How to document forbidden dereferencability #216
Comments
|
I would definitely have 1️⃣ over 2️⃣ The third point however I find rather orthogonal. I'm not sure the "profiles" have anything to do with dereferencability of the API descriptions. More about the requirements from the client. I would see this as an open-ended set of "feature-packs" that a server may implement in addition to core. Here are some ideas:
Each profile would be free to define its specific processing rules. The required changes would be to:
So as effect a server might announce itself as <> a hydra:ApiDocumentation ;
// SHACL might potential be maintained by Hydra CG
hydra:profile <http://www.w3.org/ns/hydra/profile#SHACL> ;
// a vendor-specific profile which somehow bridges Open API
hydra:profile <http://example.com/hydra-profile#OpenAPI> |
Not everything can be expressed with raw RDF terms definition - that's why the spec exists. Either profiles or levels could allow to make parts of the spec interpreted differently. While default level could have a
It might be not as easy as it sounds. There can be multiple API documentation links, what if every part provides different value? We also need something for in-lined hypermedia controls and on HTTP header level for pure JSON with JSON-LD context provided on that level. We might need to define precedence or scope of such a profile assertion.
I don't like it - I'd prefer to keep it as it is now. |
I think that for the most part it actually is simple. If you consume multiple APIs (for example via multiple link headers), the client will have to understand all profiles used by all those APIs. No way around it. Good point about HTTP headers, but IMO same principle applies. The client will have to support the sum of all profiles.
Inlined controls will use the same descriptions, no? If API uses profiles
No strong opinion on my part. I can definitely live with that 😉 |
|
I think you are coming from the perspective of negotiating profiles. Do I get that right? I would not consider this. An API chooses to use a certain method of describing its hypermedia and it is up to the client to support it. Not that a client can ask for the descriptions it "likes". Negotiating the hypermedia controls is totally impossible because profiles will likely be incompatible with one another. So either a client supports your profile or it will be unable to (fully) consume your API. I don't think there is a way around this. |
|
I agree with @tpluscode, Hydra should not worry about negotiating profiles. If that should at all be possible, there are other initiatives tackling that problem. |
Imagine a situation when API documentation declares a profile
I think it's the opposite. Hydra claims to provide interoperability with minimum terms and maximum extensibility. I can imagine a situation server can provide same information provided using different vocabularies (or non-RDF ways). I think it may be valuable to enable the client to express it's preferences (which then can be taken into account or not - it's up to the server).
I don't think we should create something to support it - the link you @asbjornu provided is interesting and may be a good starting point. I think I can see both terms |
You miss the point. If the API states that it uses profile Now, if such an API in fact uses another profile then a client will likely fail to understand them or it might not care if it supports profile Again, it's not about precedence. The mention API uses profiles
Ok, I can see the preference bit now. But I'm not sure about practical usefulness. Would it be something like this? So what should happen now? I actually think of this in an opposite way, where a client retrieves an API Documentation and finds that the API uses certain profiles. It would then load the necessary code to handle them or fail it those profiles are not supported. This way a client can be modular and not bloated with code not used for a given API.
Is it possible that you're overly complicating the proposal? I'd rather that the levels were unnecessary and that the core semantics are uniform. |
Not really - if a profile can be expressed in multiple places (API Documentation, inlined, headers), it may happen that the declared profile may change. What then? Understanding all of them is one approach. Visibility and hiding would be another. Don't know which one is better/worse.
It depend on how we would specify the mechanism, but 412 Precondition Failed is not in scope (it is applicable to
I just have to care about backward compatibility - introducing levels could save us from tampering with ranges as the interpretation of |
|
I think the possible issues you mention exist regardless of profiles and is impossible to do anything about with Hydra. An API can change regardless of the profile. It doesn't even need a profile to change. And since profiles are identified by URI, anyone can create one. We can't control that, not within Hydra or anywhere else. This has been the case for open-ended extensibility for as long as it has existed. It was like this for XML namespaces, it's the same for RDF where anyone can mint a URI to declare a new term and it's the same with profiles. What we can control is how these extension mechanisms works and then provide some guidance and recommendations on how to develop Hydra profiles and which we officially embrace and not. Other than that, it's all up to the Hydra users to decide. I hope we can all agree that Hydra Core is the minimum of what a client must understand in order to interoperate with a Hydra-capable API. The profiles just extend Hydra Core, so a client can always fall back to Hydra Core to follow its links and perform its operations in a rudimentary but compliant way. So not understanding a profile is not the end of the world, it's just going to provide a worse user experience. |
I never aimed to control that. I just have to put all the ideas to extreme situations in order to find out (or at least to get a hint of) how the spec behaves before we modify the spec.
