From 0e5a6b119b129a1810dcfa18313a195bc895ba7e Mon Sep 17 00:00:00 2001
From: reluc <relu.cri@gmail.com>
Date: Wed, 3 Aug 2022 11:41:58 +0200
Subject: [PATCH] fix jsonld type of additionalResponses and ComboSec oneOf and
 allOf

---
 context/hypermedia-context.jsonld   |  3 ++-
 context/td-context-1.1.jsonld       | 18 ++++++++++++------
 context/td-context.ttl              |  6 ++++++
 context/wot-security-context.jsonld |  6 ++++--
 index.html                          |  6 +++---
 5 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/context/hypermedia-context.jsonld b/context/hypermedia-context.jsonld
index af4ed343f..5bdb9919a 100644
--- a/context/hypermedia-context.jsonld
+++ b/context/hypermedia-context.jsonld
@@ -78,7 +78,8 @@
       "@id": "hctl:returns"
     },
     "additionalResponses": {
-      "@id": "hctl:additionalReturns"
+      "@id": "hctl:additionalReturns",
+      "@container": "@set"
     },
     "schema": {
       "@id": "hctl:hasAdditionalOutputSchema",
diff --git a/context/td-context-1.1.jsonld b/context/td-context-1.1.jsonld
index 334021478..2afdc697f 100644
--- a/context/td-context-1.1.jsonld
+++ b/context/td-context-1.1.jsonld
@@ -215,10 +215,12 @@
           "@id": "wotsec:identity"
         },
         "allOf": {
-          "@id": "wotsec:allOf"
+          "@id": "wotsec:allOf",
+          "@container": "@set"
         },
         "oneOf": {
-          "@id": "wotsec:oneOf"
+          "@id": "wotsec:oneOf",
+          "@container": "@set"
         },
         "scheme": {
           "@id": "@type"
@@ -303,10 +305,12 @@
           "@id": "wotsec:identity"
         },
         "allOf": {
-          "@id": "wotsec:allOf"
+          "@id": "wotsec:allOf",
+          "@container": "@set"
         },
         "oneOf": {
-          "@id": "wotsec:oneOf"
+          "@id": "wotsec:oneOf",
+          "@container": "@set"
         },
         "scheme": {
           "@id": "@type"
@@ -454,7 +458,8 @@
           "@id": "hctl:returns"
         },
         "additionalResponses": {
-          "@id": "hctl:additionalReturns"
+          "@id": "hctl:additionalReturns",
+          "@container": "@set"
         },
         "schema": {
           "@id": "hctl:hasAdditionalOutputSchema",
@@ -552,7 +557,8 @@
           "@id": "hctl:returns"
         },
         "additionalResponses": {
-          "@id": "hctl:additionalReturns"
+          "@id": "hctl:additionalReturns",
+          "@container": "@set"
         },
         "schema": {
           "@id": "hctl:hasAdditionalOutputSchema",
diff --git a/context/td-context.ttl b/context/td-context.ttl
index c057dc948..669e4732d 100644
--- a/context/td-context.ttl
+++ b/context/td-context.ttl
@@ -343,10 +343,12 @@ _:hasSecurityConfiguration-context <http://www.w3.org/ns/json-ld#definition> _:h
 _:hasSecurityConfiguration-allOf <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasSecurityConfiguration-allOf <http://www.w3.org/ns/json-ld#term> "allOf" .
 _:hasSecurityConfiguration-allOf <http://www.w3.org/ns/json-ld#iri> <https://www.w3.org/2019/wot/security#allOf> .
+_:hasSecurityConfiguration-allOf <http://www.w3.org/ns/json-ld#container> <http://www.w3.org/ns/json-ld#set> .
 _:hasSecurityConfiguration-context <http://www.w3.org/ns/json-ld#definition> _:hasSecurityConfiguration-oneOf .
 _:hasSecurityConfiguration-oneOf <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasSecurityConfiguration-oneOf <http://www.w3.org/ns/json-ld#term> "oneOf" .
