Reviewer: Martin Dürst Review result: Not Ready Summary: The document isn't ready for publication. [This is essentially a *really* hard problem (*). If some of the issues raised below are not addressed, they should at least be clearly documented. (*) I know several people close to the Unicode consortium who have worked on these issues; they essentially never thought they were done :-(] [version reviewed: mostly -07, to some extent checked against -10] Major issues: - The format uses @type (and probably @version) in a way very similar to JSON-LD (to the extent that somebody at IETF 116 told me it was JSON-LD), but at least the fact that @context is missing seems to strongly indicate that it's not JSON-LD. The idiosyncratic way data is arranged in the format, often with way more levels than what a straightforward design might produce, would be much easier to swallow if the document clearly indicated what kind of general conventions it used, and how these conventions were similar and different from more well-known conventions (such as JSON-LD). Of course, even better that just documentation would be to fix things so that the format isn't idiosyncratic, but uses well established and documented conventions. - It says (at the start of Section 1) that this is an alternative to vCard (and xCard and jCard). It should explain more clearly (assuming) e.g. that the underlying format is JSON in what cases jCard should be chosen and in what cases JSContact. Just defining "yet another format" doesn't make sense. - I'm not usually doing this, but by chance, I read the Gen-ART review for this document. I fully support it. In particular with respect to legal vs. preferred names, there's also the example of researchers preferring to use their maiden name in an academic context, and there are cases of people with multiple nationalities that may have different names in each nationality because of legal requirements (the last case is orthogonal to the locale/script issue). - In Japanese, it is very important to not only have the name itself (usually in Kanji), but also its pronunciation. Same for addresses. Some names (e.g. 田中/Tanaka) are read without problems by anybody in Japan, but there are others which are essentially impossible to read without separate information. The spec should clearly indicate how pronunciation for names and addresses is indicated to cover this. Such information is given on most forms, and exists in most databases. (English has a similar problem, but ignores it, because you can always get somewhat close to the real pronunciation; in Japanese, that's different.) - Some (names or) addresses in the Near East (Arabic/Hebrew/... script) may contain data of mixed directionality (right-to-left as well as left-to-right). The document contains absolutely no information about how to deal with such issues. - The way a name (and some other information) can be composed of components, together with extensibility, provides a lot of mileage to deal with the very wide variety of name components and formats. However, there are several issues: 1) Reuse where it's only halfway appropriate. In an example in Figure 31, the document uses "type": "middle" for a Russian patronymic. This seems to be based on the interpretation that the patronymic is "kind of like a middle name". But it's only "kind of". A patronymic wouldn't be initialized, whereas a middle name e.g. in the US is extremely frequently only given as an initial. 2) Definition by example: Figure 31 is only an example. Does it mean Russian patronymics should be labeled as "type": "middle", or what else? 3) Extensibility will be needed for many countries and cultures, but most of these are not used to proactively register things with IANA, because they may assume they have to fit into the base scheme, or because they do not understand the value of such registrations. 4) Depending on culture and language, there are many different ways to address or refer to a person. - When names,... are composed, the default is to use a space as a separator. There are many scripts (Chinese/Japanese/Korean/ Thai/...) where words, and therefore (at least in running text) name components are not separated. In the current design (as I understand it), that would mean to add separator fields between every pair of field. It would be good to have something like a "default separator" to not have to repeat one and the same separator several times. - There are many examples for parts of the specification, but no overall example. Details: Introduction: "The attributes of the card data represented must be described as a simple key-value pair, reducing complexity of its representation." -> "The attributes of the card data represented must be described as simple key-value pairs, reducing complexity of their representation." 1.9.1: What about case sensitivity? ABNF is case insensitive, but as far as I understand, JSON object keys are case sensitive. Figure 1: Why does the ABNF syntax just above not need a figure number, but then all the examples need one? Labeling text as "Figure" looks weird, "Example" would be better, but is probably also not needed. 2. Card: This starts without any introductory sentence whatever. Such a sentence should be added. It's also unclear to me why this specification uses the term "card" when the title uses the word "contact" twice, but never card. It might be better to change this to "contact". The mime type says "application/jscontact+json;type=card". It's unclear why "type=card" is needed. The only thing contained in the jscontact spec are cards, so application/jscontact+json should be enough. 