Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
API Craft
Message from discussion validation

View parsed - Show only message text

Received: by 10.58.187.17 with SMTP id fo17mr200739vec.37.1348673339377;
        Wed, 26 Sep 2012 08:28:59 -0700 (PDT)
X-BeenThere: api-craft@googlegroups.com
Received: by 10.220.154.5 with SMTP id m5ls1136188vcw.2.gmail; Wed, 26 Sep
 2012 08:28:57 -0700 (PDT)
Received: by 10.52.156.115 with SMTP id wd19mr282273vdb.2.1348673337865;
        Wed, 26 Sep 2012 08:28:57 -0700 (PDT)
Date: Wed, 26 Sep 2012 08:28:57 -0700 (PDT)
From: Andrei Neculau <andrei.necu...@gmail.com>
To: api-craft@googlegroups.com
Message-Id: <f77892ea-ea82-41bb-bda1-85c0d074de44@googlegroups.com>
In-Reply-To: <CANqiZJYiO2dd0emF+5Aep58GigfjZOxWygtP3BbuO2dK7dePWw@mail.gmail.com>
References: <309e7868-f504-44b8-8646-e891213c4167@googlegroups.com>
 <CAK5Vdzzren=BnA3zt9+WjePmntAW4RwNi=YYtbmuiApSEyGSzw@mail.gmail.com>
 <CANqiZJYiO2dd0emF+5Aep58GigfjZOxWygtP3BbuO2dK7dePWw@mail.gmail.com>
Subject: Re: [api-craft] validation
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_376_6492369.1348673337654"

------=_Part_376_6492369.1348673337654
Content-Type: multipart/alternative; 
	boundary="----=_Part_377_31796067.1348673337654"

------=_Part_377_31796067.1348673337654
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Mike, you made my day =)

On Wednesday, September 26, 2012 5:19:07 PM UTC+2, Mike Kelly wrote:
>
> it's all just prickles and goo: 
>
> http://www.youtube.com/watch?v=XXi_ldNRNtM 
>
> On Wed, Sep 26, 2012 at 4:05 PM, Peter Williams <pe...@barelyenough.org<javascript:>> 
> wrote: 
> > I think schema validation is a pretty horrible idea, except as a design 
> time 
> > debugging tool. Even that role is better served by a validation program. 
> > Schema languages are rarely powerful enough to fully specify message 
> > requirements (eg, numbers that must be inside a particular range, 
> strings 
> > that must have particular structures, etc). 
> > 
> > Disadvantages of strict runtime validation: 
> > 
> > * introduces unnecessary failures for messages that don't conform but 
> that 
> > would be usable by the recipient 
> > * makes introducing new properties awkward. New properties must be 
> optional 
> > so as to not break existing clients even if you would really prefer all 
> > clients send them. 
> > * inefficient because the message must be interpreted extra times. Once 
> by 
> > the recipient to accomplish its goal, and one additional time for each 
> > schema validation. 
> > 
> > I think schema based message validation provides very little value and 
> > requires a fair bit of work. You'd be better off using that time 
> > implementing really good error messages on the server side. 
> > 
> > Peter 
> > barelyenough.org 
> > 
> > On Sep 26, 2012 6:44 AM, "Andrei Neculau" <andrei....@gmail.com<javascript:>> 
> wrote: 
> >> 
> >> This might be an obvious decision (it is for me, but as you will see my 
> >> analysis is skewed and biased below), 
> >> but since I need to defend it in front of non-tech people, thought of 
> >> fishing for opinions/experiences 
> >> 
> >> Strict validation: 
> >> + fail fast 
> >> any integration mishaps will surface asap, and the API will give 
> >> descriptive errors for totally unknown or misspelled or mistyped 
> properties 
> >> (eg. unknown field <adres>, maybe <address>? or post_letter_at must be 
> a 
> >> timestamp, not a ISO string, etc) 
> >> + inherent memory optimization 
> >> if there is more data being sent than you actually know how to process, 
> >> you will free up memory instantly by throwing an error. That gets even 
> worse 
> >> if you work with functional programming and you pass contexts around, 
> which 
> >> may care useless data around. 
> >> + inherent clean client-server contract 
> >> server says "send me something that i know how to process, and i will 
> do 
> >> what you (client) expect me to do" 
> >> 
> >> Loose validation: 
> >> 0 (a fake impression that) integration is smoother 
> >> since sending unknown properties still allows for successful API 
> requests 
> >> 0 (a fake impression that) you will get more useful data now 
> >> just that you don't know what to do with it, other than store it, 
> >> but that in the future you will get the chance to analyze it one way or 
> >> the other 
> >> + memory optimization is still possible 
> >> if you clean up the request data and only keep data that you know how 
> to 
> >> process 
> >> - fuzzy client-server contract 
> >> server says "send me something, and i will pick what i want from it, 
> and 
> >> do something that you might or might not expect me to do" eg. sell car 
> X to 
> >> _persson_ Y, server doesn't understand persson, but only person, but it 
> has 
> >> the feature to simply sell the car to nobody (ie. put the car on the 
> market 
> >> for sale), server responds 200 OK and it is up to the client to fix the 
> mess 
> >> 
> >> thank you for your time. 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google 
> Groups 
> >> "API Craft" group. 
> >> To unsubscribe from this group, send email to 
> >> api-craft+...@googlegroups.com <javascript:>. 
> >> Visit this group at http://groups.google.com/group/api-craft?hl=en. 
> >> 
> >> 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "API Craft" group. 
> > To unsubscribe from this group, send email to 
> > api-craft+...@googlegroups.com <javascript:>. 
> > Visit this group at http://groups.google.com/group/api-craft?hl=en. 
> > 
> > 
>
>
>
> -- 
> Mike 
>
> http://twitter.com/mikekelly85 
> http://github.com/mikekelly 
> http://linkedin.com/in/mikekelly123 
>