 _:hasSecurityConfiguration-oneOf <http://www.w3.org/ns/json-ld#iri> <https://www.w3.org/2019/wot/security#oneOf> .
+_:hasSecurityConfiguration-oneOf <http://www.w3.org/ns/json-ld#container> <http://www.w3.org/ns/json-ld#set> .
 _:hasSecurityConfiguration-context <http://www.w3.org/ns/json-ld#definition> _:hasSecurityConfiguration-scheme .
 _:hasSecurityConfiguration-scheme <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasSecurityConfiguration-scheme <http://www.w3.org/ns/json-ld#term> "scheme" .
@@ -500,10 +502,12 @@ _:definesSecurityScheme-context <http://www.w3.org/ns/json-ld#definition> _:defi
 _:definesSecurityScheme-allOf <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:definesSecurityScheme-allOf <http://www.w3.org/ns/json-ld#term> "allOf" .
 _:definesSecurityScheme-allOf <http://www.w3.org/ns/json-ld#iri> <https://www.w3.org/2019/wot/security#allOf> .
+_:definesSecurityScheme-allOf <http://www.w3.org/ns/json-ld#container> <http://www.w3.org/ns/json-ld#set> .
 _:definesSecurityScheme-context <http://www.w3.org/ns/json-ld#definition> _:definesSecurityScheme-oneOf .
 _:definesSecurityScheme-oneOf <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:definesSecurityScheme-oneOf <http://www.w3.org/ns/json-ld#term> "oneOf" .
 _:definesSecurityScheme-oneOf <http://www.w3.org/ns/json-ld#iri> <https://www.w3.org/2019/wot/security#oneOf> .
+_:definesSecurityScheme-oneOf <http://www.w3.org/ns/json-ld#container> <http://www.w3.org/ns/json-ld#set> .
 _:definesSecurityScheme-context <http://www.w3.org/ns/json-ld#definition> _:definesSecurityScheme-scheme .
 _:definesSecurityScheme-scheme <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:definesSecurityScheme-scheme <http://www.w3.org/ns/json-ld#term> "scheme" .
@@ -788,6 +792,7 @@ _:hasForm-context <http://www.w3.org/ns/json-ld#definition> _:hasForm-additional
 _:hasForm-additionalResponses <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasForm-additionalResponses <http://www.w3.org/ns/json-ld#term> "additionalResponses" .
 _:hasForm-additionalResponses <http://www.w3.org/ns/json-ld#iri> <https://www.w3.org/2019/wot/hypermedia#additionalReturns> .
+_:hasForm-additionalResponses <http://www.w3.org/ns/json-ld#container> <http://www.w3.org/ns/json-ld#set> .
 _:hasForm-context <http://www.w3.org/ns/json-ld#definition> _:hasForm-schema .
 _:hasForm-schema <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasForm-schema <http://www.w3.org/ns/json-ld#term> "schema" .
@@ -972,6 +977,7 @@ _:hasLink-context <http://www.w3.org/ns/json-ld#definition> _:hasLink-additional
 _:hasLink-additionalResponses <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasLink-additionalResponses <http://www.w3.org/ns/json-ld#term> "additionalResponses" .
 _:hasLink-additionalResponses <http://www.w3.org/ns/json-ld#iri> <https://www.w3.org/2019/wot/hypermedia#additionalReturns> .
+_:hasLink-additionalResponses <http://www.w3.org/ns/json-ld#container> <http://www.w3.org/ns/json-ld#set> .
 _:hasLink-context <http://www.w3.org/ns/json-ld#definition> _:hasLink-schema .
 _:hasLink-schema <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/json-ld#Mapping> .
