[Requests] Comments on GeoServices REST API Candidate Standard

Sanjay Chaudhary sanjay_chaudhary at daiict.ac.in
Fri Aug 24 04:32:31 EDT 2012


I had sent DA-IICT comments on August 18, 2012. ‘Implementation Specification Section number’ were not provided by me. I am resending you my comments as under and request you to consider:

 

COMMENTS:

PART A

1. Evaluator: Dr. Sanjay Chaudhary
Professor, DA-IICT, India
E-mail: sanjay_chaudhary at daiict.ac.in

 

2. Submission: GeoServices REST API Candidate Standard

 

PART B

1. Requirement: General

2. Implementation Specification Section number: GeoServices REST API - Part 3: Map Service (12-056r1), Section: 20.2.3, page: 65, 66

3. Criticality: Minor

4. Comments/justifications for changes: 

To get data from a JSON structure, you must know exactly where it is located or iterate over everything until you find it.

 

PART B

1. Requirement: General

2. Implementation Specification Section number: GeoServices REST API JSON Schemas and Examples(12-068r1)

3. Criticality: Major

4. Comments/justifications for changes: 

Is there any standard available to convert JSON in to other formats like GeoJSON, XML, HTML representation etc? There is no easy way to change JSON data into other data format. DeserializeJSON and SerializeJSON requires to convert JSON data into another data type, other data format into JSON data respectively.

 

PART B

1. Requirement: General 

2. Implementation Specification Section number: GeoServices REST API - Part 4: Feature Service (12-057r1), Section: 8 & 9, page: 26, 27,29

3. Criticality: Major

4. Comments/justifications for changes:

The only way to parse JSON into Java Script objects is to use eval() function. This function is quite known to all, so any attacker/Intruder can misuse eval() function and perform data modification. There is a need to decrypt the data. Modification is harmless for Feature service because end users are able to change an attribute of a service.

 

PART B

1. Requirement: General

2. Implementation Specification Section number: Geoservices RESTAPI-relationship with the OGC baseline(12-062r1), page: 5

3. Criticality: Major

4. Comments/justifications for changes: 

JSON does not have a native hyperlink type. It may create problems as it may be unacceptable in a web format. For example a REST interface requires native links and link types. For example, there is no way to find, &employee;id; (part of URI) and more data about that thing can be found over &employee;info;. One needs to provide everything in one JSON file, or specify out-of-bound. The question is how a client can find other piece of data?

 

PART B

1. Requirement: General

2. Implementation Specification Section number:

3. Criticality: Minor

4. Comments/justifications for changes:

How JSON can be more relevant as an output format rather than GeoJSON to pull GeoSpatial data? Is there any standard available to convert JSON in to GeoJSON?

 

PART B

1. Requirement: General

2. Implementation Specification Section number:

3. Criticality: Editorial

4. Comments/justifications for changes:

ESRI REST API has been available since few months. It seems it has not been used widely. One such example is ‘Arc2Earth's cloud’ work. It will be interesting to know many other projects using ESRI REST API to get concrete examples.

 

PART B

1. Requirement: General

2. Implementation Specification Section number:

3. Criticality: Minor

4. Comments/justifications for changes:

In the core document, how JSON can be used with REST for pulling data from server/database is demonstrated but there should be pictorial explanation which shows how RESTful web service is enabled to pull the data. 

 

 

From: Sanjay Chaudhary [mailto:sanjay_chaudhary at daiict.ac.in] 
Sent: Saturday, August 18, 2012 11:32 PM
To: 'requests at lists.opengeospatial.org'
Subject: Comments on GeoServices REST API Candidate Standard 

 

I would like to share my comments as under:

 

PART A

1. Evaluator: Dr. Sanjay Chaudhary
Professor, DA-IICT, India
E-mail: sanjay_chaudhary at daiict.ac.in

 

2. Submission: [12-068r1,  GeoServices REST API -  JSON Schemas and Examples (12-068r1)] 

 

PART B

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Minor]

 

4. Comments/justifications for changes: [Comments]

To get data from a JSON structure, you must know exactly where it is located or iterate over everything until you find it.

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Minor]

 

4. Comments/justifications for changes: [Comments]

To get data from a JSON structure, one must know exactly where it is located or iterate over everything until one can find it.

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Editorial]

 

4. Comments/justifications for changes: [Comments]

Is there any standard available to convert JSON in to other formats like GeoJSON, XML, HTML representation etc? There is no easy way to change JSON data into other data format. DeserializeJSON and SerializeJSON requires to convert JSON data into another data type, other data format into JSON data respectively.

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Minor]

 

4. Comments/justifications for changes: [Comments]

The only way to parse JSON into Java Script objects is to use eval() function. This function is quite known to all, so any attacker/Intruder can misuse eval() function and perform data modification. There is a need to decrypt the data. Modification is harmless for Feature service because end users are able to change an attribute of a service.

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Major]

 

4. Comments/justifications for changes: [Comments]

JSON does not have a native hyperlink type. It may create problems as it may be unacceptable in a web format. For example a REST interface requires native links and link types. For example, there is no way to find, &employee;id; (part of URI) and more data about that thing can be found over &employee;info;. One needs to provide everything in one JSON file, or specify out-of-bound. The question is how a client can find other piece of data?

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Minor]

 

4. Comments/justifications for changes: [Comments]

How JSON can be more relevant as an output format rather than JSON to pull GeoSpatial data? Is there any standard available to convert JSON in to GeoJSON?

 

1. Requirement: [General, #] 

 

2. Implementation Specification Section number: [General, #]

 

3. Criticality: [Editorial]

 

4. Comments/justifications for changes: [Comments]

ESRI REST API has been available since few months. It seems it has not been used widely. One such example is ‘Arc2Earth's cloud’ work. It will be interesting to know many other projects using ESRI REST API to get concrete examples. 

 

With best wishes,

 

- Sanjay Chaudhary

Professor and Dean (Academic Programs)

DA-IICT, India

Homepage: http://intranet.daiict.ac.in/~sanjay/

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opengeospatial.org/pipermail/requests/attachments/20120824/cdea0809/attachment-0001.htm>


More information about the Requests mailing list