OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Groups - Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 uploaded


 Hi Ray,

Finally I got round to editing the doc w/ your comments. Please see inline and thanks a bunch for such detailed review.

Things are shaping up really well! I've had interest from several non-XACML folks (analysts, devs) so it looks promising.

Cheers,
David.

On Fri, Aug 24, 2012 at 11:16 AM, Sinnema, Remon <remon.sinnema@emc.com> wrote:
Hi David,

General
- WD04 still identifies itself as WD03 [fixed]
- The copyright messages states 2011, is that OK?  [yes, that's when it started] 
- Element and attribute names should be formatted using the "CODE temp"  [where is the style defined?] 
style
- There should be a section for the IANA registration  [fixed - can you help me add the content?] 

1.2 Normative References
- There should be a reference to ECMAScript  [fixed] 
(http://www.ecma-international.org/publications/files/ecma-st/ECMA-262.pdf),
as it defines the JSON grammar (in section 15.12.1) and the data types (in
section 8) that are referenced in section 4.4.1
- A reference to the JSON media type (http://tools.ietf.org/html/rfc4627) [fixed] 
may be useful as well
- There should be a reference to the Multiple Decision Profile [fixed] 

2 Vocabulary
- "key-value pair" => "member" (see section 2.2 of RFC 4627 and the
ECMAScript spec) [fixed] 

4.1 Assumed default values
- "string" => either "String" or "http://www.w3.org/2001/XMLSchema#string" [fixed] 

4.2 Object Names
- We need something similar for attributes [fixed] 

4.3 Object cardinality
- The reference to section 5.1 should be a link  [it is already a link] 

4.4.1 Overview
- "property" => A property could be a function (see section 4.2 of the
ECMAScript spec). I don't think we should allow that
 
What do you mean here?
- "when it can safely be inferred from the value of the attribute" => Does
this need to be more precise?
I think we further specify that... 
- "within integer range" => This needs to be more precise, for instance
"within signed 32 bit integer range"
I want to rely on the definition of integer from the XML spec since this is what XACML uses. 

4.5 Non-normative example
- Shouldn't this use the "{Non-normative}" label instead of indicating the
status in the title? [fixed] 
- "interpretor" => "interpreter" [fixed] 
- "#integer" => either "integer" or
"http://www.w3.org/2001/XMLSchema#integer" [fixed] 

5.1 Class Diagram
- The link from AttributesReference to Attributes misses cardinality on the
AttributesReference side [fixed]  

5.2 Representation of the XACML request in JSON
- As Hal mentioned on the last call, spelling everything out may not be such
a good idea. Every time we make a change to the XACML XML schema, we would
have to update this profile as well. Also, it's easy to make little mistakes
(see 5.2.7). Finally, it's a dry read. Instead, we could explain how to
algorithmically convert XACML XML to XACML JSON.
Agreed. I haven't fixed that at all yet. 
In fact, most of that is
already done in section 4. We should keep the examples, and maybe add the
corresponding XML representations to them. The same holds for section 6.2.

5.2.1 The Request object representation
- "boolean" => either "Boolean" or
"http://www.w3.org/2001/XMLSchema#boolean"
- "key-value pair" => "member"
- "The ReturnPolicyIdList can be omitted in the JSON representation." =>
Isn't that implied by "Default value"?
You have a point. Is still saying it making sure we all understand the same?

5.2.3 The Attributes object representation
- "The value of the Content property must be valid, XML." => XML may contain
quotes that interfere with the JSON value and therefore must be encoded.
This is spelled out in section 5.2.4, so maybe there should be a reference
to that section?
[fixed]   
5.2.3.2 Non-normative example
- "{.}" => "[.]"

5.2.4.1 Non-normative example:
- This example doesn't follow the escaping rule. The value also doesn't
start with a double quote [fixed]   

5.2.5 The Attribute Object representation
- "Boolean" is missing from the "Type" for "Value" [fixed]   

5.2.5.1 Non-normative example
- If you're going to use an RBAC example, wouldn't it be better to use the
attribute ID from the RBAC profile
(urn:oasis:names:tc:xacml:2.0:subject:role)?
I guess it is better to do so but it doesn't look good to have long IDs. 

5.2.7 The RequestReference object representation
- "id" => "Id" [fixed] 

6.1 Class Diagram
- The self-link on StatusCode misses cardinality [fixed] 

6.2 Representation of the XACML response in JSON
- There are no sections on Advice and Obligation
There is: 6.2.5 and further... 

6.2.3 The Status object representation
- The StatusDetail element in XML may contain arbitrary XML, so there should
be a similar comment as in section 5.2.3 [fixed] 

6.2.4.1 Non-normative example
- There is a "." before "Value" that shouldn't be there
[fixed] 
6.2.5 The Obligations object representation
- "ObligationOrAdvice" => "Obligation"
What do you mean?
6.2.7 The ObligationOrAdvice object representation
- "in the JSON representation, the naming has been harmonized." => Why?
This harmonization goes against what is previously defined (re. keeping the names intact). In this case though I felt it wasn't adding any value. What is everyone's view on that?
7 Transport
- I would like to see this profile restricted to a representation only,
without mandating anything for transport. That should be the purpose of the
REST profile
 
8 Examples
- There should be a section with a sample response

9 # Conformance
- Each normative section should have an identifier and this section should
list those identifiers in a table that states what is mandatory and what is
optional. Alternatively, maybe we could simply refer to the core spec?


Thanks,
Ray



From: David Brossard<david.brossard@axiomatics.com>
To: xacml@lists.oasis-open.org
Date: Mon, 20 Aug 2012 13:12:01 -0700 (PDT)

> Submitter's message
> Finalized work on the XACML response, added a note on HTTPS. Restructured
the document to extract paragraphs common to the Request and > Response
section.
> -- Mr. David Brossard




--
David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden
http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]