OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] PDP REST Interface - proposal


Hi all,

I agree that calling such an API a "REST" API is a misnomer.

>> So what is of interest is merely the HTTP protocol indeed and binding the XACML request / response to GET or POST verbs along with a potential mapping into simple HTTP request parameters or a JSON payload.

If the payload is an XACML request in it's currently-defined XML form, then I don't see any benefit to using HTTP POST rather than SOAP. SOAP has better tooling, and only adds two elements as a wrapper in it's minimal form ( <soap:Envelope> and <soap:Body>). For there to be any benefit I think the payload would have to be JSON, in which case we'd have to define a canonical way to represent XACML requests and responses in JSON form.

Mapping attributes in an XACML request to individual HTTP GET parameters seems cumbersome. I think the better approach is to define an entire request as a JSON object and send that via whatever HTTP verb is most applicable.

However, I think it'd be more prudent to first define a canonical WSDL for an XACML PDP web service. The TC has been reluctant to do this in the past, for whatever reason, and while it doesn't overlap with a JSON over HTTP protocol I think that it's worth standardizing first.

Regards,
Craig


Inactive hide details for David Brossard ---05/20/2011 10:27:11 AM---Hi, That's true... This might be more about exposing the PDavid Brossard ---05/20/2011 10:27:11 AM---Hi, That's true... This might be more about exposing the PDP with the lowest


From:

David Brossard <david.brossard@axiomatics.com>

To:

remon.sinnema@emc.com

Cc:

xacml@lists.oasis-open.org

Date:

05/20/2011 10:27 AM

Subject:

Re: [xacml] PDP REST Interface - proposal





Hi,

That's true... This might be more about exposing the PDP with the lowest possible barrier to entry - making an authorization request as simple as can be.

Since the PDP is stateless by design, a pure REST approach is therefore a mismatch since REST is aimed at providing support for stateful web services.

So what is of interest is merely the HTTP protocol indeed and binding the XACML request / response to GET or POST verbs along with a potential mapping into simple HTTP request parameters or a JSON payload.

Cheers,
David.

On Fri, May 20, 2011 at 5:04 PM, <remon.sinnema@emc.com> wrote:


--
David Brossard, M.Eng, SCEA, CSTP

Solutions Architect
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden

http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]