> [!note] see [[Serialization Formats]] ## Native, transparent serializations Similar to [[OOP]] this is an area where there were a lot of research 20 years ago but it fell out of fashion. People wanted to have transparent serialization, but we've decided that this is a [[Leaky Abstraction]]. Another reason is security - serialization and deserialization is the process of turning a live object into a byte array (and back). de-serialization needs to be efficient yet protect against malicious payloads. There has been many attack vectors related to serialization and now the transparent serialization is expected to be used between trusted systems; (which goes against the modern Zero Trust principle). One would never build a public facing API that accepts Pickles. - https://intoli.com/blog/dangerous-pickles/ > [!tip] > However, [[Python]]'s *pickle* is *insanely* popular regardless of its downsides. [[PyTorch]] uses it as its internal data format. --- Some serialization format tend to be coupled with a [[RPC]] mechanism. This coupling can be tight or loose. Serialization scheme can have #schema or be #schemaless. ## [[JSON]] serialization as the default Many modern languages and frameworks can get away with the default JSON serialization. - [[Temporal]] ## Serialization of nested objects Serialization protocols can vary in its strength. * Serialization of a single object (struct) * this is the most popular feature. * Serialization of a tree structure <- most popular * Serialization of a DAG <- doable, but not that popular. * Serialziation of a graph <- ??? * Support for scalar types * numbers - int / float * strings * time / dates / duration * Support for composite types * list * set * map * struct * Support for `any`.