It is still an idea - let's not be hasty in assuming profiles does exist in hydra as it is now.
This is my aim - it is still possible to commit an unrecoverable mistake on the design stage which could render that very fallback impossible. I want to avoid situation when there are several hydra dialects so no client can talk to more than one with same base. |
This will often be not an option? If the client finds and operation which If the client does not understand a profile, it will not be able to perform operations described using that profile. There is not much more to it, is there? |
|
I'm actually not afraid of SHACL - it's still an RDF. Currently hydra client does not validate input of an operation against expected class, thus it may be the same for SHACL. I'm more afraid of those non-RDF possibilities. |
Ok, fair enough.
No, profiles exist regardless of what Hydra decides to do in this space. Officially embraced profiles may not exist without the Hydra CG's seal of approval, but profiles (just like XML namespaces, RDF terms or anything else based on a URI) can be created by anyone.
That is only possible to a certain degree, though. We are shooting for much more than the moon if we think we can make everything fallback gracefully.
Excellent point. This goes a bit back to the content negotiation bit again. There will be situations where a server and client can't find an agreeable format in which to communicate here, just as it exists on the web at large. Some clients don't understand PDF and some servers have no way to translate it into something a client actually understands. That's as applicable to Hydra (although not the PDF bit, perhaps) as it is to a text terminal browsing a website of legal documents.
I was thinking that a lot of the vocabulary in Hydra Core will allow a client to interoperate with the API without understanding every part about the API. Like a browser that only understands CSS level 1 may be able to render color, fonts, borders, but very little layout and everything will most likely look pretty horrible. It should still work, though. Agreed? |
It doesn't matter if it's RDF. The client needs to understand the profile to understand whatever semantics a given
See above. Yes, some pf the API will work up to a point where the client cannot perform a request described in ways it does no understand 🤷. Surely, it does not mean that the entire API is unusable but YMMV |
|
That said, if the client does communicate profiles that it does understand, the server might have the opportunity to resort to a less expressive alternative. SHACL -> Hydra Core is definitely an option. I would only just say that I would phrase this as a
|
To some degree it does. I think this may be one of the reasons IANA media type profile could be impossible to downgrade as it may not be machine-readable.
I don't think it's good approach. If client doesn't understand something, it should ignore it.
These are not profiles - these are extensions. I'd call profile something we could ebrace in spec. Anyway, lets get our discussion back to the topic - which solution and how could make it happen? |
One does not contradict the other. If the server knows that a client won't understand IANA media types, it may chose omit them from the responses. If it doesn't then the client will indeed ignore them. Two sides of same coin.
👌 I'm fine with calling them extensions. We did in fact refer to "extensions points" in the past. So profile would be closer to what you called
I repeat, I think that removing I have nothing against the profiles per se but I think it just adds unnecessary complexity to the client implementation to conditionally apply different reasoning for the different profiles. In other words, I think it's enough that |
|
I was asked by @alien-mcl to weigh in. First of all, let me mention that I have never agreed with the notion of dereferenceability being baked in into a class (such as As such, I prefer Option 1 – Downgrade. FWIW, I don't consider this a breaking change, given that I don't think the original definition was valid/compatible with RDF/enforceable anyways. Option 2, I consider not acceptable because also a level-breaker. Option 3 is too complex. |
|
Thanks @RubenVerborgh for taking a part in the discussion.
As for considering what might get broken - I know TPF is close to RDF and downgrading hydra ranges for some of the terms will break reasoning process. Resources will be no more
This is the issue - one of our community members has issues with this assumption. He uses HTTP Urls for identifying resources be for some circumstances he knows that server won't provide any of these resources. Not using |
The only thing that
That's how Web architecture works though.
The easy answer is of course "don't", and I'm speaking from a Web arch perspective here, not even RDF. But I assume there are reasons.
It does not make a difference at all, and perhaps it's important that everyone in the thread understands.