------=_Part_377_31796067.1348673337654
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

Mike, you made my day =)<br><br>On Wednesday, September 26, 2012 5:19:07 PM UTC+2, Mike Kelly wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">it's all just prickles and goo:
<br>
<br><a href="http://www.youtube.com/watch?v=XXi_ldNRNtM" target="_blank">http://www.youtube.com/watch?<wbr>v=XXi_ldNRNtM</a>
<br>
<br>On Wed, Sep 26, 2012 at 4:05 PM, Peter Williams &lt;<a href="javascript:" target="_blank" gdf-obfuscated-mailto="O5ZXcGCJmcsJ">pe...@barelyenough.org</a>&gt; wrote:
<br>&gt; I think schema validation is a pretty horrible idea, except as a design time
<br>&gt; debugging tool. Even that role is better served by a validation program.
<br>&gt; Schema languages are rarely powerful enough to fully specify message
<br>&gt; requirements (eg, numbers that must be inside a particular range, strings
<br>&gt; that must have particular structures, etc).
<br>&gt;
<br>&gt; Disadvantages of strict runtime validation:
<br>&gt;
<br>&gt; * introduces unnecessary failures for messages that don't conform but that
<br>&gt; would be usable by the recipient
<br>&gt; * makes introducing new properties awkward. New properties must be optional
<br>&gt; so as to not break existing clients even if you would really prefer all
<br>&gt; clients send them.
<br>&gt; * inefficient because the message must be interpreted extra times. Once by
<br>&gt; the recipient to accomplish its goal, and one additional time for each
<br>&gt; schema validation.
<br>&gt;
<br>&gt; I think schema based message validation provides very little value and
<br>&gt; requires a fair bit of work. You'd be better off using that time
<br>&gt; implementing really good error messages on the server side.
<br>&gt;
<br>&gt; Peter
<br>&gt; <a href="http://barelyenough.org" target="_blank">barelyenough.org</a>
<br>&gt;
<br>&gt; On Sep 26, 2012 6:44 AM, "Andrei Neculau" &lt;<a href="javascript:" target="_blank" gdf-obfuscated-mailto="O5ZXcGCJmcsJ">andrei....@gmail.com</a>&gt; wrote:
<br>&gt;&gt;
<br>&gt;&gt; This might be an obvious decision (it is for me, but as you will see my
<br>&gt;&gt; analysis is skewed and biased below),
<br>&gt;&gt; but since I need to defend it in front of non-tech people, thought of
<br>&gt;&gt; fishing for opinions/experiences
<br>&gt;&gt;
<br>&gt;&gt; Strict validation:
<br>&gt;&gt; + fail fast
<br>&gt;&gt; any integration mishaps will surface asap, and the API will give
<br>&gt;&gt; descriptive errors for totally unknown or misspelled or mistyped properties
<br>&gt;&gt; (eg. unknown field &lt;adres&gt;, maybe &lt;address&gt;? or post_letter_at must be a
<br>&gt;&gt; timestamp, not a ISO string, etc)
<br>&gt;&gt; + inherent memory optimization
<br>&gt;&gt; if there is more data being sent than you actually know how to process,
<br>&gt;&gt; you will free up memory instantly by throwing an error. That gets even worse
