-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A method to use a checksum to make sure schema reference hasn't changed #13
base: master
Are you sure you want to change the base?
Conversation
… and a sample extended badge class that uses it
…a and its example
}, | ||
"image": { | ||
"description": "The URL of the image that represents the present achievement. It will be baked into a complete badge for each recipient.", | ||
"type": "string" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might also want to include "format": "uri"
here.
@andrewhayward: Thanks for all the JSON-schema suggestions. @kayaelle told me there were some ways to do URI/email/regex type data-validation, but I hadn't been able to dig into them yet. I'll make a few changes and make another commit tomorrow. |
"checksum": { | ||
"description": "SHA-1 hash of the linked schema file so issuers may avoid downloading it repeatedly. use format: alg$hash", | ||
"type": "string", | ||
"pattern": "^\\w+\\$\\w+$" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't find many examples of this, but it looks like backslashes in JSON need to be escaped, and schema validators are equipped to handle it like this. Tested, success on http://json-schema-validator.herokuapp.com/index.jsp
Here is another variation on the extension idea that uses a SHA-1 hash of the schema json file to verify that the schema referenced in the badgeClass extension is indeed the version intended. This protects against bad versioning practices on behalf of schema authors (overwriting previous versions). The checksum is listed as optional in the badgeClass schema.
For a system that scrapes and stores many extension schema, including a standardized hash could allow these schema to be stored in a hash table. This would allow them to avoid making unnecessary requests for previously encountered schema while ensuring that they would still know when the version changes. New versions of schema would have different hashes and would not overwrite previous versions in a hash table based cache.
Referenced in mozilla/openbadges-discussion/#11 by @kayaelle