 _:hasLink-schema <http://www.w3.org/ns/json-ld#term> "schema" .
diff --git a/context/wot-security-context.jsonld b/context/wot-security-context.jsonld
index 51e964f8d..24ddb6105 100644
--- a/context/wot-security-context.jsonld
+++ b/context/wot-security-context.jsonld
@@ -48,10 +48,12 @@
       "@id": "wotsec:identity"
     },
     "allOf": {
-      "@id": "wotsec:allOf"
+      "@id": "wotsec:allOf",
+      "@container": "@set"
     },
     "oneOf": {
-      "@id": "wotsec:oneOf"
+      "@id": "wotsec:oneOf",
+      "@container": "@set"
     },
     "scheme": {
       "@id": "@type"
diff --git a/index.html b/index.html
index c7d446e7f..0fab7d5d9 100644
--- a/index.html
+++ b/index.html
@@ -1863,8 +1863,8 @@ <h2>Security Vocabulary Definitions</h2>
           "nosec"</code>), indicating there is no authentication or
           other mechanism required to access the resource.</p></section>
 <section><h3><code>AutoSecurityScheme</code></h3><p>An automatic authentication security configuration identified by the term <code>auto</code> (i.e., <code>"scheme": "auto"</code>). This scheme indicates that the security parameters are going to be negotiated by the underlying protocols at runtime, subject to the respective specifications for the protocol (e.g. [[!RFC8288]] for Basic Authentication when using HTTP).</p></section>
-<section><h3><code>ComboSecurityScheme</code></h3><p><span class="at-risk">This section is at risk.</span></p><p>A combination of other security schemes identified by the <a>Vocabulary Term</a> <code>combo</code> (i.e., <code>"scheme": "combo"</code>).  Elements of this scheme define various ways in which other named schemes defined in <code>securityDefinitions</code>, including other <a href="#combosecurityscheme"><code>ComboSecurityScheme</code></a> definitions, are to be combined to create a new scheme definition.  <span class="rfc2119-assertion" id="td-security-combo-exclusive-oneof-or-allof">Exactly one of either <code>oneOf</code> or <code>allOf</code> MUST be included.</span> <!-- Redundant, table states "two or more" already <scan class="rfc2119-assertion">The array given as a value associated with either <code>oneOf</code> or <code>allOf</code> MUST have at least two elements.</scan> --> Only security scheme definitions which can be used together can be combined with <code>allOf</code>.  For example, it is not possible in general to combine different OAuth 2.0 flows together using <code>allOf</code> unless one applies to a proxy and one to the endpoint.  Note that when multiple named security scheme definitions are listed in a <code>security</code> field the same semantics apply as in an <code>allOf</code> combination (and the same limitations on allowable combinations).  The <code>oneOf</code> combination is equivalent to using different security schemes on forms that are otherwise identical.  In this sense a <code>oneOf</code> scheme is not an essential feature but it does avoid redundancy in such cases.</p><table class="def"><thead><tr><th><a>Vocabulary term</a></th><th>Description</th><th>Assignment</th><th>Type</th></tr></thead><tbody><tr class="rfc2119-table-assertion" id="td-vocab-oneOf--ComboSecurityScheme"><td><code>oneOf</code></td><td>Array of two or more strings identifying other named security scheme definitions, any one of which, when satisfied, will allow access.  Only one may be chosen for use.</td><td>mandatory</td><td><a href="http://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/#string"><code>string</code></a> or <a>Array</a> of <a href="http://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/#string"><code>string</code></a></td></tr>
-<tr class="rfc2119-table-assertion" id="td-vocab-allOf--ComboSecurityScheme"><td><code>allOf</code></td><td>Array of two or more strings identifying other named security scheme definitions, all of which must be satisfied for access.</td><td>mandatory</td><td><a href="http://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/#string"><code>string</code></a> or <a>Array</a> of <a href="http://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/#string"><code>string</code></a></td></tr></tbody></table><!-- <p class="ednote" title="Recursive Use">The 
