OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Questions and notes on the JSON Interface specification


The following questions are based on the following document:

Request / Response Interface based on JSON and HTTP for

XACML 3.0 Version 1.0

Working Draft 15

02 September 2013

 

Any answers to these questions would be appreciated.

 

- 3.4.2 This appears to contradict the DataType row in the table in section 4.2.4, which says that inference on a list of values cannot be done.

                Since both are normative text, please clarify what is expected:

                                - The receiver MUST infer the DataType for lists of values as per 3.4.2 (see next comment), OR

                                - The receiver MUST NOT infer the DataType for lists of values (as per section 4.2.4.)

 

- 3.4.2 If the DataType for a list of values must be inferred, what is the complete list of inferences that is required and that is optional?

                This section mentions one example but does not identify the complete set.

                The conditions under which inference is possible and/or required need to be specified.

                Also the words "may not be possible" and "for example" in normative text is confusing.               

 

- 3.4.4 says we MUST "handle" the special values NaN, INF, -INF, 0 and -0.  Several points here:

                - Should these _javascript_-only values be in this inter-system specification that can be implemented in any language on either server or client? 

                                Should this section say instead: "These values must never be included in a Request or Response."?

                - It is not stated how the server is supposed to "handle" NaN, INF and -INF values received in a Request. 

                                The text says that those values are passed as quoted strings like this:

                                                "DataType" : "integer",

                                                "Value" : "NaN"

                                We need to know what the server is supposed to do when it receives this string in a Request.

                                (As a point of reference, Java does not have an equivalent to "NaN", "INF", or "-INF".)

                - Is the server ever supposed to generate these values in a Response object?  Under what circumstances would that occur?

                - Likewise, what is a non-_javascript_ client (e.g. a PAP built using Java or C++) to do if it receives these values in a Response?

 

- 4.2.2 For CategoryId the default value says:

                "None – the identifier used in the XML representation shall be used in its JSON representation except where shorthand notations have been defined."

                Are there shorthand notations defined for CategoryId? 

                If so, where are they listed?

                If not, should the reference to shorthand notations be removed?

 

- 4.2.4 The (normative) table definition says the Property name is "AttributeId" but all the examples use "Id".

                For backward compatibility with systems that are implementing earlier versions of this spec, perhaps both should be allowed, but this is currently a discrepancy.

 

- 4.2.4 says that Value can be of type "Number".  Where is "Number" type defined?  Does it include hexBinary and base64Binary?

                Did this really mean "integer, double"?

                Does the statement "Single instance or array of Data Types listed in 3.4.1" mean the same thing, or is something else intended?

 

- 4.2.4 Can the array of Attribute objects be empty?  I.E:

                "Attribute": []

               

- 5.1 and 5.2 9 Attributes in the Response: What does "respects" mean in 5.2.9? 

                Is this intended to mean "Identical to"?  The class diagrams for the Request and Response are different:

                - Request calls the object "Category", Response calls it "Attributes" (plural) - Are they different?   If they represent the same data, shouldn't they be the same?

                - Request uses the field "CategoryId", Response calls it "Category".  Should they be the same?

 

 

 

Minor points:

- 3.4.1 This spec is for inter-system communication where sender and receiver may be using different processing languages. 

                The normative description of the format should be written in terms of a standard, not in terms of a single language (e.g. _javascript_).

                Also, the description of the "Mapping/Inference Rule" is confusing because all of the data types except boolean, integer and double are received as JSON quoted strings,

                and according to the first line in this table strings are inferred to be Strings.  Perhaps the other data types should say something like "Received and processed as JSON string"?

 

- 3.4.3.1 The example shows an Attribute with a single object, not an array of objects.  To avoid confusion it should be:

                "Attribute": [ {....

               

- Example in 4.2.3.3 is missing ending </Catalog> in both XML and Base64 versions.

 

- Many examples are missing objects, which can lead to confusion.  For example 4.2.3.3 should be:

                { "Request" : {

                                "Subject":{

                                                "Content\" : \"<?xml version=\\\"1.0\\\"?><catalog> ....

                                }

                  }

                }

 

 

Thanks,

Glenn



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]