Take this example, here in JSON-LD notation: {
"@context": "http://www.w3.org/ns/hydra/context.jsonld",
"@id": "http://example.org/my/resource",
"@type": "Resource"
}and here in Turtle: <http://example.org/my/resource> a <http://www.w3.org/ns/hydra/core#Resource> .What it is supposed to say according to Hydra is:
However, the above interpretation is not possible in RDF. It's not. Because what it actually says is:
I.e., the assertion is on the node not on the identifier of that node. We cannot assert that a node is dereferenceable; only URIs can be. What Hydra should have done is something like <http://example.org/my/resource> ex:hasDereferenceableUri "http://example.org/my/resource"^^xsd:anyURI .So |
|
I think you are stretching the argument too thin over nit-picking on RDF nuances. Most people will not go into the details of URI vs the actual resource. To them if the spec says "hydra:Resource are guaranteed to be dereferenced" and this will be enough. Hence the desire to write implementation accordingly. The That is not to say I don't agree. I would also like to remove the ranges. The promise of dereferencability is broken anyway. Even all the Thus, the only resource which really does have to dereference is the API Documentation. |
My point is rather that the whole |
Yep - it returned in several discussions here and there. Still, decoupling some ranges from Anyway, does it answer topic of this issue - document forbidden dereferencability? Maybe giving tools promising a resource can be safely dereferenced leaving all other Uris unspecified (call it on your responsibility) is enough? |
|
I'll clarify as it seems to me my pont has been stretched beyond my assertion. I never stated that I wanted to prevent anyone from doing an HTTP GET on a URI they find, that'd be impossible by definition. I've stated that I didn't want to make assertions that I know not to be true, even though such resources are not adressable directly in my API. You may or may not object that its good design, it's however implementations that are very common in ReSTful APIs, be it that they're RDF-centred first or not.
We use IRI identifiers for things that sometimes can or cannot be dereferenced, and we know, as an API, that fact, most of the time. The distinction is simple: A UA would render an By making things hydra:Resource resolvable full stop, as the spec does right now, you can't not make it clickable. So I'm stuck. I expect: a schema:Person in that operation, and it does have an ID, but it's not an information resource, I know that. No way to communicate the fact. Worse, hash URIs cannot be dereferenced over http by definition of the protocol (removing the hash is not the same URI anymore sincew we've had a URI spec, so the UA behaviour is beyond the point), even though they may be used as identifiers, making the whole dereferenceable statement pretty strange to begin with. See fragid conversations around https://www.w3.org/2001/tag/issues.html#abstractComponentRefs-37 So right now as per the spec i can't decide to make the distinction between things that are supposed to be resolvable and which ones are not. If the guarantee was never intended, let's remove it and introduce another mechanism by which an API can declare that the The conversations that go beyond that simple scenario I can't implement with the spec as it exists without doing some unnatural rdf gymnastics, bring in another specification along or what not, is not something i feel i can add to. |
But why does the server generate those non-existing URIs then? Are they placeholders for possible future resources? If they are placeholders for things that will never exist, I don't fully see the case (there might still be one, but please make it explicit). |
Those don't have to be generated by the API in question. And quite specifically, this discussion started from hypermedia controls. In my APIs I often define operations as such with hash URIs like And |
|
I don't see a lot of issues then; just get rid of the (currently broken anyway) |
|
Sounds like a consensus to me - I'll try to prepare a pull request regarding this issue. I'll introduce next steps soon. |
|
for posterity: https://www.w3.org/DesignIssues/HTTP-URI2.html |
|
@serialseb - PR with changes regarding this issue is merged and closed now. Is it ok to close this issue? |
|
I believe so yes |
|
Great to see that - I'm closing it. |
Documenting forbidden de-referencability
In some cases there is a need to disallow client from de-referencing a resource. Currently there is no way of doing that and
hydra:Resourceimplies a resource is (at least virtually) de-referencable (client can i.e. HTTP GET it).When a resource has a callable IRI (http[s] scheme based one), server may know that it won't support GET operation on this URI, thus it may be required to document that fact.
Proposed solutions
I currently see 3 viable solutions.
Downgrade
rdfs:rangeofhydra:expectsandhydra:returns(and possiblyhydra:supportedClass?) tordf:Resourceinstead ofhydra:Resource. According to W3C HTTP specification client cannot assume that HTTP/HTTPS based URIs can be called with GET method, thus API documentation won't encourage client to do so as opposite to currently usedhydra:Resource.This may be a breaking change as it may affect existing hydra driven implementations, especially those using RDF reasoning process. This makes it simple to introduce external schema vocabularies like SHACL, OWL and non-rdf based ones.
Introduce new term that explicitly forbids client from de-referencing a resource. This won't break anything that is using current hydra version and is somehow consistent with RDF (you need to explicitly say something) and linked data paradigm. It may also open gates for future features like disallowing operations or operation precedence/hiding.
Introduce hydra vocabulary profiles or levels, i.e. level 0 and 1 where level 1 would be a default current hydra version and level 0 would be an alternative that does not imply a hydra:Resource is de-referencable (or event RDF based). This could also enable hydra for future profiles/levels using external schema vocabularies like SCHAL, OWL and non-rdf based ones.
The text was updated successfully, but these errors were encountered: