Received: by 10.224.31.20 with SMTP id w20mr843489qac.2.1348673572729;
Wed, 26 Sep 2012 08:32:52 -0700 (PDT)
X-BeenThere: api-craft@googlegroups.com
Received: by 10.229.178.68 with SMTP id bl4ls2110671qcb.9.gmail; Wed, 26 Sep
2012 08:32:50 -0700 (PDT)
Received: by 10.224.213.1 with SMTP id gu1mr839115qab.7.1348673570326;
Wed, 26 Sep 2012 08:32:50 -0700 (PDT)
Received: by 10.224.213.1 with SMTP id gu1mr839097qab.7.1348673569892;
Wed, 26 Sep 2012 08:32:49 -0700 (PDT)
Return-Path: <cappela...@gmail.com>
Received: from mail-qc0-f177.google.com (mail-qc0-f177.google.com [209.85.216.177])
by gmr-mx.google.com with ESMTPS id t29si1021992qcz.1.2012.09.26.08.32.49
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 26 Sep 2012 08:32:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of cappela...@gmail.com designates 209.85.216.177 as permitted sender) client-ip=209.85.216.177;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of cappela...@gmail.com designates 209.85.216.177 as permitted sender) smtp.mail=cappela...@gmail.com; dkim=pass header...@gmail.com
Received: by mail-qc0-f177.google.com with SMTP id u28so624492qcs.36
for <api-craft@googlegroups.com>; Wed, 26 Sep 2012 08:32:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=from:content-type:message-id:mime-version:subject:date:references
:to:in-reply-to:x-mailer;
bh=z1uCK63KWMKFwknMZOjbYy1sH6nOodgLXbFzOfFvUCY=;
b=Ejg8PgiuYdJ5JpHsv8UwSAYe4NgeZp7i0xFeHJ8uUW7J+lkNncXH8N9JNgGdA4kei2
qB3cTPaplfWPiTRwGmGy929ZnZWg2talr1kkiZejqYRiBFAstU8qg+9F5Igzt2NHMA1h
Ef7g0zi6ooyrs0SxQ64O8DBIg1HFcmuHd2e5oX72OvjKvtBUeKgw08AltmB4c+P22l6C
t3fe180IowD8fqjoD9boHiBAALw0IwntkL7P/H3O33A7luHNknG4jlHD9OTQ0kh9n/SD
lg1652rCgTbgp4psK9fO39Ou1Ld7sOMkJuIxu46ny6HjQntX+48eJ/QNHB5eO10Si3sg
l0qg==
Received: by 10.224.203.193 with SMTP id fj1mr2920835qab.13.1348673569677;
Wed, 26 Sep 2012 08:32:49 -0700 (PDT)
Return-Path: <cappela...@gmail.com>
Received: from pgc-pro.home (pool-173-67-21-100.bltmmd.fios.verizon.net. [173.67.21.100])
by mx.google.com with ESMTPS id g18sm5105984qan.1.2012.09.26.08.32.47
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 26 Sep 2012 08:32:48 -0700 (PDT)
From: Pat Cappelaere <cappela...@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_19382E1C-4298-4AD5-9764-8D7F709C2844"
Message-Id: <C88B45FD-9E6E-4DDF-9687-4410F559C...@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 6.1 \(1498\))
Subject: Re: [api-craft] validation
Date: Wed, 26 Sep 2012 11:32:46 -0400
References: <309e7868-f504-44b8-8646-e891213c4167@googlegroups.com> <CAK5Vdzzren=BnA3zt9+WjePmntAW4RwNi=YYtbmuiApSEyG...@mail.gmail.com> <d53033fb-c462-413c-b1a9-e933dcc6fd92@googlegroups.com>
To: api-craft@googlegroups.com
In-Reply-To: <d53033fb-c462-413c-b1a9-e933dcc6fd92@googlegroups.com>
X-Mailer: Apple Mail (2.1498)
--Apple-Mail=_19382E1C-4298-4AD5-9764-8D7F709C2844
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
Runtime message validation on the server side is pretty critical to me.
You do not have to use a schema but if you had one, you could use it for =
validation and you could inform your client of your validation rules.
Client can then use it any way it wants (or even ignore it). Seems a =
win-win to me=85
Pat.
On Sep 26, 2012, at 11:26 AM, Andrei Neculau <andrei.necu...@gmail.com> =
wrote:
> Peter, I would say that you took my answer too much ad-literam. In =
practice, I am going to use JSON schema validation.
>=20
> If you ignore schema validation, my question is also valid up to the =
point where you have to decide whether you allow or not allow unknown =
properties to be sent.
> Do you accept unknown data and terminate successfully or do you barf =
saying "talk (my) language" ?
