JSON-Based Universal Messaging Format (2017)

60 pointsby cjusalmost 7 years ago

17 comments

blattimwindalmost 7 years ago

> Note that there is a complex canonicalisation procedure for the JSON object, and that the sender must mutate the signed object;This is a big no-no and actual source of vulnerabilities. If you sign something, the signature goes around what you want to sign.[1] Doing "in-line" signatures is excessively more complex and error-prone. The easiest and most secure scheme is actually "sign a blob of bytes", i.e. signing a packed representation of a message. That way, you get zero ambiguity issues as far as signature-content interactions go [2], and you don't actually need a canonicalized message representation any more (which is not a common feature of serialization formats outside ASN.1 encodings).There might be other reasons to not use UMF, but this one is completely sufficient to avoid it.(Also calling HMAC tags "signatures" is confusing as heck and should be avoided.)(Also the actual method of how the MAC is calculated is not specified; so clearly UMF is not a format, it is a meta-format.)[1] Even JWT got that right.[2] Context ambiguity AKA The Horton Principle remains, because that's not something a format solves.

评论 #17308511 未加载

评论 #17304933 未加载

评论 #17306667 未加载

jmullalmost 7 years ago

Maybe someone can comment, but I can't understand the value of this.The meat of this proposal is the specification of the envelope. But it consists largely of things you would have to decide how to map to your application domain. Since there's no reason different apps would/could map these things the same way, there's no opportunity for interop created here.I guess it ends up as an idea or example of how you might express a generic message in JSON. So that's of some use.

评论 #17305439 未加载

评论 #17304215 未加载

kodablahalmost 7 years ago

> UMF is being used in IoT (Internet of Things) applications where message sizes need to remain small. To allow UMF to be used in resource contained environments a short form of UMF is offered.Then offer it in Protobuf :-) In general, I don't understand where this would be used instead of an app's specific envelope. The use cases should be specified better because it's really easy for any app to just send their own preferred JSON format without following this.Tangentially related, I similarly tried to make a messaging format (but with more bells and whistles and more about the transfer, storage, permissions, etc). The proto files are at [0] and the messaging platform is still under active development.0 - <a href="https://github.com/cretz/yukup/tree/0cc926f98d01fba64b818383ee9763cbe61a6c64/yukup/pb/proto" rel="nofollow">https://github.com/cretz/yukup/tree/0cc926f98d01fba64b818383...</a>

lev99almost 7 years ago

A few issues I have with UMF.It's missing a mission statement, or use case.The intro says it's used to avoid inconsistent formatting, but there exists other message formats.The body field is application specific, which introduces an area for inconsistent formatting and reduces the interoperability, or universalness, of the message format.The destination doesn't need to be in the message, most of the time the destination is implicit in where the message is sent. (If I send a UMF over email the destination would be in the email metadata and the UMF metadata)The total amount of metadata that would be included in a UMF message sent over TCP/IP would be silly.There are arbitrary and undefended specification decisions. The transport protocol is left ambiguous, but both the schema and the format are specified. The metadata around body is very standardized, but anything goes inside body, which is the primary payload.

评论 #17308452 未加载

deeglesalmost 7 years ago

Don't fields need to be sorted in order for signatures to be reproducible with JSON objects? there's no mention of that.

评论 #17306376 未加载

valarauca1almost 7 years ago

My dude should quit his architect positions.Consistent hashing of messages requires that every application which handles the message will lay the fields out in the same manner, this is a recursive problem for every layer that will put its data in the UMF. This right out the gate creates caching complexity issues.Also for being so no cache control options by default.Also there isn’t an error handling/logging field so the responder will have to do something out-of-band to acknowledge errors.Also there’s no mention of compression or alternative message formats, XML, proto, etc.The sender field should likely be a URI encoded data. Then which mode (of several) which could get the message is an infrastructure not an encoding program. Getting this deep here is kind of bad, same with the TTL. If we are going this deep... why no cache control/consistent hashing/compressing?If you care about strictness or correctness you should use RFC3339 instead of ISO8601. Also not including an implicit UnixTime/UnixTime Nano seconds is a poor choice.Offering alternative keys for standard keys is dumb. This feels like an accident that nobody caught until later, and made a backwards compatible monkey patch.Why haven’t you considered protobuf if you have concerns about message size, and are working in power constraints? UTF/Base64 is kind of shitte for power savings.

