OData TC meeting #158 Thursday Jan 19, 2017

Acting chair: Ralf

Chat transcript from room: odatatc
2017-01-19 0800-1000 PT

1. Roll call

1.1 Members present

        Gerald Krause (SAP SE)
        Martin Zurmuehl (SAP SE)
        Matthew Borges (SAP SE) a.k.a. Matt
        Michael Pizzo (Microsoft) a.k.a. Mike
        Ralf Handl (SAP SE)
        Ramesh Reddy (Red Hat)
        Stefan Hagen (Individual)
        Susam Malaika (IBM)
        Ted Jones (Red Hat)

Quorum achieved. Details cf. normative attendance sheet for this meeting (event_id=43961).

Notes taken by all and subsequently edited for readability by Stefan.

2. Approve agenda

Ralf: Mike opened a new issue ODATA-1027 - Support instance annotations in $orderby
Add it as section 7.2.5

Ralf: Do this after action items, no further changes

Agenda approved as published with additional item "ODATA-1027".

3. Approve minutes from previous meeting(s)

3.1 Minutes from January 12, 2017 TC meeting #157

https://www.oasis-open.org/committees/download.php/59782/odata-meeting-157_on-20170112-minutes.html

Minutes approved unchanged as published.

4. Review action items [Link to Action item list]

4.1 Action items due

None.

5. TC Timeline - Topics for this year

Ralf: Timeline:
- URL = https://www.oasis-open.org/committees/download.php/59831/TC Timeline-2017-01-19.docx

5.1 OData Core and JSON Version 4.01 CSD01 and CS01

5.2 Whats New in OData Version 4.01 (CND01 and) CN01

Stefan: directly publish CN01

Mike: may be useful for reviewers of V4.01, so publish it together with CSD02

5.2.1 Do we want to publish a Note Draft or directly a Note?

5.3 CSDL JSON Version 4.01 CSD01

5.4 OData to OpenAPI Mapping Version 4.0 CND01 and CN01

5.5 Extension for Temporal Data Version 4.0 CSD01,

5.6 REST Profile for OData Version 4.01 CND01 and CN01

5.7 Further topics?

Gerald: Extension for Data Aggregation
Close open issues
Add enhanced hierarchy handling

Ralf: Do Data Aggregation in parallel to CSDL JSON

6. V4.0 ERRATA04

6.1 How to deal with errors/clarifications in V4.0 ERRATA03: plan for ERRATA04 or fix them in V4.01 only?

6.2 Issues for V4.0_ERRATA04 in New or Open state

6.2.1 ODATA-955 - Specifying odata.type on a collection of entities

6.2.2 ODATA-1024 - 5.1.1.5.7 substring: explicitly state that the index N (second parameter value) is zero-based

6.2.3 ODATA-1026 - Clarify when $it is required

6.3 Discussion

Mike: not "backporting" issue resolutions to ERRATA04 will save a lot of work, make instead V4.01 the "current" document set

Mike: can the "latest" link for V4 point to V4.01? Ralf to clarify with TC Admin.

All agree to apply issues to V4.01 only from now on.

7. V4.01

7.1 Issues for V4.01_CSD02 without assignee

7.1.1 ODATA-955 - Specifying odata.type on a collection of entities

Ralf: ODATA-955 is OPEN

Mike: I move we resolve ODATA-955 as proposed. Stefan seconds.

Ralf: ODATA-955 is RESOLVED as proposed

7.1.2 ODATA-1018 - Allow $expand and $select with modifying requests that return a collection in combination with return=representation to specify the response shape

Mike: will need more discussion

Ralf: Assign to Mike

7.1.3 ODATA-1019 - Add term Core.OptionallyComputed or Core.ComputedDefault

Ralf: Assign to Ralf

7.1.4 ODATA-1020 - Remove / in reference in instance annotation in filter and orderby expression

Ralf: Assign to Hubert

7.1.5 ODATA-1021 - Are additional values needed for the reason property of a removed Annotation

Ralf: Matt will take this

7.1.6 ODATA-1022 - Add an example of a delta payload used in a PATCH request to the Delta Payload section

Ralf: ODATA-1022 is OPEN

Stefan: I move to resolve ODATA-1022 as proposed and regard as pure editorial addition. Matt seconds.

Ralf: ODATA-1022 is RESOLVED

7.1.7 ODATA-1023 - Provide stable anchors to all sections

Ralf: ODATA-1023 is OPEN

Mike: I move we resolve ODATA-1023 as proposed. Stefan seconds.

