OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Groups - Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 uploaded


Thanks Danny for spotting those. I'll check again. Sounds like I forgot to save some edits there...


On Thu, Jul 11, 2013 at 2:57 PM, Danny Thorpe <Danny.Thorpe@software.dell.com> wrote:

There are a few remaining references to the previous Attributes object which should be updated to the new Category object:

 

4.1 Class Diagram

a. The diagram shows “Attributes” as the title of the center box.  Should that be “Category”?

b. The diagram shows property “Category” but the table in 4.2.2 shows property “CategoryId”

 

4.2.6 RequestReference object

                “Each ReferenceId value must be the value of an Attributes object Id property”

                Attributes s/b Category

5.2.9 contains TODO and editor notes

 

 

One of the four ways that the multirequest profile defines how to represent a multirequest in the structure of a request object is to place multiple XML Attributes elements with the same category URN in the request.  I can see that this can be done using the JSON Category as an array of objects, each using the same CategoryId to induce a multirequest evaluation at the PDP.

 

Can the default category objects be arrays to induce multirequest evaluation also?  For example,

 

{

“Request”: {

                                “Subject”: [

                                                {

                                                                “Attribute”: […]

                                                },

                                                {

                                                                “Attribute”: [..]

}

                                ]

                }

}

 

As semantically equivalent to an XML request containing two Attributes elements with the XACML subject category URN.

 

Apologies if this has already been discussed on the list and I missed it.

 

Thanks,

-Danny

 

Danny Thorpe

Authorization Architect

Dell | Identity & Access Management, Quest Software

 

Quest Software is now part of Dell.

 

From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of David Brossard
Sent: Thursday, July 11, 2013 12:36 PM
To: xacml@lists.oasis-open.org
Subject: [xacml] Groups - Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 uploaded

 

Submitter's message
Here is my final version. I chose Category instead of Entity. I'd like to set this version in stone now and move forward.
-- Mr. David Brossard

Document Name: Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0


Description
With the rise in popularity of APIs and its consumerization, it becomes
important for XACML to be easily understood in order to increase the
likelihood it will be adopted. In particular, XML is often considered to be
too verbose. Developers increasingly prefer a lighter representation using
JSON, the _javascript_ object notation.
This profile aims at defining a JSON format for the XACML request and
response. It also defines the transport between client (PEP) and service
(PDP).
Download Latest Revision
Public Download Link


Submitter: Mr. David Brossard
Group: OASIS eXtensible Access Control Markup Language (XACML) TC
Folder: Specifications and Working Drafts
Date submitted: 2013-07-11 12:36:20
Revision: 11

 




--
David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden
http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]