>=20
> If I try to simplify my analysis: the former is deceiving.
> I tell you "please bring me water and an aspirine" and you come back =
with aspirine "you're welcome!" -> (o.O)
>=20
> On Wednesday, September 26, 2012 5:05:46 PM UTC+2, Peter Williams =
wrote:
> I think schema validation is a pretty horrible idea, except as a =
design time debugging tool. Even that role is better served by a =
validation program. Schema languages are rarely powerful enough to fully =
specify message requirements (eg, numbers that must be inside a =
particular range, strings that must have particular structures, etc).
>=20
> Disadvantages of strict runtime validation:
>=20
> * introduces unnecessary failures for messages that don't conform but =
that would be usable by the recipient
> * makes introducing new properties awkward. New properties must be =
optional so as to not break existing clients even if you would really =
prefer all clients send them.
> * inefficient because the message must be interpreted extra times. =
Once by the recipient to accomplish its goal, and one additional time =
for each schema validation.
>=20
> I think schema based message validation provides very little value and =
requires a fair bit of work. You'd be better off using that time =
implementing really good error messages on the server side.
>=20
> Peter
> barelyenough.org
>=20
> On Sep 26, 2012 6:44 AM, "Andrei Neculau" <andrei....@gmail.com> =
wrote:
> >
> > This might be an obvious decision (it is for me, but as you will see =
my analysis is skewed and biased below),
> > but since I need to defend it in front of non-tech people, thought =
of fishing for opinions/experiences
> >
> > Strict validation:
> > + fail fast
> > any integration mishaps will surface asap, and the API will give =
descriptive errors for totally unknown or misspelled or mistyped =
properties (eg. unknown field <adres>, maybe <address>? or =
post_letter_at must be a timestamp, not a ISO string, etc)
> > + inherent memory optimization
> > if there is more data being sent than you actually know how to =
process, you will free up memory instantly by throwing an error. That =
gets even worse if you work with functional programming and you pass =
contexts around, which may care useless data around.
> > + inherent clean client-server contract
> > server says "send me something that i know how to process, and i =
will do what you (client) expect me to do"
> >
> > Loose validation:
> > 0 (a fake impression that) integration is smoother
> > since sending unknown properties still allows for successful API =
requests
> > 0 (a fake impression that) you will get more useful data now
> > just that you don't know what to do with it, other than store it,
> > but that in the future you will get the chance to analyze it one way =
or the other
> > + memory optimization is still possible
> > if you clean up the request data and only keep data that you know =
how to process
> > - fuzzy client-server contract
> > server says "send me something, and i will pick what i want from it, =
and do something that you might or might not expect me to do" eg. sell =
car X to _persson_ Y, server doesn't understand persson, but only =
person, but it has the feature to simply sell the car to nobody (ie. put =
the car on the market for sale), server responds 200 OK and it is up to =
the client to fix the mess
> >
> > thank you for your time.
> >
> > --=20
> > You received this message because you are subscribed to the Google =
Groups "API Craft" group.
> > To unsubscribe from this group, send email to =
api-craft+...@googlegroups.com.
> > Visit this group at http://groups.google.com/group/api-craft?hl=3Den.
> > =20
> > =20
>=20
> --=20
> You received this message because you are subscribed to the Google =
Groups "API Craft" group.
> To unsubscribe from this group, send email to =
api-craft+unsubscribe@googlegroups.com.
> Visit this group at http://groups.google.com/group/api-craft?hl=3Den.