评论 #17308352 未加载

continuationalalmost 7 years ago

Projects like these need a motivation section.It’s not clear what the usecase is.

CyanLite2almost 7 years ago

I love open source projects with no documentation or Getting Started guides.....said no one ever.

评论 #17303282 未加载

cjusalmost 7 years ago

Wow - I really ruffled some feathers with this post :-D As I scanned the feedback, I found myself agreeing with some, but not all, of the comments.I actually found some of the direct attacks amusing and got a good laugh. That said, I'd like to thank everyone who took the time to comment. One of the goals of any specification should be to iterate the spec based on the valuable feedback of others. I'll definitely take this opportunity to do that.Thanks again.

zamalekalmost 7 years ago

Doesn't JSON-LD (especially AcitivityPub+co) mostly deal with this already?

profalseidolalmost 7 years ago

<a href="https://github.com/edn-format/edn" rel="nofollow">https://github.com/edn-format/edn</a>edn is an extensible data notation. A superset of edn is used by Clojure to represent programs, and it is used by Datomic and other applications as a data transfer format. This spec describes edn in isolation from those and other specific use cases, to help facilitate implementation of readers and writers in other languages, and for other uses.

cjusalmost 7 years ago

Reading through the comments here I'm realizing that my single biggest error may have been the use of the word "Universal" :-D When you consider the spec as a "basis for agreement" between distributed application authors and not a unified theory of messaging - then the spec becomes a lot clearer.

zevebalmost 7 years ago

I'll just note, once again, how verbose, unattractive & difficult to parse JSON is compared to S-expressions. Here are several of the examples in the spec in both formats, in order (I've rearranged the field so that required fields come first & optional fields come later).2.1:<pre><code> { "mid": "ef5a7369-f0b9-4143-a49d-2b9c7ee51117", "rmid": "66c61afc-037b-4229-ace4-5ec4d788903e", "to": "uid:123", "from": "uid:56", "type": "dm", "version": "UMF/1.4.3", "priority": "10", "timestamp": "2013-09-29T10:40Z", "body": { "message": "How is it going?" } } (message ef5a7369-f0b9-4143-a49d-2b9c7ee51117 (to uid:123) (from uid:56) (version SMF/1.4.3) (timestamp 2013-09-29T10:40Z) (rmid 66c61afc-037b-4229-ace4-5ec4d788903e) (type dm) (priority 10) (body (message "How is it going?"))) </code></pre> 2.2.11:<pre><code> { "mid": "ef5a7369-f0b9-4143-a49d-2b9c7ee51117", "to": "uid:56", "from": "game:store", "version": "UMF/1.3", "timestamp": "2013-09-29T10:40Z", "body": { "type": "store:purchase", "itemID": "5x:winnings:multiplier", "expiration": "2014-02-10T10:40Z" } } (message ef5a7369-f0b9-4143-a49d-2b9c7ee51117 (to uid:56) (from game:store) (version UMF/1.3) (timestamp 2013-09-29T10:40Z) (body (type store:purchase) (itemID "5x:winnings:multiplier") (expiration 2014-02-10T10:40Z))) </code></pre> 2.2.11.2Note how JSON has to rely on metadata to indicate that a Base64 sequence, whereas it's natively supported by canonical S-expressions. Note also how the S-expression format natively supports types ('display hints') for its values.<pre><code> { "mid": "ef5a7369-f0b9-4143-a49d-2b9c7ee51117", "to": "uid:134", "from": "uid:56", "version": "UMF/1.3", "timestamp": "2013-09-29T10:40Z", "body": { "type": "private:message", "contentType": "text/plain", "base64": "SSBzZWUgeW91IHRvb2sgdGhlIHRyb3VibGUgdG8gZGVjb2RlIHRoaXMgbWVzc2FnZS4=" } } (message ef5a7369-f0b9-4143-a49d-2b9c7ee51117 (to uid:134) (from uid:56) (version SMF/1.3) (timestamp 2013-09-29T10:40Z) (body (type private:message) [text/plain]|SSBzZWUgeW91IHRvb2sgdGhlIHRyb3VibGUgdG8gZGVjb2RlIHRoaXMgbWVzc2FnZS4=|)) </code></pre> 2.2.11.3One might expect that S-expressions might shine when it comes to sending multiple items, and of course one would be correct.Also note how the parallel structure of the message & message/body/message objects raises the question of whether the message/body/message schema should also be UMF.<pre><code> { "mid": "ef5a7369-f0b9-4143-a49d-2b9c7ee51117", "to": "uid:134", "from": "chat:room:14", "version": "UMF/1.3", "timestamp": "2013-09-29T10:40Z", "body": { "type": "chat:messages", "messages": [ { "from": "moderator", "text": "Susan welcome to chat Nation NYC", "ts": "2013-09-29T10:34Z" }, { "from": "uid:16", "text": "Rex, you are one lucky SOB!", "ts": "2013-09-29T10:30Z" }, { "from": "uid:133", "text": "Rex you're going down this next round", "ts": "2013-09-29T10:31Z" } ] } } (message ef5a7369-f0b9-4143-a49d-2b9c7ee51117 (to uid:134) (from chat:room:14) (version SMF/1.3) (timestamp 2013-09-29T10:40Z) (body (type chat:messages) (messages (message (from moderator) (text "Susan welcome to chat Nation NYC") (ts 2013-09-29T10:34Z)) (message (from uid:16) (text "Rex, you are one lucky SOB!") (ts 2013-09-29T10:30Z)) (message (from uid:133) (text "Rex you're going down this next round") (ts 2013-09-29T10:31Z))))) </code></pre> 2.2.17Note that there is a complex canonicalisation procedure for the JSON object, and that the sender must mutate the signed object; by contrast, the S-expression format is properly layered and doesn't mutate signed objects (which implies that it's possible to chain signatures cleanly).<pre><code> { "mid": "ef5a7369-f0b9-4143-a49d-2b9c7ee51117", "to": "uid:123", "from": "uid:56", "version": "UMF/1.4.6", "signature": "c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e", "body": {} } (signature (message ef5a7369-f0b9-4143-a49d-2b9c7ee51117 (to uid:123) (from uid:56) (version SMF/1.4.6) (body)) |c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e|) </code></pre> It's not to late to switch away from JSON, it really isn't.

