[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] XPath support in the JSON profile
Hi David, On 30/10/2012 3:00 AM, David Brossard wrote:
Hi, Although the JSON profile does support the XPath features of XACML, I just wanted to point out that it will not be trivial and that any scenario involving XPath should probably use the "normal" XML representation of a XACML request/response. As an example, Erik pointed out that I would struggle to serialize the datatype values of type urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression into a string because of the namespace definitions.
There's a further problem in that xpathExpression values also have an XPathCategory XML attribute. Unlike values of the other data-types, values of the xpathExpression data-type are not primitive values and would need to be represented as a JSON object. For example: "Attribute": { "Id" : "urn:oasis:names:tc:xacml:3.0:content-selector", "DataType" : "xpathExpression", "value" : { "XPathCategory" : "urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "namespaces" : [{ "namespace-prefix" : "md", "namespace-name" : "urn:example:med:schemas:record" }], "cdata" : "md:record/md:patient/md:patientDoB" } }
Also, in section 5.2.4, I escape XML content making it quite unreadable. That's definitely not user-friendly which tends to make me think this profile is not for use cases with XML content.
The escaping you describe in section 4.2.4 is problematic. The character sequence " can appear in XML attribute values, where replacing it with a literal double quote character would cause the XML to become invalid. The escape sequence would need to be something that cannot occur in a valid XML document. In any case, JSON strings use backslash escapes ( see http://www.json.org/ ) which solves the problem of double quotes in an XML payload, but has other implications. At the very least, any \ or " characters in the XML payload would have to be escaped. However, JSON seems to require us to escape whitespace control characters. That would be really ugly. You haven't always comma separated name/value pairs in objects in the examples. Otherwise, I have no other issues with the JSON draft. Regards, Steven
David. -- David Brossard, M.Eng, SCEA, CSTP Product Manager +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]