Ralf: ODATA-1023 is RESOLVED

7.1.8 ODATA-1024 - 5.1.1.5.7 substring: explicitly state that the index N (second parameter value) is zero-based

Ralf: ODATA-1024 is OPEN

Mike: I move we resolve ODATA-1024 as proposed. Gerald seconds.

Ralf: ODATA-1024 is RESOLVED

7.1.9 ODATA-1025 - Treatment of same query option in multiple "spellings"

Ralf: ODATA-1025 is OPEN

Ralf: In Section 5.1, System Query Options], of URL Conventions, change:

"The same system query option MUST NOT be specified more than once for any resource."

to:

"The same system query option, irrespective of casing or whether or not it is prefixed with "$", MUST NOT be specified more than once for any resource."

Stefan: I move to resolve ODATA-1025 AS PROPOSED. Ramesh seconds.

Ralf: ODATA-1025 is RESOLVED as proposed

7.1.10 ODATA-1026 - Clarify when $it is required

Ralf: Description:
The description of $it says it CAN be used in a number of cases (see section 5.1.11.4 in the URL conventions document) but it isn't specific about when $it MUST be used. We should clarify when $it is required. For example, my understanding is that both of these queries are equivalent (in which case the $it is not required):

http://host/service/Customers?$filter=Orders/any(d:d/Quantity ge Age)
vs.
http://host/service/Customers?$filter=Orders/any(d:d/Quantity ge $it/Age)

However, my understanding is that in the case below the $it is required:

http://host/service/Customers?$expand=Orders($filter=$it/Address/City eq ShipTo/City)

Ralf: ODATA-1026 is OPEN

Ralf: Michael Pizzo added a comment - Yesterday 11:57 PM
$it allows referencing the resource identified by the resource path. unqualified property references reference the current "scope". These may be the same thing in a simple request, but are not the same within a $expand (where an unqualified property reference references a property on the expanded nav prop). So in:
http://host/service/Customers?$expand=Orders($filter=$it/Address/City eq ShipTo/City)
Address would refer to a property on a Customer and ShipTo would refer to a property on an Order.

$it is also used:
-when referencing the resource itself (not a property of the resource), and
-when invoking a function or action bound to the resource (to distinguish from an unbound action or function)

Matt: I move we resolve ODATA-1026 as proposed in Mike's comment. Mike seconds.

Ralf: ODATA-1026 is RESOLVED according to Mike's comment

7.2 Issues for V4.01_CSD02 ready for resolution

7.2.1 ODATA-817 - Add client-side function odata.matchesRegularExpression

Stefan: I move to resolve ODATA-817 as proposed. Mike seconds.

Ralf: ODATA-817 is RESOLVED as proposed

7.2.2 ODATA-1008 - Consider deprecating symbolic "max" length

Ralf: Proposal:
Instead of an integer value the constant max MAY be specified as a shorthand for the maximum length supported for the type by the service. Responses for OData version 4.01 or later MUST/SHOULD NOT use the symbolic value max and instead specify the concrete maximum length supported for the type by the service.

Ralf: The OData 4.0 use of the symbolic value max in place of an integer value is deprecated in OData 4.01. While OData 4.0 clients MUST be prepared for this value, OData 4.01 and greater services MUST NOT return a value of max for the MaxLength attribute and MAY instead specify the concrete maximum length supported for the type by the service, or omit the attribute entirely.

Matt: I move we resolve ODATA-1008 as proposed in Mike's comment. Ramesh seconds.

Ralf: ODATA-1008 is RESOLVED as proposed

7.2.3 ODATA-1013 - Selected nav props in a defining query should specify interest in added/deleted links

Ralf: Proposal:

Nav properties specified in the select list of a defining query define the links for which the client is interested in receiving notifications.

Delta responses contain AddedLinks and DeletedLinks entries for navigation properties specified in the select list of the defining request.

Ralf: ODATA-1013 is OPEN

Mike: Alternatively use $expand=NavProp/$ref

Matt: Agrees

Mike: Updated proposal: Nav properties specified in the select list of a defining query are not used to define the scope or contents of the items being tracked. Clients can specify /$ref in order to specify interest in the set of related entities without interest in changes to the content of those related entities.

Delta responses contain AddedLinks and DeletedLinks entries (or, for nested collections, (at least) entity references representing the current membership) for navigation properties expanded with $ref in the defining request.