评论 #17304146 未加载

评论 #17305041 未加载

评论 #17304651 未加载

评论 #17305741 未加载

评论 #17304913 未加载

评论 #17308362 未加载

setqukalmost 7 years ago

WS-* meets JSON.

rektidealmost 7 years ago

This spec should be rebuilt from the start to extend <a href="http://cloudevents.io" rel="nofollow">http://cloudevents.io</a> .

lloydsparkesalmost 7 years ago

<a href="https://xkcd.com/927/" rel="nofollow">https://xkcd.com/927/</a>

pkilgorealmost 7 years ago

Direct link to the spec: <a href="https://github.com/cjus/umf/blob/master/umf.md" rel="nofollow">https://github.com/cjus/umf/blob/master/umf.md</a>Relevant xkcd: <a href="https://xkcd.com/927/" rel="nofollow">https://xkcd.com/927/</a>

评论 #17303448 未加载

评论 #17303278 未加载

17 comments

blattimwindalmost 7 years ago

评论 #17308511 未加载

评论 #17304933 未加载

评论 #17306667 未加载

jmullalmost 7 years ago

评论 #17305439 未加载

评论 #17304215 未加载

kodablahalmost 7 years ago

lev99almost 7 years ago

评论 #17308452 未加载

deeglesalmost 7 years ago

Don't fields need to be sorted in order for signatures to be reproducible with JSON objects? there's no mention of that.

评论 #17306376 未加载

valarauca1almost 7 years ago

评论 #17308352 未加载

continuationalalmost 7 years ago

Projects like these need a motivation section.It’s not clear what the usecase is.

CyanLite2almost 7 years ago

I love open source projects with no documentation or Getting Started guides.....said no one ever.

评论 #17303282 未加载

cjusalmost 7 years ago

zamalekalmost 7 years ago

Doesn't JSON-LD (especially AcitivityPub+co) mostly deal with this already?

profalseidolalmost 7 years ago

cjusalmost 7 years ago

zevebalmost 7 years ago

评论 #17304146 未加载

评论 #17305041 未加载

评论 #17304651 未加载

评论 #17305741 未加载

评论 #17304913 未加载

评论 #17308362 未加载

setqukalmost 7 years ago

WS-* meets JSON.

rektidealmost 7 years ago

This spec should be rebuilt from the start to extend <a href="http://cloudevents.io" rel="nofollow">http://cloudevents.io</a> .