2.1.5 locale, and 2.7.1: It may often be the case that a single set of data could be suited for more than one locale, but this cannot be expressed currently. The spec forces one of the locales to be the 'main' locale, the others to be localizations. This is quite in contrast to most other parts, where alternatives are treated on an equal footing, maybe with some preference indication. Why this inbalance? It may be inappropriate for some applications or users. (what if there's a requirement to treat different localizations as equivalent?) 2.1.6: Using 'true' values rather than simply an array of UUIDs seems somewhat abstruse. Where does this kind of stuff come from? 2.1.7: Why does this use SGML syntax? Is that mandatory? Say what values are allowed here and what not. 2.2.1: Probably due to xml2rfc or some other software, this has double spaces after periods where very clearly, there should be only one period ("Mr. John Q. Public, Esq."). 2.2.4, organizations: The example in Figure 15 has two units. Is the order of the units outside in or inside out? Or is this an example for a matrix organization? 2.3.2: Why do 'impp' and 'uri' have to be distinguished? This should be clear from the URI scheme in the "user" field. 2.3.3: "cell": Please change this to "mobile", which is way more popular according to Google ("cell" really sounds antiquated to me, but your mileage may vary). 2.3.4: "preferredContactChannels" and "ContactChannelPreference" seem to be a waste of bytes (but only the most egregious out of many). 2.5.1: "street": There are countries (in particular Japan) that do not use street addresses, but a more hierarchical block-based system. The spec should say that the "street" field includes such cases, or should explain how to denote them. Why are separators ignoreable in "street"? In Figure 25, why are numbers given before names in the fullAddress field, but after in the StreetComponents? 2.6.3: Why are there no "kind"s for blogs, web pages,...? 2.6.4: "The resource is a photograph or avatar." -> "The resource is a photograph of the person or picture of their (one of their) avatar(s).": In my understanding, a jpeg file isn't an avatar, but just a rendition of an avatar. An avatar may be 3-dimensional, or have various different renderings,... "graphic image or logo associated with entity" -> "graphic image or logo associated with the entity" 2.7.1: "a localized Card SHOULD NOT contain more information than its non-localized variant": Also say that the information shouldn't be different. On top of that the "localizations" structure is part of the card, so the term "localized Card" doesn't seem appropriate here. (It would be appropriate for a separate card that is a localized version.) Figure 31: What is the notation used in "addresses/addr1/locality"? I assume a path indicating what to patch. But then, Figure 32 doesn't use this syntax. Why not? 2.8.1, kind: "This RFC defines a small set of common anniversary types, additional types MAY be registered at IANA (Section 4.6.2)": Don't talk about types when you label them "kind". Also, the language for extension by RFC or registration or private use is not consistent throughout the spec. If there's one single way of doing extensions (i.e. all extension points allow definition by additional RFCs and IANA registrations and private stuff), then clearly say so somewhere, and define a short term for this kind of extensibility. If there are two or three different ways to do this (e.g. some places, private extensions are allowed, but others not), then again define the various categories in a single place and then use the defined terms. "Note that for calendar systems with leap months, the year property might be required to convert between the Gregorian calendar date and the respective calendar system." This is not limited to calendar systems with leap months. It would be the case for a calendar with 12 months of 30 days each, too. 2.8.2, keywords: See above at 2.1.6. 2.8.4: "This is free-text, but future specifications MAY restrict allowed values depending on the type of this PersonalInfo.": It should be made clear that such restrictions will not be applied to the currently defined kinds (expertise, hobby, interest). Otherwise, we have a compatibility problem. 3. "status of known implementations of the protocol": This is not a protocol, but a format. The fact that only one implementation seems to exist, and only in alpha, doesn't necessarily support moving this spec forward quickly. 4.1: See above at 2. The "type" parameter seems unnecessary. For fields that say "this document", replace with "RFC XXXX". Shortly before 4.3.1: "check it is coherent" -> "check whether it is coherent" Both Table 3 and table 4 have the same title, but totally different content. Please check. Security Considerations: Probably worth mentioning that data should only be collected and distributed on a need-to-know basis. "JSON uses opening and closing tags for several types and structures" It's the first time I have seen {, }, [, and ] being called "tags". " Since JSON does not use explicit string lengths, the risk of denial of service due to resource exhaustion is small": Not sure about this. It all depends on the implementation. An implementation may believe a large string length, or it may allocate a large buffer just in case because it doesn't have any information about string length. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call