OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-users] XACML JSON Profile


Thanks David!   Thanks for the info on ALFA.   

 

My use case is very straightforward.   I am trying to create a policy server that is easy to scale and distribute.   If policies can be jsonized, I would be able to utilize many NoSQL databases.    Combined with your PEP/PDP JSON profile, I could use JSON-api for all my XACML processing needs, with potential performance improvement.

 

I understand the validation challenge of JSON docs.   How about using JSON schema (http://json-schema.org/)?   Not sure it’s a standard yet or not…

 

ND

 

From: David Brossard [mailto:david.brossard@axiomatics.com]
Sent: Monday, March 18, 2013 11:49 AM
To: Nick Duan
Cc: xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] XACML JSON Profile

 

Hi Nick,

 

At the last RSA in February, some of us did discuss representing XACML policies in JSON. However it does require a bit more work. JSON lacks a proper schema which would make it hard to validate XACML policies in JSON. Also it's hard to see the value of encoding XACML policies in JSON.

 

Lastly, the point of using JSON is to make developers' lives easier. And developers don't usually write policies by hand. They would use UIs or dev tooling such as the ALFA plugin for Eclipse (see my video on youtube http://www.youtube.com/watch?v=OVY009YZMoQ and this article by Martin Kuppinger: http://blogs.kuppingercole.com/kuppinger/2012/08/14/simplifying-xacml-the-axiomatics-alfa-plugin-for-eclipse-ide/).

 

My goal with the JSON profile was really to let developers in any language (Java, C#, Python...) that may have support for XML or not easily produce a request and a response and send it off to a PDP using REST or any other protocol - but the point is the developer shouldn't care what the transport protocol is or what the policy format is.

 

What's your use case? Why would you like to see policies in JSON?

 

Cheers,

David.

On Mon, Mar 18, 2013 at 3:39 PM, Nick Duan <nduan@verizon.net> wrote:

The current XACML JSON profile was only for the authorization query request
and response.   Is there any effort by the XACML TC to jsonize the policy
request and reponse as well?   To do this, the entire policy document would
have to be jsonized.   Has anyone done this before?   Any thought and
suggestions on what the complexity may be involved in doing this?

Thanks!

ND


---------------------------------------------------------------------
To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-users-help@lists.oasis-open.org



 

--
David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden
http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]