> =20
> =20
--Apple-Mail=_19382E1C-4298-4AD5-9764-8D7F709C2844
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=windows-1252
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dwindows-1252"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">Runtime message validation on the server side is pretty critical to =
me.<div>You do not have to use a schema but if you had one, you could =
use it for validation and you could inform your client of your =
validation rules.</div><div>Client can then use it any way it wants (or =
even ignore it). Seems a win-win to =
me=85</div><div>Pat.</div><div><br><div><div>On Sep 26, 2012, at 11:26 =
AM, Andrei Neculau <<a =
href=3D"mailto:andrei.necu...@gmail.com">andrei.necu...@gmail.com</a>> =
wrote:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite">Peter, I would say that you took my answer too much =
ad-literam. In practice, I am going to use JSON schema =
validation.<div><br><div>If you ignore schema validation, my question is =
also valid up to the point where you have to decide whether you allow or =
not allow unknown properties to be sent.</div><div>Do you accept unknown =
data and terminate successfully or do you barf saying "talk =
(my) language" ?</div><div><br></div><div>If I try to simplify my =
analysis: the former is deceiving.</div><div>I tell you "please bring me =
water and an aspirine" and you come back with aspirine "you're welcome!" =
-> (o.O)<br><br>On Wednesday, September 26, 2012 5:05:46 PM UTC+2, =
Peter Williams wrote:<blockquote class=3D"gmail_quote" style=3D"margin: =
0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><p =
dir=3D"ltr">I think schema validation is a pretty horrible idea, except =
as a design time debugging tool. Even that role is better served by a =
validation program. Schema languages are rarely powerful enough to fully =
specify message requirements (eg, numbers that must be inside a =
particular range, strings that must have particular structures, =
etc).</p><p dir=3D"ltr">Disadvantages of strict runtime =
validation:</p><p dir=3D"ltr">* introduces unnecessary failures for =
messages that don't conform but that would be usable by the =
recipient<br>
* makes introducing new properties awkward. New properties must be =
optional so as to not break existing clients even if you would really =
prefer all clients send them.<br>
* inefficient because the message must be interpreted extra times. Once =
by the recipient to accomplish its goal, and one additional time for =
each schema validation.</p><p dir=3D"ltr">I think schema based message =
validation provides very little value and requires a fair bit of work. =
You'd be better off using that time implementing really good error =
messages on the server side.</p><p dir=3D"ltr">Peter<br>
<a href=3D"http://barelyenough.org/" =
target=3D"_blank">barelyenough.org</a></p><p dir=3D"ltr">On Sep 26, 2012 =
6:44 AM, "Andrei Neculau" <<a href=3D"javascript:" target=3D"_blank" =
gdf-obfuscated-mailto=3D"icn9qTx4QKsJ">andrei....@gmail.com</a>> =
wrote:<br>
><br>
> This might be an obvious decision (it is for me, but as you will =
see my analysis is skewed and biased below),<br>
> but since I need to defend it in front of non-tech people, thought =
of fishing for opinions/experiences<br>
><br>
> Strict validation:<br>
> + fail fast<br>
> any integration mishaps will surface asap, and the API will give =
descriptive errors for totally unknown or misspelled or mistyped =
properties (eg. unknown field <adres>, maybe <address>? or =
post_letter_at must be a timestamp, not a ISO string, etc)<br>
> + inherent memory optimization<br>
> if there is more data being sent than you actually know how to =
process, you will free up memory instantly by throwing an error. That =
gets even worse if you work with functional programming and you pass =
contexts around, which may care useless data around.<br>
> + inherent clean client-server contract<br>
> server says "send me something that i know how to process, and i =
will do what you (client) expect me to do"<br>
><br>
> Loose validation:<br>
> 0 (a fake impression that) integration is smoother<br>
> since sending unknown properties still allows for successful API =
requests<br>
> 0 (a fake impression that) you will get more useful data now<br>
> just that you don't know what to do with it, other than store =
it,<br>
> but that in the future you will get the chance to analyze it one =
way or the other<br>
> + memory optimization is still possible<br>
> if you clean up the request data and only keep data that you know =
how to process<br>
> - fuzzy client-server contract<br>
> server says "send me something, and i will pick what i want from =
it, and do something that you might or might not expect me to do" eg. =
sell car X to _persson_ Y, server doesn't understand persson, but only =
person, but it has the feature to simply sell the car to nobody (ie. put =
the car on the market for sale), server responds 200 OK and it is up to =
the client to fix the mess<br>
><br>
> thank you for your time.<br>
><br>
> -- <br>
> You received this message because you are subscribed to the Google =
Groups "API Craft" group.<br>
> To unsubscribe from this group, send email to <a href=3D"javascript:"=
target=3D"_blank" =
gdf-obfuscated-mailto=3D"icn9qTx4QKsJ">api-craft+...@<wbr>googlegroups.com=
</a>.<br>
> Visit this group at <a =
href=3D"http://groups.google.com/group/api-craft?hl=3Den" =
target=3D"_blank">http://groups.google.com/<wbr>group/api-craft?hl=3Den</a=
>.<br>
> <br>
> <br>
</p>
</blockquote></div></div><div><br =
class=3D"webkit-block-placeholder"></div>
-- <br>
You received this message because you are subscribed to the Google =
Groups "API Craft" group.<br>
To unsubscribe from this group, send email to <a =
href=3D"mailto:api-craft+unsubscribe@googlegroups.com">api-craft+unsubscri=
be@googlegroups.com</a>.<br>
Visit this group at <a =
href=3D"http://groups.google.com/group/api-craft?hl=3Den">http://groups.go=
ogle.com/group/api-craft?hl=3Den</a>.<br>
<br>
<br>
</blockquote></div><br></div></body></html>=
--Apple-Mail=_19382E1C-4298-4AD5-9764-8D7F709C2844--
Message from discussion validation
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |