One legacy artifact of the current system is that "no maximum password length" is profiled by not profiling a max password length, which is also the same as "not profiling the max password length".
While it could be argued that these are effectively the same thing (after all, all passwords are effectively limited, by the heat death of the universe if nothing else, and if there's no limit documented, that just means nobody's hit it yet), I think there needs to be greater clarity around the concept that no definitive state is expressed with a missing value, as absence is strictly reserved for data that is not profiled (either because it's not relevant, because it doesn't fit the schema, or because nobody's gotten around to it).
I considered having the max password length be Infinity, but, oh hey, there's no Infinity in JSON. Ugh. This might require a budge in the "no polymorphism" policy to represent it as a string (which I'm pretty much OK with, so long as both values are scalar).
One legacy artifact of the current system is that "no maximum password length" is profiled by not profiling a max password length, which is also the same as "not profiling the max password length".
While it could be argued that these are effectively the same thing (after all, all passwords are effectively limited, by the heat death of the universe if nothing else, and if there's no limit documented, that just means nobody's hit it yet), I think there needs to be greater clarity around the concept that no definitive state is expressed with a missing value, as absence is strictly reserved for data that is not profiled (either because it's not relevant, because it doesn't fit the schema, or because nobody's gotten around to it).
I considered having the max password length be
Infinity, but, oh hey, there's no Infinity in JSON. Ugh. This might require a budge in the "no polymorphism" policy to represent it as a string (which I'm pretty much OK with, so long as both values are scalar).