+<section><h3><code>ComboSecurityScheme</code></h3><p><span class="at-risk">This section is at risk.</span></p><p>A combination of other security schemes identified by the <a>Vocabulary Term</a> <code>combo</code> (i.e., <code>"scheme": "combo"</code>).  Elements of this scheme define various ways in which other named schemes defined in <code>securityDefinitions</code>, including other <a href="#combosecurityscheme"><code>ComboSecurityScheme</code></a> definitions, are to be combined to create a new scheme definition.  <span class="rfc2119-assertion" id="td-security-combo-exclusive-oneof-or-allof">Exactly one of either <code>oneOf</code> or <code>allOf</code> MUST be included.</span> <!-- Redundant, table states "two or more" already <scan class="rfc2119-assertion">The array given as a value associated with either <code>oneOf</code> or <code>allOf</code> MUST have at least two elements.</scan> --> Only security scheme definitions which can be used together can be combined with <code>allOf</code>.  For example, it is not possible in general to combine different OAuth 2.0 flows together using <code>allOf</code> unless one applies to a proxy and one to the endpoint.  Note that when multiple named security scheme definitions are listed in a <code>security</code> field the same semantics apply as in an <code>allOf</code> combination (and the same limitations on allowable combinations).  The <code>oneOf</code> combination is equivalent to using different security schemes on forms that are otherwise identical.  In this sense a <code>oneOf</code> scheme is not an essential feature but it does avoid redundancy in such cases.</p><table class="def"><thead><tr><th><a>Vocabulary term</a></th><th>Description</th><th>Assignment</th><th>Type</th></tr></thead><tbody><tr class="rfc2119-table-assertion" id="td-vocab-oneOf--ComboSecurityScheme"><td><code>oneOf</code></td><td>Array of two or more strings identifying other named security scheme definitions, any one of which, when satisfied, will allow access.  Only one may be chosen for use.</td><td>mandatory</td><td><a>Array</a> of <a href="http://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/#string"><code>string</code></a></td></tr>
+<tr class="rfc2119-table-assertion" id="td-vocab-allOf--ComboSecurityScheme"><td><code>allOf</code></td><td>Array of two or more strings identifying other named security scheme definitions, all of which must be satisfied for access.</td><td>mandatory</td><td><a>Array</a> of <a href="http://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/#string"><code>string</code></a></td></tr></tbody></table><!-- <p class="ednote" title="Recursive Use">The 
 <a href="#combosecurityscheme">ComboSecurityScheme</a> may be applied recursively to generate Boolean expressions for combinations of security schemes. One use case for this is when multiple security schemes are needed for a proxy in combination with multiple security schemes for an endpoint.  Suppose for example a proxy accepts either schemes A or B, and then the endpoint accepts either C or D.  Then the possible combinations are AC, AD, BC, and BD.  These could be expressed directly at the <code>Form</code> level but would require four-fold redundancy.  Instead, three <code>combo</code> nodes can be used to combine the four leaf schemes in the correct way into a single scheme.  It is not clear however if other use cases exist for deeper expression trees and if not, we may consider limiting the recursion depth to two.</p>--></section>
 <section><h3><code>BasicSecurityScheme</code></h3><p>Basic Authentication [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7617" title="The 'Basic' HTTP Authentication Scheme">RFC7617</a></cite>]
           security configuration identified by the <a href="#dfn-vocab-term" class="internalDFN" data-link-type="dfn">Vocabulary Term</a> <code>basic</code> (i.e.,
@@ -2224,7 +2224,7 @@ <h2>Hypermedia Controls Vocabulary Definitions</h2>
 <tr class="rfc2119-table-assertion" id="td-vocab-additionalResponses--Form"><td><code>additionalResponses</code></td><td>This optional term can be used if additional expected responses
                 are possible, e.g. for error reporting.  Each additional response needs to be 
                 distinguished from others in some way (for example, by specifying
-                a protocol-specific error code), and may also have its own data schema.</td><td>optional</td><td><a href="#additionalexpectedresponse"><code>AdditionalExpectedResponse</code></a> or <a>Array</a> of <a href="#additionalexpectedresponse"><code>AdditionalExpectedResponse</code></a></td></tr>
+                a protocol-specific error code), and may also have its own data schema.</td><td>optional</td><td><a>Array</a> of <a href="#additionalexpectedresponse"><code>AdditionalExpectedResponse</code></a></td></tr>
 <tr class="rfc2119-table-assertion" id="td-vocab-subprotocol--Form"><td><code>subprotocol</code></td><td>Indicates the exact mechanism by which an
                 interaction will be accomplished for a given
                 protocol when there are multiple options. For