Re: [xacml] Shorthand notation of the default XACML 3.0 categories in JS

xacml message

Subject: Re: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

From: Anil Saldhana <Anil.Saldhana@redhat.com>

To: xacml@lists.oasis-open.org

Date: Tue, 29 Apr 2014 09:10:59 -0500

David,
I think this document is close to Committee Specification(went through the emails on the list).
So never mind on my comments. :)

This is great work.

Regards,
Anil

On 04/29/2014 08:45 AM, Anil Saldhana wrote:

I am just echoing what is prevalent in the industry in terms of JSON payload.

Eg: Section 4.1 of http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19 (JSON Web Token)

While it is important to make the payload more human readable, we have to be prudent in terms of the size of
the JSON payload, in a high volume environment. :) Developers read the payload only during initial setup, testing
and triage_customer_complaints. ;)

I would prefer JSON over Apache Thrift any day given that JSON is consumable directly by Ajax. :) Towards this, I feel
the JSON profile for XACML is an important milestone in bringing fine grained authorization to the REST world.

On 04/29/2014 06:38 AM, David Brossard wrote:

I don't agree here.

The main point of the JSON profile is to make a request and response more human-readable.

If it was just about software-processing and efficiency, we should go for some binary format e.g. Apache Thrift.

On Mon, Apr 28, 2014 at 4:16 PM, Anil Saldhana <Anil.Saldhana@redhat.com> wrote:

On 04/18/2014 06:54 PM, Gil Kirkpatrick (ViewDS) wrote:

>> AccessSubject does contain a triple S in the middle

Looksss alright to me.

-gil

From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of David Brossard
Sent: Friday, 18 April 2014 7:13 AM
To: xacml
Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

Identifier

Short name

urn:oasis:names:tc:xacml:3.0:attribute-category:resource

Resource

urn:oasis:names:tc:xacml:3.0:attribute-category:action

Action

urn:oasis:names:tc:xacml:3.0:attribute-category:environment

Environment

urn:oasis:names:tc:xacml:1.0:subject-category:access-subject

AccessSubject

urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject

RecipientSubject

urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject

IntermediarySubject

urn:oasis:names:tc:xacml:1.0:subject-category:codebase

Codebase

urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine

RequestingMachine

Why not reduce the number of characters as these are processed by software?

Res, Act,Env,AccessSubj,RecipientSubj,IntSubj,code,ReqMac etc?

Just a thought, David.

Convention:

Capitalize all words in TitleCase

Remove all non alphanumerical characters

Names must start with a letter, not a number

Any objections? AccessSubject does contain a triple S in the middle

Cheers,

David.