Ralf: Mike to craft a revised proposal

7.2.4 ODATA-1017 - Extend FilterExpressionRestrictions with "Pattern"

Ralf: FilterExpressionRestrictionType

PropertyTypeDescription
PropertyPropertyPathPath to the restricted property
AllowedExpressionsFilterExpressionTypeAllowed subset of expressions


FilterExpressionType

Type: String

Allowed ValueDescription
SingleValueProperty can be used in a single eq clause
MultiValueProperty can be used in a single in clause
SingleRangeProperty can be used in at most one ge and/or one le clause, separated by and

Ralf: Proposal:
Add new allowed value

  <Record> 
    <PropertyValue Property="Value" String="Pattern" /> 
    <Annotation Term="Core.Description" String="String property can be used as first operand in startswith, endswith, and contains clauses" /> 
  </Record> 

for properties representing character large objects.

Mike: "Pattern" might lead to confusion with Validation.Pattern and odata.matchesPattern which allow regular expressions

Ralf: So we need a term for something weaker than regular expressions

Stefan: Text (but not really happy with that ...)

Mike: SearchExpression

Stefan: agrees

Stefan: I move to resolve ODATA-1017 as proposed. Mike seconds.

Ralf: ODATA-1017 is RESOLVED with the amended proposal

7.2.5 ODATA-1027 - Support instance annotations in $orderby

Mike: what about other places, e.g. $select?

Ralf: ODATA-1027 is OPEN

Ralf: Mike to investigate if there are use cases for instance annotations in $select

7.3 Issues for V4.01_CSD02 in New or Open state without concrete proposal

7.3.1 ODATA-674 - Specify navigation property binding combined with containment

Ralf: ODATA-674 is OPEN

7.3.2 ODATA-854 - Consider use of OPTIONS for discovering formats, other capabilities and features

Ralf: ODATA-854 is OPEN

7.3.3 ODATA-868 - Describe HTTP encoding for streamed requests and responses

Ralf: ODATA-868 is OPEN

7.3.4 ODATA-884 - Add term ErrorCodes to describe possible codes in error messages (public comment c201510e00019)

Ralf: ODATA-884 is OPEN

7.3.5 ODATA-919 - Specify the result type for each operation based on operator types

Ralf: ODATA-919 is OPEN

7.3.6 ODATA-962 - CORS Support

Ralf: ODATA-962 is OPEN

7.3.7 ODATA-994 - consider replacing SchemaVersion header with $SchemaVersion query option, or root URL versioning

Ralf: ODATA-994 is OPEN

7.3.8 ODATA-1011 - Security experts at RSA suggest adding guidance on the use of OAuth and openID

Ralf: ODATA-1011 is OPEN

7. Next meetings

7.1 Next Meeting Thursday January 26, 2017 during 08:00-10:00 am PST

No objections, we meet next week usual time

8. AOB and wrap up

8.1 Public reviews for V4.01 have started

Mike: Public reviews for V4.01 have started, please circulate the news and invite people to give feedback

8.2 Open Data Institute and mapping to DCAT

Mike: Has been contacted by Open Data Institute http://theodi.org/

Mike: They want to list Wales open data OData services in their data catalog

Mike: They would benefit from having a mapping to DCAT https://www.w3.org/TR/vocab-dcat/

Ralf: A self-contained catalog vocabulary that correlates to DCAT would be sufficient

Mike: Link for OData.org community vocabularies: https://github.com/oasis-tcs/odata-vocabularies

8.3 Committee Note "Securing OData Version 4.0" Working Draft 01 - Revival

Stefan: Has started to change Committee Note "Securing OData Version 4.0" Working Draft 01 - as this work product never progressed for months; he plans to radically simplify the document and shorten it's score (presumably also integrate changes helping resolve ODATA-1011).
Question: Do the members of the TC object to this, or can I go ahead and provide a new revised draft?

All support this and will provide feedback

Ralf: Notes draft never made it into kavi, please store current online version from onedrive in kavi, as archive

Stefan: Will check the current draft from onedrive into kavi, then he will start structural changes to simplify

Ralf: Suggests to keep/handle at least CORS, CSRF, and XSS. Everything else optional.

Stefan: Plans to do so and possibly add OAuth / openID topics to offer resolution for ODATA-1011 - Security experts at RSA suggest adding guidance on the use of OAuth and openID

Meeting adjourned by chair.