[occi-wg] JSON rendering

Simone Tripodi simone.tripodi at terradue.com
Thu Jul 21 01:21:37 CDT 2011 

Hi Ralf,
I just joined the ML and found your work great!!! Finally someone  
that uses proper HTTP headers to request the proper content-type  
instead of tricky GET parameters :)
I would just let you know that recently the Apache Struts community  
found a potential JSON exploit[1] that could corrupt clients, hope  
that helps you on finalizing the protocol design!
Have a nice day, all the best,
Simo

[1] http://www.grobmeier.de/json-is-insecure-make-struts-2-and-jquery- 
vulnerable-safe-12072011.html

---------------------------------
Simone Tripodi
Analyst at Terradue s.r.l

Polo Tecnologico
Via G. Peroni 442 I-00131 Rome - Italy

http://www.terradue.com

phone 	+39 0680368952
fax 		+39 0691657526
mobile 	+39 3406767340
skype	terradue.it

Apache Software Foundation Member
http://people.apache.org/~simonetripodi

On Jul 20, 2011, at 10:38 PM, Ralf Nyren wrote:

> Hi,
>
> I missed last weeks IRC session but read the chat-log. I very much  
> agree that an easy-to-parse media type is needed and since I have  
> been talking about a JSON rendering for almost a year now I have  
> made available what I got so far.
>
> I used your idea to keep a copy of the Categories in the HTTP  
> header although I render all Categories in JSON as well. Much  
> easier to parse that way for e.g. an AJAX client.
>
> Examples do tend to speak best so please find 3 example outputs  
> attached:
>
> single_resource.txt - JSON rendering of a single resource instance.  
> Note that the Category header is present.
>
> all_resources.txt - JSON rendering of all resource instances, i.e  
> the result of a GET / HTTP/1.1. Note that no Category headers are  
> present here, they are not usable for collections. The compute is  
> linked to the storage using a storagelink so you can see the link  
> rendering etc.
>
> discovery.txt - JSON rendering of the discovery interface
>
> The occi-py demo is updated with JSON rendering support so please  
> feel free to try it out. Simple specify 'Accept: application/json'  
> in your request to get JSON rendering. JSON parsing for POST/PUT is  
> not yet available so use text/occi or text/plain for creating new  
> resource instances.
>
> I used 'application/json' media type for the demo but I guess  
> application/occi+json would be more appropriate. In that case we  
> should probably migrate text/plain to application/occi+text as well...
>
> Example commands:
> curl -i -X POST -H 'accept: application/json' http://www.nyren.net/ 
> api/compute/
> curl -i -X GET -H 'accept: application/json' http://www.nyren.net/api/
> curl -i -X GET -H 'accept: application/json' http://www.nyren.net/ 
> api/storage/
> curl -i -X GET -H 'accept: application/json' http://www.nyren.net/ 
> api/-/
>
> regards,  
> Ralf<single_resource.txt><all_resources.txt><discovery.txt>___________ 
> ____________________________________
> occi-wg mailing list
> occi-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/occi-wg

More information about the occi-wg mailing list