<br>&gt;&gt; if you work with functional programming and you pass contexts around, which
<br>&gt;&gt; may care useless data around.
<br>&gt;&gt; + inherent clean client-server contract
<br>&gt;&gt; server says "send me something that i know how to process, and i will do
<br>&gt;&gt; what you (client) expect me to do"
<br>&gt;&gt;
<br>&gt;&gt; Loose validation:
<br>&gt;&gt; 0 (a fake impression that) integration is smoother
<br>&gt;&gt; since sending unknown properties still allows for successful API requests
<br>&gt;&gt; 0 (a fake impression that) you will get more useful data now
<br>&gt;&gt; just that you don't know what to do with it, other than store it,
<br>&gt;&gt; but that in the future you will get the chance to analyze it one way or
<br>&gt;&gt; the other
<br>&gt;&gt; + memory optimization is still possible
<br>&gt;&gt; if you clean up the request data and only keep data that you know how to
<br>&gt;&gt; process
<br>&gt;&gt; - fuzzy client-server contract
<br>&gt;&gt; server says "send me something, and i will pick what i want from it, and
<br>&gt;&gt; do something that you might or might not expect me to do" eg. sell car X to
<br>&gt;&gt; _persson_ Y, server doesn't understand persson, but only person, but it has
<br>&gt;&gt; the feature to simply sell the car to nobody (ie. put the car on the market
<br>&gt;&gt; for sale), server responds 200 OK and it is up to the client to fix the mess
<br>&gt;&gt;
<br>&gt;&gt; thank you for your time.
<br>&gt;&gt;
<br>&gt;&gt; --
<br>&gt;&gt; You received this message because you are subscribed to the Google Groups
<br>&gt;&gt; "API Craft" group.
<br>&gt;&gt; To unsubscribe from this group, send email to
<br>&gt;&gt; <a href="javascript:" target="_blank" gdf-obfuscated-mailto="O5ZXcGCJmcsJ">api-craft+...@<wbr>googlegroups.com</a>.
<br>&gt;&gt; Visit this group at <a href="http://groups.google.com/group/api-craft?hl=en" target="_blank">http://groups.google.com/<wbr>group/api-craft?hl=en</a>.
<br>&gt;&gt;
<br>&gt;&gt;
<br>&gt;
<br>&gt; --
<br>&gt; You received this message because you are subscribed to the Google Groups
<br>&gt; "API Craft" group.
<br>&gt; To unsubscribe from this group, send email to
<br>&gt; <a href="javascript:" target="_blank" gdf-obfuscated-mailto="O5ZXcGCJmcsJ">api-craft+...@<wbr>googlegroups.com</a>.
<br>&gt; Visit this group at <a href="http://groups.google.com/group/api-craft?hl=en" target="_blank">http://groups.google.com/<wbr>group/api-craft?hl=en</a>.
<br>&gt;
<br>&gt;
<br>
<br>
<br>
<br>-- 
<br>Mike
<br>
<br><a href="http://twitter.com/mikekelly85" target="_blank">http://twitter.com/mikekelly85</a>
<br><a href="http://github.com/mikekelly" target="_blank">http://github.com/mikekelly</a>
<br><a href="http://linkedin.com/in/mikekelly123" target="_blank">http://linkedin.com/in/<wbr>mikekelly123</a>
<br></blockquote>
------=_Part_377_31796067.1348673337654--

------=_Part_376_6492369.1348673337654--

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google