NOTs for all the interoperability problems, i.e. no dupe keys, no broken Unicode.

MM: Our charter is restricted to updating 4627, so such work would only come later -- please join us if you'd like to help with that in due course

AvK: If the grammar is different between 404 and 4627bis, then following one vs. the other will produce different behaviour, for example with the 'false' document.
... The Web Platform specs will be following ECMA404 here

TB: 4627 requires the top-level to be an array or a list, and some implementations enforce that restriction

AvK: ECMA404 only requires a value

AR: Now that there's an [scribe missed]

<JeniT> bottom line is that having two specs for the same thing sucks for everyone

<slightlyoff> JeniT, but it seems like we're gonna have that, regardless of the mimetype def location in this case

<JeniT> yes

<annevk> JeniT, W3C could take some lessons there too

<slightlyoff> JeniT, so while I agree, I'm not sure how we get either ECMA or IETF to say "cool...it's theirs instead"

HST: It is now entirely possible for ECMA to submit a registration for application/json, referring to ECMA404, but there is already an IETF WG chartered to do just that, namely the JSON WG, and having two competing attempts to register a media type is a bad thing.

TBL: I really don't like the situation where it's necessary to have a media type registration document which is separate from the language definition

<twbray> nb: There have been proposals for JSON fragment ids

TBL: So I would like to see the original ECMA spec. submitted to the IETF -- better practice

DKA: Is there an opportunity to introduce more of a normative reference from 4627bis to ECMA404?

TB: Why would this be a benefit to readers? Why should they have to go somewhere else?

<twbray> Why would that be of benefit to users? Everyone agrees on the syntax, so why send them off somewhere else to read something else?

<annevk> twbray, euhm, we just explained that we don't agree on syntax

PLH: Having the media type registration as part of a W3C spec. is now our preferred pattern, and IANA is happy with it

<annevk> +1 to that

<twbray> The IETF draft notes specifically that the ECMA draft allows top-level primitive types

<annevk> twbray, acknowledging something in an introduction doesn't indicate agreement in my book

<annevk> twbray, reads more like "yeah, these guys defined x, but it's really y, trust us"

AR: DC, both the ECMA process and the IETF process, were started by you, which one would you choose if you could?

DC: I'd prefer ECMA, I understood the process

AR: What about the documents?

DC: I gave you my preference

DC: I didn't have the number of years of experience apparently necessary to understand the IETF process

DKA: That's true in my experience across many organisations

<JeniT> can we identify and list the interoperability problems between the two specs?

<annevk> JeniT, is there a point?

<JeniT> annevk, to aim to move the specs closer

<annevk> JeniT, hah

DKA: Is there anything we can do to help reconcile this apparent conflict?

DKA: From an IETF/TC39/W3C love-in perspective

DC: I'd like to see 4627bis cite ECMA404 as a normative reference

TB: So people have to read one to understand the other

DC: Yes, 404 is the definitive definition

TBL: It settles the question of who has design authority
... Who do you go to if you have questions, or want changes

TB: The good news is that the only difference between any of the existing specifications of JSON is the top-level production

DC: 404 only talks about one aspect of JSON, and that's the grammar
... It should be the one that all other documents refer to

DKA: I think the TAG consensus is in line with that
... Maybe we leave that there, and we have the opportunity to make our voices known to that effect as part of the IETF Last Call process. How quickly do we have to move to do that?

<slightlyoff> one resolution to the implicit tension would be a commitment for no future normative incompatibilities

<annevk> twbray, you also don't override the ABNF default of being 7-bit it seems

<annevk> twbray, seems like a pretty big hole, am I missing something?

<twbray> hm, sounds like a bug (fortunately not one that has produced any interop problems that I'm aware of)

MM: We're not quite to IETF LC yet, we're waiting on our Area Director to make that move, but he's travelling right now

MM: You are indeed welcome to join json@ietf.org to give input

DKA: Would next week be time enough? How fast are things moving?

MM: Next IETF f2f is 3--8 November, so ADs are trying to get documents moved forward, so the earlier the better

<slightlyoff> I'm deeply uncomfortable with the current situation.

<JeniT> slightlyoff, +1

<slightlyoff> it seems like a recipe for incompat

<slightlyoff> if not now, in the future

<twbray> Well, except for, in practice jSON interoperates beautifully in practice

<twbray> annevk - help me out, where's the 7-bit issue?

<annevk> twbray, JSON consists of a sequence of code points

<annevk> twbray, you define it as a sequence of 7-bit thingies...

<twbray> Sorry, where is that 7-bit constraint?

<annevk> twbray, http://tools.ietf.org/html/rfc5234

<annevk> twbray, your dependencies

<annevk> twbray, nobody will trip over this in practice (I hope!), but it's not correct

DKA: Alex, final words?

AR: This may be unintended consequences, AvK has spotted some incompatibilities, but without a normative sitation from one doc to the other, or at least a binding commitment to ensure consistency wrt their normative bits, the situation is not acceptable.

AR: I'd like to have TC39 and the IETF WG agree to negotiate this, because without agreement we are headed in the long haul for an untenable situation

AvK: I don't see the point in two specs -- let Ecma do the mime type registration and leave it at that

PLH: This is to some extent an issue between IETF and ECMA, but W3C has to live with the result, and one document would be better than two

DKA: Thanks to all, I'm hopeful going forward

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2013-10-21 13:09:06 $